Sumo refresh
Update external subtrees to latest Yocto sumo.
Change-Id: I8364f32bef079841c6e57f1c587f4b1bedf62fef
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/classes/gio-module-cache.bbclass b/poky/meta/classes/gio-module-cache.bbclass
index e429bd3..0520c22 100644
--- a/poky/meta/classes/gio-module-cache.bbclass
+++ b/poky/meta/classes/gio-module-cache.bbclass
@@ -2,6 +2,7 @@
inherit qemu
GIO_MODULE_PACKAGES ??= "${PN}"
+GIO_MODULE_PACKAGES_class-nativesdk = ""
gio_module_cache_common() {
if [ "x$D" != "x" ]; then
diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass
index fa15460..eb2d967 100644
--- a/poky/meta/classes/insane.bbclass
+++ b/poky/meta/classes/insane.bbclass
@@ -534,9 +534,9 @@
if path.find(name + "/CONTROL/") != -1 or path.find(name + "/DEBIAN/") != -1:
return
- tmpdir = d.getVar('TMPDIR')
+ tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8")
with open(path, 'rb') as f:
- file_content = f.read().decode('utf-8', errors='ignore')
+ file_content = f.read()
if tmpdir in file_content:
package_qa_add_message(messages, "buildpaths", "File %s in package contained reference to tmpdir" % package_qa_clean_path(path,d))
diff --git a/poky/meta/classes/mirrors.bbclass b/poky/meta/classes/mirrors.bbclass
index b331afc..ed53dfb 100644
--- a/poky/meta/classes/mirrors.bbclass
+++ b/poky/meta/classes/mirrors.bbclass
@@ -1,4 +1,5 @@
MIRRORS += "\
+${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian/20180310T215105Z/pool \n \
${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20120328T092752Z/debian/pool \n \
${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20110127T084257Z/debian/pool \n \
${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20090802T004153Z/debian/pool \n \
diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass
index 5522209..221869e 100644
--- a/poky/meta/classes/rootfs-postcommands.bbclass
+++ b/poky/meta/classes/rootfs-postcommands.bbclass
@@ -112,14 +112,11 @@
# Also tweak the key location for dropbear in the same way.
if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
- if [ -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
- echo "DROPBEAR_RSAKEY_DIR=/etc/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
- else
+ if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
fi
fi
-
if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then
# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then
diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass
index e0e57ce..4e8eae8 100644
--- a/poky/meta/classes/sanity.bbclass
+++ b/poky/meta/classes/sanity.bbclass
@@ -336,11 +336,11 @@
return ""
def get_filesystem_id(path):
- status, result = oe.utils.getstatusoutput("stat -f -c '%s' '%s'" % ("%t", path))
- if status == 0:
- return result
- else:
- bb.warn("Can't get the filesystem id of: %s" % path)
+ import subprocess
+ try:
+ return subprocess.check_output(["stat", "-f", "-c", "%t", path]).decode('utf-8')
+ except subprocess.CalledProcessError:
+ bb.warn("Can't get filesystem id of: %s" % path)
return None
# Check that the path isn't located on nfs.
@@ -463,7 +463,7 @@
import re, subprocess
try:
- result = subprocess.check_output(["patch", "--version"], stderr=subprocess.STDOUT, universal_newlines=True)
+ result = subprocess.check_output(["patch", "--version"], stderr=subprocess.STDOUT).decode('utf-8')
version = re.search(r"[0-9.]+", result.splitlines()[0]).group()
if LooseVersion(version) < LooseVersion("2.7"):
return "Your version of patch is older than 2.7 and has bugs which will break builds. Please install a newer version of patch.\n"
@@ -476,9 +476,12 @@
# Use a modified reproducer from http://savannah.gnu.org/bugs/?30612 to validate.
def check_make_version(sanity_data):
from distutils.version import LooseVersion
- status, result = oe.utils.getstatusoutput("make --version")
- if status != 0:
- return "Unable to execute make --version, exit code %d\n" % status
+ import subprocess
+
+ try:
+ result = subprocess.check_output(['make', '--version'], stderr=subprocess.STDOUT).decode('utf-8')
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute make --version, exit code %d\n%s\n" % (e.returncode, e.output)
version = result.split()[2]
if LooseVersion(version) == LooseVersion("3.82"):
# Construct a test file
@@ -493,18 +496,18 @@
f.close()
# Check if make 3.82 has been patched
- status,result = oe.utils.getstatusoutput("make -f makefile_test")
-
- os.remove("makefile_test")
- if os.path.exists("makefile_test_a.c"):
- os.remove("makefile_test_a.c")
- if os.path.exists("makefile_test_b.c"):
- os.remove("makefile_test_b.c")
- if os.path.exists("makefile_test.a"):
- os.remove("makefile_test.a")
-
- if status != 0:
+ try:
+ subprocess.check_call(['make', '-f', 'makefile_test'])
+ except subprocess.CalledProcessError as e:
return "Your version of make 3.82 is broken. Please revert to 3.81 or install a patched version.\n"
+ finally:
+ os.remove("makefile_test")
+ if os.path.exists("makefile_test_a.c"):
+ os.remove("makefile_test_a.c")
+ if os.path.exists("makefile_test_b.c"):
+ os.remove("makefile_test_b.c")
+ if os.path.exists("makefile_test.a"):
+ os.remove("makefile_test.a")
return None
@@ -512,9 +515,11 @@
# but earlier versions do not; this needs to work properly for sstate
def check_tar_version(sanity_data):
from distutils.version import LooseVersion
- status, result = oe.utils.getstatusoutput("tar --version")
- if status != 0:
- return "Unable to execute tar --version, exit code %d\n" % status
+ import subprocess
+ try:
+ result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8')
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output)
version = result.split()[3]
if LooseVersion(version) < LooseVersion("1.24"):
return "Your version of tar is older than 1.24 and has bugs which will break builds. Please install a newer version of tar.\n"
@@ -525,9 +530,11 @@
# The git fetcher also had workarounds for git < 1.7.9.2 which we've dropped
def check_git_version(sanity_data):
from distutils.version import LooseVersion
- status, result = oe.utils.getstatusoutput("git --version 2> /dev/null")
- if status != 0:
- return "Unable to execute git --version, exit code %d\n" % status
+ import subprocess
+ try:
+ result = subprocess.check_output(["git", "--version"], stderr=subprocess.DEVNULL).decode('utf-8')
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute git --version, exit code %d\n%s\n" % (e.returncode, e.output)
version = result.split()[2]
if LooseVersion(version) < LooseVersion("1.8.3.1"):
return "Your version of git is older than 1.8.3.1 and has bugs which will break builds. Please install a newer version of git.\n"
@@ -535,13 +542,15 @@
# Check the required perl modules which may not be installed by default
def check_perl_modules(sanity_data):
+ import subprocess
ret = ""
modules = ( "Text::ParseWords", "Thread::Queue", "Data::Dumper" )
errresult = ''
for m in modules:
- status, result = oe.utils.getstatusoutput("perl -e 'use %s'" % m)
- if status != 0:
- errresult += result
+ try:
+ subprocess.check_output(["perl", "-e", "use %s" % m])
+ except subprocess.CalledProcessError as e:
+ errresult += e.output
ret += "%s " % m
if ret:
return "Required perl module(s) not found: %s\n\n%s\n" % (ret, errresult)
diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass
index 3fcbc9f..939042e 100644
--- a/poky/meta/classes/staging.bbclass
+++ b/poky/meta/classes/staging.bbclass
@@ -383,8 +383,6 @@
lock = bb.utils.lockfile(recipesysroot + "/sysroot.lock")
fixme = {}
- fixme[''] = []
- fixme['native'] = []
seendirs = set()
postinsts = []
multilibs = {}
@@ -471,7 +469,14 @@
os.symlink(c + "." + taskhash, depdir + "/" + c)
manifest, d2 = oe.sstatesig.find_sstate_manifest(c, setscenedeps[dep][2], "populate_sysroot", d, multilibs)
+ if d2 is not d:
+ # If we don't do this, the recipe sysroot will be placed in the wrong WORKDIR for multilibs
+ # We need a consistent WORKDIR for the image
+ d2.setVar("WORKDIR", d.getVar("WORKDIR"))
destsysroot = d2.getVar("RECIPE_SYSROOT")
+ # We put allarch recipes into the default sysroot
+ if manifest and "allarch" in manifest:
+ destsysroot = d.getVar("RECIPE_SYSROOT")
native = False
if c.endswith("-native") or "-cross-" in c or "-crosssdk" in c:
@@ -479,12 +484,13 @@
if manifest:
newmanifest = collections.OrderedDict()
+ targetdir = destsysroot
if native:
- fm = fixme['native']
targetdir = recipesysrootnative
- else:
- fm = fixme['']
- targetdir = destsysroot
+ if targetdir not in fixme:
+ fixme[targetdir] = []
+ fm = fixme[targetdir]
+
with open(manifest, "r") as f:
manifests[dep] = manifest
for l in f:
@@ -542,12 +548,7 @@
bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists))
for f in fixme:
- if f == '':
- staging_processfixme(fixme[f], recipesysroot, recipesysroot, recipesysrootnative, d)
- elif f == 'native':
- staging_processfixme(fixme[f], recipesysrootnative, recipesysroot, recipesysrootnative, d)
- else:
- staging_processfixme(fixme[f], multilibs[f].getVar("RECIPE_SYSROOT"), recipesysroot, recipesysrootnative, d)
+ staging_processfixme(fixme[f], f, recipesysroot, recipesysrootnative, d)
for p in postinsts:
subprocess.check_output(p, shell=True, stderr=subprocess.STDOUT)
diff --git a/poky/meta/classes/testimage.bbclass b/poky/meta/classes/testimage.bbclass
index 77291c2..9feb267 100644
--- a/poky/meta/classes/testimage.bbclass
+++ b/poky/meta/classes/testimage.bbclass
@@ -117,13 +117,6 @@
}
python do_testimage() {
-
- testimage_sanity(d)
-
- if (d.getVar('IMAGE_PKGTYPE') == 'rpm'
- and 'dnf' in d.getVar('TEST_SUITES')):
- create_rpm_index(d)
-
testimage_main(d)
}
@@ -159,6 +152,12 @@
"""
raise RuntimeError
+ testimage_sanity(d)
+
+ if (d.getVar('IMAGE_PKGTYPE') == 'rpm'
+ and ('dnf' in d.getVar('TEST_SUITES') or 'auto' in d.getVar('TEST_SUITES'))):
+ create_rpm_index(d)
+
logger = make_logger_bitbake_compatible(logging.getLogger("BitBake"))
pn = d.getVar("PN")
@@ -260,10 +259,16 @@
# Load tests before starting the target
test_paths = get_runtime_paths(d)
test_modules = d.getVar('TEST_SUITES').split()
+ if not test_modules:
+ bb.fatal('Empty test suite, please verify TEST_SUITES variable')
+
tc.loadTests(test_paths, modules=test_modules)
- if not getSuiteCases(tc.suites):
+ suitecases = getSuiteCases(tc.suites)
+ if not suitecases:
bb.fatal('Empty test suite, please verify TEST_SUITES variable')
+ else:
+ bb.debug(2, 'test suites:\n\t%s' % '\n\t'.join([str(c) for c in suitecases]))
package_extraction(d, tc.suites)
diff --git a/poky/meta/classes/utils.bbclass b/poky/meta/classes/utils.bbclass
index 4f016e3..3f4f51b 100644
--- a/poky/meta/classes/utils.bbclass
+++ b/poky/meta/classes/utils.bbclass
@@ -338,6 +338,8 @@
variants = d.getVar("MULTILIB_VARIANTS") or ""
for item in variants.split():
localdata = get_multilib_datastore(item, d)
+ # We need WORKDIR to be consistent with the original datastore
+ localdata.setVar("WORKDIR", d.getVar("WORKDIR"))
value = localdata.getVar(var) or ""
if value != "":
if need_split:
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index a21b728..ecc43a4 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -487,7 +487,7 @@
"
# Tools needed to run testimage runtime image testing
-HOSTTOOLS += "${@['', 'ip ping ps scp ssh stty'][bb.data.inherits_class('testimage', d)]}"
+HOSTTOOLS += "${@'ip ping ps scp ssh stty' if (bb.data.inherits_class('testimage', d) or d.getVar('TEST_IMAGE') == '1') else ''}"
# Link to these if present
HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat ssh sudo"
@@ -587,9 +587,6 @@
export LDFLAGS = "${TARGET_LDFLAGS}"
export TARGET_LDFLAGS = "-Wl,-O1 ${TARGET_LINK_HASH_STYLE}"
-#export TARGET_LDFLAGS = "-L${STAGING_DIR_TARGET}${libdir} \
-# -Wl,-rpath-link,${STAGING_DIR_TARGET}${libdir} \
-# -Wl,-O1"
# Pass parallel make options to the compile task
EXTRA_OEMAKE_prepend_task-compile = "${PARALLEL_MAKE} "
@@ -664,7 +661,7 @@
FETCHCMD_svn = "/usr/bin/env svn --non-interactive --trust-server-cert"
FETCHCMD_cvs = "/usr/bin/env cvs"
-FETCHCMD_wget = "/usr/bin/env wget -t 2 -T 30 -nv --passive-ftp --no-check-certificate"
+FETCHCMD_wget = "/usr/bin/env wget -t 2 -T 30 --passive-ftp --no-check-certificate"
FETCHCMD_bzr = "/usr/bin/env bzr"
FETCHCMD_hg = "/usr/bin/env hg"
diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc
index a8e82cb..38080c6 100644
--- a/poky/meta/conf/distro/include/yocto-uninative.inc
+++ b/poky/meta/conf/distro/include/yocto-uninative.inc
@@ -8,6 +8,7 @@
UNINATIVE_MAXGLIBCVERSION = "2.27"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.9/"
-UNINATIVE_CHECKSUM[i686] ?= "83a4f927da81d9889ef0cbe5c12cb782e21c6cc11e6155600b94ff0c99576dce"
-UNINATIVE_CHECKSUM[x86_64] ?= "c26622a1f27dbf5b25de986b11584b5c5b2f322d9eb367f705a744f58a5561ec"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.2/"
+UNINATIVE_CHECKSUM[i686] ?= "036b60092fe4acfa1a321d110673030db20344a2d56f33a4d047f0279498bdad"
+UNINATIVE_CHECKSUM[x86_64] ?= "e3b77208169bf1ac4e89496f3cdbf27695f5b18a2694a908a793390f28b67f83"
+
diff --git a/poky/meta/conf/licenses.conf b/poky/meta/conf/licenses.conf
index 3e2d258..90c486e 100644
--- a/poky/meta/conf/licenses.conf
+++ b/poky/meta/conf/licenses.conf
@@ -16,7 +16,7 @@
SRC_DISTRIBUTE_LICENSES += "CDDL-1.0 CECILL-1.0 CECILL-2.0 CECILL-B CECILL-C"
SRC_DISTRIBUTE_LICENSES += "ClArtistic CPAL-1.0 CPL-1.0 CUA-OPL-1.0 DSSSL"
SRC_DISTRIBUTE_LICENSES += "ECL-1.0 ECL-2.0 eCos-2.0 EDL-1.0 EFL-1.0 EFL-2.0"
-SRC_DISTRIBUTE_LICENSES += "Elfutils-Exception Entessa EPL-1.0 ErlPL-1.1"
+SRC_DISTRIBUTE_LICENSES += "Elfutils-Exception Entessa EPL-1.0 EPL-2.0 ErlPL-1.1"
SRC_DISTRIBUTE_LICENSES += "EUDatagrid EUPL-1.0 EUPL-1.1 Fair Frameworx-1.0"
SRC_DISTRIBUTE_LICENSES += "FreeType GFDL-1.1 GFDL-1.2 GFDL-1.3 GPL-1.0"
SRC_DISTRIBUTE_LICENSES += "GPL-2.0 GPL-2.0-with-autoconf-exception"
diff --git a/poky/meta/conf/machine/qemux86-64.conf b/poky/meta/conf/machine/qemux86-64.conf
index fcc4459..2330c7d 100644
--- a/poky/meta/conf/machine/qemux86-64.conf
+++ b/poky/meta/conf/machine/qemux86-64.conf
@@ -33,5 +33,5 @@
KERNEL_MODULE_PROBECONF += "uvesafb"
module_conf_uvesafb = "options uvesafb mode_option=${UVESA_MODE}"
-WKS_FILE ?= "directdisk.wks"
+WKS_FILE ?= "qemux86-directdisk.wks"
do_image_wic[depends] += "syslinux:do_populate_sysroot syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot"
diff --git a/poky/meta/conf/machine/qemux86.conf b/poky/meta/conf/machine/qemux86.conf
index c53f7a9..811e3ef 100644
--- a/poky/meta/conf/machine/qemux86.conf
+++ b/poky/meta/conf/machine/qemux86.conf
@@ -32,5 +32,5 @@
KERNEL_MODULE_PROBECONF += "uvesafb"
module_conf_uvesafb = "options uvesafb mode_option=${UVESA_MODE}"
-WKS_FILE ?= "directdisk.wks"
+WKS_FILE ?= "qemux86-directdisk.wks"
do_image_wic[depends] += "syslinux:do_populate_sysroot syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot"
diff --git a/poky/meta/files/common-licenses/EPL-2.0 b/poky/meta/files/common-licenses/EPL-2.0
new file mode 100644
index 0000000..e48e096
--- /dev/null
+++ b/poky/meta/files/common-licenses/EPL-2.0
@@ -0,0 +1,277 @@
+Eclipse Public License - v 2.0
+
+ THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
+ PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION
+ OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+
+1. DEFINITIONS
+
+"Contribution" means:
+
+ a) in the case of the initial Contributor, the initial content
+ Distributed under this Agreement, and
+
+ b) in the case of each subsequent Contributor:
+ i) changes to the Program, and
+ ii) additions to the Program;
+ where such changes and/or additions to the Program originate from
+ and are Distributed by that particular Contributor. A Contribution
+ "originates" from a Contributor if it was added to the Program by
+ such Contributor itself or anyone acting on such Contributor's behalf.
+ Contributions do not include changes or additions to the Program that
+ are not Modified Works.
+
+"Contributor" means any person or entity that Distributes the Program.
+
+"Licensed Patents" mean patent claims licensable by a Contributor which
+are necessarily infringed by the use or sale of its Contribution alone
+or when combined with the Program.
+
+"Program" means the Contributions Distributed in accordance with this
+Agreement.
+
+"Recipient" means anyone who receives the Program under this Agreement
+or any Secondary License (as applicable), including Contributors.
+
+"Derivative Works" shall mean any work, whether in Source Code or other
+form, that is based on (or derived from) the Program and for which the
+editorial revisions, annotations, elaborations, or other modifications
+represent, as a whole, an original work of authorship.
+
+"Modified Works" shall mean any work in Source Code or other form that
+results from an addition to, deletion from, or modification of the
+contents of the Program, including, for purposes of clarity any new file
+in Source Code form that contains any contents of the Program. Modified
+Works shall not include works that contain only declarations,
+interfaces, types, classes, structures, or files of the Program solely
+in each case in order to link to, bind by name, or subclass the Program
+or Modified Works thereof.
+
+"Distribute" means the acts of a) distributing or b) making available
+in any manner that enables the transfer of a copy.
+
+"Source Code" means the form of a Program preferred for making
+modifications, including but not limited to software source code,
+documentation source, and configuration files.
+
+"Secondary License" means either the GNU General Public License,
+Version 2.0, or any later versions of that license, including any
+exceptions or additional permissions as identified by the initial
+Contributor.
+
+2. GRANT OF RIGHTS
+
+ a) Subject to the terms of this Agreement, each Contributor hereby
+ grants Recipient a non-exclusive, worldwide, royalty-free copyright
+ license to reproduce, prepare Derivative Works of, publicly display,
+ publicly perform, Distribute and sublicense the Contribution of such
+ Contributor, if any, and such Derivative Works.
+
+ b) Subject to the terms of this Agreement, each Contributor hereby
+ grants Recipient a non-exclusive, worldwide, royalty-free patent
+ license under Licensed Patents to make, use, sell, offer to sell,
+ import and otherwise transfer the Contribution of such Contributor,
+ if any, in Source Code or other form. This patent license shall
+ apply to the combination of the Contribution and the Program if, at
+ the time the Contribution is added by the Contributor, such addition
+ of the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any other
+ combinations which include the Contribution. No hardware per se is
+ licensed hereunder.
+
+ c) Recipient understands that although each Contributor grants the
+ licenses to its Contributions set forth herein, no assurances are
+ provided by any Contributor that the Program does not infringe the
+ patent or other intellectual property rights of any other entity.
+ Each Contributor disclaims any liability to Recipient for claims
+ brought by any other entity based on infringement of intellectual
+ property rights or otherwise. As a condition to exercising the
+ rights and licenses granted hereunder, each Recipient hereby
+ assumes sole responsibility to secure any other intellectual
+ property rights needed, if any. For example, if a third party
+ patent license is required to allow Recipient to Distribute the
+ Program, it is Recipient's responsibility to acquire that license
+ before distributing the Program.
+
+ d) Each Contributor represents that to its knowledge it has
+ sufficient copyright rights in its Contribution, if any, to grant
+ the copyright license set forth in this Agreement.
+
+ e) Notwithstanding the terms of any Secondary License, no
+ Contributor makes additional grants to any Recipient (other than
+ those set forth in this Agreement) as a result of such Recipient's
+ receipt of the Program under the terms of a Secondary License
+ (if permitted under the terms of Section 3).
+
+3. REQUIREMENTS
+
+3.1 If a Contributor Distributes the Program in any form, then:
+
+ a) the Program must also be made available as Source Code, in
+ accordance with section 3.2, and the Contributor must accompany
+ the Program with a statement that the Source Code for the Program
+ is available under this Agreement, and informs Recipients how to
+ obtain it in a reasonable manner on or through a medium customarily
+ used for software exchange; and
+
+ b) the Contributor may Distribute the Program under a license
+ different than this Agreement, provided that such license:
+ i) effectively disclaims on behalf of all other Contributors all
+ warranties and conditions, express and implied, including
+ warranties or conditions of title and non-infringement, and
+ implied warranties or conditions of merchantability and fitness
+ for a particular purpose;
+
+ ii) effectively excludes on behalf of all other Contributors all
+ liability for damages, including direct, indirect, special,
+ incidental and consequential damages, such as lost profits;
+
+ iii) does not attempt to limit or alter the recipients' rights
+ in the Source Code under section 3.2; and
+
+ iv) requires any subsequent distribution of the Program by any
+ party to be under a license that satisfies the requirements
+ of this section 3.
+
+3.2 When the Program is Distributed as Source Code:
+
+ a) it must be made available under this Agreement, or if the
+ Program (i) is combined with other material in a separate file or
+ files made available under a Secondary License, and (ii) the initial
+ Contributor attached to the Source Code the notice described in
+ Exhibit A of this Agreement, then the Program may be made available
+ under the terms of such Secondary Licenses, and
+
+ b) a copy of this Agreement must be included with each copy of
+ the Program.
+
+3.3 Contributors may not remove or alter any copyright, patent,
+trademark, attribution notices, disclaimers of warranty, or limitations
+of liability ("notices") contained within the Program from any copy of
+the Program which they Distribute, provided that Contributors may add
+their own appropriate notices.
+
+4. COMMERCIAL DISTRIBUTION
+
+Commercial distributors of software may accept certain responsibilities
+with respect to end users, business partners and the like. While this
+license is intended to facilitate the commercial use of the Program,
+the Contributor who includes the Program in a commercial product
+offering should do so in a manner which does not create potential
+liability for other Contributors. Therefore, if a Contributor includes
+the Program in a commercial product offering, such Contributor
+("Commercial Contributor") hereby agrees to defend and indemnify every
+other Contributor ("Indemnified Contributor") against any losses,
+damages and costs (collectively "Losses") arising from claims, lawsuits
+and other legal actions brought by a third party against the Indemnified
+Contributor to the extent caused by the acts or omissions of such
+Commercial Contributor in connection with its distribution of the Program
+in a commercial product offering. The obligations in this section do not
+apply to any claims or Losses relating to any actual or alleged
+intellectual property infringement. In order to qualify, an Indemnified
+Contributor must: a) promptly notify the Commercial Contributor in
+writing of such claim, and b) allow the Commercial Contributor to control,
+and cooperate with the Commercial Contributor in, the defense and any
+related settlement negotiations. The Indemnified Contributor may
+participate in any such claim at its own expense.
+
+For example, a Contributor might include the Program in a commercial
+product offering, Product X. That Contributor is then a Commercial
+Contributor. If that Commercial Contributor then makes performance
+claims, or offers warranties related to Product X, those performance
+claims and warranties are such Commercial Contributor's responsibility
+alone. Under this section, the Commercial Contributor would have to
+defend claims against the other Contributors related to those performance
+claims and warranties, and if a court requires any other Contributor to
+pay any damages as a result, the Commercial Contributor must pay
+those damages.
+
+5. NO WARRANTY
+
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
+PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS"
+BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
+IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF
+TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE. Each Recipient is solely responsible for determining the
+appropriateness of using and distributing the Program and assumes all
+risks associated with its exercise of rights under this Agreement,
+including but not limited to the risks and costs of program errors,
+compliance with applicable laws, damage to or loss of data, programs
+or equipment, and unavailability or interruption of operations.
+
+6. DISCLAIMER OF LIABILITY
+
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
+PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS
+SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
+PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
+EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+7. GENERAL
+
+If any provision of this Agreement is invalid or unenforceable under
+applicable law, it shall not affect the validity or enforceability of
+the remainder of the terms of this Agreement, and without further
+action by the parties hereto, such provision shall be reformed to the
+minimum extent necessary to make such provision valid and enforceable.
+
+If Recipient institutes patent litigation against any entity
+(including a cross-claim or counterclaim in a lawsuit) alleging that the
+Program itself (excluding combinations of the Program with other software
+or hardware) infringes such Recipient's patent(s), then such Recipient's
+rights granted under Section 2(b) shall terminate as of the date such
+litigation is filed.
+
+All Recipient's rights under this Agreement shall terminate if it
+fails to comply with any of the material terms or conditions of this
+Agreement and does not cure such failure in a reasonable period of
+time after becoming aware of such noncompliance. If all Recipient's
+rights under this Agreement terminate, Recipient agrees to cease use
+and distribution of the Program as soon as reasonably practicable.
+However, Recipient's obligations under this Agreement and any licenses
+granted by Recipient relating to the Program shall continue and survive.
+
+Everyone is permitted to copy and distribute copies of this Agreement,
+but in order to avoid inconsistency the Agreement is copyrighted and
+may only be modified in the following manner. The Agreement Steward
+reserves the right to publish new versions (including revisions) of
+this Agreement from time to time. No one other than the Agreement
+Steward has the right to modify this Agreement. The Eclipse Foundation
+is the initial Agreement Steward. The Eclipse Foundation may assign the
+responsibility to serve as the Agreement Steward to a suitable separate
+entity. Each new version of the Agreement will be given a distinguishing
+version number. The Program (including Contributions) may always be
+Distributed subject to the version of the Agreement under which it was
+received. In addition, after a new version of the Agreement is published,
+Contributor may elect to Distribute the Program (including its
+Contributions) under the new version.
+
+Except as expressly stated in Sections 2(a) and 2(b) above, Recipient
+receives no rights or licenses to the intellectual property of any
+Contributor under this Agreement, whether expressly, by implication,
+estoppel or otherwise. All rights in the Program not expressly granted
+under this Agreement are reserved. Nothing in this Agreement is intended
+to be enforceable by any entity that is not a Contributor or Recipient.
+No third-party beneficiary rights are created under this Agreement.
+
+Exhibit A - Form of Secondary Licenses Notice
+
+"This Source Code may also be made available under the following
+Secondary Licenses when the conditions for such availability set forth
+in the Eclipse Public License, v. 2.0 are satisfied: {name license(s),
+version(s), and exceptions or additional permissions here}."
+
+ Simply including a copy of this Agreement, including this Exhibit A
+ is not sufficient to license the Source Code under Secondary Licenses.
+
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to
+ look for such a notice.
+
+ You may add additional accurate notices of copyright ownership.
diff --git a/poky/meta/lib/bblayers/create.py b/poky/meta/lib/bblayers/create.py
index 6a41fe0..c192316 100644
--- a/poky/meta/lib/bblayers/create.py
+++ b/poky/meta/lib/bblayers/create.py
@@ -53,7 +53,7 @@
example_template = read_template('example.bb')
example = os.path.join(layerdir, 'recipes-' + args.examplerecipe, args.examplerecipe)
bb.utils.mkdirhier(example)
- with open(os.path.join(example, args.examplerecipe + '.bb'), 'w') as fd:
+ with open(os.path.join(example, args.examplerecipe + '_%s.bb') % args.version, 'w') as fd:
fd.write(example_template)
logger.plain('Add your new layer with \'bitbake-layers add-layer %s\'' % args.layerdir)
@@ -63,4 +63,5 @@
parser_create_layer.add_argument('layerdir', help='Layer directory to create')
parser_create_layer.add_argument('--priority', '-p', default=6, help='Layer directory to create')
parser_create_layer.add_argument('--example-recipe-name', '-e', dest='examplerecipe', default='example', help='Filename of the example recipe')
+ parser_create_layer.add_argument('--example-recipe-version', '-v', dest='version', default='0.1', help='Version number for the example recipe')
diff --git a/poky/meta/lib/oeqa/core/decorator/__init__.py b/poky/meta/lib/oeqa/core/decorator/__init__.py
index 855b6b9..14d7bfc 100644
--- a/poky/meta/lib/oeqa/core/decorator/__init__.py
+++ b/poky/meta/lib/oeqa/core/decorator/__init__.py
@@ -2,15 +2,15 @@
# Released under the MIT license (see COPYING.MIT)
from functools import wraps
-from abc import abstractmethod
+from abc import abstractmethod, ABCMeta
decoratorClasses = set()
-def registerDecorator(obj):
- decoratorClasses.add(obj)
- return obj
+def registerDecorator(cls):
+ decoratorClasses.add(cls)
+ return cls
-class OETestDecorator(object):
+class OETestDecorator(object, metaclass=ABCMeta):
case = None # Reference of OETestCase decorated
attrs = None # Attributes to be loaded by decorator implementation
diff --git a/poky/meta/lib/oeqa/core/decorator/data.py b/poky/meta/lib/oeqa/core/decorator/data.py
index ff7bdd9..31c6dd6 100644
--- a/poky/meta/lib/oeqa/core/decorator/data.py
+++ b/poky/meta/lib/oeqa/core/decorator/data.py
@@ -61,10 +61,10 @@
attrs = ('var', 'value', 'msg')
def setUpDecorator(self):
- msg = ('Checking if %r value is in %r to run '
+ msg = ('Checking if %r value contains %r to run '
'the test' % (self.var, self.value))
self.logger.debug(msg)
- if not self.value in self.case.td.get(self.var):
+ if not self.value in (self.case.td.get(self.var) or ""):
self.case.skipTest(self.msg)
@registerDecorator
diff --git a/poky/meta/lib/oeqa/core/loader.py b/poky/meta/lib/oeqa/core/loader.py
index a4744de..98fc0f6 100644
--- a/poky/meta/lib/oeqa/core/loader.py
+++ b/poky/meta/lib/oeqa/core/loader.py
@@ -155,7 +155,16 @@
class_name = case.__class__.__name__
test_name = case._testMethodName
- if self.modules:
+ # 'auto' is a reserved key word to run test cases automatically
+ # warn users if their test case belong to a module named 'auto'
+ if module_name_small == "auto":
+ bb.warn("'auto' is a reserved key word for TEST_SUITES. "
+ "But test case '%s' is detected to belong to auto module. "
+ "Please condier using a new name for your module." % str(case))
+
+ # check if case belongs to any specified module
+ # if 'auto' is specified, such check is skipped
+ if self.modules and not 'auto' in self.modules:
module = None
try:
module = self.modules[module_name_small]
@@ -245,7 +254,7 @@
for tcName in testCaseNames:
case = self._getTestCase(testCaseClass, tcName)
# Filer by case id
- if not (self.tests and not 'all' in self.tests
+ if not (self.tests and not 'auto' in self.tests
and not getCaseID(case) in self.tests):
self._handleTestCaseDecorators(case)
@@ -309,14 +318,14 @@
module_name = module.__name__
# Normal test modules are loaded if no modules were specified,
- # if module is in the specified module list or if 'all' is in
+ # if module is in the specified module list or if 'auto' is in
# module list.
# Underscore modules are loaded only if specified in module list.
load_module = True if not module_name.startswith('_') \
and (not self.modules \
or module_name in self.modules \
or module_name_small in self.modules \
- or 'all' in self.modules) \
+ or 'auto' in self.modules) \
else False
load_underscore = True if module_name.startswith('_') \
diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py
index 151b99a..8ff1f6c 100644
--- a/poky/meta/lib/oeqa/core/target/ssh.py
+++ b/poky/meta/lib/oeqa/core/target/ssh.py
@@ -208,7 +208,7 @@
try:
if select.select([process.stdout], [], [], 5)[0] != []:
reader = codecs.getreader('utf-8')(process.stdout)
- data = reader.read(1024, 1024)
+ data = reader.read(1024, 4096)
if not data:
process.stdout.close()
eof = True
diff --git a/poky/meta/lib/oeqa/runtime/cases/multilib.py b/poky/meta/lib/oeqa/runtime/cases/multilib.py
index 8c167f1..8902038 100644
--- a/poky/meta/lib/oeqa/runtime/cases/multilib.py
+++ b/poky/meta/lib/oeqa/runtime/cases/multilib.py
@@ -27,6 +27,8 @@
@skipIfNotInDataVar('MULTILIBS', 'multilib:lib32',
"This isn't a multilib:lib32 image")
@OETestDepends(['ssh.SSHTest.test_ssh'])
+ @OEHasPackage(['binutils'])
+ @OEHasPackage(['lib32-libc6'])
def test_check_multilib_libc(self):
"""
Check that a multilib image has both 32-bit and 64-bit libc in.
