aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--meta/classes/image.bbclass2
-rw-r--r--meta/classes/populate_sdk_ext.bbclass15
-rw-r--r--meta/classes/rootfs_deb.bbclass1
-rw-r--r--meta/classes/rootfs_ipk.bbclass1
-rw-r--r--meta/classes/rootfs_rpm.bbclass4
-rw-r--r--meta/classes/uninative.bbclass18
-rw-r--r--meta/conf/local.conf.sample2
-rw-r--r--meta/recipes-bsp/acpid/acpid.inc2
-rw-r--r--meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb18
-rw-r--r--meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch36
-rw-r--r--meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch92
-rw-r--r--meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch248
-rw-r--r--meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch38
-rw-r--r--meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch175
-rw-r--r--meta/recipes-bsp/grub/grub2.inc5
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc2
-rw-r--r--meta/recipes-core/glib-2.0/glib.inc2
-rw-r--r--meta/recipes-core/glibc/cross-localedef-native_2.24.bb1
-rw-r--r--meta/recipes-core/glibc/glibc-common.inc1
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch357
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch71
-rw-r--r--meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch27
-rw-r--r--meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch145
-rw-r--r--meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch231
-rw-r--r--meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch62
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2017-15670.patch38
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2017-8804.patch232
-rw-r--r--meta/recipes-core/glibc/glibc_2.24.bb7
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch670
-rw-r--r--meta/recipes-core/systemd/systemd_230.bb3
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc58
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch49
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch240
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch97
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch375
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch113
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch384
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch45
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch241
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch153
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch40
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch48
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch66
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch42
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch49
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch47
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch120
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch55
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch52
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch81
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch55
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch53
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch105
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch201
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch114
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch80
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch72
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch102
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch50
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch147
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch72
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch56
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch83
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch84
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch62
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch88
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch40
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch45
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch75
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch262
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch3738
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch204
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch76
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch60
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch101
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch43
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch58
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch93
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch112
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch44
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch50
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch89
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch55
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch79
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch170
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch360
-rw-r--r--meta/recipes-devtools/cmake/cmake.inc1
-rw-r--r--meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch42
-rw-r--r--meta/recipes-devtools/python/python.inc2
-rw-r--r--meta/recipes-devtools/python/python3/python-3.3-multilib.patch290
-rw-r--r--meta/recipes-devtools/ruby/ruby.inc5
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch164
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch89
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch312
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch33
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch24
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch26
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch36
-rw-r--r--meta/recipes-devtools/ruby/ruby/prevent-gc.patch32
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch41
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch41
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch32
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch34
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch59
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.4.0.bb (renamed from meta/recipes-devtools/ruby/ruby_2.2.5.bb)25
-rw-r--r--meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Run-installation-commands-as-shell-jobs.patch82
-rw-r--r--meta/recipes-gnome/gnome/adwaita-icon-theme_3.20.bb1
-rw-r--r--meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch223
-rw-r--r--meta/recipes-sato/webkit/files/musl-fixes.patch48
-rw-r--r--meta/recipes-sato/webkit/files/ppc-musl-fix.patch26
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch (renamed from meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch77
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch (renamed from meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch)23
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch (renamed from meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch (renamed from meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch)25
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch126
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch (renamed from meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch)24
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/cross-compile.patch23
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch46
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/x32_support.patch21
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.18.5.bb (renamed from meta/recipes-sato/webkit/webkitgtk_2.12.5.bb)72
-rw-r--r--meta/recipes-support/icu/icu.inc2
-rw-r--r--meta/recipes-support/libunwind/libunwind.inc1
-rw-r--r--meta/recipes-support/nspr/nspr/0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch30
-rw-r--r--meta/recipes-support/nspr/nspr_4.12.bb1
-rw-r--r--meta/recipes-support/sqlite/sqlite3.inc2
130 files changed, 13405 insertions, 930 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index a9ab2fa..92b09ab 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -439,6 +439,8 @@ python () {
# This means the task's hash can be stable rather than having hardcoded
# date/time values. It will get expanded at execution time.
# Similarly TMPDIR since otherwise we see QA stamp comparision problems
+ # Expand PV else it can trigger get_srcrev which can fail due to these variables being unset
+ localdata.setVar('PV', d.getVar('PV', True))
localdata.delVar('DATETIME')
localdata.delVar('TMPDIR')
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index 39f6142..414ad8b 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -242,11 +242,12 @@ python copy_buildsystem () {
# Copy uninative tarball
# For now this is where uninative.bbclass expects the tarball
- uninative_file = d.expand('${SDK_DEPLOY}/${BUILD_ARCH}-nativesdk-libc.tar.bz2')
- uninative_checksum = bb.utils.sha256_file(uninative_file)
- uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
- bb.utils.mkdirhier(uninative_outdir)
- shutil.copy(uninative_file, uninative_outdir)
+ if bb.data.inherits_class('uninative', d):
+ uninative_file = d.expand('${UNINATIVE_DLDIR}/' + d.getVarFlag("UNINATIVE_CHECKSUM", d.getVar("BUILD_ARCH", True), True) + '/${UNINATIVE_TARBALL}')
+ uninative_checksum = bb.utils.sha256_file(uninative_file)
+ uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
+ bb.utils.mkdirhier(uninative_outdir)
+ shutil.copy(uninative_file, uninative_outdir)
env_whitelist = (d.getVar('BB_ENV_EXTRAWHITE', True) or '').split()
env_whitelist_values = {}
@@ -659,7 +660,7 @@ def get_sdk_ext_rdepends(d):
do_populate_sdk_ext[dirs] = "${@d.getVarFlag('do_populate_sdk', 'dirs', False)}"
do_populate_sdk_ext[depends] = "${@d.getVarFlag('do_populate_sdk', 'depends', False)} \
- buildtools-tarball:do_populate_sdk uninative-tarball:do_populate_sdk \
+ buildtools-tarball:do_populate_sdk \
${@'meta-world-pkgdata:do_collect_packagedata' if d.getVar('SDK_INCLUDE_PKGDATA', True) == '1' else ''} \
${@'meta-extsdk-toolchain:do_locked_sigs' if d.getVar('SDK_INCLUDE_TOOLCHAIN', True) == '1' else ''}"
@@ -678,7 +679,7 @@ SDKEXTDEPLOYDIR = "${WORKDIR}/deploy-${PN}-populate-sdk-ext"
SSTATETASKS += "do_populate_sdk_ext"
SSTATE_SKIP_CREATION_task-populate-sdk-ext = '1'
-do_populate_sdk_ext[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk_ext[cleandirs] = "${SDKEXTDEPLOYDIR}"
do_populate_sdk_ext[sstate-inputdirs] = "${SDKEXTDEPLOYDIR}"
do_populate_sdk_ext[sstate-outputdirs] = "${SDK_DEPLOY}"
do_populate_sdk_ext[stamp-extra-info] = "${MACHINE}"
diff --git a/meta/classes/rootfs_deb.bbclass b/meta/classes/rootfs_deb.bbclass
index f79fca6..09f4039 100644
--- a/meta/classes/rootfs_deb.bbclass
+++ b/meta/classes/rootfs_deb.bbclass
@@ -12,6 +12,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
do_rootfs[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
do_populate_sdk[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
+do_populate_sdk_ext[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
python rootfs_deb_bad_recommendations() {
if d.getVar("BAD_RECOMMENDATIONS", True):
diff --git a/meta/classes/rootfs_ipk.bbclass b/meta/classes/rootfs_ipk.bbclass
index d5c38fe..0252ba2 100644
--- a/meta/classes/rootfs_ipk.bbclass
+++ b/meta/classes/rootfs_ipk.bbclass
@@ -16,6 +16,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
do_rootfs[lockfiles] += "${WORKDIR}/ipk.lock"
do_populate_sdk[lockfiles] += "${WORKDIR}/ipk.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/ipk.lock"
OPKG_PREPROCESS_COMMANDS = ""
diff --git a/meta/classes/rootfs_rpm.bbclass b/meta/classes/rootfs_rpm.bbclass
index 37730a7..61ad766 100644
--- a/meta/classes/rootfs_rpm.bbclass
+++ b/meta/classes/rootfs_rpm.bbclass
@@ -24,6 +24,10 @@ do_populate_sdk[depends] += "${RPMROOTFSDEPENDS}"
do_rootfs[recrdeptask] += "do_package_write_rpm"
do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
+do_rootfs[lockfiles] += "${WORKDIR}/rpm.lock"
+do_populate_sdk[lockfiles] += "${WORKDIR}/rpm.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/rpm.lock"
+
python () {
if d.getVar('BUILD_IMAGES_FROM_FEEDS', True):
flags = d.getVarFlag('do_rootfs', 'recrdeptask', True)
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 9754669..241ca74 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -91,6 +91,7 @@ def enable_uninative(d):
bb.debug(2, "Enabling uninative")
d.setVar("NATIVELSBSTRING", "universal%s" % oe.utils.host_gcc_version(d))
d.appendVar("SSTATEPOSTUNPACKFUNCS", " uninative_changeinterp")
+ d.setVar("EXTRAINSTALLFUNCS_class-native", "uninative_relocate")
d.prependVar("PATH", "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${bindir_native}:")
python uninative_changeinterp () {
@@ -128,3 +129,20 @@ python uninative_changeinterp () {
bb.fatal("'%s' failed with exit code %d and the following output:\n%s" %
(e.cmd, e.returncode, e.output))
}
+
+# In morty we have a problem since files can come from sstate or be built locally. Mixing interpreters
+# for local vs. sstate objects can result in hard to debug futex hangs in shared memory regions (e.g.
+# from smart/rpm/libdb).
+# To resolve this, relocate natively build binaries too. This fix isn't needed post morty since RSS
+# always uses uninative interpreter manipulations for code path simplicity.
+EXTRAINSTALLFUNCS = ""
+do_install[vardepsexclude] = "uninative_relocate"
+do_install[postfuncs] += "${EXTRAINSTALLFUNCS}"
+
+python uninative_relocate () {
+ # (re)Use uninative_changeinterp() to change the interpreter in files in ${D}
+ orig = d.getVar('SSTATE_INSTDIR', False)
+ d.setVar('SSTATE_INSTDIR', "${D}")
+ bb.build.exec_func("uninative_changeinterp", d)
+ d.setVar('SSTATE_INSTDIR', orig)
+}
diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample
index 85c5e21..e74e1f3 100644
--- a/meta/conf/local.conf.sample
+++ b/meta/conf/local.conf.sample
@@ -169,7 +169,7 @@ PATCHRESOLVE = "noop"
# files and damages the build in ways which may not be easily recoverable.
# It's necesary to monitor /tmp, if there is no space left the build will fail
# with very exotic errors.
-BB_DISKMON_DIRS = "\
+BB_DISKMON_DIRS ??= "\
STOPTASKS,${TMPDIR},1G,100K \
STOPTASKS,${DL_DIR},1G,100K \
STOPTASKS,${SSTATE_DIR},1G,100K \
diff --git a/meta/recipes-bsp/acpid/acpid.inc b/meta/recipes-bsp/acpid/acpid.inc
index 12ec19b..766ed4f 100644
--- a/meta/recipes-bsp/acpid/acpid.inc
+++ b/meta/recipes-bsp/acpid/acpid.inc
@@ -9,6 +9,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/acpid2/acpid-${PV}.tar.xz \
file://acpid.service \
"
+CVE_PRODUCT = "acpid2"
+
inherit autotools update-rc.d systemd
INITSCRIPT_NAME = "acpid"
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb
index e0d8ee7..c6a9714 100644
--- a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb
@@ -25,6 +25,11 @@ SRC_URI[sha256sum] = "51a00428c3ccb96db24089ed8394843c4f83cf8f42c6a4dfddb4b7c23f
COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux"
COMPATIBLE_HOST_armv4 = 'null'
+do_configure_linux-gnux32_prepend() {
+ cp ${STAGING_INCDIR}/gnu/stubs-x32.h ${STAGING_INCDIR}/gnu/stubs-64.h
+ cp ${STAGING_INCDIR}/bits/long-double-32.h ${STAGING_INCDIR}/bits/long-double-64.h
+}
+
def gnu_efi_arch(d):
import re
tarch = d.getVar("TARGET_ARCH", True)
@@ -46,9 +51,22 @@ do_install() {
FILES_${PN} += "${libdir}/*.lds"
+# 64-bit binaries are expected for EFI when targeting X32
+INSANE_SKIP_${PN}-dev_append_linux-gnux32 = " arch"
+INSANE_SKIP_${PN}-dev_append_linux-muslx32 = " arch"
+
BBCLASSEXTEND = "native"
# It doesn't support sse, its make.defaults sets:
# CFLAGS += -mno-mmx -mno-sse
# So also remove -mfpmath=sse from TUNE_CCARGS
TUNE_CCARGS_remove = "-mfpmath=sse"
+
+python () {
+ ccargs = d.getVar('TUNE_CCARGS', True).split()
+ if '-mx32' in ccargs:
+ # use x86_64 EFI ABI
+ ccargs.remove('-mx32')
+ ccargs.append('-m64')
+ d.setVar('TUNE_CCARGS', ' '.join(ccargs))
+}
diff --git a/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch b/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch
new file mode 100644
index 0000000..217a775
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch
@@ -0,0 +1,36 @@
+From 6cef7f6079550af3bf91dbff824398eaef08c3c5 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:22:32 +0300
+Subject: [PATCH 1/4] btrfs: avoid "used uninitialized" error with GCC7
+
+sblock was local and so considered new variable on every loop
+iteration.
+
+Closes: 50597
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/fs/btrfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 9cffa91..4849c1c 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -227,11 +227,11 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data,
+ static grub_err_t
+ read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb)
+ {
++ struct grub_btrfs_superblock sblock;
+ unsigned i;
+ grub_err_t err = GRUB_ERR_NONE;
+ for (i = 0; i < ARRAY_SIZE (superblock_sectors); i++)
+ {
+- struct grub_btrfs_superblock sblock;
+ /* Don't try additional superblocks beyond device size. */
+ if (i && (grub_le_to_cpu64 (sblock.this_device.size)
+ >> GRUB_DISK_SECTOR_BITS) <= superblock_sectors[i])
+--
+1.9.1
+
diff --git a/meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch b/meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch
new file mode 100644
index 0000000..f95b9ef
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch
@@ -0,0 +1,92 @@
+From 7a5b301e3adb8e054288518a325135a1883c1c6c Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 19 Apr 2016 14:27:22 -0400
+Subject: [PATCH] build: Use AC_HEADER_MAJOR to find device macros
+
+Depending on the OS/libc, device macros are defined in different
+headers. This change ensures we include the right one.
+
+sys/types.h - BSD
+sys/mkdev.h - Sun
+sys/sysmacros.h - glibc (Linux)
+
+glibc currently pulls sys/sysmacros.h into sys/types.h, but this may
+change in a future release.
+
+https://sourceware.org/ml/libc-alpha/2015-11/msg00253.html
+---
+Upstream-Status: Backport
+
+ configure.ac | 3 ++-
+ grub-core/osdep/devmapper/getroot.c | 6 ++++++
+ grub-core/osdep/devmapper/hostdisk.c | 5 +++++
+ grub-core/osdep/linux/getroot.c | 6 ++++++
+ grub-core/osdep/unix/getroot.c | 4 +++-
+ 5 files changed, 22 insertions(+), 2 deletions(-)
+
+Index: grub-2.00/configure.ac
+===================================================================
+--- grub-2.00.orig/configure.ac
++++ grub-2.00/configure.ac
+@@ -326,7 +326,8 @@ fi
+
+ # Check for functions and headers.
+ AC_CHECK_FUNCS(posix_memalign memalign asprintf vasprintf getextmntent)
+-AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h sys/mkdev.h limits.h)
++AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
++AC_HEADER_MAJOR
+
+ AC_CHECK_MEMBERS([struct statfs.f_fstypename],,,[$ac_includes_default
+ #include <sys/param.h>
+Index: grub-2.00/grub-core/kern/emu/hostdisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/kern/emu/hostdisk.c
++++ grub-2.00/grub-core/kern/emu/hostdisk.c
+@@ -41,6 +41,12 @@
+ #include <errno.h>
+ #include <limits.h>
+
++#if defined(MAJOR_IN_MKDEV)
++#include <sys/mkdev.h>
++#elif defined(MAJOR_IN_SYSMACROS)
++#include <sys/sysmacros.h>
++#endif
++
+ #ifdef __linux__
+ # include <sys/ioctl.h> /* ioctl */
+ # include <sys/mount.h>
+Index: grub-2.00/util/getroot.c
+===================================================================
+--- grub-2.00.orig/util/getroot.c
++++ grub-2.00/util/getroot.c
+@@ -35,6 +35,13 @@
+ #ifdef HAVE_LIMITS_H
+ #include <limits.h>
+ #endif
++
++#if defined(MAJOR_IN_MKDEV)
++#include <sys/mkdev.h>
++#elif defined(MAJOR_IN_SYSMACROS)
++#include <sys/sysmacros.h>
++#endif
++
+ #include <grub/util/misc.h>
+ #include <grub/util/lvm.h>
+ #include <grub/cryptodisk.h>
+Index: grub-2.00/util/raid.c
+===================================================================
+--- grub-2.00.orig/util/raid.c
++++ grub-2.00/util/raid.c
+@@ -29,6 +29,12 @@
+ #include <errno.h>
+ #include <sys/types.h>
+
++#if defined(MAJOR_IN_MKDEV)
++#include <sys/mkdev.h>
++#elif defined(MAJOR_IN_SYSMACROS)
++#include <sys/sysmacros.h>
++#endif
++
+ #include <linux/types.h>
+ #include <linux/major.h>
+ #include <linux/raid/md_p.h>
diff --git a/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch b/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch
new file mode 100644
index 0000000..94f048c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch
@@ -0,0 +1,248 @@
+From 4bd4a88725604471fdbd86316c91967a7f4dba5a Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:23:55 +0300
+Subject: [PATCH 2/4] i386, x86_64, ppc: fix switch fallthrough cases with GCC7
+
+In util/getroot and efidisk slightly modify exitsing comment to mostly
+retain it but still make GCC7 compliant with respect to fall through
+annotation.
+
+In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
+upstream.
+
+In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
+suppress GCC7 warning.
+
+In grub-core/gnulib/regexec.c use new __attribute__, because existing
+annotation is not recognized by GCC7 parser (which requires that comment
+immediately precedes case statement).
+
+Otherwise add FALLTHROUGH comment.
+
+Closes: 50598
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/commands/hdparm.c | 1 +
+ grub-core/commands/nativedisk.c | 1 +
+ grub-core/disk/cryptodisk.c | 1 +
+ grub-core/disk/efi/efidisk.c | 2 +-
+ grub-core/efiemu/mm.c | 1 +
+ grub-core/gdb/cstub.c | 1 +
+ grub-core/gnulib/regexec.c | 3 +++
+ grub-core/lib/xzembed/xz_dec_lzma2.c | 4 ++++
+ grub-core/lib/xzembed/xz_dec_stream.c | 6 ++++++
+ grub-core/loader/i386/linux.c | 3 +++
+ grub-core/tests/setjmp_test.c | 5 ++++-
+ grub-core/video/ieee1275.c | 1 +
+ grub-core/video/readers/jpeg.c | 1 +
+ util/getroot.c | 2 +-
+ util/grub-install.c | 1 +
+ util/grub-mkimagexx.c | 1 +
+ util/grub-mount.c | 1 +
+ 17 files changed, 32 insertions(+), 3 deletions(-)
+
+Index: grub-2.00/grub-core/commands/hdparm.c
+===================================================================
+--- grub-2.00.orig/grub-core/commands/hdparm.c
++++ grub-2.00/grub-core/commands/hdparm.c
+@@ -328,6 +328,7 @@ grub_cmd_hdparm (grub_extcmd_context_t c
+ ata = ((struct grub_scsi *) disk->data)->data;
+ break;
+ }
++ /* FALLTHROUGH */
+ default:
+ return grub_error (GRUB_ERR_IO, "not an ATA device");
+ }
+Index: grub-2.00/grub-core/disk/cryptodisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/cryptodisk.c
++++ grub-2.00/grub-core/disk/cryptodisk.c
+@@ -268,6 +268,7 @@ grub_cryptodisk_endecrypt (struct grub_c
+ break;
+ case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
+ iv[1] = grub_cpu_to_le32 (sector >> 32);
++ /* FALLTHROUGH */
+ case GRUB_CRYPTODISK_MODE_IV_PLAIN:
+ iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
+ break;
+Index: grub-2.00/grub-core/disk/efi/efidisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/efi/efidisk.c
++++ grub-2.00/grub-core/disk/efi/efidisk.c
+@@ -262,7 +262,7 @@ name_devices (struct grub_efidisk_data *
+ {
+ case GRUB_EFI_HARD_DRIVE_DEVICE_PATH_SUBTYPE:
+ is_hard_drive = 1;
+- /* Fall through by intention. */
++ /* Intentionally fall through. */
+ case GRUB_EFI_CDROM_DEVICE_PATH_SUBTYPE:
+ {
+ struct grub_efidisk_data *parent, *parent2;
+Index: grub-2.00/grub-core/efiemu/mm.c
+===================================================================
+--- grub-2.00.orig/grub-core/efiemu/mm.c
++++ grub-2.00/grub-core/efiemu/mm.c
+@@ -410,6 +410,7 @@ grub_efiemu_mmap_fill (void)
+ default:
+ grub_dprintf ("efiemu",
+ "Unknown memory type %d. Assuming unusable\n", type);
++ /* FALLTHROUGH */
+ case GRUB_MEMORY_RESERVED:
+ return grub_efiemu_add_to_mmap (addr, size,
+ GRUB_EFI_UNUSABLE_MEMORY);
+Index: grub-2.00/grub-core/gdb/cstub.c
+===================================================================
+--- grub-2.00.orig/grub-core/gdb/cstub.c
++++ grub-2.00/grub-core/gdb/cstub.c
+@@ -336,6 +336,7 @@ grub_gdb_trap (int trap_no)
+ /* sAA..AA: Step one instruction from AA..AA(optional). */
+ case 's':
+ stepping = 1;
++ /* FALLTHROUGH */
+
+ /* cAA..AA: Continue at address AA..AA(optional). */
+ case 'c':
+Index: grub-2.00/grub-core/gnulib/regexec.c
+===================================================================
+--- grub-2.00.orig/grub-core/gnulib/regexec.c
++++ grub-2.00/grub-core/gnulib/regexec.c
+@@ -4104,6 +4104,9 @@ check_node_accept (const re_match_contex
+ case OP_UTF8_PERIOD:
+ if (ch >= ASCII_CHARS)
+ return false;
++#if defined __GNUC__ && __GNUC__ >= 7
++ __attribute__ ((fallthrough));
++#endif
+ /* FALLTHROUGH */
+ #endif
+ case OP_PERIOD:
+Index: grub-2.00/grub-core/lib/xzembed/xz_dec_lzma2.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/xzembed/xz_dec_lzma2.c
++++ grub-2.00/grub-core/lib/xzembed/xz_dec_lzma2.c
+@@ -1042,6 +1042,8 @@ enum xz_ret xz_dec_lzma2_run(
+
+ s->lzma2.sequence = SEQ_LZMA_PREPARE;
+
++ /* Fall through */
++
+ case SEQ_LZMA_PREPARE:
+ if (s->lzma2.compressed < RC_INIT_BYTES)
+ return XZ_DATA_ERROR;
+@@ -1052,6 +1054,8 @@ enum xz_ret xz_dec_lzma2_run(
+ s->lzma2.compressed -= RC_INIT_BYTES;
+ s->lzma2.sequence = SEQ_LZMA_RUN;
+
++ /* Fall through */
++
+ case SEQ_LZMA_RUN:
+ /*
+ * Set dictionary limit to indicate how much we want
+Index: grub-2.00/grub-core/lib/xzembed/xz_dec_stream.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/xzembed/xz_dec_stream.c
++++ grub-2.00/grub-core/lib/xzembed/xz_dec_stream.c
+@@ -749,6 +749,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_START;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_START:
+ /* We need one byte of input to continue. */
+ if (b->in_pos == b->in_size)
+@@ -772,6 +773,7 @@ static enum xz_ret dec_main(struct xz_de
+ s->temp.pos = 0;
+ s->sequence = SEQ_BLOCK_HEADER;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_HEADER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+@@ -782,6 +784,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_UNCOMPRESS;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_UNCOMPRESS:
+ ret = dec_block(s, b);
+ if (ret != XZ_STREAM_END)
+@@ -809,6 +812,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_CHECK;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_CHECK:
+ ret = hash_validate(s, b, 0);
+ if (ret != XZ_STREAM_END)
+@@ -863,6 +867,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_INDEX_CRC32;
+
++ /* FALLTHROUGH */
+ case SEQ_INDEX_CRC32:
+ ret = hash_validate(s, b, 1);
+ if (ret != XZ_STREAM_END)
+@@ -871,6 +876,7 @@ static enum xz_ret dec_main(struct xz_de
+ s->temp.size = STREAM_HEADER_SIZE;
+ s->sequence = SEQ_STREAM_FOOTER;
+
++ /* FALLTHROUGH */
+ case SEQ_STREAM_FOOTER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+Index: grub-2.00/grub-core/loader/i386/linux.c
+===================================================================
+--- grub-2.00.orig/grub-core/loader/i386/linux.c
++++ grub-2.00/grub-core/loader/i386/linux.c
+@@ -977,10 +977,13 @@ grub_cmd_linux (grub_command_t cmd __att
+ {
+ case 'g':
+ shift += 10;
++ /* FALLTHROUGH */
+ case 'm':
+ shift += 10;
++ /* FALLTHROUGH */
+ case 'k':
+ shift += 10;
++ /* FALLTHROUGH */
+ default:
+ break;
+ }
+Index: grub-2.00/grub-core/video/readers/jpeg.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/readers/jpeg.c
++++ grub-2.00/grub-core/video/readers/jpeg.c
+@@ -701,6 +701,7 @@ grub_jpeg_decode_jpeg (struct grub_jpeg_
+ case JPEG_MARKER_SOS: /* Start Of Scan. */
+ if (grub_jpeg_decode_sos (data))
+ break;
++ /* FALLTHROUGH */
+ case JPEG_MARKER_RST0: /* Restart. */
+ case JPEG_MARKER_RST1:
+ case JPEG_MARKER_RST2:
+Index: grub-2.00/util/grub-mkimagexx.c
+===================================================================
+--- grub-2.00.orig/util/grub-mkimagexx.c
++++ grub-2.00/util/grub-mkimagexx.c
+@@ -485,6 +485,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e
+ + sym->st_value
+ - image_target->vaddr_offset));
+ }
++ /* FALLTHROUGH */
+ case R_IA64_LTOFF_FPTR22:
+ *gpptr = grub_host_to_target64 (addend + sym_addr);
+ add_value_to_slot_21 ((grub_addr_t) target,
+Index: grub-2.00/util/grub-mount.c
+===================================================================
+--- grub-2.00.orig/util/grub-mount.c
++++ grub-2.00/util/grub-mount.c
+@@ -487,6 +487,7 @@ argp_parser (int key, char *arg, struct
+ if (arg[0] != '-')
+ break;
+
++ /* FALLTHROUGH */
+ default:
+ if (!arg)
+ return 0;
diff --git a/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch b/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch
new file mode 100644
index 0000000..fcfbf5c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch
@@ -0,0 +1,38 @@
+From 007f0b407f72314ec832d77e15b83ea40b160037 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:37:47 +0300
+Subject: [PATCH 3/4] Add gnulib-fix-gcc7-fallthrough.diff
+
+As long as the code is not upstream, add it as explicit patch for the
+case of gnulib refresh.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/gnulib-fix-gcc7-fallthrough.diff | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644 grub-core/gnulib-fix-gcc7-fallthrough.diff
+
+diff --git a/grub-core/gnulib-fix-gcc7-fallthrough.diff b/grub-core/gnulib-fix-gcc7-fallthrough.diff
+new file mode 100644
+index 0000000..9802e2d
+--- /dev/null
++++ b/grub-core/gnulib-fix-gcc7-fallthrough.diff
+@@ -0,0 +1,14 @@
++diff --git grub-core/gnulib/regexec.c grub-core/gnulib/regexec.c
++index f632cd4..a7776f0 100644
++--- grub-core/gnulib/regexec.c
+++++ grub-core/gnulib/regexec.c
++@@ -4099,6 +4099,9 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node,
++ case OP_UTF8_PERIOD:
++ if (ch >= ASCII_CHARS)
++ return false;
+++#if defined __GNUC__ && __GNUC__ >= 7
+++ __attribute__ ((fallthrough));
+++#endif
++ /* FALLTHROUGH */
++ #endif
++ case OP_PERIOD:
+--
+1.9.1
+
diff --git a/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch b/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch
new file mode 100644
index 0000000..78a70a2
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch
@@ -0,0 +1,175 @@
+From d454509bb866d4eaefbb558d94dd0ef0228830eb Mon Sep 17 00:00:00 2001
+From: Vladimir Serbinenko <phcoder@gmail.com>
+Date: Wed, 12 Apr 2017 01:42:38 +0000
+Subject: [PATCH 4/4] Fix remaining cases of gcc 7 fallthrough warning.