@@ -36,6 +38,6 @@
@OETestID(279)
@OETestDepends(['multilib.MultilibTest.test_check_multilib_libc'])
- @OEHasPackage(['lib32-connman'])
+ @OEHasPackage(['lib32-connman', '!connman'])
def test_file_connman(self):
self.archtest("/usr/sbin/connmand", "ELF32")
diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py
index 05b94c7..84c59a6 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py
@@ -16,6 +16,7 @@
cls.skipTest('Tests require image to be build from rpm')
@OETestID(960)
+ @OEHasPackage(['rpm'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_rpm_help(self):
status, output = self.target.run('rpm --help')
diff --git a/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc b/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc
index 0524980..26c6d75 100644
--- a/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc
+++ b/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc
@@ -5,7 +5,7 @@
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-DEPENDS = "udev sysfsutils flex-native"
+DEPENDS = "udev sysfsutils flex-native bison-native"
RDEPENDS_${PN} = "udev module-init-tools"
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/pcmcia/${BP}.tar.xz"
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch b/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch
new file mode 100644
index 0000000..da7e27c
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch
@@ -0,0 +1,51 @@
+From 5c2e24a9ed54dfee77d1844a080e998b4affe916 Mon Sep 17 00:00:00 2001
+From: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Date: Sat, 2 Jun 2018 19:00:41 +0200
+Subject: [PATCH] efi_loader: avoid make race condition
+
+When U-Boot is built with 'make -j' there is not guarantee that targets in
+directory arch/ are built before targets in directory lib/. The current
+build instruction for EFI binaries in lib/ rely on dependencies in arch/.
+If $(EFI_CRT0) or $(EFI_RELOC) is not yet built before trying to build
+%.efi an error
+ *** No rule to make target '%.efi'
+occurs.
+
+With the patch separate copies of $(EFI_CRT0) and $(EFI_RELOC) named
+efi_crt0.o and efi_reloc.o are built in lib/efi_loader and
+lib/efi_selftest.
+
+Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Signed-off-by: Alexander Graf <agraf@suse.de>
+
+Upstream-Status: Backport from 2018.07
+
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ scripts/Makefile.lib | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
+index 8f19b2db56..f2f398c935 100644
+--- a/scripts/Makefile.lib
++++ b/scripts/Makefile.lib
+@@ -404,8 +404,14 @@ cmd_efi_ld = $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared \
+
+ EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS)
+
+-$(obj)/%_efi.so: $(obj)/%.o arch/$(ARCH)/lib/$(EFI_CRT0) \
+- arch/$(ARCH)/lib/$(EFI_RELOC)
++$(obj)/efi_crt0.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_CRT0:.o=.S)
++ $(call if_changed_dep,as_o_S)
++
++$(obj)/efi_reloc.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_RELOC:.o=.c) $(recordmcount_source) FORCE
++ $(call cmd,force_checksrc)
++ $(call if_changed_rule,cc_o_c)
++
++$(obj)/%_efi.so: $(obj)/%.o $(obj)/efi_crt0.o $(obj)/efi_reloc.o
+ $(call cmd,efi_ld)
+
+ # ACPI
+--
+2.17.1
+
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc
index d2073ea..11b82b7 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc
@@ -11,6 +11,7 @@
SRC_URI = "git://git.denx.de/u-boot.git \
file://MPC8315ERDB-enable-DHCP.patch \
+ file://0001-efi_loader-avoid-make-race-condition.patch \
"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc
index c2bcf99..95c2f4d 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc
@@ -7,8 +7,11 @@
inherit uboot-config uboot-extlinux-config uboot-sign deploy
+DEPENDS += "swig-native python-native"
+
EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}" V=1'
EXTRA_OEMAKE += 'HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}"'
+EXTRA_OEMAKE += 'PYTHON=nativepython STAGING_INCDIR=${STAGING_INCDIR_NATIVE} STAGING_LIBDIR=${STAGING_LIBDIR_NATIVE}'
PACKAGECONFIG ??= "openssl"
# u-boot will compile its own tools during the build, with specific
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
deleted file mode 100644
index 436520f..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
+++ /dev/null
@@ -1,1025 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/ap/ieee802_11.c | 16 +++++++++++++---
- src/ap/wpa_auth.c | 11 +++++++++++
- src/ap/wpa_auth.h | 3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h | 1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- struct ieee80211_ht_capabilities ht_cap;
- struct ieee80211_vht_capabilities vht_cap;
-+ int set = 1;
-
- /*
- * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- * FT-over-the-DS, where a station re-associates back to the same AP but
- * skips the authentication flow, or if working with a driver that
- * does not support full AP client state.
-+ *
-+ * Skip this if the STA has already completed FT reassociation and the
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for
-+ * the same key.
- */
-- if (!sta->added_unassoc)
-+ if (!sta->added_unassoc &&
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+ set = 0;
-+ }
-
- #ifdef CONFIG_IEEE80211N
- if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-- sta->added_unassoc)) {
-+ set)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- "Could not %s STA to kernel driver",
-- sta->added_unassoc ? "set" : "add");
-+ set ? "set" : "add");
-
- if (sta->added_unassoc) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- break;
- #endif /* CONFIG_IEEE80211R */
-+ case WPA_DRV_STA_REMOVED:
-+ sm->tk_already_set = FALSE;
-+ return 0;
- }
-
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
-
-
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+ return 0;
-+ return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- u8 *data, size_t data_len);
- enum wpa_event {
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- return;
- }
-
-+ if (sm->tk_already_set) {
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+ * PN in the driver */
-+ wpa_printf(MSG_DEBUG,
-+ "FT: Do not re-install same PTK to the driver");
-+ return;
-+ }
-+
- /* FIX: add STA entry to kernel/driver here? The set_key will fail
- * most likely without this.. At the moment, STA entry is added only
- * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
-
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- sm->pairwise_set = TRUE;
-+ sm->tk_already_set = TRUE;
- }
-
-
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
-
- sm->pairwise = pairwise;
- sm->PTK_valid = TRUE;
-+ sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
-
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
-+ Boolean tk_already_set;
- int keycount;
- Boolean Pair;
- struct wpa_key_replay_counter {
---
-2.7.4
-
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 11 +++++
- src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h | 4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- size_t tk_len;
- };
-
-+struct wpa_gtk {
-+ u8 gtk[WPA_GTK_MAX_LEN];
-+ size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+ u8 igtk[WPA_IGTK_MAX_LEN];
-+ size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
-
- /* WPA IE version 1
- * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
-+ /* Detect possible key reinstallation */
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+ gd->keyidx, gd->tx, gd->gtk_len);
-+ return 0;
-+ }
-+
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- return 0;
- }
-
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
-
-
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+ const struct wpa_igtk_kde *igtk)
-+{
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+ /* Detect possible key reinstallation */
-+ if (sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+ keyidx);
-+ return 0;
-+ }
-+
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+ keyidx, MAC2STR(igtk->pn));
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+ if (keyidx > 4095) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Invalid IGTK KeyID %d", keyidx);
-+ return -1;
-+ }
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+ broadcast_ether_addr,
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+ igtk->igtk, len) < 0) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Failed to configure IGTK to the driver");
-+ return -1;
-+ }
-+
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+ return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- if (ie->igtk) {
- size_t len;
- const struct wpa_igtk_kde *igtk;
-- u16 keyidx;
-+
- len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- return -1;
-+
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- keyidx = WPA_GET_LE16(igtk->keyid);
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
-- "pn %02x%02x%02x%02x%02x%02x",
-- keyidx, MAC2STR(igtk->pn));
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
-- igtk->igtk, len);
-- if (keyidx > 4095) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Invalid IGTK KeyID %d", keyidx);
-- return -1;
-- }
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igtk->pn, sizeof(igtk->pn),
-- igtk->igtk, len) < 0) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Failed to configure IGTK to the driver");
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
- }
-
- return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
- */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
-- int clear_ptk = 1;
-+ int clear_keys = 1;
-
- if (sm == NULL)
- return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- /* Prepare for the next transition */
- wpa_ft_prepare_auth_request(sm, NULL);
-
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_IEEE80211R */
-
-- if (clear_ptk) {
-+ if (clear_keys) {
- /*
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- }
-
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(sm->pmk, 0, sizeof(sm->pmk));
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
-- struct wpa_igtk_kde igd;
-- u16 keyidx;
--
-- os_memset(&igd, 0, sizeof(igd));
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
-- os_memcpy(igd.keyid, buf + 2, 2);
-- os_memcpy(igd.pn, buf + 4, 6);
--
-- keyidx = WPA_GET_LE16(igd.keyid);
-- os_memcpy(igd.igtk, buf + 10, keylen);
--
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
-- igd.igtk, keylen);
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igd.pn, sizeof(igd.pn),
-- igd.igtk, keylen) < 0) {
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
-- "WNM mode");
-- os_memset(&igd, 0, sizeof(igd));
-+ const struct wpa_igtk_kde *igtk;
-+
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- } else {
- wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+ struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+ struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
-
---
-2.7.4
-
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h | 2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
-
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const struct wpa_gtk_data *gd,
-- const u8 *key_rsc)
-+ const u8 *key_rsc, int wnm_sleep)
- {
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
- /* Detect possible key reinstallation */
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-- sm->gtk.gtk_len = gd->gtk_len;
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ if (wnm_sleep) {
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len);
-+ } else {
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ }
-
- return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- gtk_len, gtk_len,
- &gd.key_rsc_len, &gd.alg) ||
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: Failed to install GTK");
- os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
-
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-- const struct wpa_igtk_kde *igtk)
-+ const struct wpa_igtk_kde *igtk,
-+ int wnm_sleep)
- {
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- u16 keyidx = WPA_GET_LE16(igtk->keyid);
-
- /* Detect possible key reinstallation */
-- if (sm->igtk.igtk_len == len &&
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ if ((sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+ (sm->igtk_wnm_sleep.igtk_len == len &&
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- return -1;
- }
-
-- sm->igtk.igtk_len = len;
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ if (wnm_sleep) {
-+ sm->igtk_wnm_sleep.igtk_len = len;
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len);
-+ } else {
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ }
-
- return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- return -1;
-
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- return -1;
- }
-
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- key_rsc = null_rsc;
-
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- goto failed;
- os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- }
-
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
-
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- gd.gtk, gd.gtk_len);
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- os_memset(&gd, 0, sizeof(gd));
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- const struct wpa_igtk_kde *igtk;
-
- igtk = (const struct wpa_igtk_kde *) (buf + 2);
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- return -1;
- #endif /* CONFIG_IEEE80211W */
- } else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- struct wpa_gtk gtk;
-+ struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- struct wpa_igtk igtk;
-+ struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
---
-2.7.4
-
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c | 5 ++---
- src/rsn_supp/wpa_i.h | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- size_t kck_len;
- size_t kek_len;
- size_t tk_len;
-+ int installed; /* 1 if key has already been installed to driver */
- };
-
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- os_memset(buf, 0, sizeof(buf));
- }
- sm->tptk_set = 1;
-- sm->tk_to_set = 1;
-
- kde = sm->assoc_wpa_ie;
- kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- enum wpa_alg alg;
- const u8 *key_rsc;
-
-- if (!sm->tk_to_set) {
-+ if (sm->ptk.installed) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Do not re-install same PTK to the driver");
- return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-- sm->tk_to_set = 0;
-+ sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- struct wpa_ptk ptk, tptk;
- int ptk_set, tptk_set;
- unsigned int msg_3_of_4_ok:1;
-- unsigned int tk_to_set:1;
- u8 snonce[WPA_NONCE_LEN];
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- int renew_snonce;
---
-2.7.4
-
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
-
-
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+ wpa_printf(MSG_ERROR,
-+ "WPA: Failed to get random data for ANonce");
-+ sm->Disconnect = TRUE;
-+ return -1;
-+ }
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+ WPA_NONCE_LEN);
-+ sm->TimeoutCtr = 0;
-+ return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- SM_ENTER(WPA_PTK, AUTHENTICATION);
- else if (sm->ReAuthenticationRequest)
- SM_ENTER(WPA_PTK, AUTHENTICATION2);
-- else if (sm->PTKRequest)
-- SM_ENTER(WPA_PTK, PTKSTART);
-- else switch (sm->wpa_ptk_state) {
-+ else if (sm->PTKRequest) {
-+ if (wpa_auth_sm_ptk_update(sm) < 0)
-+ SM_ENTER(WPA_PTK, DISCONNECTED);
-+ else
-+ SM_ENTER(WPA_PTK, PTKSTART);
-+ } else switch (sm->wpa_ptk_state) {
- case WPA_PTK_INITIALIZE:
- break;
- case WPA_PTK_DISCONNECT:
---
-2.7.4
-
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- } tpk;
- int tpk_set;
-+ int tk_set; /* TPK-TK configured to the driver */
- int tpk_success;
- int tpk_in_progress;
-
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- u8 rsc[6];
- enum wpa_alg alg;
-
-+ if (peer->tk_set) {
-+ /*
-+ * This same TPK-TK has already been configured to the driver
-+ * and this new configuration attempt (likely due to an
-+ * unexpected retransmitted frame) would result in clearing
-+ * the TX/RX sequence number which can break security, so must
-+ * not allow that to happen.
-+ */
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+ " has already been configured to the driver - do not reconfigure",
-+ MAC2STR(peer->addr));
-+ return -1;
-+ }
-+
- os_memset(rsc, 0, 6);
-
- switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- return -1;
- }
-
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+ MAC2STR(peer->addr));
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- "driver");
- return -1;
- }
-+ peer->tk_set = 1;
- return 0;
- }
-
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- peer->cipher = 0;
- peer->qos_info = 0;
- peer->wmm_capable = 0;
-- peer->tpk_set = peer->tpk_success = 0;
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- peer->chan_switch_enabled = 0;
- os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- wpa_tdls_peer_free(sm, peer);
- return -1;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- peer->inonce, WPA_NONCE_LEN);
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
-
-
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+ int i;
-+
-+ for (i = 0; i < WPA_NONCE_LEN; i++) {
-+ if (nonce[i])
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- peer->rsnie_i_len = kde.rsn_ie_len;
- peer->cipher = cipher;
-
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+ !tdls_nonce_set(peer->inonce)) {
- /*
- * There is no point in updating the RNonce for every obtained
- * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- "TDLS: Failed to get random data for responder nonce");
- goto error;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- }
-
- #if 0
---
-2.7.4
-
-From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 1b3409c..67a07ff 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
-
- if (!wpa_s->wnmsleep_used) {
- wpa_printf(MSG_DEBUG,
-- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- return;
- }
-
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- return;
- }
-
-+ wpa_s->wnmsleep_used = 0;
-+
- if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
---
-2.7.4
-
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+ sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
-
- /* Keys are not needed in the WPA state machine anymore */
- wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- u16 capab;
-
- sm->ft_completed = 0;
-+ sm->ft_reassoc_completed = 0;
-
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ if (sm->ft_reassoc_completed) {
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+ return 0;
-+ }
-+
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ sm->ft_reassoc_completed = 1;
-+
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- return -1;
-
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- size_t r0kh_id_len;
- u8 r1kh_id[FT_R1KH_ID_LEN];
- int ft_completed;
-+ int ft_reassoc_completed;
- int over_the_ds_in_progress;
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- int set_ptk_after_assoc;
---
-2.7.4
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
new file mode 100644
index 0000000..d4d49e7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
@@ -0,0 +1,191 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
new file mode 100644
index 0000000..501bb4b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
@@ -0,0 +1,267 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
new file mode 100644
index 0000000..2e22655
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
@@ -0,0 +1,201 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
new file mode 100644
index 0000000..6c19486
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
@@ -0,0 +1,96 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
new file mode 100644
index 0000000..b262dca
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
@@ -0,0 +1,81 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
new file mode 100644
index 0000000..15183f4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
@@ -0,0 +1,149 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
new file mode 100644
index 0000000..2e12bc7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
@@ -0,0 +1,60 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
new file mode 100644
index 0000000..7f5390c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
@@ -0,0 +1,99 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index d6d4206..e684537 100644
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -24,7 +24,14 @@
file://wpa_supplicant.conf \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
- file://key-replay-cve-multiple.patch \
+ file://key-replay-cve-multiple1.patch \
+ file://key-replay-cve-multiple2.patch \
+ file://key-replay-cve-multiple3.patch \
+ file://key-replay-cve-multiple4.patch \
+ file://key-replay-cve-multiple5.patch \
+ file://key-replay-cve-multiple6.patch \
+ file://key-replay-cve-multiple7.patch \
+ file://key-replay-cve-multiple8.patch \
"
SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
new file mode 100644
index 0000000..da6dfa8
--- /dev/null
+++ b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
@@ -0,0 +1,106 @@
+busybox-1.27.2: Fix lzma segfaults
+
+[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
+
+libarchive: check buffer index in lzma_decompress
+
+With specific defconfig busybox fails to check zip fileheader magic
+(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
+for decompression which leads to segmentation fault. It prevents accessing into
+buffer, which is smaller than pos index. Patch includes multiple segmentation
+fault fixes.
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
+bug: 10436 10871
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
+index a904087..29eee2a 100644
+--- a/archival/libarchive/decompress_unlzma.c
++++ b/archival/libarchive/decompress_unlzma.c
+@@ -11,6 +11,14 @@
+ #include "libbb.h"
+ #include "bb_archive.h"
+
++
++#if 0
++# define dbg(...) bb_error_msg(__VA_ARGS__)
++#else
++# define dbg(...) ((void)0)
++#endif
++
++
+ #if ENABLE_FEATURE_LZMA_FAST
+ # define speed_inline ALWAYS_INLINE
+ # define size_inline
+@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ rc_t *rc;
+ int i;
+ uint8_t *buffer;
++ uint32_t buffer_size;
+ uint8_t previous_byte = 0;
+ size_t buffer_pos = 0, global_pos = 0;
+ int len = 0;
+@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ if (header.dict_size == 0)
+ header.dict_size++;
+
+- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
++ buffer_size = MIN(header.dst_size, header.dict_size);
++ buffer = xmalloc(buffer_size);
+
+ {
+ int num_probs;
+@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
+
+ pos = buffer_pos - rep0;
+- if ((int32_t)pos < 0)
++ if ((int32_t)pos < 0) {
+ pos += header.dict_size;
++ /* see unzip_bad_lzma_2.zip: */
++ if (pos >= buffer_size)
++ goto bad;
++ }
+ previous_byte = buffer[pos];
+ goto one_byte1;
+ #else
+@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
+ rep0 = (rep0 << 1) | rc_direct_bit(rc);
+ rep0 <<= LZMA_NUM_ALIGN_BITS;
++ if ((int32_t)rep0 < 0) {
++ dbg("%d rep0:%d", __LINE__, rep0);
++ goto bad;
++ }
+ prob3 = p + LZMA_ALIGN;
+ }
+ i2 = 1;
+@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ IF_NOT_FEATURE_LZMA_FAST(string:)
+ do {
+ uint32_t pos = buffer_pos - rep0;
+- if ((int32_t)pos < 0)
++ if ((int32_t)pos < 0) {
+ pos += header.dict_size;
++ /* more stringent test (see unzip_bad_lzma_1.zip): */
++ if (pos >= buffer_size)
++ goto bad;
++ }
+ previous_byte = buffer[pos];
+ IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
+ buffer[buffer_pos++] = previous_byte;
+@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ IF_DESKTOP(total_written += buffer_pos;)
+ if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
+ bad:
++ /* One of our users, bbunpack(), expects _us_ to emit
++ * the error message (since it's the best place to give
++ * potentially more detailed information).
++ * Do not fail silently.
++ */
++ bb_error_msg("corrupted data");
+ total_written = -1; /* failure */
+ }
+ rc_free(rc);
+
diff --git a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
new file mode 100644
index 0000000..9fe7998
--- /dev/null
+++ b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
@@ -0,0 +1,40 @@
+Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
+
+From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
+From: Shawn Landden <slandden@gmail.com>
+Date: Mon, 8 Jan 2018 13:31:58 +0100
+Subject: [PATCH] umount: ignore -c
+Organization: O.S. Systems Software LTDA.
+
+"-c, --no-canonicalize: Do not canonicalize paths."
+
+As busybox doesn't canonicalize paths in the first place it is safe to ignore
+this option.
+
+See https://github.com/systemd/systemd/issues/7786
+
+Signed-off-by: Shawn Landden <slandden@gmail.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ util-linux/umount.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/util-linux/umount.c b/util-linux/umount.c
+index 0c50dc9ee..0425c5b76 100644
+--- a/util-linux/umount.c
++++ b/util-linux/umount.c
+@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
+ }
+ #endif
+
+-/* ignored: -v -t -i */
+-#define OPTION_STRING "fldnra" "vt:i"
++/* ignored: -c -v -t -i */
++#define OPTION_STRING "fldnra" "cvt:i"
+ #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
+ #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
+ #define OPT_FREELOOP (1 << 2)
+--
+2.18.0
+
diff --git a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
index 36a6342..1ce4823 100644
--- a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
@@ -45,6 +45,8 @@
file://CVE-2011-5325.patch \
file://CVE-2017-15873.patch \
file://busybox-CVE-2017-16544.patch \
+ file://busybox-fix-lzma-segfaults.patch \
+ file://umount-ignore-c.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
index 0b8acc5..4704f32 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
@@ -26,7 +26,7 @@
EXTRA_OECONF_class-native = "--without-gmp"
EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
-EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch"
+EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname"
# acl and xattr are not default features
#
diff --git a/poky/meta/recipes-core/dropbear/dropbear/init b/poky/meta/recipes-core/dropbear/dropbear/init
index f6e1c46..ffab7a2 100755
--- a/poky/meta/recipes-core/dropbear/dropbear/init
+++ b/poky/meta/recipes-core/dropbear/dropbear/init
@@ -17,8 +17,11 @@
DESC="Dropbear SSH server"
PIDFILE=/var/run/dropbear.pid
+# These values may be replaced by those from /etc/default/dropbear
+DROPBEAR_RSAKEY_DIR="/etc/dropbear"
DROPBEAR_PORT=22
DROPBEAR_EXTRA_ARGS=
+DROPBEAR_RSAKEY_ARGS=
NO_START=0
set -e
@@ -28,32 +31,19 @@
test -x "$DAEMON" || exit 0
test ! -h /var/service/dropbear || exit 0
-readonly_rootfs=0
-for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
- case $flag in
- ro)
- readonly_rootfs=1
- ;;
- esac
-done
-
-if [ $readonly_rootfs = "1" ]; then
- mkdir -p /var/lib/dropbear
- DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-else
- DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-fi
-
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
- DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+ DROPBEAR_RSAKEY="${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key"
gen_keys() {
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
rm $DROPBEAR_RSAKEY || true
fi
- test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+ if [ ! -f "$DROPBEAR_RSAKEY" ]; then
+ mkdir -p ${DROPBEAR_RSAKEY%/*}
+ dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+ fi
}
case "$1" in
diff --git a/poky/meta/recipes-core/glibc/glibc-locale.inc b/poky/meta/recipes-core/glibc/glibc-locale.inc
index b3cb10b..e50e5cf 100644
--- a/poky/meta/recipes-core/glibc/glibc-locale.inc
+++ b/poky/meta/recipes-core/glibc/glibc-locale.inc
@@ -74,23 +74,22 @@
do_install () {
mkdir -p ${D}${bindir} ${D}${datadir} ${D}${libdir}
if [ -n "$(ls ${LOCALETREESRC}/${bindir})" ]; then
- cp -fpPR ${LOCALETREESRC}/${bindir}/* ${D}${bindir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${bindir}/* ${D}${bindir}
fi
if [ -n "$(ls ${LOCALETREESRC}/${localedir})" ]; then
mkdir -p ${D}${localedir}
- cp -fpPR ${LOCALETREESRC}/${localedir}/* ${D}${localedir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${localedir}/* ${D}${localedir}
fi
if [ -e ${LOCALETREESRC}/${libdir}/gconv ]; then
- cp -fpPR ${LOCALETREESRC}/${libdir}/gconv ${D}${libdir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${libdir}/gconv ${D}${libdir}
fi
if [ -e ${LOCALETREESRC}/${datadir}/i18n ]; then
- cp -fpPR ${LOCALETREESRC}/${datadir}/i18n ${D}${datadir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${datadir}/i18n ${D}${datadir}
fi
if [ -e ${LOCALETREESRC}/${datadir}/locale ]; then
- cp -fpPR ${LOCALETREESRC}/${datadir}/locale ${D}${datadir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${datadir}/locale ${D}${datadir}
fi
- chown root:root -R ${D}
- cp -fpPR ${LOCALETREESRC}/SUPPORTED ${WORKDIR}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/SUPPORTED ${WORKDIR}
}
inherit libc-package
diff --git a/poky/meta/recipes-core/glibc/glibc-package.inc b/poky/meta/recipes-core/glibc/glibc-package.inc
index 728bc53..c1d186a 100644
--- a/poky/meta/recipes-core/glibc/glibc-package.inc
+++ b/poky/meta/recipes-core/glibc/glibc-package.inc
@@ -137,7 +137,6 @@
}
do_install_armmultilib () {
-
oe_multilib_header bits/endian.h bits/fcntl.h bits/fenv.h bits/fp-fast.h bits/hwcap.h bits/ipc.h bits/link.h bits/wordsize.h
oe_multilib_header bits/local_lim.h bits/mman.h bits/msq.h bits/pthreadtypes.h bits/pthreadtypes-arch.h bits/sem.h bits/semaphore.h bits/setjmp.h
oe_multilib_header bits/shm.h bits/sigstack.h bits/stat.h bits/statfs.h bits/typesizes.h
diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch
new file mode 100644
index 0000000..d873c51
--- /dev/null
+++ b/poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch
@@ -0,0 +1,178 @@
+From cd66c0e584c6d692bc8347b5e72723d02b8a8ada Mon Sep 17 00:00:00 2001
+From: Andrew Senkevich <andrew.n.senkevich@gmail.com>
+Date: Fri, 23 Mar 2018 16:19:45 +0100
+Subject: [PATCH] Fix i386 memmove issue (bug 22644).
+
+ [BZ #22644]
+ * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
+ branch conditions.
+ * string/test-memmove.c (do_test2): New testcase.
+
+Upstream-Status: Backport
+CVE: CVE-2017-18269
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ ChangeLog | 8 +++
+ string/test-memmove.c | 58 ++++++++++++++++++++++
+ .../i386/i686/multiarch/memcpy-sse2-unaligned.S | 12 ++---
+ 3 files changed, 72 insertions(+), 6 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 18ed09e..afdb766 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,11 @@
++2018-03-23 Andrew Senkevich <andrew.senkevich@intel.com>
++ Max Horn <max@quendi.de>
++
++ [BZ #22644]
++ * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
++ branch conditions.
++ * string/test-memmove.c (do_test2): New testcase.
++
+ 2018-02-22 Andrew Waterman <andrew@sifive.com>
+
+ [BZ # 22884]
+diff --git a/string/test-memmove.c b/string/test-memmove.c
+index edc7a4c..64e3651 100644
+--- a/string/test-memmove.c
++++ b/string/test-memmove.c
+@@ -24,6 +24,7 @@
+ # define TEST_NAME "memmove"
+ #endif
+ #include "test-string.h"
++#include <support/test-driver.h>
+
+ char *simple_memmove (char *, const char *, size_t);
+
+@@ -245,6 +246,60 @@ do_random_tests (void)
+ }
+ }
+
++static void
++do_test2 (void)
++{
++ size_t size = 0x20000000;
++ uint32_t * large_buf;
++
++ large_buf = mmap ((void*) 0x70000000, size, PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANON, -1, 0);
++
++ if (large_buf == MAP_FAILED)
++ error (EXIT_UNSUPPORTED, errno, "Large mmap failed");
++
++ if ((uintptr_t) large_buf > 0x80000000 - 128
++ || 0x80000000 - (uintptr_t) large_buf > 0x20000000)
++ {
++ error (0, 0, "Large mmap allocated improperly");
++ ret = EXIT_UNSUPPORTED;
++ munmap ((void *) large_buf, size);
++ return;
++ }
++
++ size_t bytes_move = 0x80000000 - (uintptr_t) large_buf;
++ size_t arr_size = bytes_move / sizeof (uint32_t);
++ size_t i;
++
++ FOR_EACH_IMPL (impl, 0)
++ {
++ for (i = 0; i < arr_size; i++)
++ large_buf[i] = (uint32_t) i;
++
++ uint32_t * dst = &large_buf[33];
++
++#ifdef TEST_BCOPY
++ CALL (impl, (char *) large_buf, (char *) dst, bytes_move);
++#else
++ CALL (impl, (char *) dst, (char *) large_buf, bytes_move);
++#endif
++
++ for (i = 0; i < arr_size; i++)
++ {
++ if (dst[i] != (uint32_t) i)
++ {
++ error (0, 0,
++ "Wrong result in function %s dst \"%p\" src \"%p\" offset \"%zd\"",
++ impl->name, dst, large_buf, i);
++ ret = 1;
++ break;
++ }
++ }
++ }
++
++ munmap ((void *) large_buf, size);
++}
++
+ int
+ test_main (void)
+ {
+@@ -284,6 +339,9 @@ test_main (void)
+ }
+
+ do_random_tests ();
++
++ do_test2 ();
++
+ return ret;
+ }
+
+diff --git a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S
+index 9c3bbe7..9aa17de 100644
+--- a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S
++++ b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S
+@@ -72,7 +72,7 @@ ENTRY (MEMCPY)
+ cmp %edx, %eax
+
+ # ifdef USE_AS_MEMMOVE
+- jg L(check_forward)
++ ja L(check_forward)
+
+ L(mm_len_0_or_more_backward):
+ /* Now do checks for lengths. We do [0..16], [16..32], [32..64], [64..128]
+@@ -81,7 +81,7 @@ L(mm_len_0_or_more_backward):
+ jbe L(mm_len_0_16_bytes_backward)
+
+ cmpl $32, %ecx
+- jg L(mm_len_32_or_more_backward)
++ ja L(mm_len_32_or_more_backward)
+
+ /* Copy [0..32] and return. */
+ movdqu (%eax), %xmm0
+@@ -92,7 +92,7 @@ L(mm_len_0_or_more_backward):
+
+ L(mm_len_32_or_more_backward):
+ cmpl $64, %ecx
+- jg L(mm_len_64_or_more_backward)
++ ja L(mm_len_64_or_more_backward)
+
+ /* Copy [0..64] and return. */
+ movdqu (%eax), %xmm0
+@@ -107,7 +107,7 @@ L(mm_len_32_or_more_backward):
+
+ L(mm_len_64_or_more_backward):
+ cmpl $128, %ecx
+- jg L(mm_len_128_or_more_backward)
++ ja L(mm_len_128_or_more_backward)
+
+ /* Copy [0..128] and return. */
+ movdqu (%eax), %xmm0
+@@ -132,7 +132,7 @@ L(mm_len_128_or_more_backward):
+ add %ecx, %eax
+ cmp %edx, %eax
+ movl SRC(%esp), %eax
+- jle L(forward)
++ jbe L(forward)
+ PUSH (%esi)
+ PUSH (%edi)
+ PUSH (%ebx)
+@@ -269,7 +269,7 @@ L(check_forward):
+ add %edx, %ecx
+ cmp %eax, %ecx
+ movl LEN(%esp), %ecx
+- jle L(forward)
++ jbe L(forward)
+
+ /* Now do checks for lengths. We do [0..16], [0..32], [0..64], [0..128]
+ separately. */
+--
+2.9.3
diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch
new file mode 100644
index 0000000..e2bb40b
--- /dev/null
+++ b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch
@@ -0,0 +1,164 @@
+From 5460617d1567657621107d895ee2dd83bc1f88f2 Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Tue, 8 May 2018 18:12:41 -0700
+Subject: [PATCH] Fix BZ 22786: integer addition overflow may cause stack
+ buffer overflow when realpath() input length is close to SSIZE_MAX.
+
+2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #22786]
+ * stdlib/canonicalize.c (__realpath): Fix overflow in path length
+ computation.
+ * stdlib/Makefile (test-bz22786): New test.
+ * stdlib/test-bz22786.c: New test.
+
+CVE: CVE-2018-11236
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ ChangeLog | 8 +++++
+ stdlib/Makefile | 2 +-
+ stdlib/canonicalize.c | 2 +-
+ stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 100 insertions(+), 2 deletions(-)
+ create mode 100644 stdlib/test-bz22786.c
+
+diff --git a/ChangeLog b/ChangeLog
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,11 @@
++2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
++
++ [BZ #22786]
++ * stdlib/canonicalize.c (__realpath): Fix overflow in path length
++ computation.
++ * stdlib/Makefile (test-bz22786): New test.
++ * stdlib/test-bz22786.c: New test.
++
+ 2018-03-23 Andrew Senkevich <andrew.senkevich@intel.com>
+ Max Horn <max@quendi.de>
+
+diff --git a/stdlib/Makefile b/stdlib/Makefile
+index af1643c..1ddb1f9 100644
+--- a/stdlib/Makefile
++++ b/stdlib/Makefile
+@@ -84,7 +84,7 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \
+ tst-cxa_atexit tst-on_exit test-atexit-race \
+ test-at_quick_exit-race test-cxa_atexit-race \
+ test-on_exit-race test-dlclose-exit-race \
+- tst-makecontext-align
++ tst-makecontext-align test-bz22786
+
+ tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \
+ tst-tls-atexit tst-tls-atexit-nodelete
+diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
+index 4135f3f..390fb43 100644
+--- a/stdlib/canonicalize.c
++++ b/stdlib/canonicalize.c
+@@ -181,7 +181,7 @@ __realpath (const char *name, char *resolved)
+ extra_buf = __alloca (path_max);
+
+ len = strlen (end);
+- if ((long int) (n + len) >= path_max)
++ if (path_max - n <= len)
+ {
+ __set_errno (ENAMETOOLONG);
+ goto error;
+diff --git a/stdlib/test-bz22786.c b/stdlib/test-bz22786.c
+new file mode 100644
+index 0000000..e7837f9
+--- /dev/null
++++ b/stdlib/test-bz22786.c
+@@ -0,0 +1,90 @@
++/* Bug 22786: test for buffer overflow in realpath.
++ Copyright (C) 2018 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++/* This file must be run from within a directory called "stdlib". */
++
++#include <errno.h>
++#include <limits.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <support/test-driver.h>
++#include <libc-diag.h>
++
++static int
++do_test (void)
++{
++ const char dir[] = "bz22786";
++ const char lnk[] = "bz22786/symlink";
++
++ rmdir (dir);
++ if (mkdir (dir, 0755) != 0 && errno != EEXIST)
++ {
++ printf ("mkdir %s: %m\n", dir);
++ return EXIT_FAILURE;
++ }
++ if (symlink (".", lnk) != 0 && errno != EEXIST)
++ {
++ printf ("symlink (%s, %s): %m\n", dir, lnk);
++ return EXIT_FAILURE;
++ }
++
++ const size_t path_len = (size_t) INT_MAX + 1;
++
++ DIAG_PUSH_NEEDS_COMMENT;
++#if __GNUC_PREREQ (7, 0)
++ /* GCC 7 warns about too-large allocations; here we need such
++ allocation to succeed for the test to work. */
++ DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than=");
++#endif
++ char *path = malloc (path_len);
++ DIAG_POP_NEEDS_COMMENT;
++
++ if (path == NULL)
++ {
++ printf ("malloc (%zu): %m\n", path_len);
++ return EXIT_UNSUPPORTED;
++ }
++
++ /* Construct very long path = "bz22786/symlink/aaaa....." */
++ char *p = mempcpy (path, lnk, sizeof (lnk) - 1);
++ *(p++) = '/';
++ memset (p, 'a', path_len - (path - p) - 2);
++ p[path_len - (path - p) - 1] = '\0';
++
++ /* This call crashes before the fix for bz22786 on 32-bit platforms. */
++ p = realpath (path, NULL);
++
++ if (p != NULL || errno != ENAMETOOLONG)
++ {
++ printf ("realpath: %s (%m)", p);
++ return EXIT_FAILURE;
++ }
++
++ /* Cleanup. */
++ unlink (lnk);
++ rmdir (dir);
++
++ return 0;
++}
++
++#define TEST_FUNCTION do_test
++#include <support/test-driver.c>
+--
+2.9.3
diff --git a/poky/meta/recipes-core/glibc/glibc_2.27.bb b/poky/meta/recipes-core/glibc/glibc_2.27.bb
index c814798..22a9881 100644
--- a/poky/meta/recipes-core/glibc/glibc_2.27.bb
+++ b/poky/meta/recipes-core/glibc/glibc_2.27.bb
@@ -45,6 +45,8 @@
file://0028-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
file://0029-Replace-strncpy-with-memccpy-to-fix-Wstringop-trunca.patch \
file://0030-plural_c_no_preprocessor_lines.patch \
+ file://CVE-2017-18269.patch \
+ file://CVE-2018-11236.patch \
"
NATIVESDKFIXES ?= ""
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index db2f58d..1e78f4f 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@
inherit core-image module-base setuptools3
-SRCREV ?= "14d62d5c14e3552f2aeabdbd80d1504bb2c6ed64"
+SRCREV ?= "2464dd404041a7a00b18e42950cbf4719180141d"
SRC_URI = "git://git.yoctoproject.org/poky;branch=sumo \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/poky/meta/recipes-core/initrdscripts/files/init-install.sh b/poky/meta/recipes-core/initrdscripts/files/init-install.sh
index 28e8f09..e715796 100644
--- a/poky/meta/recipes-core/initrdscripts/files/init-install.sh
+++ b/poky/meta/recipes-core/initrdscripts/files/init-install.sh
@@ -302,6 +302,8 @@
GRUBCFG="/boot/grub/grub.cfg"
mkdir -p $(dirname $GRUBCFG)
cat >$GRUBCFG <<_EOF
+timeout=5
+default=0
menuentry "Linux" {
search --no-floppy --fs-uuid $boot_uuid --set root
linux /$kernel root=PARTUUID=$root_part_uuid $rootwait rw $5 $3 $4 quiet
diff --git a/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh b/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh
index fe6c196..be9f597 100755
--- a/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh
+++ b/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh
@@ -67,9 +67,12 @@
then
if test -x /usr/sbin/rpcbind
then
- echo -n "Starting rpcbind... "
- start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind
- sleep 2
+ service rpcbind status > /dev/null
+ if [ $? != 0 ]; then
+ echo -n "Starting rpcbind..."
+ start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind
+ sleep 2
+ fi
fi
fi
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb
index 2fb90a6..deb3488 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb
@@ -44,7 +44,12 @@
RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
-RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us glibc-gconv-ibm1141 glibc-gconv-iso8859-5"
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us \
+ glibc-gconv-ibm1141 \
+ glibc-gconv-iso8859-5 \
+ glibc-gconv-euc-jp \
+ locale-base-en-us \
+ "
export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}"
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
new file mode 100644
index 0000000..342fcc6
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
@@ -0,0 +1,71 @@
+From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-truncation" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to bounded string manipulation functions such as strncat,
+> strncpy, and stpncpy that may either truncate the copied string or leave
+> the destination unchanged.
+
+It breaks the BaseTools build with:
+
+> EfiUtilityMsgs.c: In function 'PrintMessage':
+> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The right way to fix the warning would be to implement string concat with
+snprintf(). However, Microsoft does not appear to support snprintf()
+before VS2015
+<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>,
+so we just have to shut up the warning. The strncat() calls flagged above
+are valid BTW.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
new file mode 100644
index 0000000..a076665
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
@@ -0,0 +1,102 @@
+From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wrestrict" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn when an object referenced by a restrict-qualified parameter (or, in
+> C++, a __restrict-qualified parameter) is aliased by another argument,
+> or when copies between such objects overlap.
+
+It breaks the BaseTools build (in the Brotli compression library) with:
+
+> In function 'ProcessCommandsInternal',
+> inlined from 'ProcessCommands' at dec/decode.c:1828:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> In function 'ProcessCommandsInternal',
+> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail,
+and concluded that the warning is a false positive:
+
+> This seems safe to me, because it's preceded by:
+>
+> uint8_t* copy_dst = &s->ringbuffer[pos];
+> uint8_t* copy_src = &s->ringbuffer[src_start];
+> int dst_end = pos + i;
+> int src_end = src_start + i;
+> if (src_end > pos && dst_end > src_start) {
+> /* Regions intersect. */
+> goto CommandPostWrapCopy;
+> }
+>
+> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then
+> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i).
+>
+> The if seems okay:
+>
+> (src_start + i > pos && pos + i > src_start)
+>
+> which can be rewritten to:
+>
+> (pos < src_start + i && src_start < pos + i)
+>
+> Then the numbers are in one of these two orders:
+>
+> pos <= src_start < pos + i <= src_start + i
+> src_start <= pos < src_start + i <= pos + i
+>
+> These two would be allowed by the "if", but they can only happen if pos
+> == src_start so they degenerate to the same two orders above:
+>
+> pos <= src_start < src_start + i <= pos + i
+> src_start <= pos < pos + i <= src_start + i
+>
+> So it is a false positive in GCC.
+
+Disable the warning for now.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
new file mode 100644
index 0000000..920723e
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
@@ -0,0 +1,53 @@
+From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 7 Mar 2018 10:17:28 +0100
+Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx"
+ options on OSX
+
+I recently added the gcc-8 specific "-Wno-stringop-truncation" and
+"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 /
+clang, OSX) and otherwise (gcc, Linux / Cygwin).
+
+I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does
+not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and
+"-Wno-restrict" options, yet the build completed fine (by GCC design).
+
+Regarding OSX, my expectation was that
+
+- XCODE5 / clang would either recognize these warnings options (because
+ clang does recognize most -W options of gcc),
+
+- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags
+ that it didn't recognize.
+
+Neither is the case; the new flags have broken the BaseTools build on OSX.
+Revert them (for OSX only).
+
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Liming Gao <liming.gao@intel.com>
+Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231
+Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
new file mode 100644
index 0000000..7ad7cdf
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
@@ -0,0 +1,66 @@
+From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow"
+ warning with memcpy()
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-overflow" in "-Wall". This warning is documented in detail at
+<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to string manipulation functions such as memcpy and
+> strcpy that are determined to overflow the destination buffer.
+
+It breaks the BaseTools build with:
+
+> GenVtf.c: In function 'ConvertVersionInfo':
+> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length
+> of the source argument [-Werror=stringop-overflow=]
+> strncpy (TemStr + 4 - Length, Str, Length);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> GenVtf.c:130:14: note: length computed here
+> Length = strlen(Str);
+> ^~~~~~~~~~~
+
+It is a false positive because, while the bound equals the length of the
+source argument, the destination pointer is moved back towards the
+beginning of the destination buffer by the same amount (and this amount is
+range-checked first, so we can't precede the start of the dest buffer).
+
+Replace both strncpy() calls with memcpy().
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c
+index 2ae9a7be2c..0cd33e71e9 100644
+--- a/BaseTools/Source/C/GenVtf/GenVtf.c
++++ b/BaseTools/Source/C/GenVtf/GenVtf.c
+@@ -129,9 +129,9 @@ Returns:
+ } else {
+ Length = strlen(Str);
+ if (Length < 4) {
+- strncpy (TemStr + 4 - Length, Str, Length);
++ memcpy (TemStr + 4 - Length, Str, Length);
+ } else {
+- strncpy (TemStr, Str + Length - 4, 4);
++ memcpy (TemStr, Str + Length - 4, 4);
+ }
+
+ sscanf (
+--
+2.17.0
+
diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb
index 8750b3c..e57fa09 100644
--- a/poky/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb
@@ -19,6 +19,10 @@
file://0004-ovmf-enable-long-path-file.patch \
file://VfrCompile-increase-path-length-limit.patch \
file://no-stack-protector-all-archs.patch \
+ file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \
+ file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \
+ file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \
+ file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
@@ -35,7 +39,7 @@
inherit deploy
-PARALLEL_MAKE_class-native = ""
+PARALLEL_MAKE = ""
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-core/systemd/systemd_237.bb b/poky/meta/recipes-core/systemd/systemd_237.bb
index 2e6558d..a409b18 100644
--- a/poky/meta/recipes-core/systemd/systemd_237.bb
+++ b/poky/meta/recipes-core/systemd/systemd_237.bb
@@ -312,7 +312,7 @@
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
-GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
+GROUPADD_PARAM_${PN} = "-r systemd-journal"
USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;"
FILES_${PN}-analyze = "${bindir}/systemd-analyze"
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.30.inc b/poky/meta/recipes-devtools/binutils/binutils-2.30.inc
index 9c883ac..37243db 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -35,6 +35,18 @@
file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
file://0014-Detect-64-bit-MIPS-targets.patch \
file://0015-sync-with-OE-libtool-changes.patch \
+ file://CVE-2018-8945.patch \
+ file://CVE-2018-7643.patch \
+ file://CVE-2018-6872.patch \
+ file://CVE-2018-6759.patch \
+ file://CVE-2018-7642.patch \
+ file://CVE-2018-7208.patch \
+ file://CVE-2018-7569.patch \
+ file://CVE-2018-7568.patch \
+ file://CVE-2018-10373.patch \
+ file://CVE-2018-10372.patch \
+ file://CVE-2018-10535.patch \
+ file://CVE-2018-10534.patch \
"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch
new file mode 100644
index 0000000..053e9d8
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch
@@ -0,0 +1,58 @@
+From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 12:35:55 +0100
+Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
+ information.
+
+ PR 23064
+ * dwarf.c (process_cu_tu_index): Test for a potential buffer
+ overrun before copying signature pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10372
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/dwarf.c | 13 ++++++++++++-
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_sectio
+ }
+
+ if (!do_display)
+- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
++ {
++ size_t num_copy = sizeof (uint64_t);
++
++ /* PR 23064: Beware of buffer overflow. */
++ if (ph + num_copy < limit)
++ memcpy (&this_set[row - 1].signature, ph, num_copy);
++ else
++ {
++ warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
++ return 0;
++ }
++ }
+
+ prow = poffsets + (row - 1) * ncols * 4;
+ /* PR 17531: file: b8ce60a8. */
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-17 Nick Clifton <nickc@redhat.com>
++
++ PR 23064
++ * dwarf.c (process_cu_tu_index): Test for a potential buffer
++ overrun before copying signature pointer.
++
+ 2018-01-27 Nick Clifton <nickc@redhat.com>
+
+ Back to development.
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
new file mode 100644
index 0000000..d547cf1
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+
+ PR 23065
+ * dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1565,7 +1565,7 @@ concat_filename (struct line_info_table
+ {
+ char *filename;
+
+- if (file - 1 >= table->num_files)
++ if (table == NULL || file - 1 >= table->num_files)
+ {
+ /* FILE == 0 means unknown. */
+ if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-04-17 Nick Clifton <nickc@redhat.com>
++
++ PR 23065
++ * dwarf2.c (concat_filename): Check for a NULL table pointer.
++
+ 2018-01-29 Alan Modra <amodra@gmail.com>
+
+ PR 22741
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch
new file mode 100644
index 0000000..6847020
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch
@@ -0,0 +1,3429 @@
+From aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:31:27 +0100
+Subject: [PATCH] Fix an illegal memory access when copying a PE format file
+ with corrupt debug information.
+
+ PR 23110
+ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
+ a negative PE_DEBUG_DATA size before iterating over the debug data.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10534
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 +
+ bfd/peXXigen.c | 9 +
+ bfd/po/bfd.pot | 5631 ++++++++++++++++++++++++++------------------------------
+ 3 files changed, 2662 insertions(+), 2984 deletions(-)
+
+Index: git/bfd/peXXigen.c
+===================================================================
+--- git.orig/bfd/peXXigen.c
++++ git/bfd/peXXigen.c
+@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
+ bfd_get_section_size (section) - (addr - section->vma));
+ return FALSE;
+ }
++ /* PR 23110. */
++ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
++ {
++ /* xgettext:c-format */
++ _bfd_error_handler
++ (_("%pB: Data Directory size (%#lx) is negative"),
++ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
++ return FALSE;
++ }
+
+ for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
+ / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)
+Index: git/bfd/po/bfd.pot
+===================================================================
+--- git.orig/bfd/po/bfd.pot
++++ git/bfd/po/bfd.pot
+@@ -18,175 +18,214 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+-#: aout-adobe.c:126
+-#, c-format
+-msgid "%B: Unknown section type in a.out.adobe file: %x\n"
+-msgstr ""
+-
+ #: aout-cris.c:200
+ #, c-format
+-msgid "%B: Invalid relocation type exported: %d"
++msgid "%pB: unsupported relocation type exported: %#x"
+ msgstr ""
+
+ #: aout-cris.c:244
+ #, c-format
+-msgid "%B: Invalid relocation type imported: %d"
++msgid "%pB: unsupported relocation type imported: %#x"
+ msgstr ""
+
+ #: aout-cris.c:256
+ #, c-format
+-msgid "%B: Bad relocation record imported: %d"
++msgid "%pB: bad relocation record imported: %d"
+ msgstr ""
+
+-#: aoutx.h:1284 aoutx.h:1636 pdp11.c:1152 pdp11.c:1413
++#: aoutx.h:1264 aoutx.h:1617 pdp11.c:1138 pdp11.c:1399
+ #, c-format
+-msgid "%B: can not represent section `%A' in a.out object file format"
++msgid "%pB: can not represent section `%pA' in a.out object file format"
+ msgstr ""
+
+-#: aoutx.h:1600 pdp11.c:1385
++#: aoutx.h:1581 pdp11.c:1371
+ #, c-format
+ msgid ""
+-"%B: can not represent section for symbol `%s' in a.out object file format"
++"%pB: can not represent section for symbol `%s' in a.out object file format"
+ msgstr ""
+
+-#: aoutx.h:1603 vms-alpha.c:7853
++#: aoutx.h:1584 vms-alpha.c:7854
+ msgid "*unknown*"
+ msgstr ""
+
+-#: aoutx.h:2422 aoutx.h:2440
+-msgid "%B: attempt to write out unknown reloc type"
++#: aoutx.h:1720
++#, c-format
++msgid "%pB: invalid string offset %<PRIu64> >= %<PRIu64>"
+ msgstr ""
+
+-#: aoutx.h:4093 aoutx.h:4414
+-msgid "%P: %B: unexpected relocation type\n"
++#: aoutx.h:2411 aoutx.h:2429
++#, c-format
++msgid "%pB: attempt to write out unknown reloc type"
+ msgstr ""
+
+-#: aoutx.h:5440 pdp11.c:3708
++#: aoutx.h:4084
+ #, c-format
+-msgid "%B: relocatable link from %s to %s not supported"
++msgid "%pB: unsupported relocation type"
+ msgstr ""
+
+-#: archive.c:2305
+-msgid "Warning: writing archive was slow: rewriting timestamp\n"
++#. Unknown relocation.
++#: aoutx.h:4405 coff-alpha.c:601 coff-alpha.c:1514 coff-rs6000.c:2773
++#: coff-sh.c:504 coff-tic4x.c:184 coff-tic54x.c:279 elf-hppa.h:1040
++#: elf-hppa.h:1068 elf-m10200.c:226 elf-m10300.c:812 elf32-arc.c:519
++#: elf32-arm.c:1852 elf32-avr.c:959 elf32-bfin.c:1061 elf32-bfin.c:4698
++#: elf32-cr16.c:653 elf32-cr16.c:683 elf32-cr16c.c:186 elf32-cris.c:467
++#: elf32-crx.c:429 elf32-d10v.c:234 elf32-d30v.c:522 elf32-d30v.c:544
++#: elf32-dlx.c:548 elf32-epiphany.c:376 elf32-fr30.c:381 elf32-frv.c:2558
++#: elf32-frv.c:6262 elf32-ft32.c:306 elf32-h8300.c:302 elf32-i386.c:401
++#: elf32-ip2k.c:1245 elf32-iq2000.c:442 elf32-lm32.c:539 elf32-m32c.c:305
++#: elf32-m32r.c:1286 elf32-m32r.c:1311 elf32-m32r.c:2417 elf32-m68hc11.c:390
++#: elf32-m68hc12.c:510 elf32-m68k.c:352 elf32-mcore.c:354 elf32-mcore.c:440
++#: elf32-mep.c:389 elf32-metag.c:878 elf32-microblaze.c:692
++#: elf32-microblaze.c:969 elf32-mips.c:2229 elf32-moxie.c:137
++#: elf32-msp430.c:648 elf32-msp430.c:658 elf32-mt.c:241 elf32-nds32.c:2880
++#: elf32-nds32.c:2904 elf32-nds32.c:4423 elf32-nios2.c:3015 elf32-or1k.c:715
++#: elf32-pj.c:325 elf32-ppc.c:2061 elf32-ppc.c:2074 elf32-pru.c:420
++#: elf32-rl78.c:292 elf32-rx.c:314 elf32-rx.c:323 elf32-s390.c:347
++#: elf32-sh.c:438 elf32-spu.c:160 elf32-tic6x.c:1508 elf32-tic6x.c:1518
++#: elf32-tic6x.c:1537 elf32-tic6x.c:1547 elf32-tic6x.c:2642 elf32-tilepro.c:803
++#: elf32-v850.c:1899 elf32-v850.c:1921 elf32-v850.c:4270 elf32-vax.c:290
++#: elf32-visium.c:482 elf32-wasm32.c:106 elf32-xc16x.c:241 elf32-xgate.c:428
++#: elf32-xstormy16.c:395 elf32-xtensa.c:454 elf32-xtensa.c:488
++#: elf64-alpha.c:1112 elf64-alpha.c:4101 elf64-alpha.c:4249
++#: elf64-ia64-vms.c:254 elf64-ia64-vms.c:3440 elf64-mips.c:3623
++#: elf64-mips.c:3639 elf64-mmix.c:1264 elf64-ppc.c:2281 elf64-ppc.c:2555
++#: elf64-ppc.c:2564 elf64-s390.c:328 elf64-s390.c:378 elf64-x86-64.c:285
++#: elfn32-mips.c:3451 elfxx-ia64.c:325 elfxx-riscv.c:955 elfxx-sparc.c:589
++#: elfxx-sparc.c:639 elfxx-sparc.c:661 elfxx-tilegx.c:912 elfxx-tilegx.c:952
++#: /work/sources/binutils/current/bfd/elfnn-aarch64.c:2126
++#: /work/sources/binutils/current/bfd/elfnn-aarch64.c:2224 elf32-ia64.c:211
++#: elf32-ia64.c:3863 elf64-ia64.c:211 elf64-ia64.c:3863
++#, c-format
++msgid "%pB: unsupported relocation type %#x"
++msgstr ""
++
++#: aoutx.h:5432 pdp11.c:3694
++#, c-format
++msgid "%pB: relocatable link from %s to %s not supported"
++msgstr ""
++
++#: archive.c:2216
++msgid "warning: writing archive was slow: rewriting timestamp"
+ msgstr ""
+
+-#: archive.c:2421 linker.c:1410
+-msgid "%B: plugin needed to handle lto object"
++#: archive.c:2332 linker.c:1416
++#, c-format
++msgid "%pB: plugin needed to handle lto object"
+ msgstr ""
+
+-#: archive.c:2650
++#: archive.c:2561
+ msgid "Reading archive file mod timestamp"
+ msgstr ""
+
+-#: archive.c:2674
++#: archive.c:2585
+ msgid "Writing updated armap timestamp"
+ msgstr ""
+
++#: bfd.c:448
++msgid "no error"
++msgstr ""
++
++#: bfd.c:449
++msgid "system call error"
++msgstr ""
++
++#: bfd.c:450
++msgid "invalid bfd target"
++msgstr ""
++
++#: bfd.c:451
++msgid "file in wrong format"
++msgstr ""
++
++#: bfd.c:452
++msgid "archive object file in wrong format"
++msgstr ""
++
++#: bfd.c:453
++msgid "invalid operation"
++msgstr ""
++
+ #: bfd.c:454
+-msgid "No error"
++msgid "memory exhausted"
+ msgstr ""
+
+ #: bfd.c:455
+-msgid "System call error"
++msgid "no symbols"
+ msgstr ""
+
+ #: bfd.c:456
+-msgid "Invalid bfd target"
++msgid "archive has no index; run ranlib to add one"
+ msgstr ""
+
+ #: bfd.c:457
+-msgid "File in wrong format"
++msgid "no more archived files"
+ msgstr ""
+
+ #: bfd.c:458
+-msgid "Archive object file in wrong format"
++msgid "malformed archive"
+ msgstr ""
+
+ #: bfd.c:459
+-msgid "Invalid operation"
++msgid "DSO missing from command line"
+ msgstr ""
+
+ #: bfd.c:460
+-msgid "Memory exhausted"
++msgid "file format not recognized"
+ msgstr ""
+
+ #: bfd.c:461
+-msgid "No symbols"
++msgid "file format is ambiguous"
+ msgstr ""
+
+ #: bfd.c:462
+-msgid "Archive has no index; run ranlib to add one"
++msgid "section has no contents"
+ msgstr ""
+
+ #: bfd.c:463
+-msgid "No more archived files"
++msgid "nonrepresentable section on output"
+ msgstr ""
+
+ #: bfd.c:464
+-msgid "Malformed archive"
++msgid "symbol needs debug section which does not exist"
+ msgstr ""
+
+ #: bfd.c:465
+-msgid "DSO missing from command line"
++msgid "bad value"
+ msgstr ""
+
+ #: bfd.c:466
+-msgid "File format not recognized"
++msgid "file truncated"
+ msgstr ""
+
+ #: bfd.c:467
+-msgid "File format is ambiguous"
++msgid "file too big"
+ msgstr ""
+
+ #: bfd.c:468
+-msgid "Section has no contents"
+-msgstr ""
+-
+-#: bfd.c:469
+-msgid "Nonrepresentable section on output"
+-msgstr ""
+-
+-#: bfd.c:470
+-msgid "Symbol needs debug section which does not exist"
+-msgstr ""
+-
+-#: bfd.c:471
+-msgid "Bad value"
+-msgstr ""
+-
+-#: bfd.c:472
+-msgid "File truncated"
+-msgstr ""
+-
+-#: bfd.c:473
+-msgid "File too big"
+-msgstr ""
+-
+-#: bfd.c:474
+ #, c-format
+-msgid "Error reading %s: %s"
++msgid "error reading %s: %s"
+ msgstr ""
+
+-#: bfd.c:475
+-msgid "#<Invalid error code>"
++#: bfd.c:469
++msgid "#<invalid error code>"
+ msgstr ""
+
+-#: bfd.c:1442
++#: bfd.c:1416
+ #, c-format
+ msgid "BFD %s assertion fail %s:%d"
+ msgstr ""
+
+-#: bfd.c:1455
++#: bfd.c:1429
+ #, c-format
+ msgid "BFD %s internal error, aborting at %s:%d in %s\n"
+ msgstr ""
+
+-#: bfd.c:1460
++#: bfd.c:1434
+ #, c-format
+ msgid "BFD %s internal error, aborting at %s:%d\n"
+ msgstr ""
+
+-#: bfd.c:1462
++#: bfd.c:1436
+ msgid "Please report this bug.\n"
+ msgstr ""
+
+@@ -332,7 +371,7 @@ msgstr ""
+ msgid "private flags = %x:"
+ msgstr ""
+
+-#: coff-arm.c:2306 elf32-arm.c:14160
++#: coff-arm.c:2306 elf32-arm.c:14191
+ #, c-format
+ msgid " [floats passed in float registers]"
+ msgstr ""
+@@ -342,7 +381,7 @@ msgstr ""
+ msgid " [floats passed in integer registers]"
+ msgstr ""
+
+-#: coff-arm.c:2311 elf32-arm.c:14163
++#: coff-arm.c:2311 elf32-arm.c:14194
+ #, c-format
+ msgid " [position independent]"
+ msgstr ""
+@@ -2565,224 +2604,180 @@ msgstr ""
+ msgid "ip2k relaxer: switch table header corrupt."
+ msgstr ""
+
+-#: elf32-ip2k.c:1245
+-#, c-format
+-msgid "%B: invalid IP2K reloc number: %d"
+-msgstr ""
+-
+-#: elf32-ip2k.c:1298
+-#, c-format
+-msgid "ip2k linker: missing page instruction at %#Lx (dest = %#Lx)"
+-msgstr ""
+-
+-#: elf32-ip2k.c:1315
+-#, c-format
+-msgid "ip2k linker: redundant page instruction at %#Lx (dest = %#Lx)"
+-msgstr ""
+-
+-#: elf32-iq2000.c:441
++#: elf32-ip2k.c:1302
+ #, c-format
+-msgid "%B: invalid IQ2000 reloc number: %d"
++msgid "ip2k linker: missing page instruction at %#<PRIx64> (dest = %#<PRIx64>)"
+ msgstr ""
+
+-#: elf32-lm32.c:539
++#: elf32-ip2k.c:1321
+ #, c-format
+-msgid "%B: invalid LM32 reloc number: %d"
++msgid ""
++"ip2k linker: redundant page instruction at %#<PRIx64> (dest = %#<PRIx64>)"
+ msgstr ""
+
+-#: elf32-lm32.c:648 elf32-nios2.c:3133
++#: elf32-lm32.c:651 elf32-nios2.c:3141
+ msgid "global pointer relative relocation when _gp not defined"
+ msgstr ""
+
+-#: elf32-lm32.c:703 elf32-nios2.c:3570
++#: elf32-lm32.c:706 elf32-nios2.c:3578
+ msgid "global pointer relative address out of range"
+ msgstr ""
+
+-#: elf32-lm32.c:998
+-msgid "internal error: addend should be zero for R_LM32_16_GOT"
+-msgstr ""
+-
+-#: elf32-m32c.c:306
++#: elf32-lm32.c:1002 elf32-or1k.c:968
+ #, c-format
+-msgid "%B: invalid M32C reloc number: %d"
++msgid "internal error: addend should be zero for %s"
+ msgstr ""
+
+-#: elf32-m32r.c:1286
+-#, c-format
+-msgid "%B: invalid M32R reloc number: %d"
+-msgstr ""
+-
+-#: elf32-m32r.c:1458
++#: elf32-m32r.c:1471
+ msgid "SDA relocation when _SDA_BASE_ not defined"
+ msgstr ""
+
+-#: elf32-m32r.c:2971 elf32-microblaze.c:1064 elf32-microblaze.c:1112
++#: elf32-m32r.c:2984 elf32-microblaze.c:1101 elf32-microblaze.c:1149
+ #, c-format
+-msgid "%B: The target (%s) of an %s relocation is in the wrong section (%A)"
++msgid "%pB: the target (%s) of an %s relocation is in the wrong section (%pA)"
+ msgstr ""
+
+-#: elf32-m32r.c:3473
+-msgid "%B: Instruction set mismatch with previous modules"
++#: elf32-m32r.c:3487
++#, c-format
++msgid "%pB: instruction set mismatch with previous modules"
+ msgstr ""
+
+-#: elf32-m32r.c:3494 elf32-nds32.c:6037
++#: elf32-m32r.c:3508 elf32-nds32.c:6010
+ #, c-format
+ msgid "private flags = %lx"
+ msgstr ""
+
+-#: elf32-m32r.c:3499
++#: elf32-m32r.c:3513
+ #, c-format
+ msgid ": m32r instructions"
+ msgstr ""
+
+-#: elf32-m32r.c:3500
++#: elf32-m32r.c:3514
+ #, c-format
+ msgid ": m32rx instructions"
+ msgstr ""
+
+-#: elf32-m32r.c:3501
++#: elf32-m32r.c:3515
+ #, c-format
+ msgid ": m32r2 instructions"
+ msgstr ""
+
+-#: elf32-m68hc11.c:390
+-#, c-format
+-msgid "%B: invalid M68HC11 reloc number: %d"
+-msgstr ""
+-
+-#: elf32-m68hc12.c:510
+-#, c-format
+-msgid "%B: invalid M68HC12 reloc number: %d"
+-msgstr ""
+-
+-#: elf32-m68hc1x.c:1115
++#: elf32-m68hc1x.c:1116
+ #, c-format
+ msgid ""
+-"Reference to the far symbol `%s' using a wrong relocation may result in "
++"reference to the far symbol `%s' using a wrong relocation may result in "
+ "incorrect execution"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1149
++#: elf32-m68hc1x.c:1150
+ #, c-format
+ msgid ""
+ "XGATE address (%lx) is not within shared RAM(0xE000-0xFFFF), therefore you "
+ "must manually offset the address, and possibly manage the page, in your code."
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1167
++#: elf32-m68hc1x.c:1168
+ #, c-format
+ msgid ""
+ "banked address [%lx:%04lx] (%lx) is not in the same bank as current banked "
+ "address [%lx:%04lx] (%lx)"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1183
++#: elf32-m68hc1x.c:1184
+ #, c-format
+ msgid ""
+ "reference to a banked address [%lx:%04lx] in the normal address space at "
+ "%04lx"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1224
++#: elf32-m68hc1x.c:1225
+ #, c-format
+ msgid ""
+ "S12 address (%lx) is not within shared RAM(0x2000-0x4000), therefore you "
+ "must manually offset the address in your code"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1351
++#: elf32-m68hc1x.c:1352
++#, c-format
+ msgid ""
+-"%B: linking files compiled for 16-bit integers (-mshort) and others for 32-"
++"%pB: linking files compiled for 16-bit integers (-mshort) and others for 32-"
+ "bit integers"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1358
++#: elf32-m68hc1x.c:1359
++#, c-format
+ msgid ""
+-"%B: linking files compiled for 32-bit double (-fshort-double) and others for "
+-"64-bit double"
++"%pB: linking files compiled for 32-bit double (-fshort-double) and others "
++"for 64-bit double"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1367
+-msgid "%B: linking files compiled for HCS12 with others compiled for HC12"
++#: elf32-m68hc1x.c:1368
++#, c-format
++msgid "%pB: linking files compiled for HCS12 with others compiled for HC12"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1412 elf32-xgate.c:672
++#: elf32-m68hc1x.c:1413 elf32-xgate.c:675
+ #, c-format
+ msgid "[abi=32-bit int, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1414 elf32-xgate.c:674
++#: elf32-m68hc1x.c:1415 elf32-xgate.c:677
+ #, c-format
+ msgid "[abi=16-bit int, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1417 elf32-xgate.c:677
++#: elf32-m68hc1x.c:1418 elf32-xgate.c:680
+ #, c-format
+ msgid "64-bit double, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1419 elf32-xgate.c:679
++#: elf32-m68hc1x.c:1420 elf32-xgate.c:682
+ #, c-format
+ msgid "32-bit double, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1422
++#: elf32-m68hc1x.c:1423
+ #, c-format
+ msgid "cpu=HC11]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1424
++#: elf32-m68hc1x.c:1425
+ #, c-format
+ msgid "cpu=HCS12]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1426
++#: elf32-m68hc1x.c:1427
+ #, c-format
+ msgid "cpu=HC12]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1429
++#: elf32-m68hc1x.c:1430
+ #, c-format
+ msgid " [memory=bank-model]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1431
++#: elf32-m68hc1x.c:1432
+ #, c-format
+ msgid " [memory=flat]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1434
++#: elf32-m68hc1x.c:1435
+ #, c-format
+ msgid " [XGATE RAM offsetting]"
+ msgstr ""
+
+-#: elf32-m68k.c:1214 elf32-m68k.c:1215 vms-alpha.c:7477 vms-alpha.c:7493
++#: elf32-m68k.c:1216 elf32-m68k.c:1217 vms-alpha.c:7478 vms-alpha.c:7494
+ msgid "unknown"
+ msgstr ""
+
+-#: elf32-m68k.c:1658
+-#, c-format
+-msgid "%B: GOT overflow: Number of relocations with 8-bit offset > %d"
+-msgstr ""
+-
+-#: elf32-m68k.c:1665
+-#, c-format
+-msgid "%B: GOT overflow: Number of relocations with 8- or 16-bit offset > %d"
+-msgstr ""
+-
+-#: elf32-mcore.c:100 elf32-mcore.c:455
++#: elf32-m68k.c:1660
+ #, c-format
+-msgid "%B: Relocation %s (%d) is not currently supported.\n"
++msgid "%pB: GOT overflow: number of relocations with 8-bit offset > %d"
+ msgstr ""
+
+-#: elf32-mcore.c:355
++#: elf32-m68k.c:1667
+ #, c-format
+-msgid "%B: unrecognised MCore reloc number: %d"
+-msgstr ""
+-
+-#: elf32-mcore.c:440
+-#, c-format
+-msgid "%B: Unknown relocation type %d\n"
++msgid "%pB: GOT overflow: number of relocations with 8- or 16-bit offset > %d"
+ msgstr ""
+
+ #. Pacify gcc -Wall.
+@@ -5936,124 +5931,128 @@ msgstr ""
+ #. XXX code yet to be written.