+
+They are all intended, so just add the relevant comment.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/kern/ia64/dl.c | 1 +
+ grub-core/kern/mips/dl.c | 1 +
+ grub-core/kern/sparc64/dl.c | 1 +
+ grub-core/loader/i386/coreboot/chainloader.c | 1 +
+ 4 files changed, 4 insertions(+)
+
+Index: grub-2.00/grub-core/kern/ia64/dl.c
+===================================================================
+--- grub-2.00.orig/grub-core/kern/ia64/dl.c
++++ grub-2.00/grub-core/kern/ia64/dl.c
+@@ -257,6 +257,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t
+ case R_IA64_LTOFF22:
+ if (ELF_ST_TYPE (sym->st_info) == STT_FUNC)
+ value = *(grub_uint64_t *) sym->st_value + rel->r_addend;
++ /* Fallthrough. */
+ case R_IA64_LTOFF_FPTR22:
+ *gpptr = value;
+ add_value_to_slot_21 (addr, (grub_addr_t) gpptr - (grub_addr_t) gp);
+Index: grub-2.00/grub-core/disk/diskfilter.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/diskfilter.c
++++ grub-2.00/grub-core/disk/diskfilter.c
+@@ -71,10 +71,12 @@ is_lv_readable (struct grub_diskfilter_l
+ case GRUB_DISKFILTER_RAID6:
+ if (!easily)
+ need--;
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_RAID4:
+ case GRUB_DISKFILTER_RAID5:
+ if (!easily)
+ need--;
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_STRIPED:
+ break;
+
+@@ -507,6 +509,7 @@ read_segment (struct grub_diskfilter_seg
+ if (seg->node_count == 1)
+ return grub_diskfilter_read_node (&seg->nodes[0],
+ sector, size, buf);
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_MIRROR:
+ case GRUB_DISKFILTER_RAID10:
+ {
+Index: grub-2.00/grub-core/font/font.c
+===================================================================
+--- grub-2.00.orig/grub-core/font/font.c
++++ grub-2.00/grub-core/font/font.c
+@@ -1297,6 +1297,7 @@ blit_comb (const struct grub_unicode_gly
+ - grub_font_get_xheight (combining_glyphs[i]->font) - 1;
+ if (space <= 0)
+ space = 1 + (grub_font_get_xheight (main_glyph->font)) / 8;
++ /* Fallthrough. */
+
+ case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
+ do_blit (combining_glyphs[i], targetx,
+@@ -1338,6 +1339,7 @@ blit_comb (const struct grub_unicode_gly
+ + combining_glyphs[i]->height);
+ if (space <= 0)
+ space = 1 + (grub_font_get_xheight (main_glyph->font)) / 8;
++ /* Fallthrough. */
+
+ case GRUB_UNICODE_STACK_ATTACHED_BELOW:
+ do_blit (combining_glyphs[i], targetx, -(bounds.y - space));
+Index: grub-2.00/grub-core/fs/udf.c
+===================================================================
+--- grub-2.00.orig/grub-core/fs/udf.c
++++ grub-2.00/grub-core/fs/udf.c
+@@ -970,6 +970,7 @@ grub_udf_read_symlink (grub_fshelp_node_
+ case 1:
+ if (ptr[1])
+ goto fail;
++ break;
+ case 2:
+ /* in 4 bytes. out: 1 byte. */
+ optr = out;
+Index: grub-2.00/grub-core/lib/legacy_parse.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/legacy_parse.c
++++ grub-2.00/grub-core/lib/legacy_parse.c
+@@ -626,6 +626,7 @@ grub_legacy_parse (const char *buf, char
+ {
+ case TYPE_FILE_NO_CONSUME:
+ hold_arg = 1;
++ /* Fallthrough. */
+ case TYPE_PARTITION:
+ case TYPE_FILE:
+ args[i] = adjust_file (curarg, curarglen);
+Index: grub-2.00/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
++++ grub-2.00/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
+@@ -96,7 +96,8 @@ do_setkey (RIJNDAEL_context *ctx, const
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ int ROUNDS;
+- int i,j, r, t, rconpointer = 0;
++ unsigned int i, t, rconpointer = 0;
++ int j, r;
+ int KC;
+ union
+ {
+Index: grub-2.00/grub-core/mmap/efi/mmap.c
+===================================================================
+--- grub-2.00.orig/grub-core/mmap/efi/mmap.c
++++ grub-2.00/grub-core/mmap/efi/mmap.c
+@@ -72,6 +72,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ GRUB_MEMORY_AVAILABLE);
+ break;
+ }
++ /* Fallthrough. */
+ case GRUB_EFI_RUNTIME_SERVICES_CODE:
+ hook (desc->physical_start, desc->num_pages * 4096,
+ GRUB_MEMORY_CODE);
+@@ -86,6 +87,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ grub_printf ("Unknown memory type %d, considering reserved\n",
+ desc->type);
+
++ /* Fallthrough. */
+ case GRUB_EFI_BOOT_SERVICES_DATA:
+ if (!avoid_efi_boot_services)
+ {
+@@ -93,6 +95,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ GRUB_MEMORY_AVAILABLE);
+ break;
+ }
++ /* Fallthrough. */
+ case GRUB_EFI_RESERVED_MEMORY_TYPE:
+ case GRUB_EFI_RUNTIME_SERVICES_DATA:
+ case GRUB_EFI_MEMORY_MAPPED_IO:
+Index: grub-2.00/grub-core/normal/charset.c
+===================================================================
+--- grub-2.00.orig/grub-core/normal/charset.c
++++ grub-2.00/grub-core/normal/charset.c
+@@ -858,6 +858,7 @@ grub_bidi_line_logical_to_visual (const
+ case GRUB_BIDI_TYPE_R:
+ case GRUB_BIDI_TYPE_AL:
+ bidi_needed = 1;
++ /* Fallthrough. */
+ default:
+ {
+ if (join_state == JOIN_FORCE)
+Index: grub-2.00/grub-core/video/bochs.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/bochs.c
++++ grub-2.00/grub-core/video/bochs.c
+@@ -351,6 +351,7 @@ grub_video_bochs_setup (unsigned int wid
+ case 32:
+ framebuffer.mode_info.reserved_mask_size = 8;
+ framebuffer.mode_info.reserved_field_pos = 24;
++ /* Fallthrough. */
+
+ case 24:
+ framebuffer.mode_info.red_mask_size = 8;
+Index: grub-2.00/grub-core/video/cirrus.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/cirrus.c
++++ grub-2.00/grub-core/video/cirrus.c
+@@ -431,6 +431,7 @@ grub_video_cirrus_setup (unsigned int wi
+ case 32:
+ framebuffer.mode_info.reserved_mask_size = 8;
+ framebuffer.mode_info.reserved_field_pos = 24;
++ /* Fallthrough. */
+
+ case 24:
+ framebuffer.mode_info.red_mask_size = 8;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index b69de9f..a93c99e 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -35,6 +35,11 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://0001-Enforce-no-pie-if-the-compiler-supports-it.patch \
file://0001-grub-core-kern-efi-mm.c-grub_efi_finish_boot_service.patch \
file://0002-grub-core-kern-efi-mm.c-grub_efi_get_memory_map-Neve.patch \
+ file://0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch \
+ file://0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch \
+ file://0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch \
+ file://0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch \
+ file://0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch \
"
DEPENDS = "flex-native bison-native autogen-native"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 3421c38..a61d6f6 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -27,6 +27,8 @@ SRC_URI = "\
"
S = "${WORKDIR}/bluez-${PV}"
+CVE_PRODUCT = "bluez"
+
inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest
EXTRA_OECONF = "\
diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc
index 906e0d4..fc1406f 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \
BUGTRACKER = "http://bugzilla.gnome.org"
SECTION = "libs"
+CVE_PRODUCT = "glib"
+
BBCLASSEXTEND = "native nativesdk"
DEPENDS = "virtual/libiconv libffi zlib glib-2.0-native"
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.24.bb b/meta/recipes-core/glibc/cross-localedef-native_2.24.bb
index d4ccced..4a77eee 100644
--- a/meta/recipes-core/glibc/cross-localedef-native_2.24.bb
+++ b/meta/recipes-core/glibc/cross-localedef-native_2.24.bb
@@ -36,6 +36,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0023-eglibc-Install-PIC-archives.patch \
file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+ file://0001-Include-locale_t.h-compatibility-header.patch \
"
# Makes for a rather long rev (22 characters), but...
#
diff --git a/meta/recipes-core/glibc/glibc-common.inc b/meta/recipes-core/glibc/glibc-common.inc
index bba1568..b05e162 100644
--- a/meta/recipes-core/glibc/glibc-common.inc
+++ b/meta/recipes-core/glibc/glibc-common.inc
@@ -7,3 +7,4 @@ LIC_FILES_CHKSUM ?= "file://LICENSES;md5=07a394b26e0902b9ffdec03765209770 \
file://COPYING;md5=393a5ca445f6965873eca0259a17f833 \
file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff "
+CVE_PRODUCT = "glibc"
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch
new file mode 100644
index 0000000..ba0bebe
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch
@@ -0,0 +1,357 @@
+From ff9b7c4fb73295cd2de2d2ccfbbf4f6d50883d47 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Sat, 31 Dec 2016 20:22:09 +0100
+Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ
+ #18784]
+
+Also rename T_UNSPEC because an upcoming public header file
+update will use that name.
+
+(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=patch;h=b3b37f1a5559a7620e31c8053ed1b44f798f2b6d
+
+CVE: CVE-2015-5180
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 14 ++++
+ NEWS | 6 ++
+ include/arpa/nameser_compat.h | 6 +-
+ resolv/Makefile | 5 ++
+ resolv/nss_dns/dns-host.c | 2 +-
+ resolv/res_mkquery.c | 4 +
+ resolv/res_query.c | 6 +-
+ resolv/tst-resolv-qtypes.c | 185 ++++++++++++++++++++++++++++++++++++++++++
+ 8 files changed, 221 insertions(+), 7 deletions(-)
+ create mode 100644 resolv/tst-resolv-qtypes.c
+
+diff --git a/ChangeLog b/ChangeLog
+index 893262de11..2bdaf69e43 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,17 @@
++2016-12-31 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #18784]
++ CVE-2015-5180
++ * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from
++ T_UNSPEC. Adjust value.
++ * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it.
++ * resolv/res_query.c (__libc_res_nquery): Likewise.
++ * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range
++ QTYPEs.
++ * resolv/tst-resolv-qtypes.c: New file.
++ * resolv/Makefile (xtests): Add tst-resolv-qtypes.
++ (tst-resolv-qtypes): Link against libresolv and libpthread.
++
+ 2016-10-26 Carlos O'Donell <carlos@redhat.com>
+
+ * include/atomic.h
+diff --git a/NEWS b/NEWS
+index 3002773c16..4b1ca3cb65 100644
+--- a/NEWS
++++ b/NEWS
+@@ -11,6 +11,12 @@ using `glibc' in the "product" field.
+ printers show various pthread variables in human-readable form when read
+ using the 'print' or 'display' commands in gdb.
+
++* The DNS stub resolver functions would crash due to a NULL pointer
++ dereference when processing a query with a valid DNS question type which
++ was used internally in the implementation. The stub resolver now uses a
++ question type which is outside the range of valid question type values.
++ (CVE-2015-5180)
++
+ Version 2.24
+
+ * The minimum Linux kernel version that this version of the GNU C Library
+diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h
+index 2e735ede4c..7c0deed9ae 100644
+--- a/include/arpa/nameser_compat.h
++++ b/include/arpa/nameser_compat.h
+@@ -1,8 +1,8 @@
+ #ifndef _ARPA_NAMESER_COMPAT_
+ #include <resolv/arpa/nameser_compat.h>
+
+-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e.,
+- T_A and T_AAAA). */
+-#define T_UNSPEC 62321
++/* The number is outside the 16-bit RR type range and is used
++ internally by the implementation. */
++#define T_QUERY_A_AND_AAAA 439963904
+
+ #endif
+diff --git a/resolv/Makefile b/resolv/Makefile
+index 8be41d3ae1..a4c86b9762 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes)
+ extra-libs += libanl
+ routines += gai_sigqueue
+ tests += tst-res_hconf_reorder
++
++# This test sends millions of packets and is rather slow.
++xtests += tst-resolv-qtypes
+ endif
+ extra-libs-others = $(extra-libs)
+ libresolv-routines := gethnamaddr res_comp res_debug \
+@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace
+ $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \
+ $(evaluate-test)
++
++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5f9e35701b..d16fa4b8ed 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+
+ int olderr = errno;
+ enum nss_status status;
+- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA,
+ host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+ if (n >= 0)
+diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
+index 12f9730199..d80b5318e5 100644
+--- a/resolv/res_mkquery.c
++++ b/resolv/res_mkquery.c
+@@ -103,6 +103,10 @@ res_nmkquery(res_state statp,
+ int n;
+ u_char *dnptrs[20], **dpp, **lastdnptr;
+
++ if (class < 0 || class > 65535
++ || type < 0 || type > 65535)
++ return -1;
++
+ #ifdef DEBUG
+ if (statp->options & RES_DEBUG)
+ printf(";; res_nmkquery(%s, %s, %s, %s)\n",
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 944d1a90f5..07dc6f6583 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp,
+ int n, use_malloc = 0;
+ u_int oflags = statp->_flags;
+
+- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE;
+ u_char *buf = alloca (bufsize);
+ u_char *query1 = buf;
+ int nquery1 = -1;
+@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp,
+ printf(";; res_query(%s, %d, %d)\n", name, class, type);
+ #endif
+
+- if (type == T_UNSPEC)
++ if (type == T_QUERY_A_AND_AAAA)
+ {
+ n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
+ query1, bufsize);
+@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp,
+ if (__builtin_expect (n <= 0, 0) && !use_malloc) {
+ /* Retry just in case res_nmkquery failed because of too
+ short buffer. Shouldn't happen. */
+- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET;
+ buf = malloc (bufsize);
+ if (buf != NULL) {
+ query1 = buf;
+diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c
+new file mode 100644
+index 0000000000..b3e60c693b
+--- /dev/null
++++ b/resolv/tst-resolv-qtypes.c
+@@ -0,0 +1,185 @@
++/* Exercise low-level query functions with different QTYPEs.
++ Copyright (C) 2016 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <resolv.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/test-driver.h>
++#include <support/xmemstream.h>
++
++/* If ture, the response function will send the actual response packet
++ over TCP instead of UDP. */
++static volatile bool force_tcp;
++
++/* Send back a fake resource record matching the QTYPE. */
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ if (force_tcp && ctx->tcp)
++ {
++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 });
++ resolv_response_add_question (b, qname, qclass, qtype);
++ return;
++ }
++
++ resolv_response_init (b, (struct resolv_response_flags) { });
++ resolv_response_add_question (b, qname, qclass, qtype);
++ resolv_response_section (b, ns_s_an);
++ resolv_response_open_record (b, qname, qclass, qtype, 0);
++ resolv_response_add_data (b, &qtype, sizeof (qtype));
++ resolv_response_close_record (b);
++}
++
++static const const char *domain = "www.example.com";
++
++static int
++wrap_res_query (int type, unsigned char *answer, int answer_length)
++{
++ return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_search (int type, unsigned char *answer, int answer_length)
++{
++ return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_querydomain (int type, unsigned char *answer, int answer_length)
++{
++ return res_querydomain ("www", "example.com", C_IN, type,
++ answer, answer_length);
++}
++
++static int
++wrap_res_send (int type, unsigned char *answer, int answer_length)
++{
++ unsigned char buf[512];
++ int ret = res_mkquery (QUERY, domain, C_IN, type,
++ (const unsigned char *) "", 0, NULL,
++ buf, sizeof (buf));
++ if (type < 0 || type >= 65536)
++ {
++ /* res_mkquery fails for out-of-range record types. */
++ TEST_VERIFY_EXIT (ret == -1);
++ return -1;
++ }
++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */
++ return res_send (buf, ret, answer, answer_length);
++}
++
++static int
++wrap_res_nquery (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nsearch (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type,
++ answer, answer_length);
++}
++
++static int
++wrap_res_nsend (int type, unsigned char *answer, int answer_length)
++{
++ unsigned char buf[512];
++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type,
++ (const unsigned char *) "", 0, NULL,
++ buf, sizeof (buf));
++ if (type < 0 || type >= 65536)
++ {
++ /* res_mkquery fails for out-of-range record types. */
++ TEST_VERIFY_EXIT (ret == -1);
++ return -1;
++ }
++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */
++ return res_nsend (&_res, buf, ret, answer, answer_length);
++}
++
++static void
++test_function (const char *fname,
++ int (*func) (int type,
++ unsigned char *answer, int answer_length))
++{
++ unsigned char buf[512];
++ for (int tcp = 0; tcp < 2; ++tcp)
++ {
++ force_tcp = tcp;
++ for (unsigned int type = 1; type <= 65535; ++type)
++ {
++ if (test_verbose)
++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n",
++ type, fname, tcp);
++ int ret = func (type, buf, sizeof (buf));
++ if (ret != 47)
++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d",
++ fname,tcp, type, ret);
++ /* One question, one answer record. */
++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0);
++ /* Question section. */
++ static const char qname[] = "\3www\7example\3com";
++ size_t qname_length = sizeof (qname);
++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0);
++ /* RDATA part of answer. */
++ uint16_t type16 = type;
++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0);
++ }
++ }
++
++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1));
++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1));
++}
++
++static int
++do_test (void)
++{
++ struct resolv_redirect_config config =
++ {
++ .response_callback = response,
++ };
++ struct resolv_test *obj = resolv_test_start (config);
++
++ test_function ("res_query", &wrap_res_query);
++ test_function ("res_search", &wrap_res_search);
++ test_function ("res_querydomain", &wrap_res_querydomain);
++ test_function ("res_send", &wrap_res_send);
++
++ test_function ("res_nquery", &wrap_res_nquery);
++ test_function ("res_nsearch", &wrap_res_nsearch);
++ test_function ("res_nquerydomain", &wrap_res_nquerydomain);
++ test_function ("res_nsend", &wrap_res_nsend);
++
++ resolv_test_end (obj);
++ return 0;
++}
++
++#define TIMEOUT 300
++#include <support/test-driver.c>
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
new file mode 100644
index 0000000..78e9ea9
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
@@ -0,0 +1,71 @@
+From 400f170750a4b2c94a2670ca44de166cc5dd6e3b Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 18:33:26 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac
+https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=stretch&id=2755c57269f24e9d59c22c49788f92515346c1bb
+
+CVE: CVE-2017-1000366
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 7 +++++++
+ NEWS | 1 +
+ elf/rtld.c | 3 ++-
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 2bdaf69e43..7a999802dd 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++2017-06-19 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #21624]
++ CVE-2017-1000366
++ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
++ __libc_enable_secure.
++
+ 2016-12-31 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #18784]
+diff --git a/NEWS b/NEWS
+index 4b1ca3cb65..66b49dbbc0 100644
+--- a/NEWS
++++ b/NEWS
+@@ -17,6 +17,7 @@ using `glibc' in the "product" field.
+ question type which is outside the range of valid question type values.
+ (CVE-2015-5180)
+
++ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ Version 2.24
+
+ * The minimum Linux kernel version that this version of the GNU C Library
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 647661ca45..215a9aec8f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2437,7 +2437,8 @@ process_envvars (enum mode *modep)
+
+ case 12:
+ /* The library search path. */
+- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ {
+ library_path = &envline[13];
+ break;
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch b/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch
new file mode 100644
index 0000000..634f8d8
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch
@@ -0,0 +1,27 @@
+From abfeb0cf4e3261a66a7a23abc9aed33c034c850d Mon Sep 17 00:00:00 2001
+From: Joshua Watt <Joshua.Watt@garmin.com>
+Date: Wed, 6 Dec 2017 13:26:19 -0600
+Subject: [PATCH] Include locale_t.h compatibility header
+
+Newer versions of glibc (since 2.26) moved the locale typedefs from
+xlocale.h to bits/types/locale_t.h. Create a compatibility header for
+these newer versions of glibc
+
+See f0be25b6336db7492e47d2e8e72eb8af53b5506d in glibc
+
+Upstream-Status: Inappropriate
+---
+ locale/bits/types/locale_t.h | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 locale/bits/types/locale_t.h
+
+diff --git a/locale/bits/types/locale_t.h b/locale/bits/types/locale_t.h
+new file mode 100644
+index 0000000000..b519a6c5f8
+--- /dev/null
++++ b/locale/bits/types/locale_t.h
+@@ -0,0 +1 @@
++#include <xlocale.h>
+--
+2.14.3
+
diff --git a/meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch b/meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
new file mode 100644
index 0000000..7f81ed1
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
@@ -0,0 +1,145 @@
+From 6d49272e6d6741496e3456f2cc22ebc2b9f7f989 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+(cherry picked from commit 6d0ba622891bed9d8394eef1935add53003b12e8)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=aab04ca5d359150e17631e6a9b44b65e93bdc467
+https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=stretch&id=2755c57269f24e9d59c22c49788f92515346c1bb
+
+CVE: CVE-2017-1000366
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 7 ++++++
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 73 insertions(+), 16 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7a999802dd..ea5ecd4a1e 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++2017-06-19 Florian Weimer <fweimer@redhat.com>
++
++ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
++ (dso_name_valid_for_suid): New function.
++ (handle_ld_preload): Likewise.
++ (dl_main): Call it. Remove alloca.
++
+ 2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21624]
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 215a9aec8f..1d8eab9fe2 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+
++/* Length limits for names and paths, to protect the dynamic linker,
++ particularly when __libc_enable_secure is active. */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++ directories and is not overly long. Reject empty names
++ unconditionally. */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++ if (__glibc_unlikely (__libc_enable_secure))
++ {
++ /* Ignore pathnames with directories for AT_SECURE=1
++ programs, and also skip overlong names. */
++ size_t len = strlen (p);
++ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++ return false;
++ }
++ return *p != '\0';
++}
+
+ /* List of auditing DSOs. */
+ static struct audit_list
+@@ -730,6 +759,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed. */
+ static int version_info attribute_relro;
+
++/* The LD_PRELOAD environment variable gives list of libraries
++ separated by white space or colons that are loaded before the
++ executable's dependencies and prepended to the global scope list.
++ (If the binary is running setuid all elements containing a '/' are
++ ignored since it is insecure.) Return the number of preloads
++ performed. */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++ unsigned int npreloads = 0;
++ const char *p = preloadlist;
++ char fname[SECURE_PATH_LIMIT];
++
++ while (*p != '\0')
++ {
++ /* Split preload list at space/colon. */
++ size_t len = strcspn (p, " :");
++ if (len > 0 && len < sizeof (fname))
++ {
++ memcpy (fname, p, len);
++ fname[len] = '\0';
++ }
++ else
++ fname[0] = '\0';
++
++ /* Skip over the substring and the following delimiter. */
++ p += len;
++ if (*p != '\0')
++ ++p;
++
++ if (dso_name_valid_for_suid (fname))
++ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++ }
++ return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+ ElfW(Word) phnum,
+@@ -1481,23 +1546,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+
+ if (__glibc_unlikely (preloadlist != NULL))
+ {
+- /* The LD_PRELOAD environment variable gives list of libraries
+- separated by white space or colons that are loaded before the
+- executable's dependencies and prepended to the global scope
+- list. If the binary is running setuid all elements
+- containing a '/' are ignored since it is insecure. */
+- char *list = strdupa (preloadlist);
+- char *p;
+-
+ HP_TIMING_NOW (start);
+-
+- /* Prevent optimizing strsep. Speed is not important here. */
+- while ((p = (strsep) (&list, " :")) != NULL)
+- if (p[0] != '\0'
+- && (__builtin_expect (! __libc_enable_secure, 1)
+- || strchr (p, '/') == NULL))
+- npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++ npreloads += handle_ld_preload (preloadlist, main_map);
+ HP_TIMING_NOW (stop);
+ HP_TIMING_DIFF (diff, start, stop);
+ HP_TIMING_ACCUM_NT (load_time, diff);
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch b/meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
new file mode 100644
index 0000000..b52b8a1
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
@@ -0,0 +1,231 @@
+From c0b25407def32718147530da72959a034cd1318d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+(cherry picked from commit 81b82fb966ffbd94353f793ad17116c6088dedd9)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=2febff860b31df3666bef5ade0d0744c93f76a74
+https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=stretch&id=2755c57269f24e9d59c22c49788f92515346c1bb
+
+CVE: CVE-2017-1000366
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 11 +++++++
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 2 files changed, 106 insertions(+), 15 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index ea5ecd4a1e..638cb632b1 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,14 @@
++2017-06-19 Florian Weimer <fweimer@redhat.com>
++
++ * elf/rtld.c (audit_list_string): New variable.
++ (audit_list): Update comment.
++ (struct audit_list_iter): Define.
++ (audit_list_iter_init, audit_list_iter_next): New function.
++ (dl_main): Use struct audit_list_iter to process audit modules.
++ (process_dl_audit): Call dso_name_valid_for_suid.
++ (process_envvars): Set audit_list_string instead of calling
++ process_dl_audit.
++
+ 2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 1d8eab9fe2..302bb63620 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+ return *p != '\0';
+ }
+
+-/* List of auditing DSOs. */
++/* LD_AUDIT variable contents. Must be processed before the
++ audit_list below. */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs. audit_list->next is the first
++ element. */
+ static struct audit_list
+ {
+ const char *name;
+ struct audit_list *next;
+ } *audit_list;
+
++/* Iterator for audit_list_string followed by audit_list. */
++struct audit_list_iter
++{
++ /* Tail of audit_list_string still needing processing, or NULL. */
++ const char *audit_list_tail;
++
++ /* The list element returned in the previous iteration. NULL before
++ the first element. */
++ struct audit_list *previous;
++
++ /* Scratch buffer for returning a name which is part of
++ audit_list_string. */
++ char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator. */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++ iter->audit_list_tail = audit_list_string;
++ iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list. */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++ if (iter->audit_list_tail != NULL)
++ {
++ /* First iterate over audit_list_string. */
++ while (*iter->audit_list_tail != '\0')
++ {
++ /* Split audit list at colon. */
++ size_t len = strcspn (iter->audit_list_tail, ":");
++ if (len > 0 && len < sizeof (iter->fname))
++ {
++ memcpy (iter->fname, iter->audit_list_tail, len);
++ iter->fname[len] = '\0';
++ }
++ else
++ /* Do not return this name to the caller. */
++ iter->fname[0] = '\0';
++
++ /* Skip over the substring and the following delimiter. */
++ iter->audit_list_tail += len;
++ if (*iter->audit_list_tail == ':')
++ ++iter->audit_list_tail;
++
++ /* If the name is valid, return it. */
++ if (dso_name_valid_for_suid (iter->fname))
++ return iter->fname;
++ /* Otherwise, wrap around and try the next name. */
++ }
++ /* Fall through to the procesing of audit_list. */
++ }
++
++ if (iter->previous == NULL)
++ {
++ if (audit_list == NULL)
++ /* No pre-parsed audit list. */
++ return NULL;
++ /* Start of audit list. The first list element is at
++ audit_list->next (cyclic list). */
++ iter->previous = audit_list->next;
++ return iter->previous->name;
++ }
++ if (iter->previous == audit_list)
++ /* Cyclic list wrap-around. */
++ return NULL;
++ iter->previous = iter->previous->next;
++ return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+ libraries, cleared before the executable's entry point runs. This
+@@ -1322,11 +1400,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+ GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+
+ /* If we have auditing DSOs to load, do it now. */
+- if (__glibc_unlikely (audit_list != NULL))
++ bool need_security_init = true;
++ if (__glibc_unlikely (audit_list != NULL)
++ || __glibc_unlikely (audit_list_string != NULL))
+ {
+- /* Iterate over all entries in the list. The order is important. */
+ struct audit_ifaces *last_audit = NULL;
+- struct audit_list *al = audit_list->next;
++ struct audit_list_iter al_iter;
++ audit_list_iter_init (&al_iter);
+
+ /* Since we start using the auditing DSOs right away we need to
+ initialize the data structures now. */
+@@ -1337,9 +1417,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+ use different values (especially the pointer guard) and will
+ fail later on. */
+ security_init ();
++ need_security_init = false;
+
+- do
++ while (true)
+ {
++ const char *name = audit_list_iter_next (&al_iter);
++ if (name == NULL)
++ break;
++
+ int tls_idx = GL(dl_tls_max_dtv_idx);
+
+ /* Now it is time to determine the layout of the static TLS
+@@ -1348,7 +1433,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ no DF_STATIC_TLS bit is set. The reason is that we know
+ glibc will use the static model. */
+ struct dlmopen_args dlmargs;
+- dlmargs.fname = al->name;
++ dlmargs.fname = name;
+ dlmargs.map = NULL;
+
+ const char *objname;
+@@ -1361,7 +1446,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ not_loaded:
+ _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+- al->name, err_str);
++ name, err_str);
+ if (malloced)
+ free ((char *) err_str);
+ }
+@@ -1465,10 +1550,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ goto not_loaded;
+ }
+ }
+-
+- al = al->next;
+ }
+- while (al != audit_list->next);
+
+ /* If we have any auditing modules, announce that we already
+ have two objects loaded. */
+@@ -1732,7 +1814,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ if (tcbp == NULL)
+ tcbp = init_tls ();
+
+- if (__glibc_likely (audit_list == NULL))
++ if (__glibc_likely (need_security_init))
+ /* Initialize security features. But only if we have not done it
+ earlier. */
+ security_init ();
+@@ -2363,9 +2445,7 @@ process_dl_audit (char *str)
+ char *p;
+
+ while ((p = (strsep) (&str, ":")) != NULL)
+- if (p[0] != '\0'
+- && (__builtin_expect (! __libc_enable_secure, 1)
+- || strchr (p, '/') == NULL))
++ if (dso_name_valid_for_suid (p))
+ {
+ /* This is using the local malloc, not the system malloc. The
+ memory can never be freed. */
+@@ -2429,7 +2509,7 @@ process_envvars (enum mode *modep)
+ break;
+ }
+ if (memcmp (envline, "AUDIT", 5) == 0)
+- process_dl_audit (&envline[6]);
++ audit_list_string = &envline[6];
+ break;
+
+ case 7:
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch b/meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch
new file mode 100644
index 0000000..43c4398
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch
@@ -0,0 +1,62 @@
+From 203835b3bf6f1edfe1ebe4a7fa15dc085e6dc8f7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 14 Jun 2017 08:11:22 +0200
+Subject: [PATCH] i686: Add missing IS_IN (libc) guards to vectorized strcspn
+
+Since commit d957c4d3fa48d685ff2726c605c988127ef99395 (i386: Compile
+rtld-*.os with -mno-sse -mno-mmx -mfpmath=387), vector intrinsics can
+no longer be used in ld.so, even if the compiled code never makes it
+into the final ld.so link. This commit adds the missing IS_IN (libc)
+guard to the SSE 4.2 strcspn implementation, so that it can be used from
+ld.so in the future.
+
+(cherry picked from commit 69052a3a95da37169a08f9e59b2cc1808312753c)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=86ac4a78a9218d1e1dcfbacc6f7d09957c1fe3a4
+
+Required to build fixes for CVE-2017-1000366.
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 5 +++++
+ sysdeps/i386/i686/multiarch/strcspn-c.c | 6 ++++--
+ sysdeps/i386/i686/multiarch/varshift.c | 4 +++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 638cb632b1..3f89a2cdb2 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-14 Florian Weimer <fweimer@redhat.com>
++
++ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
++ * sysdeps/i386/i686/multiarch/varshift.c: Likewise.
++
+ 2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ * elf/rtld.c (audit_list_string): New variable.
+diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c
+index 6d61e190a8..ec230fb383 100644
+--- a/sysdeps/i386/i686/multiarch/strcspn-c.c
++++ b/sysdeps/i386/i686/multiarch/strcspn-c.c
+@@ -1,2 +1,4 @@
+-#define __strcspn_sse2 __strcspn_ia32
+-#include <sysdeps/x86_64/multiarch/strcspn-c.c>
++#if IS_IN (libc)
++# define __strcspn_sse2 __strcspn_ia32
++# include <sysdeps/x86_64/multiarch/strcspn-c.c>
++#endif
+diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c
+index 7760b966e2..6742a35d41 100644
+--- a/sysdeps/i386/i686/multiarch/varshift.c
++++ b/sysdeps/i386/i686/multiarch/varshift.c
+@@ -1 +1,3 @@
+-#include <sysdeps/x86_64/multiarch/varshift.c>
++#if IS_IN (libc)
++# include <sysdeps/x86_64/multiarch/varshift.c>
++#endif
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 0000000..b606cc2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,38 @@
+commit a76376df7c07e577a9515c3faa5dbd50bda5da07
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri Oct 20 18:41:14 2017 +0200
+
+ CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15670
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog 2017-11-16 18:12:32.457928327 +0530
++++ git/ChangeLog 2017-11-16 18:18:24.423642908 +0530
+@@ -1,3 +1,9 @@
++2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
+ 2017-05-05 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21461]
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c 2017-11-16 18:12:14.833843602 +0530
++++ git/posix/glob.c 2017-11-16 18:16:39.511127432 +0530
+@@ -856,7 +856,7 @@
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch b/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
new file mode 100644
index 0000000..5e5bbe2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
@@ -0,0 +1,232 @@
+From: fweimer at redhat dot com (Florian Weimer)
+Date: Fri, 05 May 2017 15:18:28 +0200
+Subject: [PATCH] sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
+
+[BZ #21461]
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8804
+Signed-off-by: Rajkumar Veer<rveer@mvista.
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -20,6 +20,9 @@ using `glibc' in the "product" field.
+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ Version 2.24
+
++* The xdr_bytes and xdr_string routines free the internally allocated buffer
++ if deserialization of the buffer contents fails for any reason.
++
+ * The minimum Linux kernel version that this version of the GNU C Library
+ can be used with is 3.2, except on i[4567]86 and x86_64, where Linux
+ kernel version 2.6.32 or later suffices (on architectures that already
+Index: git/sunrpc/Makefile
+===================================================================
+--- git.orig/sunrpc/Makefile
++++ git/sunrpc/Makefile
+@@ -96,9 +96,16 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_
+ extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
+ others += rpcgen
+
+-tests = tst-xdrmem tst-xdrmem2 test-rpcent
++tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-xdrmem3
+ xtests := tst-getmyaddr
+
++tests-special += $(objpfx)mtrace-tst-xdrmem3.out
++generated += mtrace-tst-xdrmem3.out tst-xdrmem3.mtrace
++tst-xdrmem3-ENV = MALLOC_TRACE=$(objpfx)tst-xdrmem3.mtrace
++$(objpfx)mtrace-tst-xdrmem3.out: $(objpfx)tst-xdrmem3.out
++ $(common-objpfx)malloc/mtrace $(objpfx)tst-xdrmem3.mtrace > $@; \
++ $(evaluate-test)
++
+ ifeq ($(have-thread-library),yes)
+ xtests += thrsvc
+ endif
+@@ -153,6 +160,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
+ $(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
++$(objpfx)tst-xdrmem3: $(common-objpfx)linkobj/libc.so
+
+ $(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
+
+Index: git/sunrpc/tst-xdrmem3.c
+===================================================================
+--- /dev/null
++++ git/sunrpc/tst-xdrmem3.c
+@@ -0,0 +1,83 @@
++/* Test xdr_bytes, xdr_string behavior on deserialization failure.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <mcheck.h>
++#include <rpc/rpc.h>
++#include <support/check.h>
++#include <support/support.h>
++
++static int
++do_test (void)
++{
++ mtrace ();
++
++ /* If do_own_buffer, allocate the buffer and pass it to the
++ deserialization routine. Otherwise the routine is requested to
++ allocate the buffer. */
++ for (int do_own_buffer = 0; do_own_buffer < 2; ++do_own_buffer)
++ {
++ /* Length 16 MiB, but only 2 bytes of data in the packet. */
++ unsigned char buf[] = "\x01\x00\x00\x00\xff";
++ XDR xdrs;
++ char *result;
++ unsigned int result_len;
++
++ /* Test xdr_bytes. */
++ xdrmem_create (&xdrs, (char *) buf, sizeof (buf), XDR_DECODE);
++ result_len = 0;
++ if (do_own_buffer)
++ {
++ char *own_buffer = xmalloc (10);
++ result = own_buffer;
++ TEST_VERIFY (!xdr_bytes (&xdrs, &result, &result_len, 10));
++ TEST_VERIFY (result == own_buffer);
++ free (own_buffer);
++ }
++ else
++ {
++ result = NULL;
++ TEST_VERIFY (!xdr_bytes (&xdrs, &result, &result_len, -1));
++ TEST_VERIFY (result == NULL);
++ }
++ TEST_VERIFY (result_len == 16 * 1024 * 1024);
++ xdr_destroy (&xdrs);
++
++ /* Test xdr_string. */
++ xdrmem_create (&xdrs, (char *) buf, sizeof (buf), XDR_DECODE);
++ if (do_own_buffer)
++ {
++ char *own_buffer = xmalloc (10);
++ result = own_buffer;
++ TEST_VERIFY (!xdr_string (&xdrs, &result, 10));
++ TEST_VERIFY (result == own_buffer);
++ free (own_buffer);
++ }
++ else
++ {
++ result = NULL;
++ TEST_VERIFY (!xdr_string (&xdrs, &result, -1));
++ TEST_VERIFY (result == NULL);
++ }
++ xdr_destroy (&xdrs);
++ }
++
++ return 0;
++}
++
++#include <support/test-driver.c>
++
+Index: git/sunrpc/xdr.c
+===================================================================
+--- git.orig/sunrpc/xdr.c
++++ git/sunrpc/xdr.c
+@@ -620,14 +620,24 @@ xdr_bytes (XDR *xdrs, char **cpp, u_int
+ }
+ if (sp == NULL)
+ {
+- *cpp = sp = (char *) mem_alloc (nodesize);
+- }
+- if (sp == NULL)
+- {
+- (void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
++ sp = (char *) mem_alloc (nodesize);
++ if (sp == NULL)
++ {
++ (void) __fxprintf (NULL, "%s: %s", __func__,
++ _("out of memory\n"));
++ return FALSE;
++ }
++ }
++ if (!xdr_opaque (xdrs, sp, nodesize))
++ {
++ if (sp != *cpp)
++ /* *cpp was NULL, so this function allocated a new
++ buffer. */
++ free (sp);
+ return FALSE;
+ }
+- /* fall into ... */
++ *cpp = sp;
++ return TRUE;
+
+ case XDR_ENCODE:
+ return xdr_opaque (xdrs, sp, nodesize);
+@@ -781,14 +791,27 @@ xdr_string (XDR *xdrs, char **cpp, u_int
+ {
+ case XDR_DECODE:
+ if (sp == NULL)
+- *cpp = sp = (char *) mem_alloc (nodesize);
+- if (sp == NULL)
+ {
+- (void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
+- return FALSE;
++ sp = (char *) mem_alloc (nodesize);
++ if (sp == NULL)
++ {
++ (void) __fxprintf (NULL, "%s: %s", __func__,
++ _("out of memory\n"));
++ return FALSE;
++ }
+ }
+ sp[size] = 0;
+- /* fall into ... */
++
++ if (!xdr_opaque (xdrs, sp, size))
++ {
++ if (sp != *cpp)
++ /* *cpp was NULL, so this function allocated a new
++ buffer. */
++ free (sp);
++ return FALSE;
++ }
++ *cpp = sp;
++ return TRUE;
+
+ case XDR_ENCODE:
+ return xdr_opaque (xdrs, sp, size);
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,16 @@
++2017-05-05 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #21461]
++ * sunrpc/xdr.c (xdr_bytes): Deallocate allocated buffer on error.
++ (xdr_string): Likewise.
++ * sunrpc/Makefile (tests): Add tst-xdrmem3.
++ (tests-special): Add mtrace-tst-xdrmem3.out.
++ (generated): Add mtrace-tst-xdrmem3.out, tst-xdrmem3.mtrace.
++ (tst-xdrmem3-ENV): Set MALLOC_TRACE.
++ (mtrace-tst-xdrmem3.out): Run mtrace.
++ (tst-xdrmem3): Link against full libc.
++ * sunrpc/tst-xdrmem3.c: New file.
++
+ 2017-06-14 Florian Weimer <fweimer@redhat.com>
+
+ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index e723e03..6ea4585 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -45,12 +45,19 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0004-New-condvar-implementation-that-provides-stronger-or.patch \
file://0005-Remove-__ASSUME_REQUEUE_PI.patch \
file://0006-Fix-atomic_fetch_xor_release.patch \
+ file://0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch \
+ file://0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch \
+ file://0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch \
+ file://0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch \
+ file://0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch \
"
SRC_URI += "\
file://etc/ld.so.conf \
file://generate-supported.mk \
file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \
+ file://CVE-2017-8804.patch \
+ file://CVE-2017-15670.patch \
"
SRC_URI_append_class-nativesdk = "\
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 7f29ff8..9e579a0 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "vmdk"
inherit core-image module-base
-SRCREV ?= "d555b59a988154d8ef0073109cf697f09e6e19af"
+SRCREV ?= "a3765887d3efa4c464ef7a00450f218ae2b15eb2"
SRC_URI = "git://git.yoctoproject.org/poky;branch=morty \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch
new file mode 100644
index 0000000..d08a10f
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch
@@ -0,0 +1,670 @@
+From 222953e87f34545a3f9c6d3c18216e222bf6ea94 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner@archlinux.org>
+Date: Fri, 10 Jun 2016 09:50:16 -0400
+Subject: [PATCH] Ensure kdbus isn't used (#3501)
+
+Delete the dbus1 generator and some critical wiring. This prevents
+kdbus from being loaded or detected. As such, it will never be used,
+even if the user still has a useful kdbus module loaded on their system.
+
+Sort of fixes #3480. Not really, but it's better than the current state.
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ Makefile.am | 20 --
+ autogen.sh | 12 +-
+ configure.ac | 10 -
+ src/core/busname.c | 7 +-
+ src/core/kmod-setup.c | 3 -
+ src/core/manager.c | 23 ---
+ src/core/mount-setup.c | 2 -
+ src/core/service.c | 17 +-
+ src/dbus1-generator/dbus1-generator.c | 331 ----------------------------------
+ src/login/pam_systemd.c | 31 ++--
+ src/shared/bus-util.c | 34 ----
+ src/shared/bus-util.h | 3 -
+ 12 files changed, 23 insertions(+), 470 deletions(-)
+ delete mode 100644 src/dbus1-generator/dbus1-generator.c
+
+Index: git/autogen.sh
+===================================================================
+--- git.orig/autogen.sh
++++ git/autogen.sh
+@@ -55,19 +55,19 @@ fi
+ cd $oldpwd
+
+ if [ "x$1" = "xc" ]; then
+- $topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args
++ $topdir/configure CFLAGS='-g -O0 -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xg" ]; then
+- $topdir/configure CFLAGS='-g -Og -ftrapv' --enable-kdbus $args
++ $topdir/configure CFLAGS='-g -Og -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xa" ]; then
+- $topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' --enable-kdbus $args
++ $topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xl" ]; then
+- $topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args
++ $topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xs" ]; then
+- scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' --enable-kdbus $args
++ scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' $args
+ scan-build make
+ else
+ echo
+@@ -75,6 +75,6 @@ else
+ echo "Initialized build system. For a common configuration please run:"
+ echo "----------------------------------------------------------------"
+ echo
+- echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args"
++ echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' $args"
+ echo
+ fi
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -1294,16 +1294,6 @@ AC_ARG_WITH(tpm-pcrindex,
+ AC_DEFINE_UNQUOTED(SD_TPM_PCR, [$SD_TPM_PCR], [TPM PCR register number to use])
+
+ # ------------------------------------------------------------------------------
+-have_kdbus=no
+-AC_ARG_ENABLE(kdbus, AS_HELP_STRING([--disable-kdbus], [do not connect to kdbus by default]))
+-if test "x$enable_kdbus" != "xno"; then
+- AC_DEFINE(ENABLE_KDBUS, 1, [Define if kdbus is to be connected to by default])
+- have_kdbus=yes
+- M4_DEFINES="$M4_DEFINES -DENABLE_KDBUS"
+-fi
+-AM_CONDITIONAL(ENABLE_KDBUS, [test "$have_kdbus" = "yes"])
+-
+-# ------------------------------------------------------------------------------
+ AC_ARG_WITH(rc-local-script-path-start,
+ AS_HELP_STRING([--with-rc-local-script-path-start=PATH],
+ [Path to /etc/rc.local]),
+Index: git/src/core/busname.c
+===================================================================
+--- git.orig/src/core/busname.c
++++ git/src/core/busname.c
+@@ -998,12 +998,7 @@ static int busname_get_timeout(Unit *u,
+ }
+
+ static bool busname_supported(void) {
+- static int supported = -1;
+-
+- if (supported < 0)
+- supported = is_kdbus_available();
+-
+- return supported;
++ return false;
+ }
+
+ static int busname_control_pid(Unit *u) {
+Index: git/src/core/kmod-setup.c
+===================================================================
+--- git.orig/src/core/kmod-setup.c
++++ git/src/core/kmod-setup.c
+@@ -64,9 +64,6 @@ int kmod_setup(void) {
+ /* this should never be a module */
+ { "unix", "/proc/net/unix", true, true, NULL },
+
+- /* IPC is needed before we bring up any other services */
+- { "kdbus", "/sys/fs/kdbus", false, false, is_kdbus_wanted },
+-
+ #ifdef HAVE_LIBIPTC
+ /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
+ { "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
+Index: git/src/core/manager.c
+===================================================================
+--- git.orig/src/core/manager.c
++++ git/src/core/manager.c
+@@ -809,28 +809,6 @@ static int manager_setup_cgroups_agent(M
+ return 0;
+ }
+
+-static int manager_setup_kdbus(Manager *m) {
+- _cleanup_free_ char *p = NULL;
+-
+- assert(m);
+-
+- if (m->test_run || m->kdbus_fd >= 0)
+- return 0;
+- if (!is_kdbus_available())
+- return -ESOCKTNOSUPPORT;
+-
+- m->kdbus_fd = bus_kernel_create_bus(
+- MANAGER_IS_SYSTEM(m) ? "system" : "user",
+- MANAGER_IS_SYSTEM(m), &p);
+-
+- if (m->kdbus_fd < 0)
+- return log_debug_errno(m->kdbus_fd, "Failed to set up kdbus: %m");
+-
+- log_debug("Successfully set up kdbus on %s", p);
+-
+- return 0;
+-}
+-
+ static int manager_connect_bus(Manager *m, bool reexecuting) {
+ bool try_bus_connect;
+
+@@ -1225,7 +1203,6 @@ int manager_startup(Manager *m, FILE *se
+
+ /* We might have deserialized the kdbus control fd, but if we
+ * didn't, then let's create the bus now. */
+- manager_setup_kdbus(m);
+ manager_connect_bus(m, !!serialization);
+ bus_track_coldplug(m, &m->subscribed, &m->deserialized_subscribed);
+
+Index: git/src/core/mount-setup.c
+===================================================================
+--- git.orig/src/core/mount-setup.c
++++ git/src/core/mount-setup.c
+@@ -108,8 +108,6 @@ static const MountPoint mount_table[] =
+ { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ is_efi_boot, MNT_NONE },
+ #endif
+- { "kdbusfs", "/sys/fs/kdbus", "kdbusfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+- is_kdbus_wanted, MNT_IN_CONTAINER },
+ };
+
+ /* These are API file systems that might be mounted by other software,
+Index: git/src/core/service.c
+===================================================================
+--- git.orig/src/core/service.c
++++ git/src/core/service.c
+@@ -574,20 +574,9 @@ static int service_setup_bus_name(Servic
+ if (!s->bus_name)
+ return 0;
+
+- if (is_kdbus_available()) {
+- const char *n;
+-
+- n = strjoina(s->bus_name, ".busname");
+- r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, n, NULL, true);
+- if (r < 0)
+- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency to .busname unit: %m");
+-
+- } else {
+- /* If kdbus is not available, we know the dbus socket is required, hence pull it in, and require it */
+- r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true);
+- if (r < 0)
+- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m");
+- }
++ r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true);
++ if (r < 0)
++ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m");
+
+ /* Regardless if kdbus is used or not, we always want to be ordered against dbus.socket if both are in the transaction. */
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, NULL, true);
+Index: git/src/dbus1-generator/dbus1-generator.c
+===================================================================
+--- git.orig/src/dbus1-generator/dbus1-generator.c
++++ /dev/null
+@@ -1,331 +0,0 @@
+-/***
+- This file is part of systemd.
+-
+- Copyright 2013 Lennart Poettering
+-
+- systemd is free software; you can redistribute it and/or modify it
+- under the terms of the GNU Lesser General Public License as published by
+- the Free Software Foundation; either version 2.1 of the License, or
+- (at your option) any later version.
+-
+- systemd is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- Lesser General Public License for more details.