+ #: peicode.h:775
+ #, c-format
+-msgid "%B: Unhandled import type; %x"
++msgid "%pB: unhandled import type; %x"
+ msgstr ""
+
+ #: peicode.h:781
+ #, c-format
+-msgid "%B: Unrecognised import type; %x"
++msgid "%pB: unrecognized import type; %x"
+ msgstr ""
+
+ #: peicode.h:796
+ #, c-format
+-msgid "%B: Unrecognised import name type; %x"
++msgid "%pB: unrecognized import name type; %x"
+ msgstr ""
+
+-#: peicode.h:1217
++#: peicode.h:1211
+ #, c-format
+-msgid "%B: Unrecognised machine type (0x%x) in Import Library Format archive"
++msgid "%pB: unrecognised machine type (0x%x) in Import Library Format archive"
+ msgstr ""
+
+-#: peicode.h:1230
++#: peicode.h:1224
+ #, c-format
+ msgid ""
+-"%B: Recognised but unhandled machine type (0x%x) in Import Library Format "
++"%pB: recognised but unhandled machine type (0x%x) in Import Library Format "
+ "archive"
+ msgstr ""
+
+-#: peicode.h:1248
+-msgid "%B: size field is zero in Import Library Format header"
++#: peicode.h:1242
++#, c-format
++msgid "%pB: size field is zero in Import Library Format header"
+ msgstr ""
+
+-#: peicode.h:1280
+-msgid "%B: string not null terminated in ILF object file."
++#: peicode.h:1274
++#, c-format
++msgid "%pB: string not null terminated in ILF object file"
+ msgstr ""
+
+-#: peicode.h:1335
+-msgid "%B: Error: Debug Data ends beyond end of debug directory."
++#: peicode.h:1330
++#, c-format
++msgid "%pB: error: debug data ends beyond end of debug directory"
+ msgstr ""
+
+-#: ppcboot.c:393
++#: ppcboot.c:392
+ #, c-format
+ msgid ""
+ "\n"
+ "ppcboot header:\n"
+ msgstr ""
+
+-#: ppcboot.c:394
++#: ppcboot.c:393
+ #, c-format
+ msgid "Entry offset = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: ppcboot.c:396
++#: ppcboot.c:395
+ #, c-format
+ msgid "Length = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: ppcboot.c:400
++#: ppcboot.c:399
+ #, c-format
+ msgid "Flag field = 0x%.2x\n"
+ msgstr ""
+
+-#: ppcboot.c:406
++#: ppcboot.c:405
+ #, c-format
+ msgid "Partition name = \"%s\"\n"
+ msgstr ""
+
+-#: ppcboot.c:426
++#: ppcboot.c:425
+ #, c-format
+ msgid ""
+ "\n"
+ "Partition[%d] start = { 0x%.2x, 0x%.2x, 0x%.2x, 0x%.2x }\n"
+ msgstr ""
+
+-#: ppcboot.c:433
++#: ppcboot.c:432
+ #, c-format
+ msgid "Partition[%d] end = { 0x%.2x, 0x%.2x, 0x%.2x, 0x%.2x }\n"
+ msgstr ""
+
+-#: ppcboot.c:440
++#: ppcboot.c:439
+ #, c-format
+ msgid "Partition[%d] sector = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: ppcboot.c:444
++#: ppcboot.c:443
+ #, c-format
+ msgid "Partition[%d] length = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: reloc.c:8106
+-msgid "INPUT_SECTION_FLAGS are not supported.\n"
++#: reloc.c:8125
++msgid "INPUT_SECTION_FLAGS are not supported"
+ msgstr ""
+
+-#: reloc.c:8207
++#: reloc.c:8226
+ #, c-format
+-msgid "%X%P: %B(%A): error: relocation for offset %V has no value\n"
++msgid "%X%P: %pB(%pA): error: relocation for offset %V has no value\n"
+ msgstr ""
+
+-#: reloc.c:8283
++#: reloc.c:8302
+ #, c-format
+-msgid "%X%P: %B(%A): relocation \"%R\" is not supported\n"
++msgid "%X%P: %pB(%pA): relocation \"%pR\" is not supported\n"
+ msgstr ""
+
+-#: reloc.c:8292
++#: reloc.c:8311
+ #, c-format
+-msgid "%X%P: %B(%A): relocation \"%R\" returns an unrecognized value %x\n"
++msgid "%X%P: %pB(%pA): relocation \"%pR\" returns an unrecognized value %x\n"
+ msgstr ""
+
+-#: reloc.c:8354
++#: reloc.c:8373
+ #, c-format
+-msgid "%B: unrecognized relocation (%#x) in section `%A'"
++msgid "%pB: unrecognized relocation type %#x in section `%pA'"
+ msgstr ""
+
+ #. PR 21803: Suggest the most likely cause of this error.
+-#: reloc.c:8358
++#: reloc.c:8377
+ #, c-format
+-msgid "Is this version of the linker - %s - out of date ?"
++msgid "is this version of the linker - %s - out of date ?"
+ msgstr ""
+
+ #: rs6000-core.c:471
+-msgid "%B: warning core file truncated"
++#, c-format
++msgid "%pB: warning core file truncated"
+ msgstr ""
+
+ #: som.c:5478
+@@ -6069,91 +6068,91 @@ msgstr ""
+
+ #: srec.c:260
+ #, c-format
+-msgid "%B:%d: Unexpected character `%s' in S-record file\n"
++msgid "%pB:%d: unexpected character `%s' in S-record file"
+ msgstr ""
+
+ #: srec.c:488
+ #, c-format
+-msgid "%B:%d: byte count %d too small\n"
++msgid "%pB:%d: byte count %d too small"
+ msgstr ""
+
+ #: srec.c:581 srec.c:615
+ #, c-format
+-msgid "%B:%d: Bad checksum in S-record file\n"
++msgid "%pB:%d: bad checksum in S-record file"
+ msgstr ""
+
+ #: stabs.c:279
+ #, c-format
+-msgid "%B(%A+%#lx): Stabs entry has invalid string index."
++msgid "%pB(%pA+%#lx): stabs entry has invalid string index"
+ msgstr ""
+
+ #: syms.c:1079
+-msgid "Unsupported .stab relocation"
++msgid "unsupported .stab relocation"
+ msgstr ""
+
+ #: vms-alpha.c:479
+-msgid "Corrupt EIHD record - size is too small"
++msgid "corrupt EIHD record - size is too small"
+ msgstr ""
+
+ #: vms-alpha.c:660
+ #, c-format
+-msgid "Unable to read EIHS record at offset %#x"
++msgid "unable to read EIHS record at offset %#x"
+ msgstr ""
+
+-#: vms-alpha.c:1172
++#: vms-alpha.c:1173
+ #, c-format
+-msgid "Corrupt EGSD record: its size (%#x) is too small"
++msgid "corrupt EGSD record: its size (%#x) is too small"
+ msgstr ""
+
+-#: vms-alpha.c:1196
++#: vms-alpha.c:1197
+ #, c-format
+-msgid "Corrupt EGSD record: size (%#x) is larger than remaining space (%#x)"
++msgid "corrupt EGSD record: size (%#x) is larger than remaining space (%#x)"
+ msgstr ""
+
+-#: vms-alpha.c:1204
++#: vms-alpha.c:1205
+ #, c-format
+-msgid "Corrupt EGSD record: size (%#x) is too small"
++msgid "corrupt EGSD record: size (%#x) is too small"
+ msgstr ""
+
+-#: vms-alpha.c:1333 vms-alpha.c:1349 vms-alpha.c:1389
++#: vms-alpha.c:1334 vms-alpha.c:1350 vms-alpha.c:1390
+ #, c-format
+-msgid "Corrupt EGSD record: its psindx field is too big (%#lx)"
++msgid "corrupt EGSD record: its psindx field is too big (%#lx)"
+ msgstr ""
+
+-#: vms-alpha.c:1418
++#: vms-alpha.c:1419
+ #, c-format
+-msgid "Unknown EGSD subtype %d"
++msgid "unknown EGSD subtype %d"
+ msgstr ""
+
+-#: vms-alpha.c:1451
++#: vms-alpha.c:1452
+ #, c-format
+-msgid "Stack overflow (%d) in _bfd_vms_push"
++msgid "stack overflow (%d) in _bfd_vms_push"
+ msgstr ""
+
+-#: vms-alpha.c:1464
+-msgid "Stack underflow in _bfd_vms_pop"
++#: vms-alpha.c:1465
++msgid "stack underflow in _bfd_vms_pop"
+ msgstr ""
+
+ #. These names have not yet been added to this switch statement.
+-#: vms-alpha.c:1706
++#: vms-alpha.c:1707
+ #, c-format
+ msgid "unknown ETIR command %d"
+ msgstr ""
+
+-#: vms-alpha.c:1737
+-msgid "Corrupt vms value"
++#: vms-alpha.c:1738
++msgid "corrupt vms value"
+ msgstr ""
+
+-#: vms-alpha.c:1865
+-msgid "Corrupt ETIR record encountered"
++#: vms-alpha.c:1866
++msgid "corrupt ETIR record encountered"
+ msgstr ""
+
+-#: vms-alpha.c:1922
++#: vms-alpha.c:1923
+ #, c-format
+ msgid "bad section index in %s"
+ msgstr ""
+
+-#: vms-alpha.c:1935
++#: vms-alpha.c:1936
+ #, c-format
+ msgid "unsupported STA cmd %s"
+ msgstr ""
+@@ -6163,1961 +6162,1932 @@ msgstr ""
+ #. Rotate.
+ #. Redefine symbol to current location.
+ #. Define a literal.
+-#: vms-alpha.c:2115 vms-alpha.c:2146 vms-alpha.c:2237 vms-alpha.c:2395
++#: vms-alpha.c:2116 vms-alpha.c:2147 vms-alpha.c:2238 vms-alpha.c:2396
+ #, c-format
+ msgid "%s: not supported"
+ msgstr ""
+
+-#: vms-alpha.c:2121
++#: vms-alpha.c:2122
+ #, c-format
+ msgid "%s: not implemented"
+ msgstr ""
+
+-#: vms-alpha.c:2379
++#: vms-alpha.c:2380
+ #, c-format
+ msgid "invalid use of %s with contexts"
+ msgstr ""
+
+-#: vms-alpha.c:2413
++#: vms-alpha.c:2414
+ #, c-format
+ msgid "reserved cmd %d"
+ msgstr ""
+
+-#: vms-alpha.c:2497
+-msgid "Corrupt EEOM record - size is too small"
++#: vms-alpha.c:2498
++msgid "corrupt EEOM record - size is too small"
+ msgstr ""
+
+-#: vms-alpha.c:2506
+-msgid "Object module NOT error-free !\n"
++#: vms-alpha.c:2507
++msgid "object module not error-free !"
+ msgstr ""
+
+-#: vms-alpha.c:3830
++#: vms-alpha.c:3831
+ #, c-format
+-msgid "SEC_RELOC with no relocs in section %A"
++msgid "SEC_RELOC with no relocs in section %pA"
+ msgstr ""
+
+-#: vms-alpha.c:3882 vms-alpha.c:4095
++#: vms-alpha.c:3883 vms-alpha.c:4096
+ #, c-format
+-msgid "Size error in section %A"
++msgid "size error in section %pA"
+ msgstr ""
+
+-#: vms-alpha.c:4041
+-msgid "Spurious ALPHA_R_BSR reloc"
++#: vms-alpha.c:4042
++msgid "spurious ALPHA_R_BSR reloc"
+ msgstr ""
+
+-#: vms-alpha.c:4082
++#: vms-alpha.c:4083
+ #, c-format
+-msgid "Unhandled relocation %s"
++msgid "unhandled relocation %s"
+ msgstr ""
+
+-#: vms-alpha.c:4375
++#: vms-alpha.c:4376
+ #, c-format
+ msgid "unknown source command %d"
+ msgstr ""
+
+-#: vms-alpha.c:4436
+-msgid "DST__K_SET_LINUM_INCR not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4442
+-msgid "DST__K_SET_LINUM_INCR_W not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4448
+-msgid "DST__K_RESET_LINUM_INCR not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4454
+-msgid "DST__K_BEG_STMT_MODE not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4460
+-msgid "DST__K_END_STMT_MODE not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4487
+-msgid "DST__K_SET_PC not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4493
+-msgid "DST__K_SET_PC_W not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4499
+-msgid "DST__K_SET_PC_L not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4505
+-msgid "DST__K_SET_STMTNUM not implemented"
++#: vms-alpha.c:4437 vms-alpha.c:4443 vms-alpha.c:4449 vms-alpha.c:4455
++#: vms-alpha.c:4461 vms-alpha.c:4488 vms-alpha.c:4494 vms-alpha.c:4500
++#: vms-alpha.c:4506
++#, c-format
++msgid "%s not implemented"
+ msgstr ""
+
+-#: vms-alpha.c:4548
++#: vms-alpha.c:4549
+ #, c-format
+ msgid "unknown line command %d"
+ msgstr ""
+
+-#: vms-alpha.c:5008 vms-alpha.c:5026 vms-alpha.c:5041 vms-alpha.c:5057
+-#: vms-alpha.c:5070 vms-alpha.c:5082 vms-alpha.c:5095
++#: vms-alpha.c:5009 vms-alpha.c:5027 vms-alpha.c:5042 vms-alpha.c:5058
++#: vms-alpha.c:5071 vms-alpha.c:5083 vms-alpha.c:5096
+ #, c-format
+-msgid "Unknown reloc %s + %s"
++msgid "unknown reloc %s + %s"
+ msgstr ""
+
+-#: vms-alpha.c:5150
++#: vms-alpha.c:5151
+ #, c-format
+-msgid "Unknown reloc %s"
++msgid "unknown reloc %s"
+ msgstr ""
+
+-#: vms-alpha.c:5163
+-msgid "Invalid section index in ETIR"
++#: vms-alpha.c:5164
++msgid "invalid section index in ETIR"
+ msgstr ""
+
+-#: vms-alpha.c:5172
+-msgid "Relocation for non-REL psect"
++#: vms-alpha.c:5173
++msgid "relocation for non-REL psect"
+ msgstr ""
+
+-#: vms-alpha.c:5219
++#: vms-alpha.c:5220
+ #, c-format
+-msgid "Unknown symbol in command %s"
++msgid "unknown symbol in command %s"
+ msgstr ""
+
+-#: vms-alpha.c:5629
++#: vms-alpha.c:5630
+ #, c-format
+ msgid "reloc (%d) is *UNKNOWN*"
+ msgstr ""
+
+-#: vms-alpha.c:5745
++#: vms-alpha.c:5746
+ #, c-format
+ msgid " EMH %u (len=%u): "
+ msgstr ""
+
+-#: vms-alpha.c:5750
++#: vms-alpha.c:5751
+ #, c-format
+ msgid " Error: The length is less than the length of an EMH record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5767
++#: vms-alpha.c:5768
+ #, c-format
+ msgid ""
+ " Error: The record length is less than the size of an EMH_MHD record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5770
++#: vms-alpha.c:5771
+ #, c-format
+ msgid "Module header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5771
++#: vms-alpha.c:5772
+ #, c-format
+ msgid " structure level: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5772
++#: vms-alpha.c:5773
+ #, c-format
+ msgid " max record size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5778
++#: vms-alpha.c:5779
+ #, c-format
+ msgid " Error: The module name is missing\n"
+ msgstr ""
+
+-#: vms-alpha.c:5784
++#: vms-alpha.c:5785
+ #, c-format
+ msgid " Error: The module name is too long\n"
+ msgstr ""
+
+-#: vms-alpha.c:5787
++#: vms-alpha.c:5788
+ #, c-format
+ msgid " module name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5791
++#: vms-alpha.c:5792
+ #, c-format
+ msgid " Error: The module version is missing\n"
+ msgstr ""
+
+-#: vms-alpha.c:5797
++#: vms-alpha.c:5798
+ #, c-format
+ msgid " Error: The module version is too long\n"
+ msgstr ""
+
+-#: vms-alpha.c:5800
++#: vms-alpha.c:5801
+ #, c-format
+ msgid " module version : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5803
++#: vms-alpha.c:5804
+ #, c-format
+ msgid " Error: The compile date is truncated\n"
+ msgstr ""
+
+-#: vms-alpha.c:5805
++#: vms-alpha.c:5806
+ #, c-format
+ msgid " compile date : %.17s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5810
++#: vms-alpha.c:5811
+ #, c-format
+ msgid "Language Processor Name\n"
+ msgstr ""
+
+-#: vms-alpha.c:5811
++#: vms-alpha.c:5812
+ #, c-format
+ msgid " language name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5815
++#: vms-alpha.c:5816
+ #, c-format
+ msgid "Source Files Header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5816
++#: vms-alpha.c:5817
+ #, c-format
+ msgid " file: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5820
++#: vms-alpha.c:5821
+ #, c-format
+ msgid "Title Text Header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5821
++#: vms-alpha.c:5822
+ #, c-format
+ msgid " title: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5825
++#: vms-alpha.c:5826
+ #, c-format
+ msgid "Copyright Header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5826
++#: vms-alpha.c:5827
+ #, c-format
+ msgid " copyright: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5830
++#: vms-alpha.c:5831
+ #, c-format
+ msgid "unhandled emh subtype %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5840
++#: vms-alpha.c:5841
+ #, c-format
+ msgid " EEOM (len=%u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:5845
++#: vms-alpha.c:5846
+ #, c-format
+ msgid " Error: The length is less than the length of an EEOM record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5849
++#: vms-alpha.c:5850
+ #, c-format
+ msgid " number of cond linkage pairs: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5851
++#: vms-alpha.c:5852
+ #, c-format
+ msgid " completion code: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5855
++#: vms-alpha.c:5856
+ #, c-format
+ msgid " transfer addr flags: 0x%02x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5856
++#: vms-alpha.c:5857
+ #, c-format
+ msgid " transfer addr psect: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5858
++#: vms-alpha.c:5859
+ #, c-format
+ msgid " transfer address : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5867
++#: vms-alpha.c:5868
+ msgid " WEAK"
+ msgstr ""
+
+-#: vms-alpha.c:5869
++#: vms-alpha.c:5870
+ msgid " DEF"
+ msgstr ""
+
+-#: vms-alpha.c:5871
++#: vms-alpha.c:5872
+ msgid " UNI"
+ msgstr ""
+
+-#: vms-alpha.c:5873 vms-alpha.c:5894
++#: vms-alpha.c:5874 vms-alpha.c:5895
+ msgid " REL"
+ msgstr ""
+
+-#: vms-alpha.c:5875
++#: vms-alpha.c:5876
+ msgid " COMM"
+ msgstr ""
+
+-#: vms-alpha.c:5877
++#: vms-alpha.c:5878
+ msgid " VECEP"
+ msgstr ""
+
+-#: vms-alpha.c:5879
++#: vms-alpha.c:5880
+ msgid " NORM"
+ msgstr ""
+
+-#: vms-alpha.c:5881
++#: vms-alpha.c:5882
+ msgid " QVAL"
+ msgstr ""
+
+-#: vms-alpha.c:5888
++#: vms-alpha.c:5889
+ msgid " PIC"
+ msgstr ""
+
+-#: vms-alpha.c:5890
++#: vms-alpha.c:5891
+ msgid " LIB"
+ msgstr ""
+
+-#: vms-alpha.c:5892
++#: vms-alpha.c:5893
+ msgid " OVR"
+ msgstr ""
+
+-#: vms-alpha.c:5896
++#: vms-alpha.c:5897
+ msgid " GBL"
+ msgstr ""
+
+-#: vms-alpha.c:5898
++#: vms-alpha.c:5899
+ msgid " SHR"
+ msgstr ""
+
+-#: vms-alpha.c:5900
++#: vms-alpha.c:5901
+ msgid " EXE"
+ msgstr ""
+
+-#: vms-alpha.c:5902
++#: vms-alpha.c:5903
+ msgid " RD"
+ msgstr ""
+
+-#: vms-alpha.c:5904
++#: vms-alpha.c:5905
+ msgid " WRT"
+ msgstr ""
+
+-#: vms-alpha.c:5906
++#: vms-alpha.c:5907
+ msgid " VEC"
+ msgstr ""
+
+-#: vms-alpha.c:5908
++#: vms-alpha.c:5909
+ msgid " NOMOD"
+ msgstr ""
+
+-#: vms-alpha.c:5910
++#: vms-alpha.c:5911
+ msgid " COM"
+ msgstr ""
+
+-#: vms-alpha.c:5912
++#: vms-alpha.c:5913
+ msgid " 64B"
+ msgstr ""
+
+-#: vms-alpha.c:5921
++#: vms-alpha.c:5922
+ #, c-format
+ msgid " EGSD (len=%u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:5934
++#: vms-alpha.c:5935
+ #, c-format
+ msgid " EGSD entry %2u (type: %u, len: %u): "
+ msgstr ""
+
+-#: vms-alpha.c:5940 vms-alpha.c:6191
++#: vms-alpha.c:5941 vms-alpha.c:6192
+ #, c-format
+ msgid " Error: length larger than remaining space in record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5952
++#: vms-alpha.c:5953
+ #, c-format
+ msgid "PSC - Program section definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:5953 vms-alpha.c:5970
++#: vms-alpha.c:5954 vms-alpha.c:5971
+ #, c-format
+ msgid " alignment : 2**%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5954 vms-alpha.c:5971
++#: vms-alpha.c:5955 vms-alpha.c:5972
+ #, c-format
+ msgid " flags : 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:5958
++#: vms-alpha.c:5959
+ #, c-format
+ msgid " alloc (len): %u (0x%08x)\n"
+ msgstr ""
+
+-#: vms-alpha.c:5959 vms-alpha.c:6016 vms-alpha.c:6065
++#: vms-alpha.c:5960 vms-alpha.c:6017 vms-alpha.c:6066
+ #, c-format
+ msgid " name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5969
++#: vms-alpha.c:5970
+ #, c-format
+ msgid "SPSC - Shared Image Program section def\n"
+ msgstr ""
+
+-#: vms-alpha.c:5975
++#: vms-alpha.c:5976
+ #, c-format
+ msgid " alloc (len) : %u (0x%08x)\n"
+ msgstr ""
+
+-#: vms-alpha.c:5976
++#: vms-alpha.c:5977
+ #, c-format
+ msgid " image offset : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5978
++#: vms-alpha.c:5979
+ #, c-format
+ msgid " symvec offset : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5980
++#: vms-alpha.c:5981
+ #, c-format
+ msgid " name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5993
++#: vms-alpha.c:5994
+ #, c-format
+ msgid "SYM - Global symbol definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:5994 vms-alpha.c:6054 vms-alpha.c:6075 vms-alpha.c:6094
++#: vms-alpha.c:5995 vms-alpha.c:6055 vms-alpha.c:6076 vms-alpha.c:6095
+ #, c-format
+ msgid " flags: 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:5997
++#: vms-alpha.c:5998
+ #, c-format
+ msgid " psect offset: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6001
++#: vms-alpha.c:6002
+ #, c-format
+ msgid " code address: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6003
++#: vms-alpha.c:6004
+ #, c-format
+ msgid " psect index for entry point : %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6006 vms-alpha.c:6082 vms-alpha.c:6101
++#: vms-alpha.c:6007 vms-alpha.c:6083 vms-alpha.c:6102
+ #, c-format
+ msgid " psect index : %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6008 vms-alpha.c:6084 vms-alpha.c:6103
++#: vms-alpha.c:6009 vms-alpha.c:6085 vms-alpha.c:6104
+ #, c-format
+ msgid " name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6015
++#: vms-alpha.c:6016
+ #, c-format
+ msgid "SYM - Global symbol reference\n"
+ msgstr ""
+
+-#: vms-alpha.c:6027
++#: vms-alpha.c:6028
+ #, c-format
+ msgid "IDC - Ident Consistency check\n"
+ msgstr ""
+
+-#: vms-alpha.c:6028
++#: vms-alpha.c:6029
+ #, c-format
+ msgid " flags : 0x%08x"
+ msgstr ""
+
+-#: vms-alpha.c:6032
++#: vms-alpha.c:6033
+ #, c-format
+ msgid " id match : %x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6034
++#: vms-alpha.c:6035
+ #, c-format
+ msgid " error severity: %x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6037
++#: vms-alpha.c:6038
+ #, c-format
+ msgid " entity name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6039
++#: vms-alpha.c:6040
+ #, c-format
+ msgid " object name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6042
++#: vms-alpha.c:6043
+ #, c-format
+ msgid " binary ident : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6045
++#: vms-alpha.c:6046
+ #, c-format
+ msgid " ascii ident : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6053
++#: vms-alpha.c:6054
+ #, c-format
+ msgid "SYMG - Universal symbol definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:6057
++#: vms-alpha.c:6058
+ #, c-format
+ msgid " symbol vector offset: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6059
++#: vms-alpha.c:6060
+ #, c-format
+ msgid " entry point: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6061
++#: vms-alpha.c:6062
+ #, c-format
+ msgid " proc descr : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6063
++#: vms-alpha.c:6064
+ #, c-format
+ msgid " psect index: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6074
++#: vms-alpha.c:6075
+ #, c-format
+ msgid "SYMV - Vectored symbol definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:6078
++#: vms-alpha.c:6079
+ #, c-format
+ msgid " vector : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6080 vms-alpha.c:6099
++#: vms-alpha.c:6081 vms-alpha.c:6100
+ #, c-format
+ msgid " psect offset: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6093
++#: vms-alpha.c:6094
+ #, c-format
+ msgid "SYMM - Global symbol definition with version\n"
+ msgstr ""
+
+-#: vms-alpha.c:6097
++#: vms-alpha.c:6098
+ #, c-format
+ msgid " version mask: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6108
++#: vms-alpha.c:6109
+ #, c-format
+ msgid "unhandled egsd entry type %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6143
++#: vms-alpha.c:6144
+ #, c-format
+ msgid " linkage index: %u, replacement insn: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6147
++#: vms-alpha.c:6148
+ #, c-format
+ msgid " psect idx 1: %u, offset 1: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6152
++#: vms-alpha.c:6153
+ #, c-format
+ msgid " psect idx 2: %u, offset 2: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6158
++#: vms-alpha.c:6159
+ #, c-format
+ msgid " psect idx 3: %u, offset 3: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6163
++#: vms-alpha.c:6164
+ #, c-format
+ msgid " global name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6174
++#: vms-alpha.c:6175
+ #, c-format
+ msgid " %s (len=%u+%u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:6196
++#: vms-alpha.c:6197
+ #, c-format
+ msgid " (type: %3u, size: 4+%3u): "
+ msgstr ""
+
+-#: vms-alpha.c:6200
++#: vms-alpha.c:6201
+ #, c-format
+ msgid "STA_GBL (stack global) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6204
++#: vms-alpha.c:6205
+ #, c-format
+ msgid "STA_LW (stack longword) 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6208
++#: vms-alpha.c:6209
+ #, c-format
+ msgid "STA_QW (stack quadword) 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6213
++#: vms-alpha.c:6214
+ #, c-format
+ msgid "STA_PQ (stack psect base + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6215
++#: vms-alpha.c:6216
+ #, c-format
+ msgid " psect: %u, offset: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6221
++#: vms-alpha.c:6222
+ #, c-format
+ msgid "STA_LI (stack literal)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6224
++#: vms-alpha.c:6225
+ #, c-format
+ msgid "STA_MOD (stack module)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6227
++#: vms-alpha.c:6228
+ #, c-format
+ msgid "STA_CKARG (compare procedure argument)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6231
++#: vms-alpha.c:6232
+ #, c-format
+ msgid "STO_B (store byte)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6234
++#: vms-alpha.c:6235
+ #, c-format
+ msgid "STO_W (store word)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6237
++#: vms-alpha.c:6238
+ #, c-format
+ msgid "STO_LW (store longword)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6240
++#: vms-alpha.c:6241
+ #, c-format
+ msgid "STO_QW (store quadword)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6246
++#: vms-alpha.c:6247
+ #, c-format
+ msgid "STO_IMMR (store immediate repeat) %u bytes\n"
+ msgstr ""
+
+-#: vms-alpha.c:6253
++#: vms-alpha.c:6254
+ #, c-format
+ msgid "STO_GBL (store global) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6257
++#: vms-alpha.c:6258
+ #, c-format
+ msgid "STO_CA (store code address) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6261
++#: vms-alpha.c:6262
+ #, c-format
+ msgid "STO_RB (store relative branch)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6264
++#: vms-alpha.c:6265
+ #, c-format
+ msgid "STO_AB (store absolute branch)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6267
++#: vms-alpha.c:6268
+ #, c-format
+ msgid "STO_OFF (store offset to psect)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6273
++#: vms-alpha.c:6274
+ #, c-format
+ msgid "STO_IMM (store immediate) %u bytes\n"
+ msgstr ""
+
+-#: vms-alpha.c:6280
++#: vms-alpha.c:6281
+ #, c-format
+ msgid "STO_GBL_LW (store global longword) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6284
++#: vms-alpha.c:6285
+ #, c-format
+ msgid "STO_OFF (store LP with procedure signature)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6287
++#: vms-alpha.c:6288
+ #, c-format
+ msgid "STO_BR_GBL (store branch global) *todo*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6290
++#: vms-alpha.c:6291
+ #, c-format
+ msgid "STO_BR_PS (store branch psect + offset) *todo*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6294
++#: vms-alpha.c:6295
+ #, c-format
+ msgid "OPR_NOP (no-operation)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6297
++#: vms-alpha.c:6298
+ #, c-format
+ msgid "OPR_ADD (add)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6300
++#: vms-alpha.c:6301
+ #, c-format
+ msgid "OPR_SUB (subtract)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6303
++#: vms-alpha.c:6304
+ #, c-format
+ msgid "OPR_MUL (multiply)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6306
++#: vms-alpha.c:6307
+ #, c-format
+ msgid "OPR_DIV (divide)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6309
++#: vms-alpha.c:6310
+ #, c-format
+ msgid "OPR_AND (logical and)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6312
++#: vms-alpha.c:6313
+ #, c-format
+ msgid "OPR_IOR (logical inclusive or)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6315
++#: vms-alpha.c:6316
+ #, c-format
+ msgid "OPR_EOR (logical exclusive or)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6318
++#: vms-alpha.c:6319
+ #, c-format
+ msgid "OPR_NEG (negate)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6321
++#: vms-alpha.c:6322
+ #, c-format
+ msgid "OPR_COM (complement)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6324
++#: vms-alpha.c:6325
+ #, c-format
+ msgid "OPR_INSV (insert field)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6327
++#: vms-alpha.c:6328
+ #, c-format
+ msgid "OPR_ASH (arithmetic shift)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6330
++#: vms-alpha.c:6331
+ #, c-format
+ msgid "OPR_USH (unsigned shift)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6333
++#: vms-alpha.c:6334
+ #, c-format
+ msgid "OPR_ROT (rotate)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6336
++#: vms-alpha.c:6337
+ #, c-format
+ msgid "OPR_SEL (select)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6339
++#: vms-alpha.c:6340
+ #, c-format
+ msgid "OPR_REDEF (redefine symbol to curr location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6342
++#: vms-alpha.c:6343
+ #, c-format
+ msgid "OPR_REDEF (define a literal)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6346
++#: vms-alpha.c:6347
+ #, c-format
+ msgid "STC_LP (store cond linkage pair)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6350
++#: vms-alpha.c:6351
+ #, c-format
+ msgid "STC_LP_PSB (store cond linkage pair + signature)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6352
++#: vms-alpha.c:6353
+ #, c-format
+ msgid " linkage index: %u, procedure: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6355
++#: vms-alpha.c:6356
+ #, c-format
+ msgid " signature: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6358
++#: vms-alpha.c:6359
+ #, c-format
+ msgid "STC_GBL (store cond global)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6360
++#: vms-alpha.c:6361
+ #, c-format
+ msgid " linkage index: %u, global: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6364
++#: vms-alpha.c:6365
+ #, c-format
+ msgid "STC_GCA (store cond code address)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6366
++#: vms-alpha.c:6367
+ #, c-format
+ msgid " linkage index: %u, procedure name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6370
++#: vms-alpha.c:6371
+ #, c-format
+ msgid "STC_PS (store cond psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6373
++#: vms-alpha.c:6374
+ #, c-format
+ msgid " linkage index: %u, psect: %u, offset: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6380
++#: vms-alpha.c:6381
+ #, c-format
+ msgid "STC_NOP_GBL (store cond NOP at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6384
++#: vms-alpha.c:6385
+ #, c-format
+ msgid "STC_NOP_PS (store cond NOP at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6388
++#: vms-alpha.c:6389
+ #, c-format
+ msgid "STC_BSR_GBL (store cond BSR at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6392
++#: vms-alpha.c:6393
+ #, c-format
+ msgid "STC_BSR_PS (store cond BSR at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6396
++#: vms-alpha.c:6397
+ #, c-format
+ msgid "STC_LDA_GBL (store cond LDA at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6400
++#: vms-alpha.c:6401
+ #, c-format
+ msgid "STC_LDA_PS (store cond LDA at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6404
++#: vms-alpha.c:6405
+ #, c-format
+ msgid "STC_BOH_GBL (store cond BOH at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6408
++#: vms-alpha.c:6409
+ #, c-format
+ msgid "STC_BOH_PS (store cond BOH at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6413
++#: vms-alpha.c:6414
+ #, c-format
+ msgid "STC_NBH_GBL (store cond or hint at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6417
++#: vms-alpha.c:6418
+ #, c-format
+ msgid "STC_NBH_PS (store cond or hint at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6421
++#: vms-alpha.c:6422
+ #, c-format
+ msgid "CTL_SETRB (set relocation base)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6427
++#: vms-alpha.c:6428
+ #, c-format
+ msgid "CTL_AUGRB (augment relocation base) %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6431
++#: vms-alpha.c:6432
+ #, c-format
+ msgid "CTL_DFLOC (define location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6434
++#: vms-alpha.c:6435
+ #, c-format
+ msgid "CTL_STLOC (set location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6437
++#: vms-alpha.c:6438
+ #, c-format
+ msgid "CTL_STKDL (stack defined location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6440 vms-alpha.c:6864 vms-alpha.c:6990
++#: vms-alpha.c:6441 vms-alpha.c:6865 vms-alpha.c:6991
+ #, c-format
+ msgid "*unhandled*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6470 vms-alpha.c:6509
++#: vms-alpha.c:6471 vms-alpha.c:6510
+ #, c-format
+ msgid "cannot read GST record length\n"
+ msgstr ""
+
+ #. Ill-formed.
+-#: vms-alpha.c:6491
++#: vms-alpha.c:6492
+ #, c-format
+ msgid "cannot find EMH in first GST record\n"
+ msgstr ""
+
+-#: vms-alpha.c:6517
++#: vms-alpha.c:6518
+ #, c-format
+ msgid "cannot read GST record header\n"
+ msgstr ""
+
+-#: vms-alpha.c:6530
++#: vms-alpha.c:6531
+ #, c-format
+ msgid " corrupted GST\n"
+ msgstr ""
+
+-#: vms-alpha.c:6538
++#: vms-alpha.c:6539
+ #, c-format
+ msgid "cannot read GST record\n"
+ msgstr ""
+
+-#: vms-alpha.c:6567
++#: vms-alpha.c:6568
+ #, c-format
+ msgid " unhandled EOBJ record type %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6591
++#: vms-alpha.c:6592
+ #, c-format
+ msgid " bitcount: %u, base addr: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6605
++#: vms-alpha.c:6606
+ #, c-format
+ msgid " bitmap: 0x%08x (count: %u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:6612
++#: vms-alpha.c:6613
+ #, c-format
+ msgid " %08x"
+ msgstr ""
+
+-#: vms-alpha.c:6638
++#: vms-alpha.c:6639
+ #, c-format
+ msgid " image %u (%u entries)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6644
++#: vms-alpha.c:6645
+ #, c-format
+ msgid " offset: 0x%08x, val: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6666
++#: vms-alpha.c:6667
+ #, c-format
+ msgid " image %u (%u entries), offsets:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6673
++#: vms-alpha.c:6674
+ #, c-format
+ msgid " 0x%08x"
+ msgstr ""
+
+ #. 64 bits.
+-#: vms-alpha.c:6795
++#: vms-alpha.c:6796
+ #, c-format
+ msgid "64 bits *unhandled*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6800
++#: vms-alpha.c:6801
+ #, c-format
+ msgid "class: %u, dtype: %u, length: %u, pointer: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6811
++#: vms-alpha.c:6812
+ #, c-format
+ msgid "non-contiguous array of %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6816
++#: vms-alpha.c:6817
+ #, c-format
+ msgid "dimct: %u, aflags: 0x%02x, digits: %u, scale: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6821
++#: vms-alpha.c:6822
+ #, c-format
+ msgid "arsize: %u, a0: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6825
++#: vms-alpha.c:6826
+ #, c-format
+ msgid "Strides:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6835
++#: vms-alpha.c:6836
+ #, c-format
+ msgid "Bounds:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6841
++#: vms-alpha.c:6842
+ #, c-format
+ msgid "[%u]: Lower: %u, upper: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6853
++#: vms-alpha.c:6854
+ #, c-format
+ msgid "unaligned bit-string of %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6858
++#: vms-alpha.c:6859
+ #, c-format
+ msgid "base: %u, pos: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6879
++#: vms-alpha.c:6880
+ #, c-format
+ msgid "vflags: 0x%02x, value: 0x%08x "
+ msgstr ""
+
+-#: vms-alpha.c:6885
++#: vms-alpha.c:6886
+ #, c-format
+ msgid "(no value)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6888
++#: vms-alpha.c:6889
+ #, c-format
+ msgid "(not active)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6891
++#: vms-alpha.c:6892
+ #, c-format
+ msgid "(not allocated)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6894
++#: vms-alpha.c:6895
+ #, c-format
+ msgid "(descriptor)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6898
++#: vms-alpha.c:6899
+ #, c-format
+ msgid "(trailing value)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6901
++#: vms-alpha.c:6902
+ #, c-format
+ msgid "(value spec follows)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6904
++#: vms-alpha.c:6905
+ #, c-format
+ msgid "(at bit offset %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6908
++#: vms-alpha.c:6909
+ #, c-format
+ msgid "(reg: %u, disp: %u, indir: %u, kind: "
+ msgstr ""
+
+-#: vms-alpha.c:6915
++#: vms-alpha.c:6916
+ msgid "literal"
+ msgstr ""
+
+-#: vms-alpha.c:6918
++#: vms-alpha.c:6919
+ msgid "address"
+ msgstr ""
+
+-#: vms-alpha.c:6921
++#: vms-alpha.c:6922
+ msgid "desc"
+ msgstr ""
+
+-#: vms-alpha.c:6924
++#: vms-alpha.c:6925
+ msgid "reg"
+ msgstr ""
+
+-#: vms-alpha.c:6941
++#: vms-alpha.c:6942
+ #, c-format
+ msgid "len: %2u, kind: %2u "
+ msgstr ""
+
+-#: vms-alpha.c:6947
++#: vms-alpha.c:6948
+ #, c-format
+ msgid "atomic, type=0x%02x %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6951
++#: vms-alpha.c:6952
+ #, c-format
+ msgid "indirect, defined at 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6955
++#: vms-alpha.c:6956
+ #, c-format
+ msgid "typed pointer\n"
+ msgstr ""
+
+-#: vms-alpha.c:6959
++#: vms-alpha.c:6960
+ #, c-format
+ msgid "pointer\n"
+ msgstr ""
+
+-#: vms-alpha.c:6967
++#: vms-alpha.c:6968
+ #, c-format
+ msgid "array, dim: %u, bitmap: "
+ msgstr ""
+
+-#: vms-alpha.c:6974
++#: vms-alpha.c:6975
+ #, c-format
+ msgid "array descriptor:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6981
++#: vms-alpha.c:6982
+ #, c-format
+ msgid "type spec for element:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6983
++#: vms-alpha.c:6984
+ #, c-format
+ msgid "type spec for subscript %u:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7001
++#: vms-alpha.c:7002
+ #, c-format
+ msgid "Debug symbol table:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7012
++#: vms-alpha.c:7013
+ #, c-format
+ msgid "cannot read DST header\n"
+ msgstr ""
+
+-#: vms-alpha.c:7018
++#: vms-alpha.c:7019
+ #, c-format
+ msgid " type: %3u, len: %3u (at 0x%08x): "
+ msgstr ""
+
+-#: vms-alpha.c:7032
++#: vms-alpha.c:7033
+ #, c-format
+ msgid "cannot read DST symbol\n"
+ msgstr ""
+
+-#: vms-alpha.c:7075
++#: vms-alpha.c:7076
+ #, c-format
+ msgid "standard data: %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7078 vms-alpha.c:7166
++#: vms-alpha.c:7079 vms-alpha.c:7167
+ #, c-format
+ msgid " name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7085
++#: vms-alpha.c:7086
+ #, c-format
+ msgid "modbeg\n"
+ msgstr ""
+
+-#: vms-alpha.c:7087
++#: vms-alpha.c:7088
+ #, c-format
+ msgid " flags: %d, language: %u, major: %u, minor: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7093 vms-alpha.c:7367
++#: vms-alpha.c:7094 vms-alpha.c:7368
+ #, c-format
+ msgid " module name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7096
++#: vms-alpha.c:7097
+ #, c-format
+ msgid " compiler : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7101
++#: vms-alpha.c:7102
+ #, c-format
+ msgid "modend\n"
+ msgstr ""
+
+-#: vms-alpha.c:7108
++#: vms-alpha.c:7109
+ msgid "rtnbeg\n"
+ msgstr ""
+
+-#: vms-alpha.c:7110
++#: vms-alpha.c:7111
+ #, c-format
+ msgid " flags: %u, address: 0x%08x, pd-address: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7115
++#: vms-alpha.c:7116
+ #, c-format
+ msgid " routine name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7123
++#: vms-alpha.c:7124
+ #, c-format
+ msgid "rtnend: size 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7131
++#: vms-alpha.c:7132
+ #, c-format
+ msgid "prolog: bkpt address 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7140
++#: vms-alpha.c:7141
+ #, c-format
+ msgid "epilog: flags: %u, count: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7150
++#: vms-alpha.c:7151
+ #, c-format
+ msgid "blkbeg: address: 0x%08x, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7159
++#: vms-alpha.c:7160
+ #, c-format
+ msgid "blkend: size: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7165
++#: vms-alpha.c:7166
+ #, c-format
+ msgid "typspec (len: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7172
++#: vms-alpha.c:7173
+ #, c-format
+ msgid "septyp, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7181
++#: vms-alpha.c:7182
+ #, c-format
+ msgid "recbeg: name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7183
++#: vms-alpha.c:7184
+ #, c-format
+ msgid " len: %u bits\n"
+ msgstr ""
+
+-#: vms-alpha.c:7188
++#: vms-alpha.c:7189
+ #, c-format
+ msgid "recend\n"
+ msgstr ""
+
+-#: vms-alpha.c:7192
++#: vms-alpha.c:7193
+ #, c-format
+ msgid "enumbeg, len: %u, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7196
++#: vms-alpha.c:7197
+ #, c-format
+ msgid "enumelt, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7200
++#: vms-alpha.c:7201
+ #, c-format
+ msgid "enumend\n"
+ msgstr ""
+
+-#: vms-alpha.c:7205
++#: vms-alpha.c:7206
+ #, c-format
+ msgid "label, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7207
++#: vms-alpha.c:7208
+ #, c-format
+ msgid " address: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7217
++#: vms-alpha.c:7218
+ #, c-format
+ msgid "discontiguous range (nbr: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7220
++#: vms-alpha.c:7221
+ #, c-format
+ msgid " address: 0x%08x, size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7230
++#: vms-alpha.c:7231
+ #, c-format
+ msgid "line num (len: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7247
++#: vms-alpha.c:7248
+ #, c-format
+ msgid "delta_pc_w %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7254
++#: vms-alpha.c:7255
+ #, c-format
+ msgid "incr_linum(b): +%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7260
++#: vms-alpha.c:7261
+ #, c-format
+ msgid "incr_linum_w: +%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7266
++#: vms-alpha.c:7267
+ #, c-format
+ msgid "incr_linum_l: +%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7272
++#: vms-alpha.c:7273
+ #, c-format
+ msgid "set_line_num(w) %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7277
++#: vms-alpha.c:7278
+ #, c-format
+ msgid "set_line_num_b %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7282
++#: vms-alpha.c:7283
+ #, c-format
+ msgid "set_line_num_l %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7287
++#: vms-alpha.c:7288
+ #, c-format
+ msgid "set_abs_pc: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7291
++#: vms-alpha.c:7292
+ #, c-format
+ msgid "delta_pc_l: +0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7296
++#: vms-alpha.c:7297
+ #, c-format
+ msgid "term(b): 0x%02x"
+ msgstr ""
+
+-#: vms-alpha.c:7298
++#: vms-alpha.c:7299
+ #, c-format
+ msgid " pc: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7303
++#: vms-alpha.c:7304
+ #, c-format
+ msgid "term_w: 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:7305
++#: vms-alpha.c:7306
+ #, c-format
+ msgid " pc: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7311
++#: vms-alpha.c:7312
+ #, c-format
+ msgid "delta pc +%-4d"
+ msgstr ""
+
+-#: vms-alpha.c:7315
++#: vms-alpha.c:7316
+ #, c-format
+ msgid " pc: 0x%08x line: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7320
++#: vms-alpha.c:7321
+ #, c-format
+ msgid " *unhandled* cmd %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7335
++#: vms-alpha.c:7336
+ #, c-format
+ msgid "source (len: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7350
++#: vms-alpha.c:7351
+ #, c-format
+ msgid " declfile: len: %u, flags: %u, fileid: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7355
++#: vms-alpha.c:7356
+ #, c-format
+ msgid " rms: cdt: 0x%08x %08x, ebk: 0x%08x, ffb: 0x%04x, rfo: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7364
++#: vms-alpha.c:7365
+ #, c-format
+ msgid " filename : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7373
++#: vms-alpha.c:7374
+ #, c-format
+ msgid " setfile %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7378 vms-alpha.c:7383
++#: vms-alpha.c:7379 vms-alpha.c:7384
+ #, c-format
+ msgid " setrec %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7388 vms-alpha.c:7393
++#: vms-alpha.c:7389 vms-alpha.c:7394
+ #, c-format
+ msgid " setlnum %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7398 vms-alpha.c:7403
++#: vms-alpha.c:7399 vms-alpha.c:7404
+ #, c-format
+ msgid " deflines %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7407
++#: vms-alpha.c:7408
+ #, c-format
+ msgid " formfeed\n"
+ msgstr ""
+
+-#: vms-alpha.c:7411
++#: vms-alpha.c:7412
+ #, c-format
+ msgid " *unhandled* cmd %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7423
++#: vms-alpha.c:7424
+ #, c-format
+ msgid "*unhandled* dst type %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7455
++#: vms-alpha.c:7456
+ #, c-format
+ msgid "cannot read EIHD\n"
+ msgstr ""
+
+-#: vms-alpha.c:7459
++#: vms-alpha.c:7460
+ #, c-format
+ msgid "EIHD: (size: %u, nbr blocks: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7463
++#: vms-alpha.c:7464
+ #, c-format
+ msgid " majorid: %u, minorid: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7471
++#: vms-alpha.c:7472
+ msgid "executable"
+ msgstr ""
+
+-#: vms-alpha.c:7474
++#: vms-alpha.c:7475
+ msgid "linkable image"
+ msgstr ""
+
+-#: vms-alpha.c:7481
++#: vms-alpha.c:7482
+ #, c-format
+ msgid " image type: %u (%s)"
+ msgstr ""
+
+-#: vms-alpha.c:7487
++#: vms-alpha.c:7488
+ msgid "native"
+ msgstr ""
+
+-#: vms-alpha.c:7490
++#: vms-alpha.c:7491
+ msgid "CLI"
+ msgstr ""
+
+-#: vms-alpha.c:7497
++#: vms-alpha.c:7498
+ #, c-format
+ msgid ", subtype: %u (%s)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7504
++#: vms-alpha.c:7505
+ #, c-format
+ msgid " offsets: isd: %u, activ: %u, symdbg: %u, imgid: %u, patch: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7508
++#: vms-alpha.c:7509
+ #, c-format
+ msgid " fixup info rva: "
+ msgstr ""
+
+-#: vms-alpha.c:7510
++#: vms-alpha.c:7511
+ #, c-format
+ msgid ", symbol vector rva: "
+ msgstr ""
+
+-#: vms-alpha.c:7513
++#: vms-alpha.c:7514
+ #, c-format
+ msgid ""
+ "\n"
+ " version array off: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7518
++#: vms-alpha.c:7519
+ #, c-format
+ msgid " img I/O count: %u, nbr channels: %u, req pri: %08x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7524
++#: vms-alpha.c:7525
+ #, c-format
+ msgid " linker flags: %08x:"
+ msgstr ""
+
+-#: vms-alpha.c:7555
++#: vms-alpha.c:7556
+ #, c-format
+ msgid " ident: 0x%08x, sysver: 0x%08x, match ctrl: %u, symvect_size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7561
++#: vms-alpha.c:7562
+ #, c-format
+ msgid " BPAGE: %u"
+ msgstr ""
+
+-#: vms-alpha.c:7568
++#: vms-alpha.c:7569
+ #, c-format
+ msgid ", ext fixup offset: %u, no_opt psect off: %u"
+ msgstr ""
+
+-#: vms-alpha.c:7571
++#: vms-alpha.c:7572
+ #, c-format
+ msgid ", alias: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7579
++#: vms-alpha.c:7580
+ #, c-format
+ msgid "system version array information:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7583
++#: vms-alpha.c:7584
+ #, c-format
+ msgid "cannot read EIHVN header\n"
+ msgstr ""
+
+-#: vms-alpha.c:7593
++#: vms-alpha.c:7594
+ #, c-format
+ msgid "cannot read EIHVN version\n"
+ msgstr ""
+
+-#: vms-alpha.c:7596
++#: vms-alpha.c:7597
+ #, c-format
+ msgid " %02u "
+ msgstr ""
+
+-#: vms-alpha.c:7600
++#: vms-alpha.c:7601
+ msgid "BASE_IMAGE "
+ msgstr ""
+
+-#: vms-alpha.c:7603
++#: vms-alpha.c:7604
+ msgid "MEMORY_MANAGEMENT"
+ msgstr ""
+
+-#: vms-alpha.c:7606
++#: vms-alpha.c:7607
+ msgid "IO "
+ msgstr ""
+
+-#: vms-alpha.c:7609
++#: vms-alpha.c:7610
+ msgid "FILES_VOLUMES "
+ msgstr ""
+
+-#: vms-alpha.c:7612
++#: vms-alpha.c:7613
+ msgid "PROCESS_SCHED "
+ msgstr ""
+
+-#: vms-alpha.c:7615
++#: vms-alpha.c:7616
+ msgid "SYSGEN "
+ msgstr ""
+
+-#: vms-alpha.c:7618
++#: vms-alpha.c:7619
+ msgid "CLUSTERS_LOCKMGR "
+ msgstr ""
+
+-#: vms-alpha.c:7621
++#: vms-alpha.c:7622
+ msgid "LOGICAL_NAMES "
+ msgstr ""
+
+-#: vms-alpha.c:7624
++#: vms-alpha.c:7625
+ msgid "SECURITY "
+ msgstr ""
+
+-#: vms-alpha.c:7627
++#: vms-alpha.c:7628
+ msgid "IMAGE_ACTIVATOR "
+ msgstr ""
+
+-#: vms-alpha.c:7630
++#: vms-alpha.c:7631
+ msgid "NETWORKS "
+ msgstr ""
+
+-#: vms-alpha.c:7633
++#: vms-alpha.c:7634
+ msgid "COUNTERS "
+ msgstr ""
+
+-#: vms-alpha.c:7636
++#: vms-alpha.c:7637
+ msgid "STABLE "
+ msgstr ""
+
+-#: vms-alpha.c:7639
++#: vms-alpha.c:7640
+ msgid "MISC "
+ msgstr ""
+
+-#: vms-alpha.c:7642
++#: vms-alpha.c:7643
+ msgid "CPU "
+ msgstr ""
+
+-#: vms-alpha.c:7645
++#: vms-alpha.c:7646
+ msgid "VOLATILE "
+ msgstr ""
+
+-#: vms-alpha.c:7648
++#: vms-alpha.c:7649
+ msgid "SHELL "
+ msgstr ""
+
+-#: vms-alpha.c:7651
++#: vms-alpha.c:7652
+ msgid "POSIX "
+ msgstr ""
+
+-#: vms-alpha.c:7654
++#: vms-alpha.c:7655
+ msgid "MULTI_PROCESSING "
+ msgstr ""
+
+-#: vms-alpha.c:7657
++#: vms-alpha.c:7658
+ msgid "GALAXY "
+ msgstr ""
+
+-#: vms-alpha.c:7660
++#: vms-alpha.c:7661
+ msgid "*unknown* "
+ msgstr ""
+
+-#: vms-alpha.c:7676 vms-alpha.c:7951
++#: vms-alpha.c:7677 vms-alpha.c:7952
+ #, c-format
+ msgid "cannot read EIHA\n"
+ msgstr ""
+
+-#: vms-alpha.c:7679
++#: vms-alpha.c:7680
+ #, c-format
+ msgid "Image activation: (size=%u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7682
++#: vms-alpha.c:7683
+ #, c-format
+ msgid " First address : 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7686
++#: vms-alpha.c:7687
+ #, c-format
+ msgid " Second address: 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7690
++#: vms-alpha.c:7691
+ #, c-format
+ msgid " Third address : 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7694
++#: vms-alpha.c:7695
+ #, c-format
+ msgid " Fourth address: 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7698
++#: vms-alpha.c:7699
+ #, c-format
+ msgid " Shared image : 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7709
++#: vms-alpha.c:7710
+ #, c-format
+ msgid "cannot read EIHI\n"
+ msgstr ""
+
+-#: vms-alpha.c:7713
++#: vms-alpha.c:7714
+ #, c-format
+ msgid "Image identification: (major: %u, minor: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7716
++#: vms-alpha.c:7717
+ #, c-format
+ msgid " image name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7718
++#: vms-alpha.c:7719
+ #, c-format
+ msgid " link time : %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7720
++#: vms-alpha.c:7721
+ #, c-format
+ msgid " image ident : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7722
++#: vms-alpha.c:7723
+ #, c-format
+ msgid " linker ident : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7724
++#: vms-alpha.c:7725
+ #, c-format
+ msgid " image build ident: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7734
++#: vms-alpha.c:7735
+ #, c-format
+ msgid "cannot read EIHS\n"
+ msgstr ""
+
+-#: vms-alpha.c:7738
++#: vms-alpha.c:7739
+ #, c-format
+ msgid "Image symbol & debug table: (major: %u, minor: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7744
++#: vms-alpha.c:7745
+ #, c-format
+ msgid " debug symbol table : vbn: %u, size: %u (0x%x)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7749
++#: vms-alpha.c:7750
+ #, c-format
+ msgid " global symbol table: vbn: %u, records: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7754
++#: vms-alpha.c:7755
+ #, c-format
+ msgid " debug module table : vbn: %u, size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7767
++#: vms-alpha.c:7768
+ #, c-format
+ msgid "cannot read EISD\n"
+ msgstr ""
+
+-#: vms-alpha.c:7778
++#: vms-alpha.c:7779
+ #, c-format
+ msgid ""
+ "Image section descriptor: (major: %u, minor: %u, size: %u, offset: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7786
++#: vms-alpha.c:7787
+ #, c-format
+ msgid " section: base: 0x%08x%08x size: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7791
++#: vms-alpha.c:7792
+ #, c-format
+ msgid " flags: 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:7829
++#: vms-alpha.c:7830
+ #, c-format
+ msgid " vbn: %u, pfc: %u, matchctl: %u type: %u ("
+ msgstr ""
+
+-#: vms-alpha.c:7835
++#: vms-alpha.c:7836
+ msgid "NORMAL"
+ msgstr ""
+
+-#: vms-alpha.c:7838
++#: vms-alpha.c:7839
+ msgid "SHRFXD"
+ msgstr ""
+
+-#: vms-alpha.c:7841
++#: vms-alpha.c:7842
+ msgid "PRVFXD"
+ msgstr ""
+
+-#: vms-alpha.c:7844
++#: vms-alpha.c:7845
+ msgid "SHRPIC"
+ msgstr ""
+
+-#: vms-alpha.c:7847
++#: vms-alpha.c:7848
+ msgid "PRVPIC"
+ msgstr ""
+
+-#: vms-alpha.c:7850
++#: vms-alpha.c:7851
+ msgid "USRSTACK"
+ msgstr ""
+
+-#: vms-alpha.c:7856
++#: vms-alpha.c:7857
+ msgid ")\n"
+ msgstr ""
+
+-#: vms-alpha.c:7859
++#: vms-alpha.c:7860
+ #, c-format
+ msgid " ident: 0x%08x, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7869
++#: vms-alpha.c:7870
+ #, c-format
+ msgid "cannot read DMT\n"
+ msgstr ""
+
+-#: vms-alpha.c:7873
++#: vms-alpha.c:7874
+ #, c-format
+ msgid "Debug module table:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7882
++#: vms-alpha.c:7883
+ #, c-format
+ msgid "cannot read DMT header\n"
+ msgstr ""
+
+-#: vms-alpha.c:7888
++#: vms-alpha.c:7889
+ #, c-format
+ msgid " module offset: 0x%08x, size: 0x%08x, (%u psects)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7898
++#: vms-alpha.c:7899
+ #, c-format
+ msgid "cannot read DMT psect\n"
+ msgstr ""
+
+-#: vms-alpha.c:7902
++#: vms-alpha.c:7903
+ #, c-format
+ msgid " psect start: 0x%08x, length: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7915
++#: vms-alpha.c:7916
+ #, c-format
+ msgid "cannot read DST\n"
+ msgstr ""
+
+-#: vms-alpha.c:7925
++#: vms-alpha.c:7926
+ #, c-format
+ msgid "cannot read GST\n"
+ msgstr ""
+
+-#: vms-alpha.c:7929
++#: vms-alpha.c:7930
+ #, c-format
+ msgid "Global symbol table:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7958
++#: vms-alpha.c:7959
+ #, c-format
+ msgid "Image activator fixup: (major: %u, minor: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7962
++#: vms-alpha.c:7963
+ #, c-format
+ msgid " iaflink : 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7966
++#: vms-alpha.c:7967
+ #, c-format
+ msgid " fixuplnk: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7969
++#: vms-alpha.c:7970
+ #, c-format
+ msgid " size : %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7971
++#: vms-alpha.c:7972
+ #, c-format
+ msgid " flags: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7976
++#: vms-alpha.c:7977
+ #, c-format
+ msgid " qrelfixoff: %5u, lrelfixoff: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7981
++#: vms-alpha.c:7982
+ #, c-format
+ msgid " qdotadroff: %5u, ldotadroff: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7986
++#: vms-alpha.c:7987
+ #, c-format
+ msgid " codeadroff: %5u, lpfixoff : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7989
++#: vms-alpha.c:7990
+ #, c-format
+ msgid " chgprtoff : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7993
++#: vms-alpha.c:7994
+ #, c-format
+ msgid " shlstoff : %5u, shrimgcnt : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7996
++#: vms-alpha.c:7997
+ #, c-format
+ msgid " shlextra : %5u, permctx : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7999
++#: vms-alpha.c:8000
+ #, c-format
+ msgid " base_va : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:8001
++#: vms-alpha.c:8002
+ #, c-format
+ msgid " lppsbfixoff: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:8009
++#: vms-alpha.c:8010
+ #, c-format
+ msgid " Shareable images:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8014
++#: vms-alpha.c:8015
+ #, c-format
+ msgid " %u: size: %u, flags: 0x%02x, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:8021
++#: vms-alpha.c:8022
+ #, c-format
+ msgid " quad-word relocation fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8026
++#: vms-alpha.c:8027
+ #, c-format
+ msgid " long-word relocation fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8031
++#: vms-alpha.c:8032
+ #, c-format
+ msgid " quad-word .address reference fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8036
++#: vms-alpha.c:8037
+ #, c-format
+ msgid " long-word .address reference fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8041
++#: vms-alpha.c:8042
+ #, c-format
+ msgid " Code Address Reference Fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8046
++#: vms-alpha.c:8047
+ #, c-format
+ msgid " Linkage Pairs Reference Fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8055
++#: vms-alpha.c:8056
+ #, c-format
+ msgid " Change Protection (%u entries):\n"
+ msgstr ""
+
+-#: vms-alpha.c:8061
++#: vms-alpha.c:8062
+ #, c-format
+ msgid " base: 0x%08x %08x, size: 0x%08x, prot: 0x%08x "
+ msgstr ""
+
+ #. FIXME: we do not yet support relocatable link. It is not obvious
+ #. how to do it for debug infos.
+-#: vms-alpha.c:8901
++#: vms-alpha.c:8902
+ msgid "%P: relocatable link is not supported\n"
+ msgstr ""
+
+-#: vms-alpha.c:8972
++#: vms-alpha.c:8973
+ #, c-format
+-msgid "%P: multiple entry points: in modules %B and %B\n"
++msgid "%P: multiple entry points: in modules %pB and %pB\n"
+ msgstr ""
+
+ #: vms-lib.c:1445
+@@ -8594,7 +8564,7 @@ msgstr ""
+ #: peigen.c:1906 peigen.c:2103 pepigen.c:1906 pepigen.c:2103 pex64igen.c:1906
+ #: pex64igen.c:2103
+ #, c-format
+-msgid "Warning, .pdata section size (%ld) is not a multiple of %d\n"
++msgid "warning, .pdata section size (%ld) is not a multiple of %d\n"
+ msgstr ""
+
+ #: peigen.c:1910 peigen.c:2107 pepigen.c:1910 pepigen.c:2107 pex64igen.c:1910
+@@ -8795,82 +8765,92 @@ msgid ""
+ "Characteristics 0x%x\n"
+ msgstr ""
+
+-#: peigen.c:2989 pepigen.c:2989 pex64igen.c:2989
++#: peigen.c:2990 pepigen.c:2990 pex64igen.c:2990
+ #, c-format
+-msgid "%B: Data Directory size (%lx) exceeds space left in section (%Lx)"
++msgid ""
++"%pB: Data Directory size (%lx) exceeds space left in section (%<PRIx64>)"
+ msgstr ""
+
+-#: peigen.c:3019 pepigen.c:3019 pex64igen.c:3019
+-msgid "Failed to update file offsets in debug directory"
++#: peigen.c:3021 pepigen.c:3021 pex64igen.c:3021
++msgid "failed to update file offsets in debug directory"
+ msgstr ""
+
+-#: peigen.c:3025 pepigen.c:3025 pex64igen.c:3025
+-msgid "%B: Failed to read debug data section"
++#: peigen.c:3027 pepigen.c:3027 pex64igen.c:3027
++#, c-format
++msgid "%pB: failed to read debug data section"
+ msgstr ""
+
+-#: peigen.c:3841 pepigen.c:3841 pex64igen.c:3841
++#: peigen.c:3843 pepigen.c:3843 pex64igen.c:3843
+ #, c-format
+ msgid ".rsrc merge failure: duplicate string resource: %d"
+ msgstr ""
+
+-#: peigen.c:3976 pepigen.c:3976 pex64igen.c:3976
++#: peigen.c:3978 pepigen.c:3978 pex64igen.c:3978
+ msgid ".rsrc merge failure: multiple non-default manifests"
+ msgstr ""
+
+-#: peigen.c:3994 pepigen.c:3994 pex64igen.c:3994
++#: peigen.c:3996 pepigen.c:3996 pex64igen.c:3996
+ msgid ".rsrc merge failure: a directory matches a leaf"
+ msgstr ""
+
+-#: peigen.c:4036 pepigen.c:4036 pex64igen.c:4036
++#: peigen.c:4038 pepigen.c:4038 pex64igen.c:4038
+ msgid ".rsrc merge failure: duplicate leaf"
+ msgstr ""
+
+-#: peigen.c:4038 pepigen.c:4038 pex64igen.c:4038
++#: peigen.c:4040 pepigen.c:4040 pex64igen.c:4040
+ #, c-format
+ msgid ".rsrc merge failure: duplicate leaf: %s"
+ msgstr ""
+
+-#: peigen.c:4104 pepigen.c:4104 pex64igen.c:4104
+-msgid ".rsrc merge failure: dirs with differing characteristics\n"
++#: peigen.c:4106 pepigen.c:4106 pex64igen.c:4106
++msgid ".rsrc merge failure: dirs with differing characteristics"
+ msgstr ""
+
+-#: peigen.c:4111 pepigen.c:4111 pex64igen.c:4111
+-msgid ".rsrc merge failure: differing directory versions\n"
++#: peigen.c:4113 pepigen.c:4113 pex64igen.c:4113
++msgid ".rsrc merge failure: differing directory versions"
+ msgstr ""
+
+ #. Corrupted .rsrc section - cannot merge.
+-#: peigen.c:4228 pepigen.c:4228 pex64igen.c:4228
+-msgid "%B: .rsrc merge failure: corrupt .rsrc section"
++#: peigen.c:4230 pepigen.c:4230 pex64igen.c:4230
++#, c-format
++msgid "%pB: .rsrc merge failure: corrupt .rsrc section"
+ msgstr ""
+
+-#: peigen.c:4236 pepigen.c:4236 pex64igen.c:4236
+-msgid "%B: .rsrc merge failure: unexpected .rsrc size"
++#: peigen.c:4238 pepigen.c:4238 pex64igen.c:4238
++#, c-format
++msgid "%pB: .rsrc merge failure: unexpected .rsrc size"
+ msgstr ""
+
+-#: peigen.c:4375 pepigen.c:4375 pex64igen.c:4375
+-msgid "%B: unable to fill in DataDictionary[1] because .idata$2 is missing"
++#: peigen.c:4377 pepigen.c:4377 pex64igen.c:4377
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[1] because .idata$2 is missing"
+ msgstr ""
+
+-#: peigen.c:4395 pepigen.c:4395 pex64igen.c:4395
+-msgid "%B: unable to fill in DataDictionary[1] because .idata$4 is missing"
++#: peigen.c:4397 pepigen.c:4397 pex64igen.c:4397
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[1] because .idata$4 is missing"
+ msgstr ""
+
+-#: peigen.c:4416 pepigen.c:4416 pex64igen.c:4416
+-msgid "%B: unable to fill in DataDictionary[12] because .idata$5 is missing"
++#: peigen.c:4418 pepigen.c:4418 pex64igen.c:4418
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[12] because .idata$5 is missing"
+ msgstr ""
+
+-#: peigen.c:4436 pepigen.c:4436 pex64igen.c:4436
++#: peigen.c:4438 pepigen.c:4438 pex64igen.c:4438
++#, c-format
+ msgid ""
+-"%B: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE (12)] because ."
++"%pB: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE (12)] because ."
+ "idata$6 is missing"
+ msgstr ""
+
+-#: peigen.c:4478 pepigen.c:4478 pex64igen.c:4478
++#: peigen.c:4480 pepigen.c:4480 pex64igen.c:4480
++#, c-format
+ msgid ""
+-"%B: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE(12)] because ."
++"%pB: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE(12)] because ."
+ "idata$6 is missing"
+ msgstr ""
+
+-#: peigen.c:4503 pepigen.c:4503 pex64igen.c:4503
+-msgid "%B: unable to fill in DataDictionary[9] because __tls_used is missing"
++#: peigen.c:4505 pepigen.c:4505 pex64igen.c:4505
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[9] because __tls_used is missing"
+ msgstr ""
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2018-04-24 Nick Clifton <nickc@redhat.com>
+
++ PR 23110
++ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
++ a negative PE_DEBUG_DATA size before iterating over the debug data.
++
+ PR 23113
+ * elf.c (ignore_section_sym): Check for the output_section pointer
+ being NULL before dereferencing it.
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
new file mode 100644
index 0000000..fa8fbd2
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
@@ -0,0 +1,61 @@
+From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:57:04 +0100
+Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
+ binary with corrupt section symbols.
+
+ PR 23113
+ * elf.c (ignore_section_sym): Check for the output_section pointer
+ being NULL before dereferencing it.
+
+Upstream-Status: Backport
+CVE: CVE-2018-10535
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 4 ++++
+ bfd/elf.c | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -4021,15 +4021,22 @@ ignore_section_sym (bfd *abfd, asymbol *
+ {
+ elf_symbol_type *type_ptr;
+
++ if (sym == NULL)
++ return FALSE;
++
+ if ((sym->flags & BSF_SECTION_SYM) == 0)
+ return FALSE;
+
++ if (sym->section == NULL)
++ return TRUE;
++
+ type_ptr = elf_symbol_from (abfd, sym);
+ return ((type_ptr != NULL
+ && type_ptr->internal_elf_sym.st_shndx != 0
+ && bfd_is_abs_section (sym->section))
+ || !(sym->section->owner == abfd
+- || (sym->section->output_section->owner == abfd
++ || (sym->section->output_section != NULL
++ && sym->section->output_section->owner == abfd
+ && sym->section->output_offset == 0)
+ || bfd_is_abs_section (sym->section)));
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-24 Nick Clifton <nickc@redhat.com>
++
++ PR 23113
++ * elf.c (ignore_section_sym): Check for the output_section pointer
++ being NULL before dereferencing it.