+-
+- You should have received a copy of the GNU Lesser General Public License
+- along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-***/
+-
+-#include "alloc-util.h"
+-#include "bus-internal.h"
+-#include "bus-util.h"
+-#include "cgroup-util.h"
+-#include "conf-parser.h"
+-#include "dirent-util.h"
+-#include "fd-util.h"
+-#include "fileio.h"
+-#include "mkdir.h"
+-#include "special.h"
+-#include "unit-name.h"
+-#include "util.h"
+-
+-static const char *arg_dest_late = "/tmp", *arg_dest = "/tmp";
+-
+-static int create_dbus_files(
+- const char *path,
+- const char *name,
+- const char *service,
+- const char *exec,
+- const char *user,
+- const char *type) {
+-
+- _cleanup_free_ char *b = NULL, *s = NULL, *lnk = NULL;
+- _cleanup_fclose_ FILE *f = NULL;
+- int r;
+-
+- assert(path);
+- assert(name);
+- assert(service || exec);
+-
+- if (!service) {
+- _cleanup_free_ char *a = NULL;
+-
+- s = strjoin("dbus-", name, ".service", NULL);
+- if (!s)
+- return log_oom();
+-
+- a = strjoin(arg_dest_late, "/", s, NULL);
+- if (!a)
+- return log_oom();
+-
+- f = fopen(a, "wxe");
+- if (!f)
+- return log_error_errno(errno, "Failed to create %s: %m", a);
+-
+- fprintf(f,
+- "# Automatically generated by systemd-dbus1-generator\n\n"
+- "[Unit]\n"
+- "SourcePath=%s\n"
+- "Description=DBUS1: %s\n"
+- "Documentation=man:systemd-dbus1-generator(8)\n\n"
+- "[Service]\n"
+- "ExecStart=%s\n"
+- "Type=dbus\n"
+- "BusName=%s\n",
+- path,
+- name,
+- exec,
+- name);
+-
+- if (user)
+- fprintf(f, "User=%s\n", user);
+-
+-
+- if (type) {
+- fprintf(f, "Environment=DBUS_STARTER_BUS_TYPE=%s\n", type);
+-
+- if (streq(type, "system"))
+- fprintf(f, "Environment=DBUS_STARTER_ADDRESS=" DEFAULT_SYSTEM_BUS_ADDRESS "\n");
+- else if (streq(type, "session")) {
+- char *run;
+-
+- run = getenv("XDG_RUNTIME_DIR");
+- if (!run) {
+- log_error("XDG_RUNTIME_DIR not set.");
+- return -EINVAL;
+- }
+-
+- fprintf(f, "Environment=DBUS_STARTER_ADDRESS="KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT "\n",
+- getuid(), run);
+- }
+- }
+-
+- r = fflush_and_check(f);
+- if (r < 0)
+- return log_error_errno(r, "Failed to write %s: %m", a);
+-
+- f = safe_fclose(f);
+-
+- service = s;
+- }
+-
+- b = strjoin(arg_dest_late, "/", name, ".busname", NULL);
+- if (!b)
+- return log_oom();
+-
+- f = fopen(b, "wxe");
+- if (!f)
+- return log_error_errno(errno, "Failed to create %s: %m", b);
+-
+- fprintf(f,
+- "# Automatically generated by systemd-dbus1-generator\n\n"
+- "[Unit]\n"
+- "SourcePath=%s\n"
+- "Description=DBUS1: %s\n"
+- "Documentation=man:systemd-dbus1-generator(8)\n\n"
+- "[BusName]\n"
+- "Name=%s\n"
+- "Service=%s\n"
+- "AllowWorld=talk\n",
+- path,
+- name,
+- name,
+- service);
+-
+- r = fflush_and_check(f);
+- if (r < 0)
+- return log_error_errno(r, "Failed to write %s: %m", b);
+-
+- lnk = strjoin(arg_dest_late, "/" SPECIAL_BUSNAMES_TARGET ".wants/", name, ".busname", NULL);
+- if (!lnk)
+- return log_oom();
+-
+- mkdir_parents_label(lnk, 0755);
+- if (symlink(b, lnk))
+- return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
+-
+- return 0;
+-}
+-
+-static int add_dbus(const char *path, const char *fname, const char *type) {
+- _cleanup_free_ char *name = NULL, *exec = NULL, *user = NULL, *service = NULL;
+-
+- const ConfigTableItem table[] = {
+- { "D-BUS Service", "Name", config_parse_string, 0, &name },
+- { "D-BUS Service", "Exec", config_parse_string, 0, &exec },
+- { "D-BUS Service", "User", config_parse_string, 0, &user },
+- { "D-BUS Service", "SystemdService", config_parse_string, 0, &service },
+- { },
+- };
+-
+- char *p;
+- int r;
+-
+- assert(path);
+- assert(fname);
+-
+- p = strjoina(path, "/", fname);
+- r = config_parse(NULL, p, NULL,
+- "D-BUS Service\0",
+- config_item_table_lookup, table,
+- true, false, true, NULL);
+- if (r < 0)
+- return r;
+-
+- if (!name) {
+- log_warning("Activation file %s lacks name setting, ignoring.", p);
+- return 0;
+- }
+-
+- if (!service_name_is_valid(name)) {
+- log_warning("Bus service name %s is not valid, ignoring.", name);
+- return 0;
+- }
+-
+- if (streq(name, "org.freedesktop.systemd1")) {
+- log_debug("Skipping %s, identified as systemd.", p);
+- return 0;
+- }
+-
+- if (service) {
+- if (!unit_name_is_valid(service, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) {
+- log_warning("Unit name %s is not valid, ignoring.", service);
+- return 0;
+- }
+- if (!endswith(service, ".service")) {
+- log_warning("Bus names can only activate services, ignoring %s.", p);
+- return 0;
+- }
+- } else {
+- if (streq(exec, "/bin/false") || !exec) {
+- log_warning("Neither service name nor binary path specified, ignoring %s.", p);
+- return 0;
+- }
+-
+- if (exec[0] != '/') {
+- log_warning("Exec= in %s does not start with an absolute path, ignoring.", p);
+- return 0;
+- }
+- }
+-
+- return create_dbus_files(p, name, service, exec, user, type);
+-}
+-
+-static int parse_dbus_fragments(const char *path, const char *type) {
+- _cleanup_closedir_ DIR *d = NULL;
+- struct dirent *de;
+- int r;
+-
+- assert(path);
+- assert(type);
+-
+- d = opendir(path);
+- if (!d) {
+- if (errno == -ENOENT)
+- return 0;
+-
+- return log_error_errno(errno, "Failed to enumerate D-Bus activated services: %m");
+- }
+-
+- r = 0;
+- FOREACH_DIRENT(de, d, goto fail) {
+- int q;
+-
+- if (!endswith(de->d_name, ".service"))
+- continue;
+-
+- q = add_dbus(path, de->d_name, type);
+- if (q < 0)
+- r = q;
+- }
+-
+- return r;
+-
+-fail:
+- return log_error_errno(errno, "Failed to read D-Bus services directory: %m");
+-}
+-
+-static int link_busnames_target(const char *units) {
+- const char *f, *t;
+-
+- f = strjoina(units, "/" SPECIAL_BUSNAMES_TARGET);
+- t = strjoina(arg_dest, "/" SPECIAL_BASIC_TARGET ".wants/" SPECIAL_BUSNAMES_TARGET);
+-
+- mkdir_parents_label(t, 0755);
+- if (symlink(f, t) < 0)
+- return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+-
+- return 0;
+-}
+-
+-static int link_compatibility(const char *units) {
+- const char *f, *t;
+-
+- f = strjoina(units, "/systemd-bus-proxyd.socket");
+- t = strjoina(arg_dest, "/" SPECIAL_DBUS_SOCKET);
+- mkdir_parents_label(t, 0755);
+- if (symlink(f, t) < 0)
+- return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+-
+- f = strjoina(units, "/systemd-bus-proxyd.socket");
+- t = strjoina(arg_dest, "/" SPECIAL_SOCKETS_TARGET ".wants/systemd-bus-proxyd.socket");
+- mkdir_parents_label(t, 0755);
+- if (symlink(f, t) < 0)
+- return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+-
+- t = strjoina(arg_dest, "/" SPECIAL_DBUS_SERVICE);
+- if (symlink("/dev/null", t) < 0)
+- return log_error_errno(errno, "Failed to mask %s: %m", t);
+-
+- return 0;
+-}
+-
+-int main(int argc, char *argv[]) {
+- const char *path, *type, *units;
+- int r, q;
+-
+- if (argc > 1 && argc != 4) {
+- log_error("This program takes three or no arguments.");
+- return EXIT_FAILURE;
+- }
+-
+- if (argc > 1) {
+- arg_dest = argv[1];
+- arg_dest_late = argv[3];
+- }
+-
+- log_set_target(LOG_TARGET_SAFE);
+- log_parse_environment();
+- log_open();
+-
+- umask(0022);
+-
+- if (!is_kdbus_available())
+- return 0;
+-
+- r = cg_pid_get_owner_uid(0, NULL);
+- if (r >= 0) {
+- path = "/usr/share/dbus-1/services";
+- type = "session";
+- units = USER_DATA_UNIT_PATH;
+- } else if (r == -ENXIO) {
+- path = "/usr/share/dbus-1/system-services";
+- type = "system";
+- units = SYSTEM_DATA_UNIT_PATH;
+- } else
+- return log_error_errno(r, "Failed to determine whether we are running as user or system instance: %m");
+-
+- r = parse_dbus_fragments(path, type);
+-
+- /* FIXME: One day this should just be pulled in statically from basic.target */
+- q = link_busnames_target(units);
+- if (q < 0)
+- r = q;
+-
+- q = link_compatibility(units);
+- if (q < 0)
+- r = q;
+-
+- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+-}
+Index: git/src/login/pam_systemd.c
+===================================================================
+--- git.orig/src/login/pam_systemd.c
++++ git/src/login/pam_systemd.c
+@@ -182,25 +182,20 @@ static int export_legacy_dbus_address(
+ _cleanup_free_ char *s = NULL;
+ int r = PAM_BUF_ERR;
+
+- if (is_kdbus_available()) {
+- if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0)
+- goto error;
+- } else {
+- /* FIXME: We *really* should move the access() check into the
+- * daemons that spawn dbus-daemon, instead of forcing
+- * DBUS_SESSION_BUS_ADDRESS= here. */
++ /* FIXME: We *really* should move the access() check into the
++ * daemons that spawn dbus-daemon, instead of forcing
++ * DBUS_SESSION_BUS_ADDRESS= here. */
+
+- s = strjoin(runtime, "/bus", NULL);
+- if (!s)
+- goto error;
++ s = strjoin(runtime, "/bus", NULL);
++ if (!s)
++ goto error;
+
+- if (access(s, F_OK) < 0)
+- return PAM_SUCCESS;
++ if (access(s, F_OK) < 0)
++ return PAM_SUCCESS;
+
+- s = mfree(s);
+- if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
+- goto error;
+- }
++ s = mfree(s);
++ if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
++ goto error;
+
+ r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
+ if (r != PAM_SUCCESS)
+Index: git/src/shared/bus-util.c
+===================================================================
+--- git.orig/src/shared/bus-util.c
++++ git/src/shared/bus-util.c
+@@ -1492,40 +1492,6 @@ int bus_path_decode_unique(const char *p
+ return 1;
+ }
+
+-bool is_kdbus_wanted(void) {
+- _cleanup_free_ char *value = NULL;
+-#ifdef ENABLE_KDBUS
+- const bool configured = true;
+-#else
+- const bool configured = false;
+-#endif
+-
+- int r;
+-
+- if (get_proc_cmdline_key("kdbus", NULL) > 0)
+- return true;
+-
+- r = get_proc_cmdline_key("kdbus=", &value);
+- if (r <= 0)
+- return configured;
+-
+- return parse_boolean(value) == 1;
+-}
+-
+-bool is_kdbus_available(void) {
+- _cleanup_close_ int fd = -1;
+- struct kdbus_cmd cmd = { .size = sizeof(cmd), .flags = KDBUS_FLAG_NEGOTIATE };
+-
+- if (!is_kdbus_wanted())
+- return false;
+-
+- fd = open("/sys/fs/kdbus/control", O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
+- if (fd < 0)
+- return false;
+-
+- return ioctl(fd, KDBUS_CMD_BUS_MAKE, &cmd) >= 0;
+-}
+-
+ int bus_property_get_rlimit(
+ sd_bus *bus,
+ const char *path,
+Index: git/src/shared/bus-util.h
+===================================================================
+--- git.orig/src/shared/bus-util.h
++++ git/src/shared/bus-util.h
+@@ -157,7 +157,4 @@ int bus_log_create_error(int r);
+ int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path);
+ int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external);
+
+-bool is_kdbus_wanted(void);
+-bool is_kdbus_available(void);
+-
+ int bus_property_get_rlimit(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+Index: git/Makefile.am
+===================================================================
+--- git.orig/Makefile.am
++++ git/Makefile.am
+@@ -2895,29 +2895,9 @@ systemd_gpt_auto_generator_CFLAGS = \
+ endif
+
+ # ------------------------------------------------------------------------------
+-systemgenerator_PROGRAMS += \
+- systemd-dbus1-generator
+-
+-systemd_dbus1_generator_SOURCES = \
+- src/dbus1-generator/dbus1-generator.c
+-
+-systemd_dbus1_generator_LDADD = \
+- libshared.la
+-
+-dbus1-generator-install-hook:
+- $(AM_V_at)$(MKDIR_P) $(DESTDIR)$(usergeneratordir)
+- $(AM_V_RM)rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+- $(AM_V_LN)lnr $(DESTDIR)$(systemgeneratordir)/systemd-dbus1-generator $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+-
+-dbus1-generator-uninstall-hook:
+- rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+-
+ dist_xinitrc_SCRIPTS = \
+ xorg/50-systemd-user.sh
+
+-INSTALL_EXEC_HOOKS += dbus1-generator-install-hook
+-UNINSTALL_EXEC_HOOKS += dbus1-generator-uninstall-hook
+-
+ # ------------------------------------------------------------------------------
+ systemd_sysv_generator_SOURCES = \
+ src/sysv-generator/sysv-generator.c
diff --git a/meta/recipes-core/systemd/systemd_230.bb b/meta/recipes-core/systemd/systemd_230.bb
index 40f1428..f4ff860 100644
--- a/meta/recipes-core/systemd/systemd_230.bb
+++ b/meta/recipes-core/systemd/systemd_230.bb
@@ -37,6 +37,7 @@ SRC_URI += " \
file://udev-re-enable-mount-propagation-for-udevd.patch \
file://CVE-2016-7795.patch \
file://validate-user.patch \
+ file://Ensure-kdbus-isn-t-used-3501.patch \
"
SRC_URI_append_libc-uclibc = "\
file://0002-units-Prefer-getty-to-agetty-in-console-setup-system.patch \
@@ -61,7 +62,6 @@ PACKAGECONFIG ??= "xz \
timedated \
timesyncd \
localed \
- kdbus \
ima \
smack \
logind \
@@ -96,7 +96,6 @@ PACKAGECONFIG[timedated] = "--enable-timedated,--disable-timedated"
PACKAGECONFIG[timesyncd] = "--enable-timesyncd,--disable-timesyncd"
PACKAGECONFIG[localed] = "--enable-localed,--disable-localed"
PACKAGECONFIG[efi] = "--enable-efi,--disable-efi"
-PACKAGECONFIG[kdbus] = "--enable-kdbus,--disable-kdbus"
PACKAGECONFIG[ima] = "--enable-ima,--disable-ima"
PACKAGECONFIG[smack] = "--enable-smack,--disable-smack"
# libseccomp is found in meta-security
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 0936d97..1311b65 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -45,6 +45,64 @@ SRC_URI = "\
file://CVE-2017-6969_2.patch \
file://CVE-2017-7209.patch \
file://CVE-2017-7210.patch \
+ file://CVE-2017-7614.patch \
+ file://CVE-2017-9038.patch \
+ file://CVE-2017-9039.patch \
+ file://CVE-2017-9039_1.patch \
+ file://CVE-2017-9040_and_9042.patch \
+ file://CVE-2017-9041_1.patch \
+ file://CVE-2017-9041_2.patch \
+ file://CVE-2017-7226.patch \
+ file://CVE-2017-12448.patch \
+ file://CVE-2017-12449_12455_12457_1.patch \
+ file://CVE-2017-12449_12455_12457.patch \
+ file://CVE-2017-12451.patch \
+ file://CVE-2017-12450_12452_12453_12454_12456_1.patch \
+ file://CVE-2017-12450_12452_12453_12454_12456.patch \
+ file://CVE-2017-7223.patch \
+ file://CVE-2017-7224.patch \
+ file://CVE-2017-7225.patch \
+ file://CVE-2017-7227.patch \
+ file://CVE-2017-7301.patch \
+ file://CVE-2017-7302.patch \
+ file://CVE-2017-7303.patch \
+ file://CVE-2017-7304.patch \
+ file://CVE-2017-8393.patch \
+ file://CVE-2017-8395.patch \
+ file://CVE-2017-8397.patch \
+ file://CVE-2017-7300.patch \
+ file://CVE-2017-8396.patch \
+ file://CVE-2017-8421.patch \
+ file://CVE-2017-8394_1.patch \
+ file://CVE-2017-8394.patch \
+ file://CVE-2017-8398.patch \
+ file://CVE-2017-7299_1.patch \
+ file://CVE-2017-7299_2.patch \
+ file://CVE-2017-9751.patch \
+ file://CVE-2017-9749.patch \
+ file://CVE-2017-9746.patch \
+ file://CVE-2017-9748.patch \
+ file://CVE-2017-9747.patch \
+ file://CVE-2017-9750.patch \
+ file://CVE-2017-9752.patch \
+ file://CVE-2017-9753_9754.patch \
+ file://CVE-2017-9755_1.patch \
+ file://CVE-2017-9755_2.patch \
+ file://CVE-2017-9756.patch \
+ file://CVE-2017-9745.patch \
+ file://CVE-2017-9954.patch \
+ file://CVE-2017-9955_1.patch \
+ file://CVE-2017-9955_2.patch \
+ file://CVE-2017-9955_3.patch \
+ file://CVE-2017-9955_4.patch \
+ file://CVE-2017-9955_5.patch \
+ file://CVE-2017-9955_6.patch \
+ file://CVE-2017-9955_7.patch \
+ file://CVE-2017-9955_8.patch \
+ file://CVE-2017-9955_9.patch \
+ file://CVE-2017-14729.patch \
+ file://CVE-2017-15024.patch \
+ file://CVE-2017-15938.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
new file mode 100644
index 0000000..039166c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
@@ -0,0 +1,49 @@
+commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jul 19 14:49:12 2017 +0100
+
+ Fix use-after-free error when parsing a corrupt nested archive.
+
+ PR 21787
+ * archive.c (bfd_generic_archive_p): If the bfd does not have the
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12448
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/archive.c
+===================================================================
+--- git.orig/bfd/archive.c 2017-08-30 16:44:10.848601412 +0530
++++ git/bfd/archive.c 2017-08-30 16:44:21.400855758 +0530
+@@ -834,7 +834,12 @@
+ if (strncmp (armag, ARMAG, SARMAG) != 0
+ && strncmp (armag, ARMAGB, SARMAG) != 0
+ && ! bfd_is_thin_archive (abfd))
+- return NULL;
++ {
++ bfd_set_error (bfd_error_wrong_format);
++ if (abfd->format == bfd_archive)
++ abfd->format = bfd_unknown;
++ return NULL;
++ }
+
+ tdata_hold = bfd_ardata (abfd);
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-30 16:44:21.340854320 +0530
++++ git/bfd/ChangeLog 2017-08-30 16:46:48.716143277 +0530
+@@ -1,3 +1,10 @@
++2017-07-19 Nick Clifton <nickc@redhat.com>
++
++ PR 21787
++ * archive.c (bfd_generic_archive_p): If the bfd does not have the
++ correct magic bytes at the start, set the error to wrong format
++ and clear the format selector before returning NULL.
++
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove error reporting from
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch
new file mode 100644
index 0000000..d7512b3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch
@@ -0,0 +1,240 @@
+commit 8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jul 27 12:04:50 2017 +0100
+
+ Fix address violation issues encountered when parsing corrupt binaries.
+
+ PR 21840
+ * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
+ size is -1.
+ * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
+ with error return.
+ * section.c (bfd_make_section_with_flags): Fail if the name or bfd
+ are NULL.
+ * vms-alpha.c (bfd_make_section_with_flags): Correct computation
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/mach-o.c
+===================================================================
+--- git.orig/bfd/mach-o.c 2017-08-30 17:21:59.684671218 +0530
++++ git/bfd/mach-o.c 2017-08-30 17:22:19.136813620 +0530
+@@ -3739,6 +3739,9 @@
+ }
+ else
+ {
++ /* See PR 21840 for a reproducer. */
++ if ((sym->strsize + 1) == 0)
++ return FALSE;
+ sym->strtab = bfd_alloc (abfd, sym->strsize + 1);
+ if (sym->strtab == NULL)
+ return FALSE;
+Index: git/bfd/nlmcode.h
+===================================================================
+--- git.orig/bfd/nlmcode.h 2017-08-30 17:21:59.688671247 +0530
++++ git/bfd/nlmcode.h 2017-08-30 17:22:19.140813649 +0530
+@@ -351,7 +351,9 @@
+ bfd_byte *contents;
+ bfd_byte *p, *pend;
+
+- BFD_ASSERT (hdrLength == 0 && hdr == NULL);
++ /* See PR 21840 for a reproducer. */
++ if (hdrLength != 0 || hdr != NULL)
++ return FALSE;
+
+ pos = bfd_tell (abfd);
+ if (bfd_seek (abfd, dataOffset, SEEK_SET) != 0)
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c 2017-08-30 17:21:59.708671392 +0530
++++ git/bfd/section.c 2017-08-30 17:22:19.140813649 +0530
+@@ -1240,7 +1240,7 @@
+ struct section_hash_entry *sh;
+ asection *newsect;
+
+- if (abfd->output_has_begun)
++ if (abfd == NULL || name == NULL || abfd->output_has_begun)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return NULL;
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-30 17:22:19.080813209 +0530
++++ git/bfd/vms-alpha.c 2017-08-30 17:22:19.140813649 +0530
+@@ -5562,8 +5562,9 @@
+ {
+ struct vms_emh_common *emh = (struct vms_emh_common *)rec;
+ unsigned int subtype;
++ int extra;
+
+- subtype = (unsigned)bfd_getl16 (emh->subtyp);
++ subtype = (unsigned) bfd_getl16 (emh->subtyp);
+
+ fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
+
+@@ -5573,58 +5574,82 @@
+ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
+ return;
+ }
+-
++ extra = rec_len - sizeof (struct vms_emh_common);
++
+ switch (subtype)
+ {
+ case EMH__C_MHD:
+ {
+- struct vms_emh_mhd *mhd = (struct vms_emh_mhd *)rec;
+- const char *name;
++ struct vms_emh_mhd *mhd = (struct vms_emh_mhd *) rec;
++ const char * name;
++ const char * nextname;
++ const char * maxname;
+
++ /* PR 21840: Check for invalid lengths. */
++ if (rec_len < sizeof (* mhd))
++ {
++ fprintf (file, _(" Error: The record length is less than the size of an EMH_MHD record\n"));
++ return;
++ }
+ fprintf (file, _("Module header\n"));
+ fprintf (file, _(" structure level: %u\n"), mhd->strlvl);
+ fprintf (file, _(" max record size: %u\n"),
+- (unsigned)bfd_getl32 (mhd->recsiz));
++ (unsigned) bfd_getl32 (mhd->recsiz));
+ name = (char *)(mhd + 1);
++ maxname = (char *) rec + rec_len;
++ if (name > maxname - 2)
++ {
++ fprintf (file, _(" Error: The module name is missing\n"));
++ return;
++ }
++ nextname = name + name[0] + 1;
++ if (nextname >= maxname)
++ {
++ fprintf (file, _(" Error: The module name is too long\n"));
++ return;
++ }
+ fprintf (file, _(" module name : %.*s\n"), name[0], name + 1);
+- name += name[0] + 1;
++ name = nextname;
++ if (name > maxname - 2)
++ {
++ fprintf (file, _(" Error: The module version is missing\n"));
++ return;
++ }
++ nextname = name + name[0] + 1;
++ if (nextname >= maxname)
++ {
++ fprintf (file, _(" Error: The module version is too long\n"));
++ return;
++ }
+ fprintf (file, _(" module version : %.*s\n"), name[0], name + 1);
+- name += name[0] + 1;
+- fprintf (file, _(" compile date : %.17s\n"), name);
++ name = nextname;
++ if ((maxname - name) < 17 && maxname[-1] != 0)
++ fprintf (file, _(" Error: The compile date is truncated\n"));
++ else
++ fprintf (file, _(" compile date : %.17s\n"), name);
+ }
+ break;
++
+ case EMH__C_LNM:
+- {
+- fprintf (file, _("Language Processor Name\n"));
+- fprintf (file, _(" language name: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Language Processor Name\n"));
++ fprintf (file, _(" language name: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ case EMH__C_SRC:
+- {
+- fprintf (file, _("Source Files Header\n"));
+- fprintf (file, _(" file: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Source Files Header\n"));
++ fprintf (file, _(" file: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ case EMH__C_TTL:
+- {
+- fprintf (file, _("Title Text Header\n"));
+- fprintf (file, _(" title: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Title Text Header\n"));
++ fprintf (file, _(" title: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ case EMH__C_CPR:
+- {
+- fprintf (file, _("Copyright Header\n"));
+- fprintf (file, _(" copyright: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Copyright Header\n"));
++ fprintf (file, _(" copyright: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ default:
+ fprintf (file, _("unhandled emh subtype %u\n"), subtype);
+ break;
+Index: git/bfd/vms-misc.c
+===================================================================
+--- git.orig/bfd/vms-misc.c 2017-08-30 17:21:59.716671451 +0530
++++ git/bfd/vms-misc.c 2017-08-30 17:22:19.140813649 +0530
+@@ -135,8 +135,8 @@
+ #endif
+
+
+-/* Copy sized string (string with fixed size) to new allocated area
+- size is string size (size of record) */
++/* Copy sized string (string with fixed size) to new allocated area.