++
+ 2018-04-17 Nick Clifton <nickc@redhat.com>
+
+ PR 23065
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch
new file mode 100644
index 0000000..fff4979
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch
@@ -0,0 +1,108 @@
+From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 6 Feb 2018 15:48:29 +0000
+Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by
+ chacking the size of debuglink sections.
+
+ PR 22794
+ * opncls.c (bfd_get_debug_link_info_1): Check the size of the
+ section before attempting to read it in.
+ (bfd_get_alt_debug_link_info): Likewise.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-6759
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/opncls.c | 22 +++++++++++++++++-----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+ bfd_byte *contents;
+ unsigned int crc_offset;
+ char *name;
++ bfd_size_type size;
+
+ BFD_ASSERT (abfd);
+ BFD_ASSERT (crc32_out);
+@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+ if (sect == NULL)
+ return NULL;
+
++ size = bfd_get_section_size (sect);
++
++ /* PR 22794: Make sure that the section has a reasonable size. */
++ if (size < 8 || size >= bfd_get_size (abfd))
++ return NULL;
++
+ if (!bfd_malloc_and_get_section (abfd, sect, &contents))
+ {
+ if (contents != NULL)
+@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+
+ /* CRC value is stored after the filename, aligned up to 4 bytes. */
+ name = (char *) contents;
+- /* PR 17597: avoid reading off the end of the buffer. */
+- crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++ /* PR 17597: Avoid reading off the end of the buffer. */
++ crc_offset = strnlen (name, size) + 1;
+ crc_offset = (crc_offset + 3) & ~3;
+- if (crc_offset + 4 > bfd_get_section_size (sect))
++ if (crc_offset + 4 > size)
+ return NULL;
+
+ *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+ bfd_byte *contents;
+ unsigned int buildid_offset;
+ char *name;
++ bfd_size_type size;
+
+ BFD_ASSERT (abfd);
+ BFD_ASSERT (buildid_len);
+@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+ if (sect == NULL)
+ return NULL;
+
++ size = bfd_get_section_size (sect);
++ if (size < 8 || size >= bfd_get_size (abfd))
++ return NULL;
++
+ if (!bfd_malloc_and_get_section (abfd, sect, & contents))
+ {
+ if (contents != NULL)
+@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+
+ /* BuildID value is stored after the filename. */
+ name = (char *) contents;
+- buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++ buildid_offset = strnlen (name, size) + 1;
+ if (buildid_offset >= bfd_get_section_size (sect))
+ return NULL;
+
+- *buildid_len = bfd_get_section_size (sect) - buildid_offset;
++ *buildid_len = size - buildid_offset;
+ *buildid_out = bfd_malloc (*buildid_len);
+ memcpy (*buildid_out, contents + buildid_offset, *buildid_len);
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2018-02-06 Nick Clifton <nickc@redhat.com>
++
++ PR 22794
++ * opncls.c (bfd_get_debug_link_info_1): Check the size of the
++ section before attempting to read it in.
++ (bfd_get_alt_debug_link_info): Likewise.
++
+ 2018-02-09 Nick Clifton <nickc@redhat.com>
+
+ Import patch from mainline:
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch
new file mode 100644
index 0000000..2ef36c2
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch
@@ -0,0 +1,50 @@
+From d895ef77ffc94e02e748856c2ab54f5bb8cc867e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 9 Feb 2018 09:28:45 +0000
+Subject: [PATCH] Import patch from mainline to fix possible seg-fault whilst
+ parsing corrupt ELF notes with extravagent alignments.
+
+ PR 22788
+ * elf.c (elf_parse_notes): Reject notes with excessuively large
+ alignments.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-6872
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 9 +++++++++
+ bfd/elf.c | 2 ++
+ 2 files changed, 11 insertions(+)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -11020,6 +11020,8 @@ elf_parse_notes (bfd *abfd, char *buf, s
+ align is less than 4, we use 4 byte alignment. */
+ if (align < 4)
+ align = 4;
++ if (align != 4 && align != 8)
++ return FALSE;
+
+ p = buf;
+ while (p < buf + size)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,12 @@
++2018-02-09 Nick Clifton <nickc@redhat.com>
++
++ Import patch from mainline:
++ 2018-02-08 Nick Clifton <nickc@redhat.com>
++
++ PR 22788
++ * elf.c (elf_parse_notes): Reject notes with excessuively large
++ alignments.
++
+ 2018-03-01 Nick Clifton <nickc@redhat.com>
+
+ PR 22905
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
new file mode 100644
index 0000000..8efefeb
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
@@ -0,0 +1,47 @@
+From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 27 Jan 2018 08:19:33 +1030
+Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object
+
+ PR 22741
+ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
+ range before converting to a symbol table pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7208
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/coffgen.c | 3 ++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd,
+ }
+ /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can
+ generate one, so we must be careful to ignore it. */
+- if (auxent->u.auxent.x_sym.x_tagndx.l > 0)
++ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l
++ < obj_raw_syment_count (abfd))
+ {
+ auxent->u.auxent.x_sym.x_tagndx.p =
+ table_base + auxent->u.auxent.x_sym.x_tagndx.l;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-01-29 Alan Modra <amodra@gmail.com>
++
++ PR 22741
++ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
++ range before converting to a symbol table pointer.
++
+ 2018-02-28 Alan Modra <amodra@gmail.com>
+
+ PR 22887
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
new file mode 100644
index 0000000..815b32c
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
@@ -0,0 +1,85 @@
+From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 10:13:54 +0000
+Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1
+ debug information.
+
+ PR 22894
+ * dwarf1.c (parse_die): Check the length of form blocks before
+ advancing the data pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7568
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf1.c | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf1.c
+===================================================================
+--- git.orig/bfd/dwarf1.c
++++ git/bfd/dwarf1.c
+@@ -213,6 +213,7 @@ parse_die (bfd * abfd,
+ /* Then the attributes. */
+ while (xptr + 2 <= aDiePtrEnd)
+ {
++ unsigned int block_len;
+ unsigned short attr;
+
+ /* Parse the attribute based on its form. This section
+@@ -255,12 +256,24 @@ parse_die (bfd * abfd,
+ break;
+ case FORM_BLOCK2:
+ if (xptr + 2 <= aDiePtrEnd)
+- xptr += bfd_get_16 (abfd, xptr);
++ {
++ block_len = bfd_get_16 (abfd, xptr);
++ if (xptr + block_len > aDiePtrEnd
++ || xptr + block_len < xptr)
++ return FALSE;
++ xptr += block_len;
++ }
+ xptr += 2;
+ break;
+ case FORM_BLOCK4:
+ if (xptr + 4 <= aDiePtrEnd)
+- xptr += bfd_get_32 (abfd, xptr);
++ {
++ block_len = bfd_get_32 (abfd, xptr);
++ if (xptr + block_len > aDiePtrEnd
++ || xptr + block_len < xptr)
++ return FALSE;
++ xptr += block_len;
++ }
+ xptr += 4;
+ break;
+ case FORM_STRING:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -4,7 +4,11 @@
+ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
+ range before converting to a symbol table pointer.
+
+-2018-02-28 Alan Modra <amodra@gmail.com>
++2018-02-28 Nick Clifton <nickc@redhat.com>
++
++ PR 22894
++ * dwarf1.c (parse_die): Check the length of form blocks before
++ advancing the data pointer.
+
+ PR 22895
+ PR 22893
+@@ -14,6 +18,8 @@
+ size is invalid.
+ (read_attribute_value): Adjust invocations of read_n_bytes.
+
++2018-02-28 Alan Modra <amodra@gmail.com>
++
+ PR 22887
+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
new file mode 100644
index 0000000..96c0fd2
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
@@ -0,0 +1,119 @@
+From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 11:50:49 +0000
+Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF
+ FORM blocks.
+
+ PR 22895
+ PR 22893
+ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
+ pointer. Drop unused abfd parameter. Check the size of the block
+ before initialising the data field. Return the end pointer if the
+ size is invalid.
+ (read_attribute_value): Adjust invocations of read_n_bytes.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7569
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/dwarf2.c | 36 +++++++++++++++++++++---------------
+ 2 files changed, 29 insertions(+), 15 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -622,14 +622,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf,
+ }
+
+ static bfd_byte *
+-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED,
+- bfd_byte *buf,
+- bfd_byte *end,
+- unsigned int size ATTRIBUTE_UNUSED)
+-{
+- if (buf + size > end)
+- return NULL;
+- return buf;
++read_n_bytes (bfd_byte * buf,
++ bfd_byte * end,
++ struct dwarf_block * block)
++{
++ unsigned int size = block->size;
++ bfd_byte * block_end = buf + size;
++
++ if (block_end > end || block_end < buf)
++ {
++ block->data = NULL;
++ block->size = 0;
++ return end;
++ }
++ else
++ {
++ block->data = buf;
++ return block_end;
++ }
+ }
+
+ /* Scans a NUL terminated string starting at BUF, returning a pointer to it.
+@@ -1127,8 +1137,7 @@ read_attribute_value (struct attribute *
+ return NULL;
+ blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end);
+ info_ptr += 2;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_block4:
+@@ -1138,8 +1147,7 @@ read_attribute_value (struct attribute *
+ return NULL;
+ blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end);
+ info_ptr += 4;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_data2:
+@@ -1179,8 +1187,7 @@ read_attribute_value (struct attribute *
+ blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
+ FALSE, info_ptr_end);
+ info_ptr += bytes_read;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_block1:
+@@ -1190,8 +1197,7 @@ read_attribute_value (struct attribute *
+ return NULL;
+ blk->size = read_1_byte (abfd, info_ptr, info_ptr_end);
+ info_ptr += 1;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_data1:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -6,6 +6,14 @@
+
+ 2018-02-28 Alan Modra <amodra@gmail.com>
+
++ PR 22895
++ PR 22893
++ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
++ pointer. Drop unused abfd parameter. Check the size of the block
++ before initialising the data field. Return the end pointer if the
++ size is invalid.
++ (read_attribute_value): Adjust invocations of read_n_bytes.
++
+ PR 22887
+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 0000000..9def46c
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
+From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 28 Feb 2018 22:09:50 +1030
+Subject: [PATCH] PR22887, null pointer dereference in
+ aout_32_swap_std_reloc_out
+
+ PR 22887
+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7642
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/aoutx.h | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
++++ git/bfd/aoutx.h
+@@ -2284,10 +2284,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
+ if (r_baserel)
+ r_extern = 1;
+
+- if (r_extern && r_index > symcount)
++ if (r_extern && r_index >= symcount)
+ {
+ /* We could arrange to return an error, but it might be useful
+- to see the file even if it is bad. */
++ to see the file even if it is bad. FIXME: Of course this
++ means that objdump -r *doesn't* see the actual reloc, and
++ objcopy silently writes a different reloc. */
+ r_extern = 0;
+ r_index = N_ABS;
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-02-28 Alan Modra <amodra@gmail.com>
++
++ PR 22887
++ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
++
+ 2018-02-06 Nick Clifton <nickc@redhat.com>
+
+ PR 22794
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch
new file mode 100644
index 0000000..2a2dec3
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch
@@ -0,0 +1,102 @@
+From d11ae95ea3403559f052903ab053f43ad7821e37 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 1 Mar 2018 16:14:08 +0000
+Subject: [PATCH] Prevent illegal memory accesses triggerd by intger overflow
+ when parsing corrupt DWARF information on a 32-bit host.
+
+ PR 22905
+ * dwarf.c (display_debug_ranges): Check that the offset loaded
+ from the range_entry structure is valid.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7643
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/dwarf.c | 15 +++++++++++++++
+ 2 files changed, 21 insertions(+)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -387,6 +387,9 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Read AMOUNT bytes from PTR and store them in VAL as an unsigned value.
++ Checks to make sure that the read will not reach or pass END
++ and that VAL is big enough to hold AMOUNT bytes. */
+ #define SAFE_BYTE_GET(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -415,6 +418,7 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Like SAFE_BYTE_GET, but also increments PTR by AMOUNT. */
+ #define SAFE_BYTE_GET_AND_INC(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -423,6 +427,7 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Like SAFE_BYTE_GET, but reads a signed value. */
+ #define SAFE_SIGNED_BYTE_GET(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -441,6 +446,7 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Like SAFE_SIGNED_BYTE_GET, but also increments PTR by AMOUNT. */
+ #define SAFE_SIGNED_BYTE_GET_AND_INC(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -6543,6 +6549,7 @@ display_debug_ranges_list (unsigned char
+ break;
+ SAFE_SIGNED_BYTE_GET_AND_INC (end, start, pointer_size, finish);
+
++
+ printf (" %8.8lx ", offset);
+
+ if (begin == 0 && end == 0)
+@@ -6810,6 +6817,13 @@ display_debug_ranges (struct dwarf_secti
+ continue;
+ }
+
++ if (next < section_begin || next >= finish)
++ {
++ warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"),
++ (unsigned long) offset, i);
++ continue;
++ }
++
+ if (dwarf_check != 0 && i > 0)
+ {
+ if (start < next)
+@@ -6825,6 +6839,7 @@ display_debug_ranges (struct dwarf_secti
+ (unsigned long) (next - section_begin), section->name);
+ }
+ }
++
+ start = next;
+ last_start = next;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-03-01 Nick Clifton <nickc@redhat.com>
++
++ PR 22905
++ * dwarf.c (display_debug_ranges): Check that the offset loaded
++ from the range_entry structure is valid.
++
+ 2018-05-08 Nick Clifton <nickc@redhat.com>
+
+ PR 22809
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
new file mode 100644
index 0000000..6a43168
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
@@ -0,0 +1,70 @@
+From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 8 May 2018 12:51:06 +0100
+Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
+ fuzzed input file with corrupt string and attribute sections.
+
+ PR 22809
+ * elf.c (bfd_elf_get_str_section): Check for an excessively large
+ string section.
+ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+ attribute section is larger than the size of the file.
+
+Upsteram-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-8945
+Signed-off-by: Armin kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/elf-attrs.c | 9 +++++++++
+ bfd/elf.c | 1 +
+ 3 files changed, 18 insertions(+)
+
+Index: git/bfd/elf-attrs.c
+===================================================================
+--- git.orig/bfd/elf-attrs.c
++++ git/bfd/elf-attrs.c
+@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
+ /* PR 17512: file: 2844a11d. */
+ if (hdr->sh_size == 0)
+ return;
++ if (hdr->sh_size > bfd_get_file_size (abfd))
++ {
++ /* xgettext:c-format */
++ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
++ abfd, hdr->bfd_section, (long long) hdr->sh_size);
++ bfd_set_error (bfd_error_invalid_operation);
++ return;
++ }
++
+ contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
+ if (!contents)
+ return;
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
+ /* Allocate and clear an extra byte at the end, to prevent crashes
+ in case the string table is not terminated. */
+ if (shstrtabsize + 1 <= 1
++ || shstrtabsize > bfd_get_file_size (abfd)
+ || bfd_seek (abfd, offset, SEEK_SET) != 0
+ || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
+ shstrtab = NULL;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2018-05-08 Nick Clifton <nickc@redhat.com>
++
++ PR 22809
++ * elf.c (bfd_elf_get_str_section): Check for an excessively large
++ string section.
++ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
++ attribute section is larger than the size of the file.
++
+ 2018-02-07 Alan Modra <amodra@gmail.com>
+
+ Revert 2018-01-17 Alan Modra <amodra@gmail.com>
diff --git a/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb b/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb
index b61eef9..8de8850 100644
--- a/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb
+++ b/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb
@@ -7,14 +7,12 @@
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
-SRC_URI = "https://alioth.debian.org/frs/download.php/file/3979/chrpath-0.16.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://standarddoc.patch"
SRC_URI[md5sum] = "2bf8d1d1ee345fc8a7915576f5649982"
SRC_URI[sha256sum] = "bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b"
-UPSTREAM_CHECK_URI = "http://alioth.debian.org/frs/?group_id=31052"
-
inherit autotools
# We don't have a staged chrpath-native for ensuring our binary is
diff --git a/poky/meta/recipes-devtools/gcc/gcc-7.3.inc b/poky/meta/recipes-devtools/gcc/gcc-7.3.inc
index 6dff694..d4aaca4 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-7.3.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-7.3.inc
@@ -79,8 +79,8 @@
BACKPORTS = "\
file://0001-Fix-internal-compiler-error-in-testcase.patch \
file://0001-PR-rtl-optimization-83030.patch \
- file://0001-PR-c-80290-memory-hog-with-std-pair.patch \
file://0001-Fix-ppc64le-build-Partial-backport-r256656.patch \
+ file://0001-PR-c-80290-memory-hog-with-std-pair.patch \
"
SRC_URI[md5sum] = "be2da21680f27624f3a87055c4ba5af2"
diff --git a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch
index 5d8ffb7..cfb70e1 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch
+++ b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch
@@ -13,10 +13,7 @@
use of __builtin_vec_vsx_ld () built-in function, which operates
on unaligned pointer values.
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@261621 138bc75d-0d04-0410-961f-82ee72b054a4
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@262243 138bc75d-0d04-0410-961f-82ee72b054a4
+Upstream-Status: Backport
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
libcpp/lex.c | 2 +-
diff --git a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch
index ba43af9..603a29a 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch
+++ b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch
@@ -7,7 +7,7 @@
check for a nested list argument.
(braced_init_depth): New.
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@262204 138bc75d-0d04-0410-961f-82ee72b054a4
+Upstream-Status: Backport
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
gcc/cp/pt.c | 22 ++++++++++++++++++++++
diff --git a/poky/meta/recipes-devtools/go/go-1.10.inc b/poky/meta/recipes-devtools/go/go-1.10.inc
index 3a135bf..1df0fc5 100644
--- a/poky/meta/recipes-devtools/go/go-1.10.inc
+++ b/poky/meta/recipes-devtools/go/go-1.10.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.10"
-GO_MINOR = ".2"
+GO_MINOR = ".3"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -20,5 +20,5 @@
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-SRC_URI[main.md5sum] = "c63b35075bed693bbfc84d4a6262948a"
-SRC_URI[main.sha256sum] = "6264609c6b9cd8ed8e02ca84605d727ce1898d74efa79841660b2e3e985a98bd"
+SRC_URI[main.md5sum] = "d15dfb264105c5e84fbe33f4a4aa5021"
+SRC_URI[main.sha256sum] = "567b1cc66c9704d1c019c50bef946272e911ec6baf244310f87f4e678be155f2"
diff --git a/poky/meta/recipes-devtools/go/go-1.9.inc b/poky/meta/recipes-devtools/go/go-1.9.inc
index a942f6d..329cee0 100644
--- a/poky/meta/recipes-devtools/go/go-1.9.inc
+++ b/poky/meta/recipes-devtools/go/go-1.9.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.9"
-GO_MINOR = ".6"
+GO_MINOR = ".7"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -22,5 +22,5 @@
"
SRC_URI_append_libc-musl = " file://set-external-linker.patch"
-SRC_URI[main.md5sum] = "52c1a3063291036597552d3fed0b2917"
-SRC_URI[main.sha256sum] = "36f4059be658f7f07091e27fe04bb9e97a0c4836eb446e4c5bac3c90ff9e5828"
+SRC_URI[main.md5sum] = "3c2cf876ed6612a022574a565206c6ea"
+SRC_URI[main.sha256sum] = "582814fa45e8ecb0859a208e517b48aa0ad951e3b36c7fff203d834e0ef27722"
diff --git a/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb b/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb
index dae89ab..68b63c9 100644
--- a/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb
+++ b/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb
@@ -4,5 +4,5 @@
RDEPENDS_${PN} = ""
do_install_append() {
- create_wrapper ${D}${bindir}/scons SCONS_LIB_DIR='${STAGING_DIR_HOST}/${PYTHON_SITEPACKAGES_DIR}'
+ create_wrapper ${D}${bindir}/scons SCONS_LIB_DIR='${STAGING_DIR_HOST}/${PYTHON_SITEPACKAGES_DIR}' PYTHONNOUSERSITE='1'
}
diff --git a/poky/meta/recipes-devtools/python/python3_3.5.5.bb b/poky/meta/recipes-devtools/python/python3_3.5.5.bb
index f893b84..4dae4fa 100644
--- a/poky/meta/recipes-devtools/python/python3_3.5.5.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.5.5.bb
@@ -176,7 +176,7 @@
}
do_install_append_class-nativesdk () {
- create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo'
+ create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
}
SSTATE_SCAN_FILES += "Makefile"
diff --git a/poky/meta/recipes-devtools/python/python_2.7.14.bb b/poky/meta/recipes-devtools/python/python_2.7.14.bb
index 41a8609..b923b92 100644
--- a/poky/meta/recipes-devtools/python/python_2.7.14.bb
+++ b/poky/meta/recipes-devtools/python/python_2.7.14.bb
@@ -130,7 +130,7 @@
}
do_install_append_class-nativesdk () {
- create_wrapper ${D}${bindir}/python2.7 PYTHONHOME='${prefix}' TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo'
+ create_wrapper ${D}${bindir}/python2.7 PYTHONHOME='${prefix}' TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
}
SSTATE_SCAN_FILES += "Makefile"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch
new file mode 100644
index 0000000..8622360
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch
@@ -0,0 +1,69 @@
+Upstream-Status: Backport
+
+https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
+
+From dc21a9d2951f0a2a7e63633e2b5c68c54e4edc4b Mon Sep 17 00:00:00 2001
+From: Jeremy Puhlman <jpuhlman@mvista.com>
+Date: Thu, 14 Jun 2018 01:28:49 +0000
+Subject: [PATCH] CVE-2018-11806 QEMU: slirp: heap buffer overflow
+
+Subject: [Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf
+Date: Tue, 5 Jun 2018 23:38:35 +0530
+From: Prasad J Pandit <address@hidden>
+
+While reassembling incoming fragmented datagrams, 'm_cat' routine
+extends the 'mbuf' buffer, if it has insufficient room. It computes
+a wrong buffer size, which leads to overwriting adjacent heap buffer
+area. Correct this size computation in m_cat.
+
+Reported-by: ZDI Disclosures <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ slirp/mbuf.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+---
+ slirp/mbuf.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/slirp/mbuf.c b/slirp/mbuf.c
+index 5ff2455..7fb4501 100644
+--- a/slirp/mbuf.c
++++ b/slirp/mbuf.c
+@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
+ * If there's no room, realloc
+ */
+ if (M_FREEROOM(m) < n->m_len)
+- m_inc(m,m->m_size+MINCSIZE);
++ m_inc(m, m->m_len + n->m_len);
+
+ memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
+ m->m_len += n->m_len;
+@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
+
+ if (m->m_flags & M_EXT) {
+ datasize = m->m_data - m->m_ext;
+- m->m_ext = g_realloc(m->m_ext, size);
++ m->m_ext = g_realloc(m->m_ext, size + datasize);
+ m->m_data = m->m_ext + datasize;
+ } else {
+ char *dat;
+ datasize = m->m_data - m->m_dat;
+- dat = g_malloc(size);
++ dat = g_malloc(size + datasize);
+ memcpy(dat, m->m_dat, m->m_size);
+
+ m->m_ext = dat;
+@@ -171,7 +171,7 @@ m_inc(struct mbuf *m, int size)
+ m->m_flags |= M_EXT;
+ }
+
+- m->m_size = size;
++ m->m_size = size + datasize;
+
+ }
+
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
similarity index 86%
rename from poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
index 7711789..add5d8b 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
@@ -1,3 +1,11 @@
+From 273e1af49d3e0a58bb9464369deb2652f243e649 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Wed, 18 Sep 2013 14:04:54 +0100
+Subject: [PATCH] sdl.c: allow user to disable pointer grabs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
a pointer grab (screen is locked, a menu is open) then qemu will hang until the
@@ -12,22 +20,15 @@
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 4b1988ecb01a178269ec0513a75f2ec620c7ef6a Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Wed, 18 Sep 2013 14:04:54 +0100
-Subject: [PATCH] sdl.c: allow user to disable pointer grabs
-
-Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Eric Bénard <eric@eukrea.com>
---
ui/sdl.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
-Index: qemu-2.11.1/ui/sdl.c
-===================================================================
---- qemu-2.11.1.orig/ui/sdl.c
-+++ qemu-2.11.1/ui/sdl.c
+diff --git a/ui/sdl.c b/ui/sdl.c
+index 7b71a9a..29ce1b9 100644
+--- a/ui/sdl.c
++++ b/ui/sdl.c
@@ -63,6 +63,10 @@ static SDL_PixelFormat host_format;
static int scaling_active = 0;
static Notifier mouse_mode_notifier;
@@ -58,7 +59,7 @@
gui_grab = 0;
sdl_show_cursor();
sdl_update_caption();
-@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds,
+@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame)
* This requires SDL >= 1.2.14. */
setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
diff --git a/poky/meta/recipes-devtools/qemu/qemu/wacom.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
similarity index 87%
rename from poky/meta/recipes-devtools/qemu/qemu/wacom.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
index cd06aa4..281803e 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/wacom.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,19 +1,27 @@
+From a42726e017605ed3ca2b3fc2b1cc8d01ccf34730 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Thu, 27 Nov 2014 14:04:29 +0000
+Subject: [PATCH] qemu: Add missing wacom HID descriptor
+
The USB wacom device is missing a HID descriptor which causes it
to fail to operate with recent kernels (e.g. 3.17).
-This patch adds a HID desriptor to the device, based upon one from
+This patch adds a HID desriptor to the device, based upon one from
real wcom device.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream-Status: Submitted
2014/11/27
+---
+ hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 93 insertions(+), 1 deletion(-)
-Index: qemu-2.1.0/hw/usb/dev-wacom.c
-===================================================================
---- qemu-2.1.0.orig/hw/usb/dev-wacom.c 2014-08-01 15:12:17.000000000 +0100
-+++ qemu-2.1.0/hw/usb/dev-wacom.c 2014-10-12 12:13:30.540306042 +0100
-@@ -68,6 +68,89 @@
+diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
+index bf70013..2f6e129 100644
+--- a/hw/usb/dev-wacom.c
++++ b/hw/usb/dev-wacom.c
+@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = {
[STR_SERIALNUMBER] = "1",
};
@@ -103,7 +111,7 @@
static const USBDescIface desc_iface_wacom = {
.bInterfaceNumber = 0,
.bNumEndpoints = 1,
-@@ -85,7 +168,7 @@
+@@ -89,7 +172,7 @@ static const USBDescIface desc_iface_wacom = {
0x00, /* u8 country_code */
0x01, /* u8 num_descriptors */
0x22, /* u8 type: Report */
@@ -112,7 +120,7 @@
},
},
},
-@@ -265,6 +350,15 @@
+@@ -269,6 +352,15 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p,
}
switch (request) {
diff --git a/poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
similarity index 65%
rename from poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index e963982..dc07300 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,19 +1,23 @@
-From 4201a5791fc4798a45a9b9f881602d7bacb74ed1 Mon Sep 17 00:00:00 2001
+From fda1eee8bc717528d57f6ff454f72c5325043c31 Mon Sep 17 00:00:00 2001
From: Juro Bystricky <juro.bystricky@intel.com>
Date: Thu, 31 Aug 2017 11:06:56 -0700
-Subject: Add subpackage -ptest which runs all unit test cases for qemu.
+Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
+ qemu.
Upstream-Status: Pending
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+---
+ tests/Makefile.include | 8 ++++++++
+ 1 file changed, 8 insertions(+)
diff --git a/tests/Makefile.include b/tests/Makefile.include
-index f08b741..3d1b3e9 100644
+index c002352..f557c26 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
-@@ -924,4 +924,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+@@ -935,4 +935,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
-include $(wildcard tests/*.d)
-include $(wildcard tests/libqos/*.d)
diff --git a/poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
similarity index 66%
rename from poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index c7425ab..4f28e16 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,8 @@
-qemu: Add addition environment space to boot loader qemu-system-mips
+From ad70fdcaf75084da2e02474c61d1d441ca100ab2 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Fri, 28 Mar 2014 17:42:43 +0800
+Subject: [PATCH] qemu: Add addition environment space to boot loader
+ qemu-system-mips
Upstream-Status: Inappropriate - OE uses deep paths
@@ -10,14 +14,14 @@
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
- hw/mips/mips_malta.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ hw/mips/mips_malta.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index 9d521cc..17c0391 100644
+index ec6af4a..6e76166 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
-@@ -53,7 +53,7 @@
+@@ -61,7 +61,7 @@
#define ENVP_ADDR 0x80002000l
#define ENVP_NB_ENTRIES 16
@@ -26,6 +30,3 @@
/* Hardware addresses */
#define FLASH_ADDRESS 0x1e000000ULL
---
-1.7.10.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
new file mode 100644
index 0000000..b9e0183
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
@@ -0,0 +1,33 @@
+From e85ee3cc9988172662d6969af01f23fa8ffd5262 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 20 Oct 2015 22:19:08 +0100
+Subject: [PATCH] qemu: disable Valgrind
+
+There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ configure | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/configure b/configure
+index 0c6e757..c30fd45 100755
+--- a/configure
++++ b/configure
+@@ -4741,15 +4741,6 @@ fi
+ # check if we have valgrind/valgrind.h
+
+ valgrind_h=no
+-cat > $TMPC << EOF
+-#include <valgrind/valgrind.h>
+-int main(void) {
+- return 0;
+-}
+-EOF
+-if compile_prog "" "" ; then
+- valgrind_h=yes
+-fi
+
+ ########################################
+ # check if environ is declared
diff --git a/poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
similarity index 78%
rename from poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index 57ab981..9315f85 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,3 +1,8 @@
+From c79c48a79710d0e2ef68062435596ac455cd9f71 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 9 Mar 2016 22:49:02 +0000
+Subject: [PATCH] qemu: Limit paths searched during user mode emulation
+
By default qemu builds a complete list of directories within the user
emulation sysroot (-L option). The OE sysroot directory is large and
this is confusing, for example it indexes all pkgdata. In particular this
@@ -8,18 +13,21 @@
reads and reduces memory usage and cleans up strace.
It would also avoid the infinite directory traversal bug in [YOCTO #6996]
-although the code could still be vulnerable if it parsed those specific
+although the code could still be vulnerable if it parsed those specific
paths.
RP
2016/3/9
Upstream-Status: Pending
+---
+ util/path.c | 44 ++++++++++++++++++++++----------------------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
-Index: qemu-2.5.0/util/path.c
-===================================================================
---- qemu-2.5.0.orig/util/path.c
-+++ qemu-2.5.0/util/path.c
-@@ -19,6 +19,7 @@ struct pathelem
+diff --git a/util/path.c b/util/path.c
+index 7f9fc27..a416cd4 100644
+--- a/util/path.c
++++ b/util/path.c
+@@ -15,6 +15,7 @@ struct pathelem
char *name;
/* Full path name, eg. /usr/gnemul/x86-linux/lib. */
char *pathname;
@@ -27,7 +35,7 @@
struct pathelem *parent;
/* Children */
unsigned int num_entries;
-@@ -49,6 +50,7 @@ static struct pathelem *new_entry(const
+@@ -45,6 +46,7 @@ static struct pathelem *new_entry(const char *root,
new->name = g_strdup(name);
new->pathname = g_strdup_printf("%s/%s", root, name);
new->num_entries = 0;
@@ -35,7 +43,7 @@
return new;
}
-@@ -57,15 +59,16 @@ static struct pathelem *new_entry(const
+@@ -53,15 +55,16 @@ static struct pathelem *new_entry(const char *root,
/* Not all systems provide this feature */
#if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK)
# define dirent_type(dirent) ((dirent)->d_type)
@@ -55,7 +63,7 @@
DIR *dir;
if ((dir = opendir(path->pathname)) != NULL) {
-@@ -78,6 +81,11 @@ static struct pathelem *add_dir_maybe(st
+@@ -74,6 +77,11 @@ static struct pathelem *add_dir_maybe(struct pathelem *path)
}
closedir(dir);
}
@@ -67,7 +75,7 @@
return path;
}
-@@ -93,26 +101,16 @@ static struct pathelem *add_entry(struct
+@@ -89,26 +97,16 @@ static struct pathelem *add_entry(struct pathelem *root, const char *name,
e = &root->entries[root->num_entries-1];
*e = new_entry(root->pathname, root, name);
@@ -97,7 +105,7 @@
{
unsigned int i, namelen;
-@@ -123,14 +121,18 @@ follow_path(const struct pathelem *curso
+@@ -119,14 +117,18 @@ follow_path(const struct pathelem *cursor, const char *name)
return cursor->pathname;
if (strneq(name, namelen, ".."))
@@ -119,7 +127,7 @@
/* Not found */
return NULL;
-@@ -164,8 +166,6 @@ void init_paths(const char *prefix)
+@@ -160,8 +162,6 @@ void init_paths(const char *prefix)
g_free(base->name);
g_free(base);
base = NULL;
@@ -128,7 +136,7 @@
}
}
-@@ -177,5 +177,5 @@ const char *path(const char *name)
+@@ -173,5 +173,5 @@ const char *path(const char *name)
if (!base || !name || name[0] != '/')
return name;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
new file mode 100644
index 0000000..ad52f37
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -0,0 +1,25 @@
+From 4b21a8db60c32f93df56e6111bb926c91680d6f2 Mon Sep 17 00:00:00 2001
+From: Stephen Arnold <sarnold@vctlabs.com>
+Date: Sun, 12 Jun 2016 18:09:56 -0700
+Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
+
+Upstream-Status: Pending
+---
+ configure | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/configure b/configure
+index c30fd45..b5312f4 100755
+--- a/configure
++++ b/configure
+@@ -5115,10 +5115,6 @@ fi
+ if test "$gcov" = "yes" ; then
+ CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+ LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+- CFLAGS="-O2 $CFLAGS"
+ fi
+
+ ##########################################
diff --git a/poky/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
similarity index 92%
rename from poky/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
index 6e6bf95..f0c0fa1 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
-From 3bb3100c22eb30146a69656480bdffeef8663575 Mon Sep 17 00:00:00 2001
+From 55c9510311b7481a0c8f3f71b3ce130cc25563f9 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Thu, 21 Dec 2017 11:35:16 -0800
Subject: [PATCH] chardev: connect socket to a spawned command
@@ -45,13 +45,13 @@
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- chardev/char-socket.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ chardev/char-socket.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++
chardev/char.c | 3 ++
qapi/char.json | 5 +++
- 3 files changed, 90 insertions(+), 4 deletions(-)
+ 3 files changed, 107 insertions(+)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index 53eda8ef00..f566107c35 100644
+index 53eda8e..6c63555 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -852,6 +852,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
@@ -123,7 +123,7 @@
static void qmp_chardev_open_socket(Chardev *chr,
ChardevBackend *backend,
bool *be_opened,
-@@ -859,6 +921,9 @@
+@@ -859,6 +921,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
{
SocketChardev *s = SOCKET_CHARDEV(chr);
ChardevSocket *sock = backend->u.socket.data;
@@ -133,15 +133,14 @@
bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
bool is_listen = sock->has_server ? sock->server : true;
bool is_telnet = sock->has_telnet ? sock->telnet : false;
-@@ -925,7 +990,14 @@
+@@ -925,7 +990,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
} else if (reconnect > 0) {
s->reconnect_time = reconnect;
}
--
+#ifndef _WIN32
+ if (cmd) {
+ chardev_open_socket_cmd(chr, cmd, errp);
-+
+
+ /* everything ready (or failed permanently) before we return */
+ *be_opened = true;
+ } else
@@ -149,7 +148,7 @@
if (s->reconnect_time) {
sioc = qio_channel_socket_new();
tcp_chr_set_client_ioc_name(chr, sioc);
-@@ -985,10 +1057,26 @@
+@@ -985,10 +1057,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
const char *host = qemu_opt_get(opts, "host");
const char *port = qemu_opt_get(opts, "port");
const char *tls_creds = qemu_opt_get(opts, "tls-creds");
@@ -176,7 +175,7 @@
if (!path) {
if (!host) {
error_setg(errp, "chardev: socket: no host given");
-@@ -1021,13 +1109,24 @@
+@@ -1021,13 +1109,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
sock->has_reconnect = true;
sock->reconnect = reconnect;
sock->tls_creds = g_strdup(tls_creds);
@@ -202,21 +201,21 @@
addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
addr->u.inet.data = g_new(InetSocketAddress, 1);
diff --git a/chardev/char.c b/chardev/char.c
-index 2ae4f465ec..5d52cd5de5 100644
+index 2ae4f46..5d52cd5 100644
--- a/chardev/char.c
+++ b/chardev/char.c
-@@ -792,6 +792,9 @@ QemuOptsList qemu_chardev_opts = {
- },{
+@@ -793,6 +793,9 @@ QemuOptsList qemu_chardev_opts = {
.name = "path",
.type = QEMU_OPT_STRING,
-+ },{
+ },{
+ .name = "cmd",
+ .type = QEMU_OPT_STRING,
- },{
++ },{
.name = "host",
.type = QEMU_OPT_STRING,
+ },{
diff --git a/qapi/char.json b/qapi/char.json
-index ae19dcd1ed..6de0f29bcd 100644
+index ae19dcd..6de0f29 100644
--- a/qapi/char.json
+++ b/qapi/char.json
@@ -241,6 +241,10 @@
@@ -238,5 +237,3 @@
'*tls-creds' : 'str',
'*server' : 'bool',
'*wait' : 'bool',
---
-2.14.1
diff --git a/poky/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
similarity index 80%
rename from poky/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
index d6a3522..915bfda 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
@@ -1,7 +1,7 @@
-From bef93bb81588b5323a52d2e1886f2a77b64a976b Mon Sep 17 00:00:00 2001
+From 945f428016f278fa8e38bc8d153397c3195f85a5 Mon Sep 17 00:00:00 2001
From: Mark Asselstine <mark.asselstine@windriver.com>
Date: Tue, 26 Feb 2013 11:43:28 -0500
-Subject: [PATCH 03/18] apic: fixup fallthrough to PIC
+Subject: [PATCH] apic: fixup fallthrough to PIC
Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
interrupts through the local APIC if the local APIC config says so.]
@@ -28,11 +28,11 @@
hw/intc/apic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: qemu-2.11.1/hw/intc/apic.c
-===================================================================
---- qemu-2.11.1.orig/hw/intc/apic.c
-+++ qemu-2.11.1/hw/intc/apic.c
-@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *de
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index fe15fb6..8352c39 100644
+--- a/hw/intc/apic.c
++++ b/hw/intc/apic.c
+@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *dev)
APICCommonState *s = APIC(dev);
uint32_t lvt0;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
similarity index 87%
rename from poky/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index d2c5225..ceb3980 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
-From 4fa4aae4176ef6d8f4d4b8323d061e2433918a26 Mon Sep 17 00:00:00 2001
+From 4333b2b269d997a719e19f00d044105e17700be2 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Wed, 17 Jan 2018 10:51:49 -0800
Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -18,10 +18,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/main.c b/linux-user/main.c
-index 450eb3ce65..c7cc0a184e 100644
+index 146ee3e..1332b5c 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
-@@ -77,7 +77,7 @@ do { \
+@@ -78,7 +78,7 @@ do { \
(TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
/* There are a number of places where we assign reserved_va to a variable
of type abi_ulong and expect it to fit. Avoid the last page. */
@@ -30,6 +30,3 @@
# else
# define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
# endif
---
-2.14.1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/memfd.patch b/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
similarity index 88%
rename from poky/meta/recipes-devtools/qemu/qemu/memfd.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
index 62e8d38..880cb98 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/memfd.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
@@ -1,7 +1,4 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
+From 0c8af3f651a125d636a71d93bafd35ff5240431a Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 28 Nov 2017 11:51:27 +0100
Subject: [PATCH] memfd: fix configure test
@@ -19,6 +16,8 @@
page.
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
configure | 2 +-
@@ -26,10 +25,10 @@
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
-index 9c8aa5a98b..99ccc1725a 100755
+index b5312f4..ec12f36 100755
--- a/configure
+++ b/configure
-@@ -3923,7 +3923,7 @@ fi
+@@ -3920,7 +3920,7 @@ fi
# check if memfd is supported
memfd=no
cat > $TMPC << EOF
@@ -39,7 +38,7 @@
int main(void)
{
diff --git a/util/memfd.c b/util/memfd.c
-index 4571d1aba8..412e94a405 100644
+index 4571d1a..412e94a 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -31,9 +31,7 @@
@@ -53,5 +52,3 @@
#include <sys/syscall.h>
#include <asm/unistd.h>
---
-2.11.0
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch b/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
similarity index 93%
rename from poky/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
index f90cae6..be92502 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
@@ -1,4 +1,4 @@
-From a75a52d62418dafe462be4fe30485501d1010bb9 Mon Sep 17 00:00:00 2001
+From 7354b9b24c36ee712bb6e881d39504bf1b6a4c8b Mon Sep 17 00:00:00 2001
From: Victor Kamensky <kamensky@cisco.com>
Date: Fri, 23 Mar 2018 18:26:45 +0000
Subject: [PATCH] arm/translate-a64: treat DISAS_UPDATE as variant of
@@ -43,10 +43,10 @@
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index 31ff047..327513e 100644
+index 625ef2d..c381091 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
-@@ -13378,12 +13378,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
+@@ -11384,12 +11384,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
case DISAS_UPDATE:
gen_a64_set_pc_im(dc->pc);
/* fall through */
@@ -62,6 +62,3 @@
case DISAS_NORETURN:
case DISAS_SWI:
break;
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch b/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
similarity index 96%
rename from poky/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
index f8d7f66..d2bdf6b 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
@@ -1,4 +1,4 @@
-From ee9a17d0e12143971a9676227cce953c0dbe52fb Mon Sep 17 00:00:00 2001
+From 065061dca34fa5b91be6dce9a87a8755d8826c78 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 16 Nov 2017 13:21:55 +0530
Subject: [PATCH] ps2: check PS2Queue pointers in post_load routine
@@ -58,6 +58,3 @@
/* reset rptr/wptr/count */
q->rptr = 0;
q->wptr = size;
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch b/poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
similarity index 88%
rename from poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
index cee6a67..b662a41 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,7 @@
-fix libcap header issue on some distro
+From 47fdb0b6e2e393194a8c81544c647fdd997aec7f Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 12 Mar 2013 09:54:06 +0800
+Subject: [PATCH] fix libcap header issue on some distro
1, When build qemu-native on SLED 11.2, there is an error:
...
@@ -52,13 +55,14 @@
Upstream-Status: Pending
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- fsdev/virtfs-proxy-helper.c | 7 +++++--
+ fsdev/virtfs-proxy-helper.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
+index 8e48500..6490030 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
-@@ -12,7 +12,6 @@
+@@ -13,7 +13,6 @@
#include <sys/resource.h>
#include <getopt.h>
#include <syslog.h>
@@ -66,7 +70,7 @@
#include <sys/fsuid.h>
#include <sys/vfs.h>
#include <sys/ioctl.h>
-@@ -26,7 +25,11 @@
+@@ -27,7 +26,11 @@
#include "9p-iov-marshal.h"
#include "hw/9pfs/9p-proxy.h"
#include "fsdev/9p-iov-marshal.h"
@@ -79,6 +83,3 @@
#define PROGNAME "virtfs-proxy-helper"
#ifndef XFS_SUPER_MAGIC
---
-1.7.10.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch b/poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
similarity index 88%
rename from poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 6822132..a5621ca 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
-From 697a834c35d19447b7dcdb9e1d9434bc6ce17c21 Mon Sep 17 00:00:00 2001
+From db914e0f93a32b6731a636517002ecadc207718b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
Date: Wed, 12 Aug 2015 15:11:30 -0500
Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -19,10 +19,10 @@
create mode 100644 custom_debug.h
diff --git a/cpus.c b/cpus.c
-index a822ce3..7e4786e 100644
+index 114c29b..c3dd2e0 100644
--- a/cpus.c
+++ b/cpus.c
-@@ -1080,6 +1080,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+@@ -1510,6 +1510,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
return NULL;
}
@@ -31,7 +31,7 @@
static void qemu_cpu_kick_thread(CPUState *cpu)
{
#ifndef _WIN32
-@@ -1088,6 +1090,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1522,6 +1524,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
err = pthread_kill(cpu->thread->thread, SIG_IPI);
if (err) {
fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
@@ -71,6 +71,3 @@
+
+ free(symbols);
+}
---
-1.9.1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch
deleted file mode 100644
index 91f7280..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-diff --git a/configure b/configure
-index b3c4f51..4d3929e 100755
---- a/configure
-+++ b/configure
-@@ -4193,9 +4192,0 @@ valgrind_h=no
--cat > $TMPC << EOF
--#include <valgrind/valgrind.h>
--int main(void) {
-- return 0;
--}
--EOF
--if compile_prog "" "" ; then
-- valgrind_h=yes
--fi
diff --git a/poky/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch b/poky/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch
deleted file mode 100644
index eb99d14..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Pending
-
---- a/configure
-+++ b/configure
-@@ -4468,10 +4468,6 @@ fi
- if test "$gcov" = "yes" ; then
- CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
- LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
--elif test "$fortify_source" = "yes" ; then
-- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
--elif test "$debug" = "no"; then
-- CFLAGS="-O2 $CFLAGS"
- fi
-
- ##########################################
diff --git a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
index ab82c5f..7de21ac 100644
--- a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
@@ -9,27 +9,27 @@
SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
file://powerpc_rom.bin \
- file://disable-grabs.patch \
- file://wacom.patch \
- file://add-ptest-in-makefile-v10.patch \
+ file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
+ file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
file://run-ptest \
- file://qemu-enlarge-env-entry-size.patch \
- file://no-valgrind.patch \
- file://pathlimit.patch \
- file://qemu-2.5.0-cflags.patch \
- file://chardev-connect-socket-to-a-spawned-command.patch \
- file://apic-fixup-fallthrough-to-PIC.patch \
- file://linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
- file://memfd.patch \
- file://0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
- file://check-PS2Queue-pointers-in-post_load-routine.patch \
+ file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0005-qemu-disable-Valgrind.patch \
+ file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
+ file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0008-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0009-apic-fixup-fallthrough-to-PIC.patch \
+ file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0011-memfd-fix-configure-test.patch \
+ file://0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
+ file://0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch \
+ file://0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
-
SRC_URI_append_class-native = " \
- file://fix-libcap-header-issue-on-some-distro.patch \
- file://cpus.c-qemu_cpu_kick_thread_debugging.patch \
+ file://0014-fix-libcap-header-issue-on-some-distro.patch \
+ file://0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
"
SRC_URI[md5sum] = "61cf862b6007eba4ac98247776af2e27"
diff --git a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
index 2be3cb5..4020a31 100644
--- a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
+++ b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
@@ -1,4 +1,4 @@
-From a6f269f879221f2777169c5f7291322afe6b661b Mon Sep 17 00:00:00 2001
+From a89daa75ac970d8e247edc762d1181e9a5b0c5d0 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Tue, 17 Jan 2017 14:07:17 +0200
Subject: [PATCH] When cross-installing, execute package scriptlets without
@@ -7,17 +7,42 @@
This is triggered only when RPM_NO_CHROOT_FOR_SCRIPTS environment variable is defined.
Otherwise they will trigger an explosion of failures, obviously.
+Amended 2018-07-03 by Olof Johansson <olofjn@axis.com>:
+
+ Remove leaking temporary scriptlet files
+
+ Since we tell dnf to run rpm with debug output, this will result in rpm not
+ cleaning up written temporary scriptlet files (same flag controls both
+ behaviors). This wouldn't have been a problem since we normally would use the
+ target sysroot also for temporary files, but we need to chroot out to be able
+ to actually run the rpm scriptlets (purpose of this patch), so the temporary
+ files are written to the host's /var/tmp/ directory, causing a gradual
+ resource leakage on the host system for every RPM based do_rootfs task
+ executed.
+
+ Signed-off-by: Olof Johansson <olofjn@axis.com>
+
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
- lib/rpmscript.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
+ lib/rpmscript.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/rpmscript.c b/lib/rpmscript.c
-index 98d3f420d..b95b5d606 100644
+index cc98c4885..f8bd3df04 100644
--- a/lib/rpmscript.c
+++ b/lib/rpmscript.c
-@@ -467,7 +467,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd,
+@@ -394,8 +394,7 @@ exit:
+ Fclose(out); /* XXX dup'd STDOUT_FILENO */
+
+ if (fn) {
+- if (!rpmIsDebug())
+- unlink(fn);
++ unlink(fn);
+ free(fn);
+ }
+ free(mline);
+@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd,
if (rc != RPMRC_FAIL) {
if (script_type & RPMSCRIPTLET_EXEC) {
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb
index 6012922..1a03a0f 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb
@@ -69,6 +69,7 @@
# Disable dbus for native, so that rpm doesn't attempt to inhibit shutdown via session dbus even when plugins support is enabled.
# Also disable plugins by default for native.
EXTRA_OECONF_append_class-native = " --sysconfdir=/etc --localstatedir=/var --without-dbus --disable-plugins"
+EXTRA_OECONF_append_class-nativesdk = " --sysconfdir=/etc --localstatedir=/var --without-dbus --disable-plugins"
BBCLASSEXTEND = "native nativesdk"
@@ -77,21 +78,22 @@
# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in
# libmagic also has sysroot path contamination, so override it
-do_install_append_class-native() {
- tools="\
- ${bindir}/rpm \
- ${bindir}/rpm2archive \
- ${bindir}/rpm2cpio \
- ${bindir}/rpmbuild \
- ${bindir}/rpmdb \
- ${bindir}/rpmgraph \
- ${bindir}/rpmkeys \
- ${bindir}/rpmsign \
- ${bindir}/rpmspec \
- ${libdir}/rpm/rpmdeps \
- "
- for tool in $tools; do
+WRAPPER_TOOLS = " \
+ ${bindir}/rpm \
+ ${bindir}/rpm2archive \
+ ${bindir}/rpm2cpio \
+ ${bindir}/rpmbuild \
+ ${bindir}/rpmdb \
+ ${bindir}/rpmgraph \
+ ${bindir}/rpmkeys \
+ ${bindir}/rpmsign \
+ ${bindir}/rpmspec \
+ ${libdir}/rpm/rpmdeps \
+"
+
+do_install_append_class-native() {
+ for tool in ${WRAPPER_TOOLS}; do
create_wrapper ${D}$tool \
RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \
RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \
@@ -100,6 +102,18 @@
done
}
+do_install_append_class-nativesdk() {
+ for tool in ${WRAPPER_TOOLS}; do
+ create_wrapper ${D}$tool \
+ RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir', True), d.getVar('bindir', True))}/rpm \
+ RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir', True), d.getVar('bindir', True))}/..} \
+ MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir', True), d.getVar('bindir', True))}/misc/magic.mgc \
+ RPM_NO_CHROOT_FOR_SCRIPTS=1
+ done
+
+ rm -rf ${D}/var
+}
+
# Rpm's make install creates var/tmp which clashes with base-files packaging
do_install_append_class-target() {
rm -rf ${D}/var
diff --git a/poky/meta/recipes-extended/at/at_3.1.20.bb b/poky/meta/recipes-extended/at/at_3.1.20.bb
index 8fe3b43..b76e83d 100644
--- a/poky/meta/recipes-extended/at/at_3.1.20.bb
+++ b/poky/meta/recipes-extended/at/at_3.1.20.bb
@@ -8,6 +8,12 @@
DEPENDS = "flex flex-native bison-native \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PACKAGECONFIG ?= "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
+"
+
+PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux,"
+
RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_DEPS}', '', d)} \
"
diff --git a/poky/meta/recipes-extended/bash/bash.inc b/poky/meta/recipes-extended/bash/bash.inc
index 9c2b065..2e7f261 100644
--- a/poky/meta/recipes-extended/bash/bash.inc
+++ b/poky/meta/recipes-extended/bash/bash.inc
@@ -7,7 +7,7 @@
inherit autotools gettext texinfo update-alternatives ptest
EXTRA_AUTORECONF += "--exclude=autoheader --exclude=aclocal"
-EXTRA_OECONF = "--enable-job-control --without-bash-malloc"
+EXTRA_OECONF = "--enable-job-control --without-bash-malloc bash_cv_wexitstatus_offset=8"
# If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the
# startup files, even if they are not interactive.
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch
new file mode 100644
index 0000000..0a30544
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch
@@ -0,0 +1,346 @@
+From ebf9a2d776474181936a720ce811d72bbd1da3b6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Tue, 26 Jan 2016 23:17:54 +0100
+Subject: [PATCH] CVE-2016-2037 - 1 byte out-of-bounds write
+
+Ensure that cpio_safer_name_suffix always works with dynamically
+allocated buffer, and that it has size of at least 32 bytes.
+Then, any call to cpio_safer_name_suffix is safe (it requires at
+least 2 bytes in the buffer).
+
+Also ensure that c_namesize is always correctly initialized (by
+cpio_set_c_name) to avoid undefined behavior when reading
+file_hdr.c_namesize (previously happened for tar archives).
+
+References:
+http://www.mail-archive.com/bug-cpio@gnu.org/msg00545.html
+
+* src/copyin.c (query_rename): Drop the hack, as we now work with
+dynamically allocated buffer. Use cpio_set_c_name.
+(create_defered_links_to_skipped): Use cpio_set_c_name rather than
+manual assignment.
+(read_name_from_file): New function to avoid C&P.
+(read_in_old_ascii, read_in_new_ascii, read_in_binary): Use
+read_name_from_file.
+(process_copy_in): Initialize file_hdr.c_namesize.
+* src/copyout.c (process_copy_out): Use cpio_set_c_name.
+* src/cpiohdr.h (cpio_set_c_name): New prototype.
+* src/tar.c (read_in_tar_header): Use cpio_set_c_name.
+* src/util.c (cpio_set_c_name): New function to set
+file_hdr->c_name and c_namesize from arbitrary string.
+(cpio_safer_name_suffix): Some docs fixes.
+* tests/inout.at: Also test copy-in, and try various formats.
+
+CVE: CVE-2016-2037
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ src/copyin.c | 68 +++++++++++++++++++---------------------------------------
+ src/copyout.c | 13 +++++------
+ src/cpiohdr.h | 1 +
+ src/tar.c | 10 +++++----
+ src/util.c | 32 ++++++++++++++++++++++++++-
+ tests/inout.at | 19 ++++++++++++++--
+ 6 files changed, 82 insertions(+), 61 deletions(-)
+
+diff --git a/src/copyin.c b/src/copyin.c
+index cde911e..972f8a6 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
+ return -1;
+ }
+ else
+- /* Debian hack: file_hrd.c_name is sometimes set to
+- point to static memory by code in tar.c. This
+- causes a segfault. This has been fixed and an
+- additional check to ensure that the file name
+- is not too long has been added. (Reported by
+- Horst Knobloch.) This bug has been reported to
+- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */
+- {
+- if (archive_format != arf_tar && archive_format != arf_ustar)
+- {
+- free (file_hdr->c_name);
+- file_hdr->c_name = xstrdup (new_name.ds_string);
+- }
+- else
+- {
+- if (is_tar_filename_too_long (new_name.ds_string))
+- error (0, 0, _("%s: file name too long"),
+- new_name.ds_string);
+- else
+- strcpy (file_hdr->c_name, new_name.ds_string);
+- }
+- }
++ cpio_set_c_name (file_hdr, new_name.ds_string);
+ return 0;
+ }
+
+@@ -344,8 +323,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr,
+ d_prev->next = d->next;
+ else
+ deferments = d->next;
+- free (file_hdr->c_name);
+- file_hdr->c_name = xstrdup(d->header.c_name);
++ cpio_set_c_name (file_hdr, d->header.c_name);
+ free_deferment (d);
+ copyin_regular_file(file_hdr, in_file_des);
+ return 0;
+@@ -1064,6 +1042,22 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+ }
+ }
+
++static void
++read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
++{
++ static char *tmp_filename;
++ static size_t buflen;
++
++ if (buflen < len)
++ {
++ buflen = len;
++ tmp_filename = xrealloc (tmp_filename, buflen);
++ }
++
++ tape_buffered_read (tmp_filename, fd, len);
++ cpio_set_c_name (file_hdr, tmp_filename);
++}
++
+ /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from
+ file descriptor IN_DES, except for the magic number, which is
+ already filled in. */
+@@ -1090,14 +1084,8 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des)
+ file_hdr->c_rdev_min = minor (dev);
+
+ file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime);
+- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize);
+ file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize);
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize));
+
+ /* HP/UX cpio creates archives that look just like ordinary archives,
+ but for devices it sets major = 0, minor = 1, and puts the
+@@ -1152,14 +1140,8 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des)
+ file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min);
+ file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj);
+ file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min);
+- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize);
+ file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum);
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize));
+
+ /* In SVR4 ASCII format, the amount of space allocated for the header
+ is rounded up to the next long-word, so we might need to drop
+@@ -1207,16 +1189,9 @@ read_in_binary (struct cpio_file_stat *file_hdr,
+ file_hdr->c_rdev_min = minor (short_hdr->c_rdev);
+ file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
+ | short_hdr->c_mtimes[1];
+-
+- file_hdr->c_namesize = short_hdr->c_namesize;
+ file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16
+ | short_hdr->c_filesizes[1];
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize);
+
+ /* In binary mode, the amount of space allocated in the header for
+ the filename is `c_namesize' rounded up to the next short-word,
+@@ -1297,6 +1272,7 @@ process_copy_in ()
+ read_pattern_file ();
+ }
+ file_hdr.c_name = NULL;
++ file_hdr.c_namesize = 0;
+
+ if (rename_batch_file)
+ {
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..bb39559 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -660,8 +660,7 @@ process_copy_out ()
+ cpio_safer_name_suffix (input_name.ds_string, false,
+ !no_abs_paths_flag, true);
+ #ifndef HPUX_CDF
+- file_hdr.c_name = input_name.ds_string;
+- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
++ cpio_set_c_name (&file_hdr, input_name.ds_string);
+ #else
+ if ( (archive_format != arf_tar) && (archive_format != arf_ustar) )
+ {
+@@ -670,16 +669,15 @@ process_copy_out ()
+ properly recreate the directory as hidden (in case the
+ files of a directory go into the archive before the
+ directory itself (e.g from "find ... -depth ... | cpio")). */
+- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string);
+- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1;
++ cpio_set_c_name (&file_hdr,
++ add_cdf_double_slashes (input_name.ds_string));
+ }
+ else
+ {
+ /* We don't mark CDF's in tar files. We assume the "hidden"
+ directory will always go into the archive before any of
+ its files. */
+- file_hdr.c_name = input_name.ds_string;
+- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
++ cpio_set_c_name (&file_hdr, input_name.ds_string);
+ }
+ #endif
+
+@@ -866,8 +864,7 @@ process_copy_out ()
+ file_hdr.c_chksum = 0;
+
+ file_hdr.c_filesize = 0;
+- file_hdr.c_namesize = 11;
+- file_hdr.c_name = CPIO_TRAILER_NAME;
++ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME);
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ write_out_header (&file_hdr, out_file_des);
+ else
+diff --git a/src/cpiohdr.h b/src/cpiohdr.h
+index b29e6fb..f4c63be 100644
+--- a/src/cpiohdr.h
++++ b/src/cpiohdr.h
+@@ -129,5 +129,6 @@ struct cpio_file_stat /* Internal representation of a CPIO header */
+ char *c_tar_linkname;
+ };
+
++void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name);
+
+ #endif /* cpiohdr.h */
+diff --git a/src/tar.c b/src/tar.c
+index a2ce171..e41f89d 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ if (null_block ((long *) &tar_rec, TARRECORDSIZE))
+ #endif
+ {
+- file_hdr->c_name = CPIO_TRAILER_NAME;
++ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME);
+ return;
+ }
+ #if 0
+@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ }
+
+ if (archive_format != arf_ustar)
+- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name);
++ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name));
+ else
+- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name);
++ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix,
++ tar_hdr->name));
++
+ file_hdr->c_nlink = 1;
+ file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode);
+ file_hdr->c_mode = file_hdr->c_mode & 07777;
+@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ case AREGTYPE:
+ /* Old tar format; if the last char in filename is '/' then it is
+ a directory, otherwise it's a regular file. */
+- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/')
++ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/')
+ file_hdr->c_mode |= CP_IFDIR;
+ else
+ file_hdr->c_mode |= CP_IFREG;
+diff --git a/src/util.c b/src/util.c
+index 6ff6032..4f3c073 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -1410,8 +1410,34 @@ set_file_times (int fd,
+ utime_error (name);
+ }
+
++
++void
++cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name)
++{
++ static size_t buflen = 0;
++ size_t len = strlen (name) + 1;
++
++ if (buflen == 0)
++ {
++ buflen = len;
++ if (buflen < 32)
++ buflen = 32;
++ file_hdr->c_name = xmalloc (buflen);
++ }
++ else if (buflen < len)
++ {
++ buflen = len;
++ file_hdr->c_name = xrealloc (file_hdr->c_name, buflen);
++ }
++
++ file_hdr->c_namesize = len;
++ memmove (file_hdr->c_name, name, len);
++}
++
+ /* Do we have to ignore absolute paths, and if so, does the filename
+- have an absolute path? */
++ have an absolute path? Before calling this function make sure that the
++ allocated NAME buffer has capacity at least 2 bytes. */
++
+ void
+ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ bool strip_leading_dots)
+@@ -1426,6 +1452,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ ++p;
+ }
+ if (p != name)
++ /* The 'p' string is shortened version of 'name' with one exception; when
++ the 'name' points to an empty string (buffer where name[0] == '\0') the
++ 'p' then points to static string ".". So caller needs to ensure there
++ are at least two bytes available in 'name' buffer so memmove succeeds. */
+ memmove (name, p, (size_t)(strlen (p) + 1));
+ }
+
+diff --git a/tests/inout.at b/tests/inout.at
+index 60c3716..730cbd2 100644
+--- a/tests/inout.at
++++ b/tests/inout.at
+@@ -35,7 +35,22 @@ while read NAME LENGTH
+ do
+ genfile --length $LENGTH > $NAME
+ echo $NAME
+-done < filelist |
+- cpio --quiet -o > archive])
++done < filelist > filelist_raw
++
++for format in bin odc newc crc tar ustar hpbin hpodc
++do
++ cpio --format=$format --quiet -o < filelist_raw > archive.$format
++ rm -rf output
++ mkdir output && cd output
++ cpio -i --quiet < ../archive.$format
++
++ while read file
++ do
++ test -f $file || echo "$file not found"
++ done < ../filelist_raw
++
++ cd ..
++done
++])
+
+ AT_CLEANUP
+--
+1.9.1
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/poky/meta/recipes-extended/cpio/cpio_2.12.bb
index 405a90e..69d3698 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -1,12 +1,47 @@
-require cpio_v2.inc
-
+SUMMARY = "GNU cpio is a program to manage archives of files"
+DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \
+another. It handles a number of cpio formats as well as reading and writing tar files."
+HOMEPAGE = "http://www.gnu.org/software/cpio/"
+SECTION = "base"
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0001-Fix-CVE-2015-1197.patch \
+ file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
"
SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73"
+
+inherit autotools gettext texinfo
+
+EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}"
+
+do_install () {
+ autotools_do_install
+ if [ "${base_bindir}" != "${bindir}" ]; then
+ install -d ${D}${base_bindir}/
+ mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio"
+ rmdir ${D}${bindir}/
+ fi
+}
+
+PACKAGES =+ "${PN}-rmt"
+
+FILES_${PN}-rmt = "${base_sbindir}/rmt*"
+
+inherit update-alternatives
+
+ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN} = "cpio"
+ALTERNATIVE_${PN}-rmt = "rmt"
+
+ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
+
+ALTERNATIVE_PRIORITY[rmt] = "50"
+ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt"
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-extended/cpio/cpio_v2.inc b/poky/meta/recipes-extended/cpio/cpio_v2.inc
deleted file mode 100644
index 31adb71..0000000
--- a/poky/meta/recipes-extended/cpio/cpio_v2.inc
+++ /dev/null
@@ -1,43 +0,0 @@
-SUMMARY = "GNU cpio is a program to manage archives of files"
-DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \
-another. It handles a number of cpio formats as well as reading and writing tar files."
-HOMEPAGE = "http://www.gnu.org/software/cpio/"
-SECTION = "base"
-
-DEPENDS = "texinfo-native"
-
-SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
- "
-
-inherit autotools gettext texinfo
-
-S = "${WORKDIR}/cpio-${PV}"
-
-EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}"
-
-do_install () {
- autotools_do_install
- if [ "${base_bindir}" != "${bindir}" ]; then
- install -d ${D}${base_bindir}/
- mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio"
- rmdir ${D}${bindir}/
- fi
-}
-
-PACKAGES =+ "${PN}-rmt"
-
-FILES_${PN}-rmt = "${base_sbindir}/rmt*"
-
-inherit update-alternatives
-
-ALTERNATIVE_PRIORITY = "100"
-
-ALTERNATIVE_${PN} = "cpio"
-ALTERNATIVE_${PN}-rmt = "rmt"
-
-ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
-
-ALTERNATIVE_PRIORITY[rmt] = "50"
-ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt"
-
-BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
similarity index 82%
rename from poky/meta/recipes-extended/gawk/gawk_4.2.0.bb
rename to poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
index 27f79a2..9663752 100644
--- a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb
+++ b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
@@ -19,8 +19,8 @@
file://run-ptest \
"
-SRC_URI[md5sum] = "0b598c31bc703d66082bd958d4189980"
-SRC_URI[sha256sum] = "c88046c6e8396ee548bcb941e16def809b7b55b60a1044b5dd254094f347c7d9"
+SRC_URI[md5sum] = "0256724a0af50cb83ac92f833488673d"
+SRC_URI[sha256sum] = "2b23d51503b2df9a41aa6fddc6002ad7ebf2a386ac19dc1b6be0dd48b0acf6db"
inherit autotools gettext texinfo update-alternatives
@@ -43,6 +43,8 @@
for i in `grep -vE "@|^$|#|Gt-dummy" ${S}/test/Maketests |awk -F: '{print $1}'` Maketests inclib.awk; \
do cp ${S}/test/$i* ${D}${PTEST_PATH}/test; \
done
+ sed -i -e 's|/usr/local/bin|${bindir}|g' \
+ -e 's|#!${base_bindir}/awk|#!${bindir}/awk|g' ${D}${PTEST_PATH}/test/*.awk
}
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/ltp/ltp_20180118.bb b/poky/meta/recipes-extended/ltp/ltp_20180118.bb
index 14fb41b..8754fcd 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20180118.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20180118.bb
@@ -58,7 +58,7 @@
PACKAGECONFIG[numa] = "--with-numa, --without-numa, numactl,"
EXTRA_AUTORECONF += "-I ${S}/testcases/realtime/m4"
-EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite "
+EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite --with-open-posix-testsuite "
# ltp network/rpc test cases ftbfs when libtirpc is found
EXTRA_OECONF += " --without-tirpc "
diff --git a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
index e6afe2b..be0b48d 100644
--- a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
+++ b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
@@ -7,7 +7,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \
file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81"
-SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://allow.to.disable.lockdev.patch \
file://0001-fix-minicom-h-v-return-value-is-not-0.patch \
file://0001-Fix-build-issus-surfaced-due-to-musl.patch \
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
new file mode 100644
index 0000000..ee728f0
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
@@ -0,0 +1,64 @@
+shadow-4.2.1: Fix CVE-2017-2616
+
+[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
+
+su: properly clear child PID
+
+If su is compiled with PAM support, it is possible for any local user
+to send SIGKILL to other processes with root privileges. There are
+only two conditions. First, the user must be able to perform su with
+a successful login. This does NOT have to be the root user, even using
+su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
+can only be sent to processes which were executed after the su process.
+It is not possible to send SIGKILL to processes which were already
+running. I consider this as a security vulnerability, because I was
+able to write a proof of concept which unlocked a screen saver of
+another user this way.