++ Size is string size (size of record). */
+
+ char *
+ _bfd_vms_save_sized_string (unsigned char *str, int size)
+@@ -151,8 +151,8 @@
+ return newstr;
+ }
+
+-/* Copy counted string (string with size at first byte) to new allocated area
+- ptr points to size byte on entry */
++/* Copy counted string (string with size at first byte) to new allocated area.
++ PTR points to size byte on entry. */
+
+ char *
+ _bfd_vms_save_counted_string (unsigned char *ptr)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-30 17:22:19.080813209 +0530
++++ git/bfd/ChangeLog 2017-08-30 17:23:51.069502425 +0530
+@@ -1,3 +1,16 @@
++2017-07-27 Nick Clifton <nickc@redhat.com>
++
++ PR 21840
++ * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
++ size is -1.
++ * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
++ with error return.
++ * section.c (bfd_make_section_with_flags): Fail if the name or bfd
++ are NULL.
++ * vms-alpha.c (bfd_make_section_with_flags): Correct computation
++ of end pointer.
++ (evax_bfd_print_emh): Check for invalid string lengths.
++
+ 2017-07-19 Nick Clifton <nickc@redhat.com>
+
+ PR 21787
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
new file mode 100644
index 0000000..6dae0f6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
@@ -0,0 +1,97 @@
+commit bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 19 14:52:36 2017 +0100
+
+ Fix address violations when reading corrupt VMS records.
+
+ PR binutils/21618
+ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
+ length.
+ (evax_bfd_print_eeom): Likewise.
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-30 17:08:27.408159234 +0530
++++ git/bfd/vms-alpha.c 2017-08-30 17:12:07.289044702 +0530
+@@ -5567,6 +5567,13 @@
+
+ fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
+
++ /* PR 21618: Check for invalid lengths. */
++ if (rec_len < sizeof (* emh))
++ {
++ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
++ return;
++ }
++
+ switch (subtype)
+ {
+ case EMH__C_MHD:
+@@ -5630,6 +5637,14 @@
+ struct vms_eeom *eeom = (struct vms_eeom *)rec;
+
+ fprintf (file, _(" EEOM (len=%u):\n"), rec_len);
++
++ /* PR 21618: Check for invalid lengths. */
++ if (rec_len < sizeof (* eeom))
++ {
++ fprintf (file, _(" Error: The length is less than the length of an EEOM record\n"));
++ return;
++ }
++
+ fprintf (file, _(" number of cond linkage pairs: %u\n"),
+ (unsigned)bfd_getl32 (eeom->total_lps));
+ fprintf (file, _(" completion code: %u\n"),
+@@ -5718,6 +5733,12 @@
+ n, type, len);
+ n++;
+
++ if (off + len > rec_len || off + len < off)
++ {
++ fprintf (file, _(" Error: length larger than remaining space in record\n"));
++ return;
++ }
++
+ switch (type)
+ {
+ case EGSD__C_PSC:
+@@ -5958,6 +5979,12 @@
+ size = bfd_getl16 (etir->size);
+ buf = rec + off + sizeof (struct vms_etir);
+
++ if (off + size > rec_len || off + size < off)
++ {
++ fprintf (file, _(" Error: length larger than remaining space in record\n"));
++ return;
++ }
++
+ fprintf (file, _(" (type: %3u, size: 4+%3u): "), type, size - 4);
+ switch (type)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-30 17:08:43.612213596 +0530
++++ git/bfd/ChangeLog 2017-08-30 17:13:27.217438742 +0530
+@@ -5,6 +5,15 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
++ 2017-06-19 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21618
++ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
++ length.
++ (evax_bfd_print_eeom): Likewise.
++ (evax_bfd_print_egsd): Check for an overlarge record length.
++ (evax_bfd_print_etir): Likewise.
++
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove error reporting from
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch
new file mode 100644
index 0000000..503f655
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch
@@ -0,0 +1,375 @@
+commit ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jul 24 13:49:22 2017 +0100
+
+ Fix address violation errors parsing corrupt binary files.
+
+ PR 21813
+ binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
+ bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
+ of the relocs to the canonicalize_one_reloc routine.
+ * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
+ for the _bfd_mach_o_canonicalize_one_reloc field.
+ * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
+ res_base parameter. Use to check for corrupt pair relocs.
+ * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
+ Likewise.
+ * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
+ Likewise.
+ * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
+ Likewise.
+
+ * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
+ enough data in the record before attempting to parse it.
+ (_bfd_vms_slurp_eeom): Likewise.
+
+ (_bfd_vms_slurp_egsd): Check for an invalid section index.
+ (image_set_ptr): Likewise.
+ (alpha_vms_slurp_relocs): Likewise.
+
+ (alpha_vms_object_p): Check for a truncated record.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/mach-o-aarch64.c
+===================================================================
+--- git.orig/bfd/mach-o-aarch64.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-aarch64.c 2017-08-31 19:18:02.620442777 +0530
+@@ -147,9 +147,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_arm64_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_arm64_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base ATTRIBUTE_UNUSED)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+Index: git/bfd/mach-o-i386.c
+===================================================================
+--- git.orig/bfd/mach-o-i386.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-i386.c 2017-08-31 19:18:02.620442777 +0530
+@@ -112,9 +112,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_i386_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_i386_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+@@ -126,6 +128,9 @@
+ switch (reloc.r_type)
+ {
+ case BFD_MACH_O_GENERIC_RELOC_PAIR:
++ /* PR 21813: Check for a corrupt PAIR reloc at the start. */
++ if (res == res_base)
++ return FALSE;
+ if (reloc.r_length == 2)
+ {
+ res->howto = &i386_howto_table[7];
+@@ -391,9 +396,9 @@
+ { NULL, NULL }
+ };
+
+-#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc
+-#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out
+-#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread
++#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc
++#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out
++#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread
+
+ #define bfd_mach_o_tgt_seg_table mach_o_i386_segsec_names_xlat
+ #define bfd_mach_o_section_type_valid_for_tgt NULL
+Index: git/bfd/mach-o-x86-64.c
+===================================================================
+--- git.orig/bfd/mach-o-x86-64.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-x86-64.c 2017-08-31 19:18:02.620442777 +0530
+@@ -120,9 +120,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_x86_64_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_x86_64_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base ATTRIBUTE_UNUSED)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+Index: git/bfd/mach-o.c
+===================================================================
+--- git.orig/bfd/mach-o.c 2017-08-31 19:18:02.440441869 +0530
++++ git/bfd/mach-o.c 2017-08-31 19:18:02.620442777 +0530
+@@ -1496,7 +1496,7 @@
+ for (i = 0; i < count; i++)
+ {
+ if (!(*bed->_bfd_mach_o_canonicalize_one_reloc)(abfd, &native_relocs[i],
+- &res[i], syms))
++ &res[i], syms, res))
+ goto err;
+ }
+ free (native_relocs);
+Index: git/bfd/mach-o.h
+===================================================================
+--- git.orig/bfd/mach-o.h 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o.h 2017-08-31 19:18:02.620442777 +0530
+@@ -746,7 +746,7 @@
+ enum bfd_architecture arch;
+ bfd_vma page_size;
+ bfd_boolean (*_bfd_mach_o_canonicalize_one_reloc)
+- (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **);
++ (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **, arelent *);
+ bfd_boolean (*_bfd_mach_o_swap_reloc_out)(arelent *, bfd_mach_o_reloc_info *);
+ bfd_boolean (*_bfd_mach_o_print_thread)(bfd *, bfd_mach_o_thread_flavour *,
+ void *, char *);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-31 19:18:02.564442494 +0530
++++ git/bfd/ChangeLog 2017-08-31 19:18:02.620442777 +0530
+@@ -11,6 +11,30 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++ 2017-07-24 Nick Clifton <nickc@redhat.com>
++
++ PR 21813
++ * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
++ of the relocs to the canonicalize_one_reloc routine.
++ * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
++ for the _bfd_mach_o_canonicalize_one_reloc field.
++ * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
++ res_base parameter. Use to check for corrupt pair relocs.
++ * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
++ Likewise.
++ * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
++ Likewise.
++ * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
++ Likewise.
++
++ * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
++ enough data in the record before attempting to parse it.
++ (_bfd_vms_slurp_eeom): Likewise.
++
++ (_bfd_vms_slurp_egsd): Check for an invalid section index.
++ (image_set_ptr): Likewise.
++ (alpha_vms_slurp_relocs): Likewise.
++
+ 2017-07-19 Nick Clifton <nickc@redhat.com>
+
+ PR 21786
+Index: git/bfd/mach-o-arm.c
+===================================================================
+--- git.orig/bfd/mach-o-arm.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-arm.c 2017-08-31 19:18:02.620442777 +0530
+@@ -30,7 +30,7 @@
+ #define bfd_mach_o_mkobject bfd_mach_o_arm_mkobject
+
+ #define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_arm_canonicalize_one_reloc
+-#define bfd_mach_o_swap_reloc_out NULL
++#define bfd_mach_o_swap_reloc_out NULL
+ #define bfd_mach_o_bfd_reloc_type_lookup bfd_mach_o_arm_bfd_reloc_type_lookup
+ #define bfd_mach_o_bfd_reloc_name_lookup bfd_mach_o_arm_bfd_reloc_name_lookup
+
+@@ -147,9 +147,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_arm_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_arm_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+@@ -161,6 +163,9 @@
+ switch (reloc.r_type)
+ {
+ case BFD_MACH_O_ARM_RELOC_PAIR:
++ /* PR 21813: Check for a corrupt PAIR reloc at the start. */
++ if (res == res_base)
++ return FALSE;
+ if (reloc.r_length == 2)
+ {
+ res->howto = &arm_howto_table[7];
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-31 19:18:02.556442454 +0530
++++ git/bfd/vms-alpha.c 2017-08-31 19:20:56.233322607 +0530
+@@ -473,6 +473,14 @@
+
+ vms_debug2 ((8, "_bfd_vms_slurp_eihd\n"));
+
++ /* PR 21813: Check for an undersized record. */
++ if (PRIV (recrd.buf_size) < sizeof (* eihd))
++ {
++ _bfd_error_handler (_("Corrupt EIHD record - size is too small"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ size = bfd_getl32 (eihd->size);
+ imgtype = bfd_getl32 (eihd->imgtype);
+
+@@ -1255,19 +1263,39 @@
+ if (old_flags & EGSY__V_DEF)
+ {
+ struct vms_esdf *esdf = (struct vms_esdf *)vms_rec;
++ long psindx;
+
+ entry->value = bfd_getl64 (esdf->value);
+ if (PRIV (sections) == NULL)
+ return FALSE;
+- entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)];
++
++ psindx = bfd_getl32 (esdf->psindx);
++ /* PR 21813: Check for an out of range index. */
++ if (psindx < 0 || psindx >= (int) PRIV (section_count))
++ {
++ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++ psindx);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ entry->section = PRIV (sections)[psindx];
+
+ if (old_flags & EGSY__V_NORM)
+ {
+ PRIV (norm_sym_count)++;
+
+ entry->code_value = bfd_getl64 (esdf->code_address);
+- entry->code_section =
+- PRIV (sections)[bfd_getl32 (esdf->ca_psindx)];
++ psindx = bfd_getl32 (esdf->ca_psindx);
++ /* PR 21813: Check for an out of range index. */
++ if (psindx < 0 || psindx >= (int) PRIV (section_count))
++ {
++ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++ psindx);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ entry->code_section = PRIV (sections)[psindx];
++
+ }
+ }
+ }
+@@ -1294,9 +1322,20 @@
+
+ if (old_flags & EGSY__V_REL)
+ {
++ long psindx;
++
+ if (PRIV (sections) == NULL)
+ return FALSE;
+- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++ psindx = bfd_getl32 (egst->psindx);
++ /* PR 21813: Check for an out of range index. */
++ if (psindx < 0 || psindx >= (int) PRIV (section_count))
++ {
++ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++ psindx);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ entry->section = PRIV (sections)[psindx];
+ }
+ else
+ entry->section = bfd_abs_section_ptr;
+@@ -1387,6 +1426,10 @@
+
+ if (PRIV (sections) == NULL)
+ return;
++
++ if (sect < 0 || sect >= (int) PRIV (section_count))
++ return;
++
+ sec = PRIV (sections)[sect];
+
+ if (info)
+@@ -2360,6 +2403,14 @@
+
+ vms_debug2 ((2, "EEOM\n"));
+
++ /* PR 21813: Check for an undersized record. */
++ if (PRIV (recrd.buf_size) < sizeof (* eeom))
++ {
++ _bfd_error_handler (_("Corrupt EEOM record - size is too small"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ PRIV (eom_data).eom_l_total_lps = bfd_getl32 (eeom->total_lps);
+ PRIV (eom_data).eom_w_comcod = bfd_getl16 (eeom->comcod);
+ if (PRIV (eom_data).eom_w_comcod > 1)
+@@ -2540,6 +2591,10 @@
+ PRIV (recrd.buf_size) = PRIV (recrd.rec_size);
+ }
+
++ /* PR 21813: Check for a truncated record. */
++ if (PRIV (recrd.rec_size < test_len))
++ goto error_ret;
++
+ /* Read the remaining record. */
+ remaining = PRIV (recrd.rec_size) - test_len;
+ to_read = MIN (VMS_BLOCK_SIZE - test_len, remaining);
+@@ -5074,7 +5129,7 @@
+ }
+ else if (cur_psidx >= 0)
+ {
+- if (PRIV (sections) == NULL)
++ if (PRIV (sections) == NULL || cur_psidx >= (int) PRIV (section_count))
+ return FALSE;
+ reloc->sym_ptr_ptr =
+ PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-08-31 19:18:01.816438718 +0530
++++ git/binutils/ChangeLog 2017-08-31 19:18:02.624442798 +0530
+@@ -1,3 +1,9 @@
++2017-07-24 Nick Clifton <nickc@redhat.com>
++
++ PR 21813
++ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
++ string whilst concatenating symbol names.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
+Index: git/binutils/rddbg.c
+===================================================================
+--- git.orig/binutils/rddbg.c 2017-08-31 19:17:51.596387126 +0530
++++ git/binutils/rddbg.c 2017-08-31 19:18:02.624442798 +0530
+@@ -300,7 +300,8 @@
+
+ s = i.name;
+ f = NULL;
+- while (s[strlen (s) - 1] == '\\'
++ while (strlen (s) > 0
++ && s[strlen (s) - 1] == '\\'
+ && ps + 1 < symend)
+ {
+ char *sc, *n;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch
new file mode 100644
index 0000000..208bbba
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch
@@ -0,0 +1,113 @@
+commit cb06d03ad92ffcfaa09c3f065837cb39e9e1486d
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 21 11:13:49 2017 +0100
+
+ Fix address violation parsing a corrupt IEEE Alpha binary.
+
+ PR binutils/21637
+ * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section
+ list.
+ (image_set_ptr): Likewise.
+ (alpha_vms_fix_sec_rel): Likewise.
+ (alpha_vms_slurp_relocs): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-31 18:01:00.742098130 +0530
++++ git/bfd/vms-alpha.c 2017-08-31 18:01:06.000000000 +0530
+@@ -1257,6 +1257,8 @@
+ struct vms_esdf *esdf = (struct vms_esdf *)vms_rec;
+
+ entry->value = bfd_getl64 (esdf->value);
++ if (PRIV (sections) == NULL)
++ return FALSE;
+ entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)];
+
+ if (old_flags & EGSY__V_NORM)
+@@ -1291,7 +1293,11 @@
+ entry->symbol_vector = bfd_getl32 (egst->value);
+
+ if (old_flags & EGSY__V_REL)
+- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++ {
++ if (PRIV (sections) == NULL)
++ return FALSE;
++ entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++ }
+ else
+ entry->section = bfd_abs_section_ptr;
+
+@@ -1379,6 +1385,8 @@
+
+ vms_debug2 ((4, "image_set_ptr (0x%08x, sect=%d)\n", (unsigned)vma, sect));
+
++ if (PRIV (sections) == NULL)
++ return;
+ sec = PRIV (sections)[sect];
+
+ if (info)
+@@ -1691,7 +1699,12 @@
+ alpha_vms_fix_sec_rel (bfd *abfd, struct bfd_link_info *info,
+ unsigned int rel, bfd_vma vma)
+ {
+- asection *sec = PRIV (sections)[rel & RELC_MASK];
++ asection *sec;
++
++ if (PRIV (sections) == NULL)
++ return 0;
++
++ sec = PRIV (sections)[rel & RELC_MASK];
+
+ if (info)
+ {
+@@ -5000,6 +5013,8 @@
+ return FALSE;
+ }
+
++ if (PRIV (sections) == NULL)
++ return FALSE;
+ sec = PRIV (sections)[cur_psect];
+ if (sec == bfd_abs_section_ptr)
+ {
+@@ -5058,8 +5073,12 @@
+ reloc->sym_ptr_ptr = sym;
+ }
+ else if (cur_psidx >= 0)
+- reloc->sym_ptr_ptr =
+- PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
++ {
++ if (PRIV (sections) == NULL)
++ return FALSE;
++ reloc->sym_ptr_ptr =
++ PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
++ }
+ else
+ reloc->sym_ptr_ptr = NULL;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-31 18:01:06.000000000 +0530
++++ git/bfd/ChangeLog 2017-08-31 18:01:49.114384620 +0530
+@@ -31,7 +31,16 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
+- 2017-06-19 Nick Clifton <nickc@redhat.com>
++ 2017-06-21 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21637
++ * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section
++ list.
++ (image_set_ptr): Likewise.
++ (alpha_vms_fix_sec_rel): Likewise.
++ (alpha_vms_slurp_relocs): Likewise.
++
++2017-06-19 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21618
+ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch
new file mode 100644
index 0000000..23ddfcf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch
@@ -0,0 +1,384 @@
+commit 29866fa186ee3ebda5242221607dba360b2e541e
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jul 19 11:07:43 2017 +0100
+
+ Fix address violation when attempting to read a corrupt field in a COFF archive header structure.
+
+ PR 21786
+ * coff-rs6000.c (_bfd_strntol): New function.
+ (_bfd_strntoll): New function.
+ (GET_VALUE_IN_FIELD): New macro.
+ (EQ_VALUE_IN_FIELD): new macro.
+ (_bfd_xcoff_slurp_armap): Use new macros.
+ (_bfd_xcoff_archive_p): Likewise.
+ (_bfd_xcoff_read_ar_hdr): Likewise.
+ (_bfd_xcoff_openr_next_archived_file): Likewise.
+ (_bfd_xcoff_stat_arch_elt): Likewise.
+
+commit 6c4e7b6bfbc4679f695106de2817ecf02b27c8be
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jul 19 16:14:02 2017 +0100
+
+ Extend previous fix to coff-rs6000.c to coff64-rs6000.c
+
+ PR 21786
+ * coff64-rs6000.c (_bfd_strntol): New function.
+ (_bfd_strntoll): New function.
+ (GET_VALUE_IN_FIELD): New macro.
+ (xcoff64_slurp_armap): Use new macros.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-12451
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-31 16:07:20.966269193 +0530
++++ git/bfd/ChangeLog 2017-08-31 16:25:04.423155789 +0530
+@@ -13,6 +13,19 @@
+
+ 2017-07-19 Nick Clifton <nickc@redhat.com>
+
++ PR 21786
++ * coff-rs6000.c (_bfd_strntol): New function.
++ (_bfd_strntoll): New function.
++ (GET_VALUE_IN_FIELD): New macro.
++ (EQ_VALUE_IN_FIELD): new macro.
++ (_bfd_xcoff_slurp_armap): Use new macros.
++ (_bfd_xcoff_archive_p): Likewise.
++ (_bfd_xcoff_read_ar_hdr): Likewise.
++ (_bfd_xcoff_openr_next_archived_file): Likewise.
++ (_bfd_xcoff_stat_arch_elt): Likewise.
++
++2017-07-19 Nick Clifton <nickc@redhat.com>
++
+ PR 21787
+ * archive.c (bfd_generic_archive_p): If the bfd does not have the
+ correct magic bytes at the start, set the error to wrong format
+Index: git/bfd/coff-rs6000.c
+===================================================================
+--- git.orig/bfd/coff-rs6000.c 2017-08-31 16:07:14.278208353 +0530
++++ git/bfd/coff-rs6000.c 2017-08-31 16:24:05.414696722 +0530
+@@ -203,7 +203,8 @@
+ };
+
+ /* Information about one member of an archive. */
+-struct member_layout {
++struct member_layout
++{
+ /* The archive member that this structure describes. */
+ bfd *member;
+
+@@ -237,7 +238,8 @@
+ };
+
+ /* A structure used for iterating over the members of an archive. */
+-struct archive_iterator {
++struct archive_iterator
++{
+ /* The archive itself. */
+ bfd *archive;
+
+@@ -654,8 +656,6 @@
+ end:
+ return bfd_coff_auxesz (abfd);
+ }
+-
+-
+
+ /* The XCOFF reloc table. Actually, XCOFF relocations specify the
+ bitsize and whether they are signed or not, along with a
+@@ -663,7 +663,6 @@
+ different algorithms for putting in the reloc. Many of these
+ relocs need special_function entries, which I have not written. */
+
+-
+ reloc_howto_type xcoff_howto_table[] =
+ {
+ /* 0x00: Standard 32 bit relocation. */
+@@ -1185,6 +1184,51 @@
+ /* bfd_xcoff_archive_set_magic (abfd, magic); */
+ }
+
++/* PR 21786: The PE/COFF standard does not require NUL termination for any of
++ the ASCII fields in the archive headers. So in order to be able to extract
++ numerical values we provide our own versions of strtol and strtoll which
++ take a maximum length as an additional parameter. Also - just to save space,
++ we omit the endptr return parameter, since we know that it is never used. */
++
++static long
++_bfd_strntol (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[24]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtol (buf, NULL, base);
++}
++
++static long long
++_bfd_strntoll (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[32]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtoll (buf, NULL, base);
++}
++
++/* Macro to read an ASCII value stored in an archive header field. */
++#define GET_VALUE_IN_FIELD(VAR, FIELD) \
++ do \
++ { \
++ (VAR) = sizeof (VAR) > sizeof (long) \
++ ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \
++ : _bfd_strntol (FIELD, 10, sizeof FIELD); \
++ } \
++ while (0)
++
++#define EQ_VALUE_IN_FIELD(VAR, FIELD) \
++ (sizeof (VAR) > sizeof (long) \
++ ? (VAR) ==_bfd_strntoll (FIELD, 10, sizeof FIELD) \
++ : (VAR) == _bfd_strntol (FIELD, 10, sizeof FIELD))
++
+ /* Read in the armap of an XCOFF archive. */
+
+ bfd_boolean
+@@ -1209,7 +1253,7 @@
+ /* This is for the old format. */
+ struct xcoff_ar_hdr hdr;
+
+- off = strtol (xcoff_ardata (abfd)->symoff, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (off, xcoff_ardata (abfd)->symoff);
+ if (off == 0)
+ {
+ bfd_has_map (abfd) = FALSE;
+@@ -1225,12 +1269,12 @@
+ return FALSE;
+
+ /* Skip the name (normally empty). */
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG;
+ if (bfd_seek (abfd, off, SEEK_CUR) != 0)
+ return FALSE;
+
+- sz = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (sz, hdr.size);
+
+ /* Read in the entire symbol table. */
+ contents = (bfd_byte *) bfd_alloc (abfd, sz);
+@@ -1264,7 +1308,7 @@
+ /* This is for the new format. */
+ struct xcoff_ar_hdr_big hdr;
+
+- off = strtol (xcoff_ardata_big (abfd)->symoff, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (off, xcoff_ardata_big (abfd)->symoff);
+ if (off == 0)
+ {
+ bfd_has_map (abfd) = FALSE;
+@@ -1280,15 +1324,12 @@
+ return FALSE;
+
+ /* Skip the name (normally empty). */
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG;
+ if (bfd_seek (abfd, off, SEEK_CUR) != 0)
+ return FALSE;
+
+- /* XXX This actually has to be a call to strtoll (at least on 32-bit
+- machines) since the field width is 20 and there numbers with more
+- than 32 bits can be represented. */
+- sz = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (sz, hdr.size);
+
+ /* Read in the entire symbol table. */
+ contents = (bfd_byte *) bfd_alloc (abfd, sz);
+@@ -1393,8 +1434,8 @@
+ goto error_ret;
+ }
+
+- bfd_ardata (abfd)->first_file_filepos = strtol (hdr.firstmemoff,
+- (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (bfd_ardata (abfd)->first_file_filepos,
++ hdr.firstmemoff);
+
+ amt = SIZEOF_AR_FILE_HDR;
+ bfd_ardata (abfd)->tdata = bfd_zalloc (abfd, amt);
+@@ -1469,7 +1510,7 @@
+ return NULL;
+ }
+
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ amt = SIZEOF_AR_HDR + namlen + 1;
+ hdrp = (struct xcoff_ar_hdr *) bfd_alloc (abfd, amt);
+ if (hdrp == NULL)
+@@ -1486,7 +1527,7 @@
+ ((char *) hdrp)[SIZEOF_AR_HDR + namlen] = '\0';
+
+ ret->arch_header = (char *) hdrp;
+- ret->parsed_size = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size);
+ ret->filename = (char *) hdrp + SIZEOF_AR_HDR;
+ }
+ else
+@@ -1501,7 +1542,7 @@
+ return NULL;
+ }
+
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ amt = SIZEOF_AR_HDR_BIG + namlen + 1;
+ hdrp = (struct xcoff_ar_hdr_big *) bfd_alloc (abfd, amt);
+ if (hdrp == NULL)
+@@ -1518,10 +1559,7 @@
+ ((char *) hdrp)[SIZEOF_AR_HDR_BIG + namlen] = '\0';
+
+ ret->arch_header = (char *) hdrp;
+- /* XXX This actually has to be a call to strtoll (at least on 32-bit
+- machines) since the field width is 20 and there numbers with more
+- than 32 bits can be represented. */
+- ret->parsed_size = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size);
+ ret->filename = (char *) hdrp + SIZEOF_AR_HDR_BIG;
+ }
+
+@@ -1550,14 +1588,11 @@
+ if (last_file == NULL)
+ filestart = bfd_ardata (archive)->first_file_filepos;
+ else
+- filestart = strtol (arch_xhdr (last_file)->nextoff, (char **) NULL,
+- 10);
++ GET_VALUE_IN_FIELD (filestart, arch_xhdr (last_file)->nextoff);
+
+ if (filestart == 0
+- || filestart == strtol (xcoff_ardata (archive)->memoff,
+- (char **) NULL, 10)
+- || filestart == strtol (xcoff_ardata (archive)->symoff,
+- (char **) NULL, 10))
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->memoff)
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->symoff))
+ {
+ bfd_set_error (bfd_error_no_more_archived_files);
+ return NULL;
+@@ -1568,20 +1603,11 @@
+ if (last_file == NULL)
+ filestart = bfd_ardata (archive)->first_file_filepos;
+ else
+- /* XXX These actually have to be a calls to strtoll (at least
+- on 32-bit machines) since the fields's width is 20 and
+- there numbers with more than 32 bits can be represented. */
+- filestart = strtol (arch_xhdr_big (last_file)->nextoff, (char **) NULL,
+- 10);
+-
+- /* XXX These actually have to be calls to strtoll (at least on 32-bit
+- machines) since the fields's width is 20 and there numbers with more
+- than 32 bits can be represented. */
++ GET_VALUE_IN_FIELD (filestart, arch_xhdr_big (last_file)->nextoff);
++
+ if (filestart == 0
+- || filestart == strtol (xcoff_ardata_big (archive)->memoff,
+- (char **) NULL, 10)
+- || filestart == strtol (xcoff_ardata_big (archive)->symoff,
+- (char **) NULL, 10))
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->memoff)
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->symoff))
+ {
+ bfd_set_error (bfd_error_no_more_archived_files);
+ return NULL;
+@@ -1606,20 +1632,20 @@
+ {
+ struct xcoff_ar_hdr *hdrp = arch_xhdr (abfd);
+
+- s->st_mtime = strtol (hdrp->date, (char **) NULL, 10);
+- s->st_uid = strtol (hdrp->uid, (char **) NULL, 10);
+- s->st_gid = strtol (hdrp->gid, (char **) NULL, 10);
+- s->st_mode = strtol (hdrp->mode, (char **) NULL, 8);
++ GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date);
++ GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid);
++ GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid);
++ GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode);
+ s->st_size = arch_eltdata (abfd)->parsed_size;
+ }
+ else
+ {
+ struct xcoff_ar_hdr_big *hdrp = arch_xhdr_big (abfd);
+
+- s->st_mtime = strtol (hdrp->date, (char **) NULL, 10);
+- s->st_uid = strtol (hdrp->uid, (char **) NULL, 10);
+- s->st_gid = strtol (hdrp->gid, (char **) NULL, 10);
+- s->st_mode = strtol (hdrp->mode, (char **) NULL, 8);
++ GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date);
++ GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid);
++ GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid);
++ GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode);
+ s->st_size = arch_eltdata (abfd)->parsed_size;
+ }
+
+Index: git/bfd/coff64-rs6000.c
+===================================================================
+--- git.orig/bfd/coff64-rs6000.c 2017-08-31 16:07:14.282208390 +0530
++++ git/bfd/coff64-rs6000.c 2017-08-31 16:28:43.228864485 +0530
+@@ -1852,6 +1852,46 @@
+ return NULL;
+ }
+
++/* PR 21786: The PE/COFF standard does not require NUL termination for any of
++ the ASCII fields in the archive headers. So in order to be able to extract
++ numerical values we provide our own versions of strtol and strtoll which
++ take a maximum length as an additional parameter. Also - just to save space,
++ we omit the endptr return parameter, since we know that it is never used. */
++
++static long
++_bfd_strntol (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[24]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtol (buf, NULL, base);
++}
++
++static long long
++_bfd_strntoll (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[32]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtoll (buf, NULL, base);
++}
++
++/* Macro to read an ASCII value stored in an archive header field. */
++#define GET_VALUE_IN_FIELD(VAR, FIELD) \
++ do \
++ { \
++ (VAR) = sizeof (VAR) > sizeof (long) \
++ ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \
++ : _bfd_strntol (FIELD, 10, sizeof FIELD); \
++ } \
++ while (0)
++
+ /* Read in the armap of an XCOFF archive. */
+
+ static bfd_boolean
+@@ -1892,7 +1932,7 @@
+ return FALSE;
+
+ /* Skip the name (normally empty). */
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ pos = ((namlen + 1) & ~(size_t) 1) + SXCOFFARFMAG;
+ if (bfd_seek (abfd, pos, SEEK_CUR) != 0)
+ return FALSE;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
new file mode 100644
index 0000000..09d5143
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
@@ -0,0 +1,45 @@
+commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Fri Sep 22 14:15:40 2017 -0700
+
+x86: Guard against corrupted PLT
+
+There should be only one entry in PLT for a given symbol. Set howto to
+NULL after processing a PLT entry to guard against corrupted PLT so that
+the duplicated PLT entries are skipped.
+
+PR binutils/22170
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-14729
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/elf-ifunc.c
+===================================================================
+--- git.orig/bfd/elf-ifunc.c 2017-11-08 12:34:22.063320490 +0530
++++ git/bfd/elf-ifunc.c 2017-11-08 12:34:29.995404891 +0530
+@@ -473,6 +473,10 @@
+ memcpy (names, "@plt", sizeof ("@plt"));
+ names += sizeof ("@plt");
+ ++s, ++n;
++ /* There should be only one entry in PLT for a given
++ symbol. Set howto to NULL after processing a PLT
++ entry to guard against corrupted PLT. */
++ p->howto = NULL;
+ }
+
+ free (plt_sym_val);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-08 12:34:29.939404297 +0530
++++ git/bfd/ChangeLog 2017-11-08 12:35:55.660271599 +0530
+@@ -1,3 +1,9 @@
++2017-09-22 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/22170
++ * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
++ corrupted PLT.
++
+ 2017-07-27 Nick Clifton <nickc@redhat.com>
+
+ PR 21840
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch
new file mode 100644
index 0000000..ef42b13
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch
@@ -0,0 +1,241 @@
+commit 52a93b95ec0771c97e26f0bb28630a271a667bd2
+Author: Alan Modra <amodra@gmail.com>
+Date: Sun Sep 24 14:37:16 2017 +0930
+
+ PR22187, infinite loop in find_abstract_instance_name
+
+ This patch prevents the simple case of infinite recursion in
+ find_abstract_instance_name by ensuring that the attributes being
+ processed are not the same as the previous call.
+
+ The patch also does a little cleanup, and leaves in place some changes
+ to the nested_funcs array that I made when I wrongly thought looping
+ might occur in scan_unit_for_symbols.
+
+ PR 22187
+ * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
+ pname param. Return status. Make name const. Don't abort,
+ return an error. Formatting. Exit if current info_ptr matches
+ orig_info_ptr. Update callers.
+ (scan_unit_for_symbols): Start at nesting_level of zero. Make
+ nested_funcs an array of structs for extensibility. Formatting.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15024
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c 2017-11-08 12:44:59.198052588 +0530
++++ git/bfd/dwarf2.c 2017-11-08 12:45:10.670155730 +0530
+@@ -2273,9 +2273,11 @@
+ return FALSE;
+ }
+
+-static char *
++static bfd_boolean
+ find_abstract_instance_name (struct comp_unit *unit,
++ bfd_byte *orig_info_ptr,
+ struct attribute *attr_ptr,
++ const char **pname,
+ bfd_boolean *is_linkage)
+ {
+ bfd *abfd = unit->abfd;
+@@ -2285,7 +2287,7 @@
+ struct abbrev_info *abbrev;
+ bfd_uint64_t die_ref = attr_ptr->u.val;
+ struct attribute attr;
+- char *name = NULL;
++ const char *name = NULL;
+
+ /* DW_FORM_ref_addr can reference an entry in a different CU. It
+ is an offset from the .debug_info section, not the current CU. */
+@@ -2294,7 +2296,12 @@
+ /* We only support DW_FORM_ref_addr within the same file, so
+ any relocations should be resolved already. */
+ if (!die_ref)
+- abort ();
++ {
++ _bfd_error_handler
++ (_("Dwarf Error: Abstract instance DIE ref zero."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
+
+ info_ptr = unit->sec_info_ptr + die_ref;
+ info_ptr_end = unit->end_ptr;
+@@ -2329,9 +2336,10 @@
+ (*_bfd_error_handler)
+ (_("Dwarf Error: Unable to read alt ref %u."), die_ref);
+ bfd_set_error (bfd_error_bad_value);
+- return NULL;
++ return FALSE;
+ }
+- info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size;
++ info_ptr_end = (unit->stash->alt_dwarf_info_buffer
++ + unit->stash->alt_dwarf_info_size);
+
+ /* FIXME: Do we need to locate the correct CU, in a similar
+ fashion to the code in the DW_FORM_ref_addr case above ? */
+@@ -2353,6 +2361,7 @@
+ (*_bfd_error_handler)
+ (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number);
+ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
+ }
+ else
+ {
+@@ -2362,6 +2371,15 @@
+ info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+ break;
++ /* It doesn't ever make sense for DW_AT_specification to
++ refer to the same DIE. Stop simple recursion. */
++ if (info_ptr == orig_info_ptr)
++ {
++ _bfd_error_handler
++ (_("Dwarf Error: Abstract instance recursion detected."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
+ switch (attr.name)
+ {
+ case DW_AT_name:
+@@ -2375,7 +2393,9 @@
+ }
+ break;
+ case DW_AT_specification:
+- name = find_abstract_instance_name (unit, &attr, is_linkage);
++ if (!find_abstract_instance_name (unit, info_ptr, &attr,
++ pname, is_linkage))
++ return FALSE;
+ break;
+ case DW_AT_linkage_name:
+ case DW_AT_MIPS_linkage_name:
+@@ -2393,7 +2413,8 @@
+ }
+ }
+ }
+- return name;
++ *pname = name;
++ return TRUE;
+ }
+
+ static bfd_boolean
+@@ -2454,20 +2475,22 @@
+ bfd *abfd = unit->abfd;
+ bfd_byte *info_ptr = unit->first_child_die_ptr;
+ bfd_byte *info_ptr_end = unit->stash->info_ptr_end;
+- int nesting_level = 1;
+- struct funcinfo **nested_funcs;
++ int nesting_level = 0;
++ struct nest_funcinfo {
++ struct funcinfo *func;
++ } *nested_funcs;
+ int nested_funcs_size;
+
+ /* Maintain a stack of in-scope functions and inlined functions, which we
+ can use to set the caller_func field. */
+ nested_funcs_size = 32;
+- nested_funcs = (struct funcinfo **)
+- bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *));
++ nested_funcs = (struct nest_funcinfo *)
++ bfd_malloc (nested_funcs_size * sizeof (*nested_funcs));
+ if (nested_funcs == NULL)
+ return FALSE;
+- nested_funcs[nesting_level] = 0;
++ nested_funcs[nesting_level].func = 0;
+
+- while (nesting_level)
++ while (nesting_level >= 0)
+ {
+ unsigned int abbrev_number, bytes_read, i;
+ struct abbrev_info *abbrev;
+@@ -2516,13 +2539,13 @@
+ BFD_ASSERT (!unit->cached);
+
+ if (func->tag == DW_TAG_inlined_subroutine)
+- for (i = nesting_level - 1; i >= 1; i--)
+- if (nested_funcs[i])
++ for (i = nesting_level; i-- != 0; )
++ if (nested_funcs[i].func)
+ {
+- func->caller_func = nested_funcs[i];
++ func->caller_func = nested_funcs[i].func;
+ break;
+ }
+- nested_funcs[nesting_level] = func;
++ nested_funcs[nesting_level].func = func;
+ }
+ else
+ {
+@@ -2541,12 +2564,13 @@
+ }
+
+ /* No inline function in scope at this nesting level. */
+- nested_funcs[nesting_level] = 0;
++ nested_funcs[nesting_level].func = 0;
+ }
+
+ for (i = 0; i < abbrev->num_attrs; ++i)
+ {
+- info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end);
++ info_ptr = read_attribute (&attr, &abbrev->attrs[i],
++ unit, info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+ goto fail;
+
+@@ -2565,8 +2589,10 @@
+
+ case DW_AT_abstract_origin:
+ case DW_AT_specification:
+- func->name = find_abstract_instance_name (unit, &attr,
+- &func->is_linkage);
++ if (!find_abstract_instance_name (unit, info_ptr, &attr,
++ &func->name,
++ &func->is_linkage))
++ goto fail;
+ break;
+
+ case DW_AT_name:
+@@ -2691,17 +2717,17 @@
+
+ if (nesting_level >= nested_funcs_size)
+ {
+- struct funcinfo **tmp;
++ struct nest_funcinfo *tmp;
+
+ nested_funcs_size *= 2;
+- tmp = (struct funcinfo **)
++ tmp = (struct nest_funcinfo *)
+ bfd_realloc (nested_funcs,
+- nested_funcs_size * sizeof (struct funcinfo *));
++ nested_funcs_size * sizeof (*nested_funcs));
+ if (tmp == NULL)
+ goto fail;
+ nested_funcs = tmp;
+ }
+- nested_funcs[nesting_level] = 0;
++ nested_funcs[nesting_level].func = 0;
+ }
+ }
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-08 12:45:10.614155229 +0530
++++ git/bfd/ChangeLog 2017-11-08 12:46:55.791054918 +0530
+@@ -1,3 +1,13 @@
++2017-09-24 Alan Modra <amodra@gmail.com>
++
++ PR 22187
++ * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
++ pname param. Return status. Make name const. Don't abort,
++ return an error. Formatting. Exit if current info_ptr matches
++ orig_info_ptr. Update callers.
++ (scan_unit_for_symbols): Start at nesting_level of zero. Make
++ nested_funcs an array of structs for extensibility. Formatting.
++
+ 2017-09-22 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/22170
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch
new file mode 100644
index 0000000..25d6f3a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch
@@ -0,0 +1,153 @@
+commit 1b86808a86077722ee4f42ff97f836b12420bb2a
+Author: Alan Modra <amodra@gmail.com>
+Date: Tue Sep 26 21:47:24 2017 +0930
+
+ PR22209, invalid memory read in find_abstract_instance_name
+
+ This patch adds bounds checking for DW_FORM_ref_addr die refs, and
+ calculates them relative to the first .debug_info section. See the
+ big comment for why calculating relative to the current .debug_info
+ section was wrong for relocatable object files.
+
+ PR 22209
+ * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
+ (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
+ to stash->info_ptr_memory, and check die_ref is within that memory.
+ Set info_ptr_end correctly when another CU is refd. Check die_ref
+ for DW_FORM_ref4 etc. is within CU.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15938
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c 2017-11-07 18:52:19.896253364 +0530
++++ git/bfd/dwarf2.c 2017-11-07 18:52:19.952253802 +0530
+@@ -119,8 +119,7 @@
+
+ /* A pointer to the memory block allocated for info_ptr. Neither
+ info_ptr nor sec_info_ptr are guaranteed to stay pointing to the
+- beginning of the malloc block. This is used only to free the
+- memory later. */
++ beginning of the malloc block. */
+ bfd_byte *info_ptr_memory;
+
+ /* Pointer to the symbol table. */
+@@ -238,9 +237,6 @@
+ by its reference. */
+ bfd_byte *info_ptr_unit;
+
+- /* Pointer to the start of the debug section, for DW_FORM_ref_addr. */
+- bfd_byte *sec_info_ptr;
+-
+ /* The offset into .debug_line of the line number table. */
+ unsigned long line_offset;
+
+@@ -2294,21 +2290,37 @@
+ if (attr_ptr->form == DW_FORM_ref_addr)
+ {
+ /* We only support DW_FORM_ref_addr within the same file, so
+- any relocations should be resolved already. */
+- if (!die_ref)
++ any relocations should be resolved already. Check this by
++ testing for a zero die_ref; There can't be a valid reference
++ to the header of a .debug_info section.
++ DW_FORM_ref_addr is an offset relative to .debug_info.
++ Normally when using the GNU linker this is accomplished by
++ emitting a symbolic reference to a label, because .debug_info
++ sections are linked at zero. When there are multiple section
++ groups containing .debug_info, as there might be in a
++ relocatable object file, it would be reasonable to assume that
++ a symbolic reference to a label in any .debug_info section
++ might be used. Since we lay out multiple .debug_info
++ sections at non-zero VMAs (see place_sections), and read
++ them contiguously into stash->info_ptr_memory, that means
++ the reference is relative to stash->info_ptr_memory. */
++ size_t total;
++
++ info_ptr = unit->stash->info_ptr_memory;
++ info_ptr_end = unit->stash->info_ptr_end;
++ total = info_ptr_end - info_ptr;
++ if (!die_ref || die_ref >= total)
+ {
+ _bfd_error_handler
+- (_("Dwarf Error: Abstract instance DIE ref zero."));
++ (_("Dwarf Error: Invalid abstract instance DIE ref."));
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+-
+- info_ptr = unit->sec_info_ptr + die_ref;
+- info_ptr_end = unit->end_ptr;
++ info_ptr += die_ref;
+
+ /* Now find the CU containing this pointer. */
+ if (info_ptr >= unit->info_ptr_unit && info_ptr < unit->end_ptr)
+- ;
++ info_ptr_end = unit->end_ptr;
+ else
+ {
+ /* Check other CUs to see if they contain the abbrev. */
+@@ -2324,7 +2336,10 @@
+ break;
+
+ if (u)
+- unit = u;
++ {
++ unit = u;
++ info_ptr_end = unit->end_ptr;
++ }
+ /* else FIXME: What do we do now ? */
+ }
+ }
+@@ -2346,8 +2361,22 @@
+ }
+ else
+ {
+- info_ptr = unit->info_ptr_unit + die_ref;
++ /* DW_FORM_ref1, DW_FORM_ref2, DW_FORM_ref4, DW_FORM_ref8 or
++ DW_FORM_ref_udata. These are all references relative to the
++ start of the current CU. */
++ size_t total;
++
++ info_ptr = unit->info_ptr_unit;
+ info_ptr_end = unit->end_ptr;
++ total = info_ptr_end - info_ptr;
++ if (!die_ref || die_ref >= total)
++ {
++ _bfd_error_handler
++ (_("Dwarf Error: Invalid abstract instance DIE ref."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ info_ptr += die_ref;
+ }
+
+ abbrev_number = safe_read_leb128 (abfd, info_ptr, &bytes_read, FALSE, info_ptr_end);
+@@ -2846,7 +2875,6 @@
+ unit->end_ptr = end_ptr;
+ unit->stash = stash;
+ unit->info_ptr_unit = info_ptr_unit;
+- unit->sec_info_ptr = stash->sec_info_ptr;
+
+ for (i = 0; i < abbrev->num_attrs; ++i)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-07 18:52:19.900253395 +0530
++++ git/bfd/ChangeLog 2017-11-07 18:53:29.668799630 +0530
+@@ -1,3 +1,12 @@
++2017-09-26 Alan Modra <amodra@gmail.com>
++
++ PR 22209
++ * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
++ (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
++ to stash->info_ptr_memory, and check die_ref is within that memory.
++ Set info_ptr_end correctly when another CU is refd. Check die_ref
++ for DW_FORM_ref4 etc. is within CU.
++
+ 2017-09-24 Alan Modra <amodra@gmail.com>
+
+ PR 22187
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
new file mode 100644
index 0000000..eb9fc6f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
@@ -0,0 +1,40 @@
+commit 69ace2200106348a1b00d509a6a234337c104c17
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Dec 1 15:20:19 2016 +0000
+
+ Fix seg fault attempting to unget an EOF character.
+
+ PR gas/20898
+ * app.c (do_scrub_chars): Do not attempt to unget EOF.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7223
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog 2017-09-04 12:42:08.941602299 +0530
++++ git/gas/ChangeLog 2017-09-04 12:48:28.863820763 +0530
+@@ -1,3 +1,8 @@
++2016-12-01 Nick Clifton <nickc@redhat.com>
++
++ PR gas/20898
++ * app.c (do_scrub_chars): Do not attempt to unget EOF.
++
+ 2016-08-05 Nick Clifton <nickc@redhat.com>
+
+ PR gas/20364
+Index: git/gas/app.c
+===================================================================
+--- git.orig/gas/app.c 2017-09-04 12:42:05.261580103 +0530
++++ git/gas/app.c 2017-09-04 12:47:19.923428673 +0530
+@@ -1187,7 +1187,7 @@
+ state = -2;
+ break;
+ }
+- else
++ else if (ch2 != EOF)
+ {
+ UNGET (ch2);
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
new file mode 100644
index 0000000..fb9ce90
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
@@ -0,0 +1,48 @@
+commit e82ab856bb4689330c29fb9f1c57a8555b26380e
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Dec 1 10:49:39 2016 +0000
+
+ Fix a seg-fault disassembling a corrupt binary.
+
+ PR binutils/20892
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7224
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530
++++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530
+@@ -120,6 +120,10 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++ PR binutils/20892
++ * aoutx.h (find_nearest_line): Handle the case where the function
++ name is empty.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530
++++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530
+@@ -2819,6 +2819,13 @@
+ const char *function = func->name;
+ char *colon;
+
++ if (buf == NULL)
++ {
++ /* PR binutils/20892: In a corrupt input file func can be empty. */
++ * functionname_ptr = NULL;
++ return TRUE;
++ }
++
+ /* The caller expects a symbol name. We actually have a
+ function name, without the leading underscore. Put the
+ underscore back in, so that the caller gets a symbol name. */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
new file mode 100644
index 0000000..699905a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
@@ -0,0 +1,66 @@
+commit 50455f1ab2935f7321215dfa681745c9b1cb5b19
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Dec 1 10:15:07 2016 +0000
+
+ Fix seg-fault running addr2line on a corrupt binary.
+
+ PR binutils/20891
+ * aoutx.h (find_nearest_line): Handle the case where the main file
+ name and the directory name are both empty.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7225
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530
++++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530
+@@ -120,6 +120,12 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++2016-12-01 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/20891
++ * aoutx.h (find_nearest_line): Handle the case where the main file
++ name and the directory name are both empty.
++
+ PR binutils/20892
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530
++++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530
+@@ -2663,7 +2663,7 @@
+ char *buf;
+
+ *filename_ptr = abfd->filename;
+- *functionname_ptr = 0;
++ *functionname_ptr = NULL;
+ *line_ptr = 0;
+ if (disriminator_ptr)
+ *disriminator_ptr = 0;
+@@ -2808,9 +2808,17 @@
+ *filename_ptr = main_file_name;
+ else
+ {
+- sprintf (buf, "%s%s", directory_name, main_file_name);
+- *filename_ptr = buf;
+- buf += filelen + 1;
++ if (buf == NULL)
++ /* PR binutils/20891: In a corrupt input file both
++ main_file_name and directory_name can be empty... */
++ * filename_ptr = NULL;
++ else
++ {
++ snprintf (buf, filelen + 1, "%s%s", directory_name,
++ main_file_name);
++ *filename_ptr = buf;
++ buf += filelen + 1;
++ }
+ }
+ }
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch
new file mode 100644
index 0000000..7525f34
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch
@@ -0,0 +1,42 @@
+Fix seg-fault in the binutils utilities when reading a corrupt input file.
+
+PR binutils/20905
+* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+the end of the string buffer.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7226
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-23 13:59:16.868424171 +0530
++++ git/bfd/ChangeLog 2017-08-23 14:03:22.683013823 +0530
+@@ -39,6 +39,12 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++2016-12-05 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/20905
++ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
++ the end of the string buffer.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h 2017-08-23 13:59:06.948319100 +0530
++++ git/bfd/peicode.h 2017-08-23 13:59:16.920424722 +0530
+@@ -1264,7 +1264,8 @@
+ }
+
+ symbol_name = (char *) ptr;
+- source_dll = symbol_name + strlen (symbol_name) + 1;
++ /* See PR 20905 for an example of where the strnlen is necessary. */
++ source_dll = symbol_name + strnlen (symbol_name, size - 1) + 1;
+
+ /* Verify that the strings are null terminated. */
+ if (ptr[size - 1] != 0
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
new file mode 100644
index 0000000..1fa98e1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
@@ -0,0 +1,49 @@
+commit 406bd128dba2a59d0736839fc87a59bce319076c
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 16:00:43 2016 +0000
+
+ Fix seg-fault in linker when passed a bogus input script.
+
+ PR ld/20906
+ * ldlex.l: Check for bogus strings in linker scripts.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7227
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog 2017-09-04 13:18:09.660584245 +0530
++++ git/ld/ChangeLog 2017-09-04 13:20:34.286155911 +0530
+@@ -1,3 +1,8 @@
++2016-12-05 Nick Clifton <nickc@redhat.com>
++
++ PR ld/20906
++ * ldlex.l: Check for bogus strings in linker scripts.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+Index: git/ld/ldlex.l
+===================================================================
+--- git.orig/ld/ldlex.l 2017-09-04 13:18:09.692584605 +0530
++++ git/ld/ldlex.l 2017-09-04 13:22:54.483583368 +0530
+@@ -416,9 +416,15 @@
+
+ <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
+ /* No matter the state, quotes
+- give what's inside */
++ give what's inside. */
++ bfd_size_type len;
+ yylval.name = xstrdup (yytext + 1);
+- yylval.name[yyleng - 2] = 0;
++ /* PR ld/20906. A corrupt input file
++ can contain bogus strings. */
++ len = strlen (yylval.name);
++ if (len > yyleng - 2)
++ len = yyleng - 2;
++ yylval.name[len] = 0;
+ return NAME;
+ }
+ <BOTH,SCRIPT,EXPRESSION>"\n" { lineno++;}
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch
new file mode 100644
index 0000000..50a48bc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch
@@ -0,0 +1,47 @@
+commit d7f399a8de4c55eb841db6493597a587fac002de
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Dec 2 17:46:26 2016 +0000
+
+ Fix seg-fault in linker when passed a corrupt binary input file.
+
+ PR lf/20908
+ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
+ when following indirect links.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:26.337333504 +0530
++++ git/bfd/elflink.c 2017-09-20 14:20:19.000000000 +0530
+@@ -11201,6 +11201,12 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
++ /* See PR 20908 for a reproducer. */
++ if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
++ {
++ _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
++ goto error_return;
++ }
+ esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:20:19.000000000 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:23:48.743556932 +0530
+@@ -192,6 +192,10 @@
+
+ 2016-12-02 Nick Clifton <nickc@redhat.com>
+
++ PR lf/20908
++ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
++ when following indirect links.