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686]
+CVE: CVE-2017-2616
+bug: 855943
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/src/su.c b/src/su.c
+index 3704217..1efcd61 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void)
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
++ } else {
++ pid_child = 0;
+ }
+ } while (!stop);
+ }
+
+- if (0 != caught) {
++ if (0 != caught && 0 != pid_child) {
+ (void) fputs ("\n", stderr);
+ (void) fputs (_("Session terminated, terminating shell..."),
+ stderr);
+ (void) kill (-pid_child, caught);
+
+ (void) signal (SIGALRM, kill_child);
++ (void) signal (SIGCHLD, catch_signals);
+ (void) alarm (2);
+
+- (void) wait (&status);
++ sigemptyset (&ourset);
++ if ((sigaddset (&ourset, SIGALRM) != 0)
++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
++ kill_child (0);
++ } else {
++ while (0 == waitpid (pid_child, &status, WNOHANG)) {
++ sigsuspend (&ourset);
++ }
++ pid_child = 0;
++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
++ }
++
+ (void) fputs (_(" ...terminated.\n"), stderr);
+ }
+
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
index 9e3efa6..b769d92 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
@@ -1,4 +1,6 @@
# The PAM configuration file for the Shadow 'chpasswd' service
#
+auth sufficient pam_rootok.so
+account required pam_permit.so
password include common-password
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/newusers b/poky/meta/recipes-extended/shadow/files/pam.d/newusers
index 4aa3dde..4c59dfa 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/newusers
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/newusers
@@ -1,4 +1,6 @@
# The PAM configuration file for the Shadow 'newusers' service
#
+auth sufficient pam_rootok.so
+account required pam_permit.so
password include common-password
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 673207f..6efe4a9 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -8,7 +8,9 @@
DEPENDS = "virtual/crypt"
-SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
+UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
+
+SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
file://shadow-4.1.3-dots-in-usernames.patch \
file://usermod-fix-compilation-failure-with-subids-disabled.patch \
file://fix-installation-failure-with-subids-disabled.patch \
@@ -16,6 +18,7 @@
file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
file://0001-useradd-copy-extended-attributes-of-home.patch \
file://0001-shadow-CVE-2017-12424 \
+ file://CVE-2017-2616.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
@@ -127,7 +130,8 @@
# Ensure that the image has as a /var/spool/mail dir so shadow can
# put mailboxes there if the user reconfigures shadow to its
# defaults (see sed below).
- install -d ${D}${localstatedir}/spool/mail
+ install -m 0775 -d ${D}${localstatedir}/spool/mail
+ chown root:mail ${D}${localstatedir}/spool/mail
if [ -e ${WORKDIR}/pam.d ]; then
install -d ${D}${sysconfdir}/pam.d/
diff --git a/poky/meta/recipes-extended/sysklogd/sysklogd.inc b/poky/meta/recipes-extended/sysklogd/sysklogd.inc
index 1a537fa..fc4e67c 100644
--- a/poky/meta/recipes-extended/sysklogd/sysklogd.inc
+++ b/poky/meta/recipes-extended/sysklogd/sysklogd.inc
@@ -33,7 +33,7 @@
INITSCRIPT_NAME = "syslog"
CONFFILES_${PN} = "${sysconfdir}/syslog.conf"
-RCONFLICTS_${PN}-syslog = "rsyslog busybox-syslog syslog-ng"
+RCONFLICTS_${PN} = "rsyslog busybox-syslog syslog-ng"
CFLAGS += "-DSYSV -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
diff --git a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
index d5fdc5b..6da92f2 100644
--- a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
+++ b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
@@ -3,11 +3,8 @@
After=syslog.target network.target
[Service]
-Type=forking
-PIDFile=/var/run/xinetd.pid
EnvironmentFile=-/etc/sysconfig/xinetd
-ExecStart=@SBINDIR@/xinetd -stayalive -pidfile /var/run/xinetd.pid "$EXTRAOPTIONS"
-ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+ExecStart=@SBINDIR@/xinetd -dontfork "$EXTRAOPTIONS"
[Install]
WantedBy=multi-user.target
diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
index ed6d0ec..6052650 100644
--- a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
+++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
@@ -10,6 +10,7 @@
SRC_URI += " \
file://0001-Disable-installing-header-file-provided-by-another-p.patch \
file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \
+file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \
"
EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch
new file mode 100644
index 0000000..5881d1c
--- /dev/null
+++ b/poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch
@@ -0,0 +1,43 @@
+From f60aa08c63fc02780554a0a12180a478ca27d49f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Wed, 23 May 2018 18:43:39 +0300
+Subject: [PATCH] ioctl.c: Fix build with linux 4.17
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since kernel 4.17-rc1, sys_* syscalls can no longer be called directly:
+819671ff849b ("syscalls: define and explain goal to not call syscalls in the kernel")
+
+Since cryptodev uses sys_close() - and this has been removed in commit:
+2ca2a09d6215 ("fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()")
+cryptodev has to be updated to use the ksys_close() wrapper.
+
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ ioctl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ioctl.c b/ioctl.c
+index d831b0c..2571034 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -828,7 +828,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+ if (unlikely(ret)) {
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0))
+ sys_close(fd);
++#else
++ ksys_close(fd);
++#endif
+ return ret;
+ }
+ return ret;
+--
+2.7.4
+
diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index 8ccd8ce..4ccf9b0 100644
--- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -4,7 +4,7 @@
DEPENDS = "git-native"
-SRCREV = "b46b1c4f0973bf1eb09cf1191f5f4e69bcd0475d"
+SRCREV = "8cd13500a27c0a6a911cc83c0349dec01ef66e27"
PR = "r12"
PV = "0.2+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service b/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service
index 4e65a46..013c5a6 100644
--- a/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service
+++ b/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service
@@ -1,6 +1,7 @@
[Unit]
Description=Reboot and dump vmcore via kexec
DefaultDependencies=no
+After=basic.target
[Service]
Type=oneshot
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
index 8d6f2f2..cf7abb0 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
@@ -14,6 +14,7 @@
& Firmware-cavium \
& Firmware-chelsio_firmware \
& Firmware-cw1200 \
+ & Firmware-cypress \
& Firmware-dib0700 \
& Firmware-e100 \
& Firmware-ene_firmware \
@@ -66,7 +67,7 @@
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
file://LICENSE.amdgpu;md5=0aa3c2f3e736af320a08a3aeeccecf29 \
- file://LICENSE.amd-ucode;md5=3a0de451253cc1edbf30a3c621effee3 \
+ file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
@@ -74,6 +75,7 @@
file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
+ file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \
file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \
@@ -118,7 +120,7 @@
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=6f46986f4e913ef16b765c2319cc5141 \
+ file://WHENCE;md5=eaaf310bac02fee05ea1b334f58c5caf \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -135,6 +137,7 @@
NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium"
NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware"
NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200"
+NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress"
NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700"
NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100"
NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware"
@@ -181,7 +184,7 @@
NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
-SRCREV = "8fc2d4e55685bf73b6f7752383da9067404a74bb"
+SRCREV = "d1147327232ec4616a66ab898df84f9700c816c1"
PE = "1"
PV = "0.0+git${SRCPV}"
@@ -232,9 +235,41 @@
${PN}-ti-connectivity-license ${PN}-wl12xx ${PN}-wl18xx \
${PN}-vt6656-license ${PN}-vt6656 \
${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
+ ${PN}-rtl8168 \
+ ${PN}-cypress-license \
${PN}-broadcom-license \
- ${PN}-bcm4329 ${PN}-bcm4330 ${PN}-bcm4334 ${PN}-bcm43340 \
- ${PN}-bcm43362 ${PN}-bcm4339 ${PN}-bcm43430 ${PN}-bcm4354 \
+ ${PN}-bcm-0bb4-0306 \
+ ${PN}-bcm43143 \
+ ${PN}-bcm43236b \
+ ${PN}-bcm43241b0 \
+ ${PN}-bcm43241b4 \
+ ${PN}-bcm43241b5 \
+ ${PN}-bcm43242a \
+ ${PN}-bcm4329 \
+ ${PN}-bcm4329-fullmac \
+ ${PN}-bcm4330 \
+ ${PN}-bcm4334 \
+ ${PN}-bcm43340 \
+ ${PN}-bcm4335 \
+ ${PN}-bcm43362 \
+ ${PN}-bcm4339 \
+ ${PN}-bcm43430 \
+ ${PN}-bcm43430a0 \
+ ${PN}-bcm43455 \
+ ${PN}-bcm4350 \
+ ${PN}-bcm4350c2 \
+ ${PN}-bcm4354 \
+ ${PN}-bcm4356 \
+ ${PN}-bcm4356-pcie \
+ ${PN}-bcm43569 \
+ ${PN}-bcm43570 \
+ ${PN}-bcm4358 \
+ ${PN}-bcm43602 \
+ ${PN}-bcm4366b \
+ ${PN}-bcm4371 \
+ ${PN}-bcm4373 \
+ ${PN}-bcm43xx \
+ ${PN}-bcm43xx-hdr \
${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \
${PN}-gplv2-license ${PN}-carl9170 \
${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-qca \
@@ -440,6 +475,7 @@
LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8168 = "WHENCE"
FILES_${PN}-rtl-license = " \
${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \
@@ -462,6 +498,9 @@
FILES_${PN}-rtl8821 = " \
${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
"
+FILES_${PN}-rtl8168 = " \
+ ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
+"
RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license"
@@ -469,6 +508,7 @@
RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license"
# For ti-connectivity
LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity"
@@ -503,52 +543,126 @@
# For broadcom
-LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm43340 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm43362 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm43430 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4354 = "Firmware-broadcom_bcm43xx"
+# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u
+
LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx"
+FILES_${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx"
-FILES_${PN}-broadcom-license = " \
- ${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx \
-"
-FILES_${PN}-bcm4329 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin \
-"
-FILES_${PN}-bcm4330 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.bin \
-"
-FILES_${PN}-bcm4334 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin \
-"
-FILES_${PN}-bcm43340 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.bin \
-"
-FILES_${PN}-bcm43362 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.bin \
-"
-FILES_${PN}-bcm4339 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \
-"
-FILES_${PN}-bcm43430 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.bin \
-"
-FILES_${PN}-bcm4354 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \
-"
+# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES_\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES
+FILES_${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw"
+FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw"
+FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin"
+FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin"
+FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin"
+FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.bin"
+FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
+FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
+FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin"
+FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin"
+FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin"
+FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin"
+FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin"
+FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
+"
+FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.bin"
+FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.bin"
+FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
+FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
+FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin"
+FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin"
+FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin"
+FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin"
+FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
+"
+FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin"
+FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin"
+
+# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done
+# Currently 1st one and last 6 have cypress LICENSE
+
+LICENSE_${PN}-bcm43xx = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43xx += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43xx-hdr += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4329-fullmac += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43236b = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43236b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4329 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4330 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4334 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm43340 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm43362 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4335 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4335 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4339 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm43430 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm4354 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b0 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b4 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b5 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43242a = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43242a += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43143 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43143 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43430a0 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4350c2 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4350 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4350 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4356 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4356 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43569 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43569 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43570 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43570 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4358 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4358 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license"
+
+# For broadcom cypress
+
+LICENSE_${PN}-cypress-license = "Firmware-cypress"
+FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
+
+FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
+FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.bin"
+FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.bin"
+FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.bin"
+FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin"
+FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.bin"
+FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
+"
+
+LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm-0bb4-0306 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43340 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43340 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43362 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43362 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43430 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43430 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4354 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4354 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4356-pcie = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4356-pcie += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4373 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4373 += "${PN}-cypress-license"
# For Broadcom bnx2-mips
#
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
index 9903c06..b5cf96d 100644
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
+++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
@@ -77,6 +77,10 @@
do_install_armmultilib
}
+do_install_append_armeb () {
+ do_install_armmultilib
+}
+
do_install_armmultilib () {
oe_multilib_header asm/auxvec.h asm/bitsperlong.h asm/byteorder.h asm/fcntl.h asm/hwcap.h asm/ioctls.h asm/kvm.h asm/kvm_para.h asm/mman.h asm/param.h asm/perf_regs.h asm/bpf_perf_event.h
oe_multilib_header asm/posix_types.h asm/ptrace.h asm/setup.h asm/sigcontext.h asm/siginfo.h asm/signal.h asm/stat.h asm/statfs.h asm/swab.h asm/types.h asm/unistd.h
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
index 5edc0fa..cf6a733 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "705d03507a0c10dcbf9cad3ff70f5d60b70f2d99"
-SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80"
+SRCREV_machine ?= "7ba09f891939cbf2c58801a7a4a740365896d6ba"
+SRCREV_meta ?= "367bd3633d5a661035f90f0b8daa38e97da1a587"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.12.24"
+LINUX_VERSION ?= "4.12.26"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
index 81306a9..0067118 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "7272e9132fdaaf0dd78bc94e9f297aaf73452982"
-SRCREV_meta ?= "ea9330894eea727bd1655569b16f338976b72563"
+SRCREV_machine ?= "aeeb2d73f2a828a9c0b121b2aa3bb345009f5698"
+SRCREV_meta ?= "94457657b8d621868672917d1c2631df4a4fadd8"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.14.30"
+LINUX_VERSION ?= "4.14.48"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb
index c5d3ee0..d166a40 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_meta ?= "939d935b0c992c6f1e51a7a1c9e4fbe6ef3c3174"
+SRCREV_machine ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_meta ?= "45c256a5ca6f9478bce212fec19e2bc273472631"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.15.13"
+LINUX_VERSION ?= "4.15.18"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
index 31307a6..9d5e158 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
@@ -4,13 +4,13 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.12.24"
+LINUX_VERSION ?= "4.12.26"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80"
+SRCREV_machine ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_meta ?= "367bd3633d5a661035f90f0b8daa38e97da1a587"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
index 34bee09..58945f2 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
@@ -4,7 +4,7 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.14.30"
+LINUX_VERSION ?= "4.14.48"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
@@ -12,8 +12,8 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "ad31896630f8bf6a459164263adc0a8faf984d9e"
-SRCREV_meta ?= "ea9330894eea727bd1655569b16f338976b72563"
+SRCREV_machine ?= "9e246607d5c23f8bb3b8800734b1707766e0b2b9"
+SRCREV_meta ?= "94457657b8d621868672917d1c2631df4a4fadd8"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb
index 05b9ca3..5f9b3c7 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb
@@ -4,13 +4,13 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.15.13"
+LINUX_VERSION ?= "4.15.18"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_meta ?= "939d935b0c992c6f1e51a7a1c9e4fbe6ef3c3174"
+SRCREV_machine ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_meta ?= "45c256a5ca6f9478bce212fec19e2bc273472631"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb
index 8d56012..ac98ca8 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb
@@ -11,22 +11,22 @@
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "45824c60ca37f414a5ac5783e970338db9a5a2af"
-SRCREV_machine_qemuarm64 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemumips ?= "66f741b0b3d093e6b6df0f44120913ef3a259e23"
-SRCREV_machine_qemuppc ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemux86 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemux86-64 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemumips64 ?= "c5d838c9e26bd657b49dfe28b115e5bc4b580850"
-SRCREV_machine ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80"
+SRCREV_machine_qemuarm ?= "86b02dd23be1e3b3449885b38ed1b876ebec31e8"
+SRCREV_machine_qemuarm64 ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemumips ?= "67b93101c52504fd5077166c70baa296190e6166"
+SRCREV_machine_qemuppc ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemux86 ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemux86-64 ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemumips64 ?= "38da8c72733da9619bbbddf14140204631faf488"
+SRCREV_machine ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_meta ?= "367bd3633d5a661035f90f0b8daa38e97da1a587"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}"
DEPENDS += "openssl-native util-linux-native"
-LINUX_VERSION ?= "4.12.24"
+LINUX_VERSION ?= "4.12.26"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb
index 16142f8..0449213 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb
@@ -11,20 +11,20 @@
KBRANCH_qemux86-64 ?= "v4.14/standard/base"
KBRANCH_qemumips64 ?= "v4.14/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "d6268fc3460d3904fd49087f7a822efbaab9bfe8"
-SRCREV_machine_qemuarm64 ?= "c94189843b8ad62cafe9a307e7f7d60741690505"
-SRCREV_machine_qemumips ?= "4afd92347b2b35dc8e0006712f8fa00ac57f2a36"
-SRCREV_machine_qemuppc ?= "e8af5c9b65c5187d148ecd11bd7979489460ca64"
-SRCREV_machine_qemux86 ?= "74f6cd2b6976e37491779fcb1bc4966d3a61492c"
-SRCREV_machine_qemux86-64 ?= "74f6cd2b6976e37491779fcb1bc4966d3a61492c"
-SRCREV_machine_qemumips64 ?= "9863b327e770b42b8c18da3e0cfaf06e8f99ae97"
-SRCREV_machine ?= "74f6cd2b6976e37491779fcb1bc4966d3a61492c"
-SRCREV_meta ?= "ea9330894eea727bd1655569b16f338976b72563"
+SRCREV_machine_qemuarm ?= "363723ef50c06df54e146c8fe78faa962e96a8c8"
+SRCREV_machine_qemuarm64 ?= "798d15552a4d5d9355a300290ed6bf72106b7e96"
+SRCREV_machine_qemumips ?= "6c2433d7c51c3e78b1be2c7d1fbfe840b13d04df"
+SRCREV_machine_qemuppc ?= "c03babad17499489b20216576d608c94e7fddc5d"
+SRCREV_machine_qemux86 ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_machine_qemux86-64 ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_machine_qemumips64 ?= "59f70381cbde371e41206b7902390ae78558c310"
+SRCREV_machine ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_meta ?= "94457657b8d621868672917d1c2631df4a4fadd8"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.14.30"
+LINUX_VERSION ?= "4.14.48"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb
index 70bd711..693670c 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb
@@ -11,20 +11,20 @@
KBRANCH_qemux86-64 ?= "v4.15/standard/base"
KBRANCH_qemumips64 ?= "v4.15/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "4b6902b42f47593928117b2ff0900cd965cf6443"
-SRCREV_machine_qemuarm64 ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemumips ?= "19ba2d843750ff65d8fe590acdfc99aea6153945"
-SRCREV_machine_qemuppc ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemux86 ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemux86-64 ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemumips64 ?= "97000c3f4664643bac7828bbdc048f7ec216cc31"
-SRCREV_machine ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_meta ?= "939d935b0c992c6f1e51a7a1c9e4fbe6ef3c3174"
+SRCREV_machine_qemuarm ?= "d16b10fb69974f1804a02f2678f40d22c80526cf"
+SRCREV_machine_qemuarm64 ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemumips ?= "182eaefab712f4360126e044c758e75d763d05c4"
+SRCREV_machine_qemuppc ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemux86 ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemux86-64 ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemumips64 ?= "ce3876a091477260fcb1197e3c6565dfbf9c6e80"
+SRCREV_machine ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_meta ?= "45c256a5ca6f9478bce212fec19e2bc273472631"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.15.13"
+LINUX_VERSION ?= "4.15.18"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.6.bb
similarity index 89%
rename from poky/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb
rename to poky/meta/recipes-kernel/lttng/lttng-modules_2.10.6.bb
index 370b78a..6146966 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.6.bb
@@ -16,8 +16,8 @@
file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
"
-SRC_URI[md5sum] = "4aaabaafd15d9455c83972e26ccfbca7"
-SRC_URI[sha256sum] = "b8dbbbee45a673c381f51b99c555e36655c3c2c7a5477aab927591cc7f003a1f"
+SRC_URI[md5sum] = "8110099f4615fc89a74ffe9189b56cfc"
+SRC_URI[sha256sum] = "04a080c81743eb29d181bac29ceb0c15819a2f4210793f2cc9958d885435029f"
export INSTALL_MOD_DIR="kernel/lttng-modules"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 51f5597..90bbed2 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -97,6 +97,13 @@
'infodir=${@os.path.relpath(infodir, prefix)}' \
"
+# During do_configure, we might run a 'make clean'. That often breaks
+# when done in parallel, so disable parallelism for do_configure. Note
+# that it has to be done this way rather than by passing -j1, since
+# perf's build system by default ignores any -j argument, but does
+# honour a JOBS variable.
+EXTRA_OEMAKE_append_task-configure = " JOBS=1"
+
PERF_SRC ?= "Makefile \
include \
tools/arch \
diff --git a/poky/meta/recipes-multimedia/lame/lame_3.100.bb b/poky/meta/recipes-multimedia/lame/lame_3.100.bb
index ff6ac7e..7f8996f 100644
--- a/poky/meta/recipes-multimedia/lame/lame_3.100.bb
+++ b/poky/meta/recipes-multimedia/lame/lame_3.100.bb
@@ -3,14 +3,12 @@
BUGTRACKER = "http://sourceforge.net/tracker/?group_id=290&atid=100290"
SECTION = "console/utils"
LICENSE = "LGPLv2+"
-LICENSE_FLAGS = "commercial"
-
-DEPENDS = "ncurses gettext-native"
-
LIC_FILES_CHKSUM = "file://COPYING;md5=c46bda00ffbb0ba1dac22f8d087f54d9 \
file://include/lame.h;beginline=1;endline=20;md5=a2258182c593c398d15a48262130a92b \
"
+DEPENDS = "ncurses gettext-native"
+
SRC_URI = "${SOURCEFORGE_MIRROR}/lame/lame-${PV}.tar.gz \
file://no-gtk1.patch \
"
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
new file mode 100644
index 0000000..7252298
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
@@ -0,0 +1,39 @@
+From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795.
+ CVE-2018-10963
+
+---
+CVE: CVE-2018-10963
+
+Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2430de6..c15a28d 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ }
+ break;
+ default:
+- assert(0); /* we should never get here */
+- break;
++ TIFFErrorExt(tif->tif_clientdata,module,
++ "Cannot write tag %d (%s)",
++ TIFFFieldTag(o),
++ o->field_name ? o->field_name : "unknown");
++ goto bad;
+ }
+ }
+ }
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch
new file mode 100644
index 0000000..2c11f93
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch
@@ -0,0 +1,178 @@
+From be4c85b16e8801a16eec25e80eb9f3dd6a96731b Mon Sep 17 00:00:00 2001
+From: Hugo Lefeuvre <hle@debian.org>
+Date: Sun, 8 Apr 2018 14:07:08 -0400
+Subject: [PATCH] Fix NULL pointer dereference in TIFFPrintDirectory
+
+The TIFFPrintDirectory function relies on the following assumptions,
+supposed to be guaranteed by the specification:
+
+(a) A Transfer Function field is only present if the TIFF file has
+ photometric type < 3.
+
+(b) If SamplesPerPixel > Color Channels, then the ExtraSamples field
+ has count SamplesPerPixel - (Color Channels) and contains
+ information about supplementary channels.
+
+While respect of (a) and (b) are essential for the well functioning of
+TIFFPrintDirectory, no checks are realized neither by the callee nor
+by TIFFPrintDirectory itself. Hence, following scenarios might happen
+and trigger the NULL pointer dereference:
+
+(1) TIFF File of photometric type 4 or more has illegal Transfer
+ Function field.
+
+(2) TIFF File has photometric type 3 or less and defines a
+ SamplesPerPixel field such that SamplesPerPixel > Color Channels
+ without defining all extra samples in the ExtraSamples fields.
+
+In this patch, we address both issues with respect of the following
+principles:
+
+(A) In the case of (1), the defined transfer table should be printed
+ safely even if it isn't 'legal'. This allows us to avoid expensive
+ checks in TIFFPrintDirectory. Also, it is quite possible that
+ an alternative photometric type would be developed (not part of the
+ standard) and would allow definition of Transfer Table. We want
+ libtiff to be able to handle this scenario out of the box.
+
+(B) In the case of (2), the transfer table should be printed at its
+ right size, that is if TIFF file has photometric type Palette
+ then the transfer table should have one row and not three, even
+ if two extra samples are declared.
+
+In order to fulfill (A) we simply add a new 'i < 3' end condition to
+the broken TIFFPrintDirectory loop. This makes sure that in any case
+where (b) would be respected but not (a), everything stays fine.
+
+(B) is fulfilled by the loop condition
+'i < td->td_samplesperpixel - td->td_extrasamples'. This is enough as
+long as (b) is respected.
+
+Naturally, we also make sure (b) is respected. This is done in the
+TIFFReadDirectory function by making sure any non-color channel is
+counted in ExtraSamples.
+
+This commit addresses CVE-2018-7456.
+
+---
+CVE: CVE-2018-7456
+
+Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/be4c85b...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ libtiff/tif_dirread.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
+ libtiff/tif_print.c | 2 +-
+ 2 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 6baa7b3..af5b84a 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -165,6 +165,7 @@ static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uin
+ static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
+ static void ChopUpSingleUncompressedStrip(TIFF*);
+ static uint64 TIFFReadUInt64(const uint8 *value);
++static int _TIFFGetMaxColorChannels(uint16 photometric);
+
+ static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
+
+@@ -3505,6 +3506,35 @@ static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, c
+ }
+
+ /*
++ * Return the maximum number of color channels specified for a given photometric
++ * type. 0 is returned if photometric type isn't supported or no default value
++ * is defined by the specification.
++ */
++static int _TIFFGetMaxColorChannels( uint16 photometric )
++{
++ switch (photometric) {
++ case PHOTOMETRIC_PALETTE:
++ case PHOTOMETRIC_MINISWHITE:
++ case PHOTOMETRIC_MINISBLACK:
++ return 1;
++ case PHOTOMETRIC_YCBCR:
++ case PHOTOMETRIC_RGB:
++ case PHOTOMETRIC_CIELAB:
++ return 3;
++ case PHOTOMETRIC_SEPARATED:
++ case PHOTOMETRIC_MASK:
++ return 4;
++ case PHOTOMETRIC_LOGL:
++ case PHOTOMETRIC_LOGLUV:
++ case PHOTOMETRIC_CFA:
++ case PHOTOMETRIC_ITULAB:
++ case PHOTOMETRIC_ICCLAB:
++ default:
++ return 0;
++ }
++}
++
++/*
+ * Read the next TIFF directory from a file and convert it to the internal
+ * format. We read directories sequentially.
+ */
+@@ -3520,6 +3550,7 @@ TIFFReadDirectory(TIFF* tif)
+ uint32 fii=FAILED_FII;
+ toff_t nextdiroff;
+ int bitspersample_read = FALSE;
++ int color_channels;
+
+ tif->tif_diroff=tif->tif_nextdiroff;
+ if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
+@@ -4024,6 +4055,37 @@ TIFFReadDirectory(TIFF* tif)
+ }
+ }
+ }
++
++ /*
++ * Make sure all non-color channels are extrasamples.
++ * If it's not the case, define them as such.
++ */
++ color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
++ if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
++ uint16 old_extrasamples;
++ uint16 *new_sampleinfo;
++
++ TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
++ "color channels and ExtraSamples doesn't match SamplesPerPixel. "
++ "Defining non-color channels as ExtraSamples.");
++
++ old_extrasamples = tif->tif_dir.td_extrasamples;
++ tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels);
++
++ // sampleinfo should contain information relative to these new extra samples
++ new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
++ if (!new_sampleinfo) {
++ TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
++ "temporary new sampleinfo array (%d 16 bit elements)",
++ tif->tif_dir.td_extrasamples);
++ goto bad;
++ }
++
++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
++ _TIFFfree(new_sampleinfo);
++ }
++
+ /*
+ * Verify Palette image has a Colormap.
+ */
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 8deceb2..1d86adb 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -544,7 +544,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ uint16 i;
+ fprintf(fd, " %2ld: %5u",
+ l, td->td_transferfunction[0][l]);
+- for (i = 1; i < td->td_samplesperpixel; i++)
++ for (i = 1; i < td->td_samplesperpixel - td->td_extrasamples && i < 3; i++)
+ fprintf(fd, " %5u",
+ td->td_transferfunction[i][l]);
+ fputc('\n', fd);
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch
new file mode 100644
index 0000000..962646d
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch
@@ -0,0 +1,61 @@
+From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 /
+ CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+
+---
+CVE: CVE-2018-8905
+
+Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/58a898...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 4ccb443..94d85e3 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ char *tp;
+ unsigned char *bp;
+ int code, nbits;
++ int len;
+ long nextbits, nextdata, nbitsmask;
+ code_t *codep, *free_entp, *maxcodep, *oldcodep;
+
+@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ } while (--occ);
+ break;
+ }
+- assert(occ >= codep->length);
+- op += codep->length;
+- occ -= codep->length;
+- tp = op;
++ len = codep->length;
++ tp = op + len;
+ do {
+- *--tp = codep->value;
+- } while( (codep = codep->next) != NULL );
++ int t;
++ --tp;
++ t = codep->value;
++ codep = codep->next;
++ *tp = (char)t;
++ } while (codep && tp > op);
++ assert(occ >= len);
++ op += len;
++ occ -= len;
+ } else {
+ *op++ = (char)code;
+ occ--;
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
index 8c3bba5..fa64d11 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
@@ -9,6 +9,9 @@
file://CVE-2017-9935.patch \
file://CVE-2017-18013.patch \
file://CVE-2018-5784.patch \
+ file://CVE-2018-10963.patch \
+ file://CVE-2018-8905.patch \
+ file://CVE-2018-7456.patch \
"
SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"
diff --git a/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb b/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb
index 929069a..ff2b7d8 100644
--- a/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb
+++ b/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb
@@ -7,7 +7,6 @@
SECTION = "multimedia"
LICENSE = "LGPLv2.1"
-LICENSE_FLAGS = "commercial"
LIC_FILES_CHKSUM = "file://COPYING;md5=1e86753638d3cf2512528b99079bc4f3"
SRC_URI = "https://www.mpg123.de/download/${BP}.tar.bz2"
diff --git a/poky/meta/recipes-support/attr/ea-acl.inc b/poky/meta/recipes-support/attr/ea-acl.inc
index 1339ecc..9336ffc 100644
--- a/poky/meta/recipes-support/attr/ea-acl.inc
+++ b/poky/meta/recipes-support/attr/ea-acl.inc
@@ -7,6 +7,9 @@
inherit autotools-brokensep gettext
+# When upstream is using automake properly, this can be removed
+CLEANBROKEN = "1"
+
# the package comes with a custom config.h.in, it cannot be
# overwritten by autoheader
EXTRA_AUTORECONF += "--exclude=autoheader"
diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
index 9d8191f..2aae9a3 100644
--- a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
+++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
@@ -16,7 +16,7 @@
UPSTREAM_CHECK_URI = "https://github.com/intel/${BPN}/releases"
-RDEPENDS_${PN} = "python3-core python3-compression python3-mmap python3-setuptools"
+RDEPENDS_${PN} = "python3-core python3-compression python3-mmap python3-setuptools python3-fcntl"
inherit python3native
inherit setuptools3
diff --git a/poky/meta/recipes-support/curl/curl_7.60.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb
similarity index 95%
rename from poky/meta/recipes-support/curl/curl_7.60.0.bb
rename to poky/meta/recipes-support/curl/curl_7.61.0.bb
index fe04fa6..d118c3f 100644
--- a/poky/meta/recipes-support/curl/curl_7.60.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb
@@ -9,8 +9,8 @@
file://0001-replace-krb5-config-with-pkg-config.patch \
"
-SRC_URI[md5sum] = "bd2aabf78ded6a9aec8a54532fd6b5d7"
-SRC_URI[sha256sum] = "897dfb2204bd99be328279f88f55b7c61592216b0542fcbe995c60aa92871e9b"
+SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
+SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c"
CVE_PRODUCT = "libcurl"
inherit autotools pkgconfig binconfig multilib_header
diff --git a/poky/meta/recipes-support/gnutls/gnutls.inc b/poky/meta/recipes-support/gnutls/gnutls.inc
index 7bcb913..98ec8d9 100644
--- a/poky/meta/recipes-support/gnutls/gnutls.inc
+++ b/poky/meta/recipes-support/gnutls/gnutls.inc
@@ -17,7 +17,7 @@
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
-SRC_URI = "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz"
+SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz"
inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc
diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb b/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb
index bd613ac..52e56ca 100644
--- a/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb
+++ b/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb
@@ -2,14 +2,15 @@
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "https://pkg-isocodes.alioth.debian.org/downloads/iso-codes-${PV}.tar.xz"
-SRC_URI[md5sum] = "9d0d06cfb4634428b300845edcd7140a"
-SRC_URI[sha256sum] = "21cd73a4c6f95d9474ebfcffd4e065223857720f24858e564f4409b19f7f0d90"
+SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http"
+SRCREV = "0a932d3e1e6d9058a6ef874c8ff1dc4a193bc030"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
# are inhibited by allarch
DEPENDS = "gettext-native"
+S = "${WORKDIR}/git"
+
inherit allarch autotools
FILES_${PN} += "${datadir}/xml/"
diff --git a/poky/meta/recipes-support/nettle/nettle_3.4.bb b/poky/meta/recipes-support/nettle/nettle_3.4.bb
index 7a3cc65..ca8450e 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.4.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.4.bb
@@ -25,7 +25,7 @@
UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
-inherit autotools ptest
+inherit autotools ptest multilib_header
EXTRA_AUTORECONF += "--exclude=aclocal"
@@ -35,6 +35,10 @@
oe_runmake buildtest
}
+do_install_append() {
+ oe_multilib_header nettle/nettle-stdint.h nettle/version.h
+}
+
do_install_ptest() {
install -d ${D}${PTEST_PATH}/testsuite/
install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/
diff --git a/poky/meta/recipes-support/popt/popt_1.16.bb b/poky/meta/recipes-support/popt/popt_1.16.bb
index 478288f..377d108 100644
--- a/poky/meta/recipes-support/popt/popt_1.16.bb
+++ b/poky/meta/recipes-support/popt/popt_1.16.bb
@@ -8,7 +8,7 @@
DEPENDS = "virtual/libiconv"
-SRC_URI = "http://rpm5.org/files/popt/popt-${PV}.tar.gz \
+SRC_URI = "https://fossies.org/linux/misc/popt-${PV}.tar.gz \
file://pkgconfig_fix.patch \
file://popt_fix_for_automake-1.12.patch \
file://disable_tests.patch \
diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc b/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc
index 1f51225..344da7e 100644
--- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc
+++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc
@@ -2,7 +2,7 @@
HOMEPAGE = "http://freedesktop.org/wiki/Software/shared-mime-info"
SECTION = "base"
-LICENSE = "LGPLv2+"
+LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "libxml2 intltool-native glib-2.0 shared-mime-info-native"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3.inc b/poky/meta/recipes-support/sqlite/sqlite3.inc
index 95ec89c..30847b9 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3.inc
+++ b/poky/meta/recipes-support/sqlite/sqlite3.inc
@@ -37,10 +37,12 @@
# pread() is in POSIX.1-2001 so any reasonable system must surely support it
BUILD_CFLAGS += "-DUSE_PREAD"
+BUILDSDK_CFLAGS += "-DUSE_PREAD"
TARGET_CFLAGS += "-DUSE_PREAD"
# Provide column meta-data API
BUILD_CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
+BUILDSDK_CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
TARGET_CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"
diff --git a/poky/meta/site/powerpc64-linux b/poky/meta/site/powerpc64-linux
index d64e230..820a4b8 100644
--- a/poky/meta/site/powerpc64-linux
+++ b/poky/meta/site/powerpc64-linux
@@ -37,3 +37,5 @@
# apr
apr_cv_tcp_nodelay_with_cork=${apr_cv_tcp_nodelay_with_cork=yes}
+# cvs
+cvs_cv_func_printf_ptr=${cvs_cv_func_printf_ptr=yes}