++
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch
new file mode 100644
index 0000000..7691b12
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch
@@ -0,0 +1,120 @@
+commit a961cdd5f139d3c3e09170db52bd8df7dafae13f
+Author: Alan Modra <amodra@gmail.com>
+Date: Thu Dec 15 21:29:44 2016 +1030
+
+ Linking non-ELF file broken by PR20908 fix
+
+ PR ld/20968
+ PR ld/20908
+ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
+ reloc counting code later after ELF flavour test.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:28.133343092 +0530
++++ git/bfd/elflink.c 2017-09-20 14:15:28.189343391 +0530
+@@ -11201,13 +11201,6 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
+- /* See PR 20908 for a reproducer. */
+- if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
+- {
+- _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
+- goto error_return;
+- }
+- esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+ link. This will normally be every section. We need
+@@ -11218,37 +11211,18 @@
+ if (sec->flags & SEC_MERGE)
+ merged = TRUE;
+
+- if (esdo->this_hdr.sh_type == SHT_REL
+- || esdo->this_hdr.sh_type == SHT_RELA)
+- /* Some backends use reloc_count in relocation sections
+- to count particular types of relocs. Of course,
+- reloc sections themselves can't have relocations. */
+- reloc_count = 0;
+- else if (emit_relocs)
+- {
+- reloc_count = sec->reloc_count;
+- if (bed->elf_backend_count_additional_relocs)
+- {
+- int c;
+- c = (*bed->elf_backend_count_additional_relocs) (sec);
+- additional_reloc_count += c;
+- }
+- }
+- else if (bed->elf_backend_count_relocs)
+- reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
+-
+ if (sec->rawsize > max_contents_size)
+ max_contents_size = sec->rawsize;
+ if (sec->size > max_contents_size)
+ max_contents_size = sec->size;
+
+- /* We are interested in just local symbols, not all
+- symbols. */
+ if (bfd_get_flavour (sec->owner) == bfd_target_elf_flavour
+ && (sec->owner->flags & DYNAMIC) == 0)
+ {
+ size_t sym_count;
+
++ /* We are interested in just local symbols, not all
++ symbols. */
+ if (elf_bad_symtab (sec->owner))
+ sym_count = (elf_tdata (sec->owner)->symtab_hdr.sh_size
+ / bed->s->sizeof_sym);
+@@ -11262,6 +11236,27 @@
+ && elf_symtab_shndx_list (sec->owner) != NULL)
+ max_sym_shndx_count = sym_count;
+
++ if (esdo->this_hdr.sh_type == SHT_REL
++ || esdo->this_hdr.sh_type == SHT_RELA)
++ /* Some backends use reloc_count in relocation sections
++ to count particular types of relocs. Of course,
++ reloc sections themselves can't have relocations. */
++ ;
++ else if (emit_relocs)
++ {
++ reloc_count = sec->reloc_count;
++ if (bed->elf_backend_count_additional_relocs)
++ {
++ int c;
++ c = (*bed->elf_backend_count_additional_relocs) (sec);
++ additional_reloc_count += c;
++ }
++ }
++ else if (bed->elf_backend_count_relocs)
++ reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
++
++ esdi = elf_section_data (sec);
++
+ if ((sec->flags & SEC_RELOC) != 0)
+ {
+ size_t ext_size = 0;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:15:28.013342453 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:19:06.990419395 +0530
+@@ -156,6 +156,13 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++2016-12-15 Alan Modra <amodra@gmail.com>
++
++ PR ld/20968
++ PR ld/20908
++ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
++ reloc counting code later after ELF flavour test.
++
+ 2016-12-06 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20931
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
new file mode 100644
index 0000000..c4432e7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
@@ -0,0 +1,55 @@
+From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 2 Dec 2016 16:41:14 +0000
+Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
+
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7300
+VER: < 2.27-r0.9.1
+Signed-off-by: Manjunath Matti <mmatti@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/aoutx.h | 3 +--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index d061e66..c8085e7 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -175,6 +175,12 @@
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
++2016-12-02 Nick Clifton <nickc@redhat.com>
++
++ PR ld/20909
++ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
++ for an illegal string offset.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+diff --git a/bfd/aoutx.h b/bfd/aoutx.h
+index 4308679..b9ac2b7 100644
+--- a/bfd/aoutx.h
++++ b/bfd/aoutx.h
+@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+ continue;
+
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ name = strings + GET_WORD (abfd, p->e_strx);
+-
+ value = GET_WORD (abfd, p->e_value);
+ flags = BSF_GLOBAL;
+ string = NULL;
+--
+2.9.3
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
new file mode 100644
index 0000000..36b4259
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
@@ -0,0 +1,52 @@
+commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 12:25:34 2016 +0000
+
+ Fix seg-fault in linker parsing a corrupt input file.
+
+ PR ld/20924
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7301
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/ChangeLog 2017-09-04 15:51:36.573466525 +0530
+@@ -120,6 +120,10 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++ PR ld/20924
++ (aout_link_add_symbols): Fix off by one error checking for
++ overflow of string offset.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/aoutx.h 2017-09-04 15:49:36.500479341 +0530
+@@ -3091,7 +3091,7 @@
+ BFD_ASSERT (p + 1 < pend);
+ ++p;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ string = strings + GET_WORD (abfd, p->e_strx);
+ section = bfd_ind_section_ptr;
+@@ -3127,7 +3127,7 @@
+ ++p;
+ string = name;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ name = strings + GET_WORD (abfd, p->e_strx);
+ section = bfd_und_section_ptr;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch
new file mode 100644
index 0000000..a45de0e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch
@@ -0,0 +1,81 @@
+commit e2996cc315d6ea242e1a954dc20246485ccc8512
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 14:32:30 2016 +0000
+
+ Fix seg-fault running strip on a corrupt binary.
+
+ PR binutils/20921
+ * aoutx.h (squirt_out_relocs): Check for and report any relocs
+ that could not be recognised.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7302
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 15:57:38.564419146 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:02:31.994883900 +0530
+@@ -124,6 +124,10 @@
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
++ PR binutils/20921
++ * aoutx.h (squirt_out_relocs): Check for and report any relocs
++ that could not be recognised.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 15:57:38.564419146 +0530
++++ git/bfd/aoutx.h 2017-09-04 16:01:08.830188291 +0530
+@@ -1952,6 +1952,7 @@
+
+ PUT_WORD (abfd, g->address, natptr->r_address);
+
++ BFD_ASSERT (g->howto != NULL);
+ r_length = g->howto->size ; /* Size as a power of two. */
+ r_pcrel = (int) g->howto->pc_relative; /* Relative to PC? */
+ /* XXX This relies on relocs coming from a.out files. */
+@@ -2390,16 +2391,34 @@
+ for (natptr = native;
+ count != 0;
+ --count, natptr += each_size, ++generic)
+- MY_swap_ext_reloc_out (abfd, *generic,
+- (struct reloc_ext_external *) natptr);
++ {
++ if ((*generic)->howto == NULL)
++ {
++ bfd_set_error (bfd_error_invalid_operation);
++ _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd);
++ return FALSE;
++ }
++ MY_swap_ext_reloc_out (abfd, *generic,
++ (struct reloc_ext_external *) natptr);
++ }
+ }
+ else
+ {
+ for (natptr = native;
+ count != 0;
+ --count, natptr += each_size, ++generic)
+- MY_swap_std_reloc_out (abfd, *generic,
+- (struct reloc_std_external *) natptr);
++ {
++ /* PR 20921: If the howto field has not been initialised then skip
++ this reloc. */
++ if ((*generic)->howto == NULL)
++ {
++ bfd_set_error (bfd_error_invalid_operation);
++ _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd);
++ return FALSE;
++ }
++ MY_swap_std_reloc_out (abfd, *generic,
++ (struct reloc_std_external *) natptr);
++ }
+ }
+
+ if (bfd_bwrite ((void *) native, natsize, abfd) != natsize)
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
new file mode 100644
index 0000000..59a3b17
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
@@ -0,0 +1,55 @@
+commit a55c9876bb111fd301b4762cf501de0040b8f9db
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 13:35:50 2016 +0000
+
+ Fix seg-fault attempting to strip a corrupt binary.
+
+ PR binutils/20922
+ * elf.c (find_link): Check for null headers before attempting to
+ match them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7303
+Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 16:06:08.996688391 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:09:26.810320541 +0530
+@@ -124,6 +124,10 @@
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
++ PR binutils/20922
++ * elf.c (find_link): Check for null headers before attempting to
++ match them.
++
+ PR binutils/20921
+ * aoutx.h (squirt_out_relocs): Check for and report any relocs
+ that could not be recognised.
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 16:05:55.612577527 +0530
++++ git/bfd/elf.c 2017-09-04 16:08:35.709900050 +0530
+@@ -1249,13 +1249,19 @@
+ Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
+ unsigned int i;
+
+- if (section_match (oheaders[hint], iheader))
++ BFD_ASSERT (iheader != NULL);
++
++ /* See PR 20922 for a reproducer of the NULL test. */
++ if (oheaders[hint] != NULL
++ && section_match (oheaders[hint], iheader))
+ return hint;
+
+ for (i = 1; i < elf_numsections (obfd); i++)
+ {
+ Elf_Internal_Shdr * oheader = oheaders[i];
+
++ if (oheader == NULL)
++ continue;
+ if (section_match (oheader, iheader))
+ /* FIXME: Do we care if there is a potential for
+ multiple matches ? */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
new file mode 100644
index 0000000..817a3f0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
@@ -0,0 +1,53 @@
+commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
+Author: Nick Clifton <nickc@redhat.com>
+Date: Tue Dec 6 16:53:57 2016 +0000
+
+ Fix seg-fault in strip when copying a corrupt binary.
+
+ PR binutils/20931
+ * elf.c (copy_special_section_fields): Check for an invalid
+ sh_link field before attempting to follow it.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7304
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:16:25.173745111 +0530
+@@ -114,6 +114,12 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++ 2016-12-06 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/20931
++ * elf.c (copy_special_section_fields): Check for an invalid
++ sh_link field before attempting to follow it.
++
+ 2016-12-05 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20905
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/elf.c 2017-09-04 16:15:38.257359045 +0530
+@@ -1324,6 +1324,16 @@
+ in the input bfd. */
+ if (iheader->sh_link != SHN_UNDEF)
+ {
++ /* See PR 20931 for a reproducer. */
++ if (iheader->sh_link >= elf_numsections (ibfd))
++ {
++ (* _bfd_error_handler)
++ /* xgettext:c-format */
++ (_("%B: Invalid sh_link field (%d) in section number %d"),
++ ibfd, iheader->sh_link, secnum);
++ return FALSE;
++ }
++
+ sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
+ if (sh_link != SHN_UNDEF)
+ {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
new file mode 100644
index 0000000..0fb32b3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
@@ -0,0 +1,105 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+ PR binutils/21342
+ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+ dereference.
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
+
+CVE: CVE-2017-7614
+
+Singed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c
++++ git/bfd/elflink.c
+@@ -118,15 +118,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+ defined in shared libraries can't be overridden, because we
+ lose the link to the bfd which is via the symbol section. */
+ h->root.type = bfd_link_hash_new;
++ bh = &h->root;
+ }
++ else
++ bh = NULL;
+
+- bh = &h->root;
+ bed = get_elf_backend_data (abfd);
+ if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+ sec, 0, NULL, FALSE, bed->collect,
+ &bh))
+ return NULL;
+ h = (struct elf_link_hash_entry *) bh;
++ BFD_ASSERT (h != NULL);
+ h->def_regular = 1;
+ h->non_elf = 0;
+ h->root.linker_def = 1;
+@@ -11789,24 +11792,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
+ {
+ /* Finish up and write out the symbol string table (.strtab)
+ section. */
+- Elf_Internal_Shdr *symstrtab_hdr;
++ Elf_Internal_Shdr *symstrtab_hdr = NULL;
+ file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+
+- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ if (elf_symtab_shndx_list (abfd))
+ {
+- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_size = amt;
++ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+
+- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+- off, TRUE);
++ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ {
++ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_size = amt;
+
+- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+- || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+- return FALSE;
++ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++ off, TRUE);
++
++ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++ || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++ return FALSE;
++ }
+ }
+
+ symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-04-04 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21342
++ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
++ dereference.
++ (bfd_elf_final_link): Only initialize the extended symbol index
++ section if there are extended symbol tables to list.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
new file mode 100644
index 0000000..96fe9e3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
@@ -0,0 +1,201 @@
+commit bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
+Author: Alan Modra <amodra@gmail.com>
+Date: Sun Apr 23 11:03:34 2017 +0930
+
+ PR 21412, get_reloc_section assumes .rel/.rela name for SHT_REL/RELA.
+
+ This patch fixes an assumption made by code that runs for objcopy and
+ strip, that SHT_REL/SHR_RELA sections are always named starting with a
+ .rel/.rela prefix. I'm also modifying the interface for
+ elf_backend_get_reloc_section, so any backend function just needs to
+ handle name mapping.
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+ parameters and comment.
+ (_bfd_elf_get_reloc_section): Delete.
+ (_bfd_elf_plt_get_reloc_section): Declare.
+ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
+ New functions. Don't blindly skip over assumed .rel/.rela prefix.
+ Extracted from..
+ (_bfd_elf_get_reloc_section): ..here. Delete.
+ (assign_section_numbers): Call elf_get_reloc_section.
+ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
+ * elfxx-target.h (elf_backend_get_reloc_section): Update.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8393
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elf-bfd.h
+===================================================================
+--- git.orig/bfd/elf-bfd.h 2017-09-04 17:43:22.156623008 +0530
++++ git/bfd/elf-bfd.h 2017-09-04 17:43:33.836716941 +0530
+@@ -1298,8 +1298,10 @@
+ bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec,
+ bfd_vma *code_off);
+
+- /* Return the section which RELOC_SEC applies to. */
+- asection *(*get_reloc_section) (asection *reloc_sec);
++ /* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
++ asection *(*get_reloc_section) (bfd *abfd, const char *name);
+
+ /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
+ has a type >= SHT_LOOS. Returns TRUE if the fields were initialised,
+@@ -2358,7 +2360,7 @@
+ extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *,
+ bfd_vma *);
+
+-extern asection *_bfd_elf_get_reloc_section (asection *);
++extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *);
+
+ extern int bfd_elf_get_default_section_type (flagword);
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 17:43:33.780716491 +0530
++++ git/bfd/elf.c 2017-09-04 17:43:33.836716941 +0530
+@@ -3493,17 +3493,39 @@
+ H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+
+-/* Return the section which RELOC_SEC applies to. */
++/* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
+
+ asection *
+-_bfd_elf_get_reloc_section (asection *reloc_sec)
++_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name)
++{
++ /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
++ section likely apply to .got.plt or .got section. */
++ if (get_elf_backend_data (abfd)->want_got_plt
++ && strcmp (name, ".plt") == 0)
++ {
++ asection *sec;
++
++ name = ".got.plt";
++ sec = bfd_get_section_by_name (abfd, name);
++ if (sec != NULL)
++ return sec;
++ name = ".got";
++ }
++
++ return bfd_get_section_by_name (abfd, name);
++}
++
++/* Return the section to which RELOC_SEC applies. */
++
++static asection *
++elf_get_reloc_section (asection *reloc_sec)
+ {
+ const char *name;
+ unsigned int type;
+ bfd *abfd;
+-
+- if (reloc_sec == NULL)
+- return NULL;
++ const struct elf_backend_data *bed;
+
+ type = elf_section_data (reloc_sec)->this_hdr.sh_type;
+ if (type != SHT_REL && type != SHT_RELA)
+@@ -3511,28 +3533,15 @@
+
+ /* We look up the section the relocs apply to by name. */
+ name = reloc_sec->name;
+- if (type == SHT_REL)
+- name += 4;
+- else
+- name += 5;
++ if (strncmp (name, ".rel", 4) != 0)
++ return NULL;
++ name += 4;
++ if (type == SHT_RELA && *name++ != 'a')
++ return NULL;
+
+- /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
+- section apply to .got.plt section. */
+ abfd = reloc_sec->owner;
+- if (get_elf_backend_data (abfd)->want_got_plt
+- && strcmp (name, ".plt") == 0)
+- {
+- /* .got.plt is a linker created input section. It may be mapped
+- to some other output section. Try two likely sections. */
+- name = ".got.plt";
+- reloc_sec = bfd_get_section_by_name (abfd, name);
+- if (reloc_sec != NULL)
+- return reloc_sec;
+- name = ".got";
+- }
+-
+- reloc_sec = bfd_get_section_by_name (abfd, name);
+- return reloc_sec;
++ bed = get_elf_backend_data (abfd);
++ return bed->get_reloc_section (abfd, name);
+ }
+
+ /* Assign all ELF section numbers. The dummy first section is handled here
+@@ -3790,7 +3799,7 @@
+ if (s != NULL)
+ d->this_hdr.sh_link = elf_section_data (s)->this_idx;
+
+- s = get_elf_backend_data (abfd)->get_reloc_section (sec);
++ s = elf_get_reloc_section (sec);
+ if (s != NULL)
+ {
+ d->this_hdr.sh_info = elf_section_data (s)->this_idx;
+Index: git/bfd/elfxx-target.h
+===================================================================
+--- git.orig/bfd/elfxx-target.h 2017-09-04 17:43:22.216623490 +0530
++++ git/bfd/elfxx-target.h 2017-09-04 17:43:33.836716941 +0530
+@@ -686,7 +686,7 @@
+ #endif
+
+ #ifndef elf_backend_get_reloc_section
+-#define elf_backend_get_reloc_section _bfd_elf_get_reloc_section
++#define elf_backend_get_reloc_section _bfd_elf_plt_get_reloc_section
+ #endif
+
+ #ifndef elf_backend_copy_special_section_fields
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 17:43:33.780716491 +0530
++++ git/bfd/ChangeLog 2017-09-04 17:45:58.349944078 +0530
+@@ -82,6 +82,21 @@
+
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
++2017-04-23 Alan Modra <amodra@gmail.com>
++
++ PR 21412
++ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
++ parameters and comment.
++ (_bfd_elf_get_reloc_section): Delete.
++ (_bfd_elf_plt_get_reloc_section): Declare.
++ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
++ New functions. Don't blindly skip over assumed .rel/.rela prefix.
++ Extracted from..
++ (_bfd_elf_get_reloc_section): ..here. Delete.
++ (assign_section_numbers): Call elf_get_reloc_section.
++ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
++ * elfxx-target.h (elf_backend_get_reloc_section): Update.
++
+ 2017-04-13 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21379
+Index: git/bfd/elf64-ppc.c
+===================================================================
+--- git.orig/bfd/elf64-ppc.c 2017-09-04 17:43:22.200623362 +0530
++++ git/bfd/elf64-ppc.c 2017-09-04 17:47:04.458511122 +0530
+@@ -117,6 +117,7 @@
+ #define elf_backend_link_output_symbol_hook ppc64_elf_output_symbol_hook
+ #define elf_backend_special_sections ppc64_elf_special_sections
+ #define elf_backend_merge_symbol_attribute ppc64_elf_merge_symbol_attribute
++#define elf_backend_get_reloc_section bfd_get_section_by_name
+
+ /* The name of the dynamic interpreter. This is put in the .interp
+ section. */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
new file mode 100644
index 0000000..14ee191
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,114 @@
+commit 7eacd66b086cabb1daab20890d5481894d4f56b2
+Author: Alan Modra <amodra@gmail.com>
+Date: Sun Apr 23 15:21:11 2017 +0930
+
+ PR 21414, null pointer deref of _bfd_elf_large_com_section sym
+
+ PR 21414
+ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+ * elf.c (lcomm_sym): New.
+ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+ * bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8394
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h 2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/bfd-in2.h 2017-09-20 12:54:44.903476171 +0530
+@@ -1805,6 +1805,18 @@
+ { NULL }, { NULL } \
+ }
+
++/* We use a macro to initialize the static asymbol structures because
++ traditional C does not permit us to initialize a union member while
++ gcc warns if we don't initialize it.
++ the_bfd, name, value, attr, section [, udata] */
++#ifdef __STDC__
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++#else
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++#endif
++
+ void bfd_section_list_clear (bfd *);
+
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c 2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/section.c 2017-09-20 12:54:44.903476171 +0530
+@@ -738,20 +738,20 @@
+ . { NULL }, { NULL } \
+ . }
+ .
++.{* We use a macro to initialize the static asymbol structures because
++. traditional C does not permit us to initialize a union member while
++. gcc warns if we don't initialize it.
++. the_bfd, name, value, attr, section [, udata] *}
++.#ifdef __STDC__
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++.#else
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++.#endif
++.
+ */
+
+-/* We use a macro to initialize the static asymbol structures because
+- traditional C does not permit us to initialize a union member while
+- gcc warns if we don't initialize it. */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD. Therefore, anything
+ that tries to change them is broken, and should be repaired. */
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 12:54:44.735475444 +0530
++++ git/bfd/ChangeLog 2017-09-20 12:54:44.903476171 +0530
+@@ -102,6 +102,14 @@
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
+ 2017-04-23 Alan Modra <amodra@gmail.com>
++
++ PR 21414
++ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
++ * elf.c (lcomm_sym): New.
++ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
++ * bfd-in2.h: Regenerate.
++
++2017-04-23 Alan Modra <amodra@gmail.com>
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/elf.c 2017-09-20 13:00:22.636091768 +0530
+@@ -10986,9 +10986,11 @@
+
+ /* It is only used by x86-64 so far.
+ ??? This repeats *COM* id of zero. sec->id is supposed to be unique,
+- but current usage would allow all of _bfd_std_section to be zero. t*/
++ but current usage would allow all of _bfd_std_section to be zero. */
++static const asymbol lcomm_sym
++ = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+- = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
+ "LARGE_COMMON", 0, SEC_IS_COMMON);
+
+ void
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch
new file mode 100644
index 0000000..e1dfd8b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch
@@ -0,0 +1,80 @@
+commit 821e6ff6299aa39e841ca50e1ae8a98e3554fd5f
+Author: Alan Modra <amodra@gmail.com>
+Date: Wed Oct 12 09:41:33 2016 +1030
+
+ BFD_FAKE_SECTION macro params
+
+ Order NAME, IDX, FLAGS as per STD_SECTION macro.
+
+ * section.c (BFD_FAKE_SECTION): Reorder parameters. Formatting.
+ (STD_SECTION): Adjust to suit.
+ * elf.c (_bfd_elf_large_com_section): Likewise.
+ * bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8394
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h 2017-09-20 12:54:42.423465338 +0530
++++ git/bfd/bfd-in2.h 2017-09-20 13:02:48.000000000 +0530
+@@ -1767,9 +1767,9 @@
+ #define bfd_section_removed_from_list(ABFD, S) \
+ ((S)->next == NULL ? (ABFD)->section_last != (S) : (S)->next->prev != (S))
+
+-#define BFD_FAKE_SECTION(SEC, FLAGS, SYM, NAME, IDX) \
++#define BFD_FAKE_SECTION(SEC, SYM, NAME, IDX, FLAGS) \
+ /* name, id, index, next, prev, flags, user_set_vma, */ \
+- { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
++ { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
+ \
+ /* linker_mark, linker_has_input, gc_mark, decompress_status, */ \
+ 0, 0, 1, 0, \
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-20 12:54:44.503474440 +0530
++++ git/bfd/elf.c 2017-09-20 13:02:48.000000000 +0530
+@@ -10984,10 +10984,12 @@
+ return n;
+ }
+
+-/* It is only used by x86-64 so far. */
++/* It is only used by x86-64 so far.
++ ??? This repeats *COM* id of zero. sec->id is supposed to be unique,
++ but current usage would allow all of _bfd_std_section to be zero. t*/
+ asection _bfd_elf_large_com_section
+- = BFD_FAKE_SECTION (_bfd_elf_large_com_section,
+- SEC_IS_COMMON, NULL, "LARGE_COMMON", 0);
++ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++ "LARGE_COMMON", 0, SEC_IS_COMMON);
+
+ void
+ _bfd_elf_post_process_headers (bfd * abfd,
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c 2017-09-20 12:54:43.815471454 +0530
++++ git/bfd/section.c 2017-09-20 13:02:48.000000000 +0530
+@@ -700,9 +700,9 @@
+ .#define bfd_section_removed_from_list(ABFD, S) \
+ . ((S)->next == NULL ? (ABFD)->section_last != (S) : (S)->next->prev != (S))
+ .
+-.#define BFD_FAKE_SECTION(SEC, FLAGS, SYM, NAME, IDX) \
++.#define BFD_FAKE_SECTION(SEC, SYM, NAME, IDX, FLAGS) \
+ . {* name, id, index, next, prev, flags, user_set_vma, *} \
+-. { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
++. { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
+ . \
+ . {* linker_mark, linker_has_input, gc_mark, decompress_status, *} \
+ . 0, 0, 1, 0, \
+@@ -764,7 +764,7 @@
+ };
+
+ #define STD_SECTION(NAME, IDX, FLAGS) \
+- BFD_FAKE_SECTION(_bfd_std_section[IDX], FLAGS, &global_syms[IDX], NAME, IDX)
++ BFD_FAKE_SECTION(_bfd_std_section[IDX], &global_syms[IDX], NAME, IDX, FLAGS)
+
+ asection _bfd_std_section[] = {
+ STD_SECTION (BFD_COM_SECTION_NAME, 0, SEC_IS_COMMON),
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
new file mode 100644
index 0000000..42793e1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
+commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Apr 26 13:07:49 2017 +0100
+
+ Fix seg-fault attempting to compress a debug section in a corrupt binary.
+
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8395
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530
++++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530
+@@ -534,7 +534,6 @@
+ {
+ bfd_size_type uncompressed_size;
+ bfd_byte *uncompressed_buffer;
+- bfd_boolean ret;
+
+ /* Error if not opened for read. */
+ if (abfd->direction != read_direction
+@@ -550,18 +549,18 @@
+ /* Read in the full section contents and compress it. */
+ uncompressed_size = sec->size;
+ uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
++ /* PR 21431 */
++ if (uncompressed_buffer == NULL)
++ return FALSE;
++
+ if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+ 0, uncompressed_size))
+- ret = FALSE;
+- else
+- {
+- uncompressed_size = bfd_compress_section_contents (abfd, sec,
+- uncompressed_buffer,
+- uncompressed_size);
+- ret = uncompressed_size != 0;
+- }
++ return FALSE;
+
+- return ret;
++ uncompressed_size = bfd_compress_section_contents (abfd, sec,
++ uncompressed_buffer,
++ uncompressed_size);
++ return uncompressed_size != 0;
+ }
+
+ /*
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530
++++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530
+@@ -73,6 +73,12 @@
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
++2017-04-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21431
++ * compress.c (bfd_init_section_compress_status): Check the return
++ value from bfd_malloc.
++
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove error reporting from
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch
new file mode 100644
index 0000000..b1bf92f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch
@@ -0,0 +1,102 @@
+commit a941291cab71b9ac356e1c03968c177c03e602ab
+Author: Alan Modra <amodra@gmail.com>
+Date: Sat Apr 29 14:48:16 2017 +0930
+
+ PR21432, buffer overflow in perform_relocation
+
+ The existing reloc offset range tests didn't catch small negative
+ offsets less than the size of the reloc field.
+
+ PR 21432
+ * reloc.c (reloc_offset_in_range): New function.
+ (bfd_perform_relocation, bfd_install_relocation): Use it.
+ (_bfd_final_link_relocate): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8396
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c 2017-09-05 18:12:07.448886623 +0530
++++ git/bfd/reloc.c 2017-09-05 18:12:07.564887511 +0530
+@@ -538,6 +538,22 @@
+ return flag;
+ }
+
++/* HOWTO describes a relocation, at offset OCTET. Return whether the
++ relocation field is within SECTION of ABFD. */
++
++static bfd_boolean
++reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
++ asection *section, bfd_size_type octet)
++{
++ bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
++ bfd_size_type reloc_size = bfd_get_reloc_size (howto);
++
++ /* The reloc field must be contained entirely within the section.
++ Allow zero length fields (marker relocs or NONE relocs where no
++ relocation will be performed) at the end of the section. */
++ return octet <= octet_end && octet + reloc_size <= octet_end;
++}
++
+ /*
+ FUNCTION
+ bfd_perform_relocation
+@@ -618,15 +634,9 @@
+ return cont;
+ }
+
+- /* Is the address of the relocation really within the section?
+- Include the size of the reloc in the test for out of range addresses.
+- PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
++ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section)
+- /* Check for an overly large offset which
+- masquerades as a negative value too. */
+- || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1010,8 +1020,7 @@
+
+ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1349,8 +1358,7 @@
+ bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+
+ /* Sanity check the address. */
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (input_bfd, input_section))
++ if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-05 18:12:07.448886623 +0530
++++ git/bfd/ChangeLog 2017-09-05 18:13:46.745645897 +0530
+@@ -73,6 +73,13 @@
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
++2017-04-29 Alan Modra <amodra@gmail.com>
++
++ PR 21432
++ * reloc.c (reloc_offset_in_range): New function.
++ (bfd_perform_relocation, bfd_install_relocation): Use it.
++ (_bfd_final_link_relocate): Likewise.
++
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21434
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch
new file mode 100644
index 0000000..f966c80
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch
@@ -0,0 +1,50 @@
+commit 04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Apr 26 16:30:22 2017 +0100
+
+ Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative addresses.
+
+ PR binutils/21434
+ * reloc.c (bfd_perform_relocation): Check for a negative address
+ in the reloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8397
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c 2017-09-04 18:06:00.651987605 +0530
++++ git/bfd/reloc.c 2017-09-04 18:06:10.740066291 +0530
+@@ -623,7 +623,10 @@
+ PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+ if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ > bfd_get_section_limit_octets (abfd, input_section)
++ /* Check for an overly large offset which
++ masquerades as a negative value too. */
++ || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 18:06:10.684065855 +0530
++++ git/bfd/ChangeLog 2017-09-04 18:08:33.845183050 +0530
+@@ -75,6 +75,12 @@
+
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21434
++ * reloc.c (bfd_perform_relocation): Check for a negative address
++ in the reloc.
++
++2017-04-26 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
new file mode 100644
index 0000000..23d5085
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
@@ -0,0 +1,147 @@
+commit d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Apr 28 10:28:04 2017 +0100
+
+ Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.
+
+ PR binutils/21438
+ * dwarf.c (process_extended_line_op): Do not assume that the
+ string extracted from the section is NUL terminated.
+ (fetch_indirect_string): If the string retrieved from the section
+ is not NUL terminated, return an error message.
+ (fetch_indirect_line_string): Likewise.
+ (fetch_indexed_string): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8398
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c 2017-09-20 13:40:17.148898512 +0530
++++ git/binutils/dwarf.c 2017-09-20 13:45:17.564730907 +0530
+@@ -472,15 +472,20 @@
+ printf (_(" Entry\tDir\tTime\tSize\tName\n"));
+ printf (" %d\t", ++state_machine_regs.last_file_entry);
+
+- name = data;
+- data += strnlen ((char *) data, end - data) + 1;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\n\n", name);
++ {
++ size_t l;
++
++ name = data;
++ l = strnlen ((char *) data, end - data);
++ data += len + 1;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%.*s\n\n", (int) l, name);
++ }
+
+ if (((unsigned int) (data - orig_data) != len) || data == end)
+ warn (_("DW_LNE_define_file: Bad opcode length\n"));
+@@ -597,18 +602,28 @@
+ fetch_indirect_string (dwarf_vma offset)
+ {
+ struct dwarf_section *section = &debug_displays [str].section;
++ const unsigned char * ret;
+
+ if (section->start == NULL)
+ return (const unsigned char *) _("<no .debug_str section>");
+
+- if (offset > section->size)
++ if (offset >= section->size)
+ {
+ warn (_("DW_FORM_strp offset too big: %s\n"),
+ dwarf_vmatoa ("x", offset));
+ return (const unsigned char *) _("<offset is too big>");
+ }
+
+- return (const unsigned char *) section->start + offset;
++ ret = section->start + offset;
++ /* Unfortunately we cannot rely upon the .debug_str section ending with a
++ NUL byte. Since our caller is expecting to receive a well formed C
++ string we test for the lack of a terminating byte here. */
++ if (strnlen ((const char *) ret, section->size - offset)
++ == section->size - offset)
++ ret = (const unsigned char *)
++ _("<no NUL byte at end of .debug_str section>");
++
++ return ret;
+ }
+
+ static const char *
+@@ -621,6 +636,7 @@
+ struct dwarf_section *str_section = &debug_displays [str_sec_idx].section;
+ dwarf_vma index_offset = idx * offset_size;
+ dwarf_vma str_offset;
++ const char * ret;
+
+ if (index_section->start == NULL)
+ return (dwo ? _("<no .debug_str_offsets.dwo section>")
+@@ -628,7 +644,7 @@
+
+ if (this_set != NULL)
+ index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS];
+- if (index_offset > index_section->size)
++ if (index_offset >= index_section->size)
+ {
+ warn (_("DW_FORM_GNU_str_index offset too big: %s\n"),
+ dwarf_vmatoa ("x", index_offset));
+@@ -641,14 +657,22 @@
+
+ str_offset = byte_get (index_section->start + index_offset, offset_size);
+ str_offset -= str_section->address;
+- if (str_offset > str_section->size)
++ if (str_offset >= str_section->size)
+ {
+ warn (_("DW_FORM_GNU_str_index indirect offset too big: %s\n"),
+ dwarf_vmatoa ("x", str_offset));
+ return _("<indirect index offset is too big>");
+ }
+
+- return (const char *) str_section->start + str_offset;
++ ret = (const char *) str_section->start + str_offset;
++ /* Unfortunately we cannot rely upon str_section ending with a NUL byte.
++ Since our caller is expecting to receive a well formed C string we test
++ for the lack of a terminating byte here. */
++ if (strnlen (ret, str_section->size - str_offset)
++ == str_section->size - str_offset)
++ ret = (const char *) _("<no NUL byte at end of section>");
++
++ return ret;
+ }
+
+ static const char *
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-20 13:40:18.900898599 +0530
++++ git/binutils/ChangeLog 2017-09-20 13:48:02.976503560 +0530
+@@ -10,6 +10,16 @@
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
++2017-04-28 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21438
++ * dwarf.c (process_extended_line_op): Do not assume that the
++ string extracted from the section is NUL terminated.
++ (fetch_indirect_string): If the string retrieved from the section
++ is not NUL terminated, return an error message.
++ (fetch_indirect_line_string): Likewise.
++ (fetch_indexed_string): Likewise.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
new file mode 100644
index 0000000..da6e475
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@@ -0,0 +1,51 @@
+commit 39ff1b79f687b65f4144ddb379f22587003443fb
+Author: Nick Clifton <nickc@redhat.com>
+Date: Tue May 2 11:54:53 2017 +0100
+
+ Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
+
+ PR 21440
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8421
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-05 11:34:23.140802515 +0530
++++ git/binutils/objdump.c 2017-09-05 11:34:28.716824776 +0530
+@@ -3238,6 +3238,14 @@
+ return;
+ }
+
++ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
++ && relsize > get_file_size (bfd_get_filename (abfd)))
++ {
++ printf (" (too many: 0x%x)\n", section->reloc_count);
++ bfd_set_error (bfd_error_file_truncated);
++ bfd_fatal (bfd_get_filename (abfd));
++ }
++
+ relpp = (arelent **) xmalloc (relsize);
+ relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-05 11:34:28.040822070 +0530
++++ git/binutils/ChangeLog 2017-09-05 11:36:02.413217129 +0530
+@@ -4,6 +4,12 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-05-02 Nick Clifton <nickc@redhat.com>
++
++ PR 21440
++ * objdump.c (dump_relocs_in_section): Check for an excessive
++ number of relocs before attempting to dump them.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch
new file mode 100644
index 0000000..afc14d1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch
@@ -0,0 +1,51 @@
+From f32ba72991d2406b21ab17edc234a2f3fa7fb23d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:01:45 +0100
+Subject: [PATCH] readelf: Update check for invalid word offsets in ARM unwind
+ information.
+
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+Affects: binutils <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -7745,9 +7745,9 @@ get_unwind_section_word (struct arm_unw_
+ return FALSE;
+
+ /* If the offset is invalid then fail. */
+- if (word_offset > (sec->sh_size - 4)
+- /* PR 18879 */
+- || (sec->sh_size < 5 && word_offset >= sec->sh_size)
++ if (/* PR 21343 *//* PR 18879 */
++ sec->sh_size < 4
++ || word_offset > (sec->sh_size - 4)
+ || ((bfd_signed_vma) word_offset) < 0)
+ return FALSE;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-04-03 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21343
++ * readelf.c (get_unwind_section_word): Fix snafu checking for
++ invalid word offsets in ARM unwind information.
++
+ 2017-04-04 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21342
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
new file mode 100644
index 0000000..41f2b6e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
@@ -0,0 +1,72 @@
+From 75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:13:21 +0100
+Subject: [PATCH] Fix runtime seg-fault in readelf when parsing a corrupt MIPS
+ binary.
+
+ PR binutils/21344
+ * readelf.c (process_mips_specific): Check for an out of range GOT
+ entry before reading the module pointer.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039 supporting patch
+VER: <= 2.28
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 26 ++++++++++++++++++--------
+ 2 files changed, 24 insertions(+), 8 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -14987,14 +14987,24 @@ process_mips_specific (FILE * file)
+ printf (_(" Lazy resolver\n"));
+ if (ent == (bfd_vma) -1)
+ goto got_print_fail;
+- if (data
+- && (byte_get (data + ent - pltgot, addr_size)
+- >> (addr_size * 8 - 1)) != 0)
++
++ if (data)
+ {
+- ent = print_mips_got_entry (data, pltgot, ent, data_end);
+- printf (_(" Module pointer (GNU extension)\n"));
+- if (ent == (bfd_vma) -1)
+- goto got_print_fail;
++ /* PR 21344 */
++ if (data + ent - pltgot > data_end - addr_size)
++ {
++ error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
++ goto got_print_fail;
++ }
++
++ if (byte_get (data + ent - pltgot, addr_size)
++ >> (addr_size * 8 - 1) != 0)
++ {
++ ent = print_mips_got_entry (data, pltgot, ent, data_end);
++ printf (_(" Module pointer (GNU extension)\n"));
++ if (ent == (bfd_vma) -1)
++ goto got_print_fail;
++ }
+ }
+ printf ("\n");
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-04-03 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21344
++ * readelf.c (process_mips_specific): Check for an out of range GOT
++ entry before reading the module pointer.
++
++2017-04-03 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch
new file mode 100644
index 0000000..ee827ee
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch
@@ -0,0 +1,56 @@
+From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 12:14:06 +0100
+Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a
+ binary with an excessive number of program headers.
+
+ PR binutils/21345
+ * readelf.c (get_program_headers): Check for there being too many
+ program headers before attempting to allocate space for them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 17 ++++++++++++++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -4705,9 +4705,19 @@ get_program_headers (FILE * file)
+ if (program_headers != NULL)
+ return 1;
+
+- phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
+- sizeof (Elf_Internal_Phdr));
++ /* Be kind to memory checkers by looking for
++ e_phnum values which we know must be invalid. */
++ if (elf_header.e_phnum
++ * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr))
++ >= current_file_size)
++ {
++ error (_("Too many program headers - %#x - the file is not that big\n"),
++ elf_header.e_phnum);
++ return FALSE;
++ }
+
++ phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
++ sizeof (Elf_Internal_Phdr));
+ if (phdrs == NULL)
+ {
+ error (_("Out of memory reading %u program headers\n"),
+@@ -14993,7 +15003,8 @@ process_mips_specific (FILE * file)
+ /* PR 21344 */
+ if (data + ent - pltgot > data_end - addr_size)
+ {
+- error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
++ error (_("Invalid got entry - %#lx - overflows GOT table\n"),
++ (long) ent);
+ goto got_print_fail;
+ }
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch
new file mode 100644
index 0000000..d508903
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch
@@ -0,0 +1,83 @@
+From 7296a62a2a237f6b1ad8db8c38b090e9f592c8cf Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 13 Apr 2017 16:06:30 +0100
+Subject: [PATCH] readelf: fix out of range subtraction, seg fault from a NULL
+ pointer and memory exhaustion, all from parsing corrupt binaries.
+
+ PR binutils/21379
+ * readelf.c (process_dynamic_section): Detect over large section
+ offsets in the DT_SYMTAB entry.
+
+ PR binutils/21345
+ * readelf.c (process_mips_specific): Catch an unfeasible memory
+ allocation before it happens and print a suitable error message.
+
+Upstream-Status: Backport
+
+did not include all the commit as affect code does not exists. it does contain the two
+fixes above.
+both cve's fixed by same comit.
+
+CVE: CVE-2017-9040
+CVE: CVE-2017-9042
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 12 ++++++++++++
+ binutils/readelf.c | 26 +++++++++++++++++++++-----
+ 2 files changed, 33 insertions(+), 5 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -9079,6 +9079,12 @@ process_dynamic_section (FILE * file)
+ processing that. This is overkill, I know, but it
+ should work. */
+ section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0);
++ if ((bfd_size_type) section.sh_offset > current_file_size)
++ {
++ /* See PR 21379 for a reproducer. */
++ error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset);
++ return FALSE;
++ }
+
+ if (archive_file_offset != 0)
+ section.sh_size = archive_file_size - section.sh_offset;
+@@ -14882,6 +14888,15 @@ process_mips_specific (FILE * file)
+ return 0;
+ }
+
++ /* PR 21345 - print a slightly more helpful error message
++ if we are sure that the cmalloc will fail. */
++ if (conflictsno * sizeof (* iconf) > current_file_size)
++ {
++ error (_("Overlarge number of conflicts detected: %lx\n"),
++ (long) conflictsno);
++ return FALSE;
++ }
++
+ iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf));
+ if (iconf == NULL)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,15 @@
++2017-04-13 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21379
++ * readelf.c (process_dynamic_section): Detect over large section
++ offsets in the DT_SYMTAB entry.
++
++2017-04-13 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21345
++ * readelf.c (process_mips_specific): Catch an unfeasible memory
++ allocation before it happens and print a suitable error message.
++
+ 2017-04-03 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21345
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch
new file mode 100644
index 0000000..857cd4a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch
@@ -0,0 +1,51 @@
+From 919383ac718c2a3187ee2a9ad659daa22da26258 Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@imgtec.com>
+Date: Wed, 12 Apr 2017 00:02:13 +0100
+Subject: [PATCH] MIPS/readelf: Remove extraneous null GOT data check
+
+Null data is handled gracefully throughout in MIPS GOT processing, with
+addresses printed normally and unavailable data shown as `<unknown>' by
+`print_mips_got_entry', and special processing code for GOT[1] doing an
+explicit check. Remove an unwanted null GOT data check then, introduced
+with commit 592458412fb2 in the course of addressing PR binutils/12855.
+
+ binutils/
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9041 patch #1
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 4 ++++
+ binutils/readelf.c | 3 +--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -14995,8 +14995,8 @@ process_mips_specific (FILE * file)
+ data = (unsigned char *) get_data (NULL, file, offset,
+ global_end - pltgot, 1,
+ _("Global Offset Table data"));
+- if (data == NULL)
+- return 0;
++
++ /* PR 12855: Null data is handled gracefully throughout. */
+ data_end = data + (global_end - pltgot);
+
+ printf (_("\nPrimary GOT:\n"));
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,7 @@
++2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
++
++ * readelf.c (process_mips_specific): Remove null GOT data check.
++
+ 2017-04-13 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21379
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch
new file mode 100644
index 0000000..9c3cb8c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch
@@ -0,0 +1,84 @@
+From c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@imgtec.com>
+Date: Wed, 12 Apr 2017 00:03:41 +0100
+Subject: [PATCH] MIPS/readelf: Simplify GOT[1] data availability check
+
+Unavailable data is handled gracefully in MIPS GOT processing done by
+`print_mips_got_entry', so all that is needed in special GOT[1] handling
+is to verify whether data can be retrieved for the purpose of the GNU
+marker check done with `byte_get'. Remove the extra error reporting
+code then, introduced with commit 75ec1fdbb797 ("Fix runtime seg-fault
+in readelf when parsing a corrupt MIPS binary.") in the course of
+addressing PR binutils/21344, and defer the error case to regular local
+GOT entry processing.
+
+ binutils/
+ * readelf.c (process_mips_specific): Remove error reporting from
+ GOT[1] processing.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9041
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 5 +++++
+ binutils/readelf.c | 32 ++++++++++++++------------------
+ 2 files changed, 19 insertions(+), 18 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -15013,24 +15013,20 @@ process_mips_specific (FILE * file)
+ if (ent == (bfd_vma) -1)
+ goto got_print_fail;
+
+- if (data)
++ /* Check for the MSB of GOT[1] being set, denoting a GNU object.
++ This entry will be used by some runtime loaders, to store the
++ module pointer. Otherwise this is an ordinary local entry.
++ PR 21344: Check for the entry being fully available before
++ fetching it. */
++ if (data
++ && data + ent - pltgot + addr_size <= data_end
++ && (byte_get (data + ent - pltgot, addr_size)
++ >> (addr_size * 8 - 1)) != 0)
+ {
+- /* PR 21344 */
+- if (data + ent - pltgot > data_end - addr_size)
+- {
+- error (_("Invalid got entry - %#lx - overflows GOT table\n"),
+- (long) ent);
+- goto got_print_fail;
+- }
+-
+- if (byte_get (data + ent - pltgot, addr_size)
+- >> (addr_size * 8 - 1) != 0)
+- {
+- ent = print_mips_got_entry (data, pltgot, ent, data_end);
+- printf (_(" Module pointer (GNU extension)\n"));
+- if (ent == (bfd_vma) -1)
+- goto got_print_fail;
+- }
++ ent = print_mips_got_entry (data, pltgot, ent, data_end);
++ printf (_(" Module pointer (GNU extension)\n"));
++ if (ent == (bfd_vma) -1)
++ goto got_print_fail;
+ }
+ printf ("\n");
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
++
++ * readelf.c (process_mips_specific): Remove error reporting from
++ GOT[1] processing.
++
++2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000..b80226f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,62 @@
+commit 76800cba595efc3fe95a446c2d664e42ae4ee869
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:08:57 2017 +0100
+
+ Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: CVE-2017-9745
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-09-21 16:08:57.863375204 +0530
++++ git/bfd/vms-alpha.c 2017-09-21 16:08:58.211377888 +0530
+@@ -1801,14 +1801,8 @@
+
+ ptr += 4;
+
+-#if VMS_DEBUG
+- _bfd_vms_debug (4, "etir: %s(%d)\n",
+- _bfd_vms_etir_name (cmd), cmd);
+- _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+-#endif
+-
+- /* PR 21589: Check for a corrupt ETIR record. */
+- if (cmd_length < 4)
++ /* PR 21589 and 21579: Check for a corrupt ETIR record. */
++ if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4))
+ {
+ corrupt_etir:
+ _bfd_error_handler (_("Corrupt ETIR record encountered"));
+@@ -1816,6 +1810,12 @@
+ return FALSE;
+ }
+
++#if VMS_DEBUG
++ _bfd_vms_debug (4, "etir: %s(%d)\n",
++ _bfd_vms_etir_name (cmd), cmd);
++ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+ switch (cmd)
+ {
+ /* Stack global
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:08:57.927375697 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:11:35.192613756 +0530
+@@ -81,6 +81,11 @@
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21579
++ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
++
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21589
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
new file mode 100644
index 0000000..e9efb7b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
@@ -0,0 +1,88 @@
+commit ae87f7e73eba29bd38b3a9684a10b948ed715612
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 16:50:03 2017 +0100
+
+ Fix address violation when disassembling a corrupt binary.
+
+ PR binutils/21580
+ binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
+ printing out rae insns.
+
+ ld * testsuite/ld-nds32/diff.d: Adjust expected output.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9746
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 13:54:00.187228032 +0530
++++ git/binutils/objdump.c 2017-09-21 13:54:00.659231783 +0530
+@@ -1780,20 +1780,23 @@
+
+ for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
+ {
+- int k;
+-
+- if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
+- {
+- for (k = bpc - 1; k >= 0; k--)
+- printf ("%02x", (unsigned) data[j + k]);
+- putchar (' ');
+- }
+- else
++ /* PR 21580: Check for a buffer ending early. */
++ if (j + bpc <= stop_offset * opb)
+ {
+- for (k = 0; k < bpc; k++)
+- printf ("%02x", (unsigned) data[j + k]);
+- putchar (' ');
++ int k;
++
++ if (inf->display_endian == BFD_ENDIAN_LITTLE)
++ {
++ for (k = bpc - 1; k >= 0; k--)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
++ else
++ {
++ for (k = 0; k < bpc; k++)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
+ }
++ putchar (' ');
+ }
+
+ for (; pb < octets_per_line; pb += bpc)
+Index: git/ld/testsuite/ld-nds32/diff.d
+===================================================================
+--- git.orig/ld/testsuite/ld-nds32/diff.d 2017-09-21 13:53:52.395166097 +0530
++++ git/ld/testsuite/ld-nds32/diff.d 2017-09-21 13:54:00.659231783 +0530
+@@ -7,9 +7,9 @@
+
+ Disassembly of section .data:
+ 00008000 <WORD> (7e 00 00 00|00 00 00 7e).*
+-00008004 <HALF> (7e 00 7e fe|00 7e 7e fe).*
+-00008006 <BYTE> 7e fe 00 fe.*
+-00008007 <ULEB128> fe 00.*
++00008004 <HALF> (7e 00|00 7e).*
++00008006 <BYTE> 7e.*
++00008007 <ULEB128> fe.*
+ ...
+ 00008009 <ULEB128_2> fe 00.*
+ .*
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog 2017-09-21 13:53:59.611223454 +0530
++++ git/ld/ChangeLog 2017-09-21 14:01:12.294643335 +0530
+@@ -1,3 +1,8 @@
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21580
++ * testsuite/ld-nds32/diff.d: Adjust expected output.
++
+ 2016-12-05 Nick Clifton <nickc@redhat.com>
+
+ PR ld/20906
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
new file mode 100644
index 0000000..ee663b8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
@@ -0,0 +1,40 @@
+commit 62b76e4b6e0b4cb5b3e0053d1de4097b32577049
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 13:08:47 2017 +0100
+
+ Fix address violation parsing a corrupt ieee binary.
+
+ PR binutils/21581
+ (ieee_archive_p): Use a static buffer to avoid compiler bugs.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9747
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ieee.c
+===================================================================
+--- git.orig/bfd/ieee.c 2017-09-21 14:37:12.152903139 +0530
++++ git/bfd/ieee.c 2017-09-21 14:37:12.208903477 +0530
+@@ -1353,7 +1353,7 @@
+ {
+ char *library;
+ unsigned int i;
+- unsigned char buffer[512];
++ static unsigned char buffer[512];
+ file_ptr buffer_offset = 0;
+ ieee_ar_data_type *save = abfd->tdata.ieee_ar_data;
+ ieee_ar_data_type *ieee;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 14:37:12.152903139 +0530
++++ git/bfd/ChangeLog 2017-09-21 14:45:57.020150977 +0530
+@@ -78,6 +78,8 @@
+ PR binutils/21582
+ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
+ bugs.
++ PR binutils/21581
++ (ieee_archive_p): Likewise.
+
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
new file mode 100644
index 0000000..ea1f0dd
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
@@ -0,0 +1,45 @@
+commit 63634bb4a107877dd08b6282e28e11cfd1a1649e
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:44:23 2017 +0100
+
+ Avoid a possible compiler bug by using a static buffer instead of a stack local buffer.
+
+ PR binutils/21582
+ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
+ bugs.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9748
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ieee.c
+===================================================================
+--- git.orig/bfd/ieee.c 2017-09-21 13:53:50.891154141 +0530
++++ git/bfd/ieee.c 2017-09-21 13:54:00.715232229 +0530
+@@ -1871,7 +1871,7 @@
+ char *processor;
+ unsigned int part;
+ ieee_data_type *ieee;
+- unsigned char buffer[300];
++ static unsigned char buffer[300];
+ ieee_data_type *save = IEEE_DATA (abfd);
+ bfd_size_type amt;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 13:54:00.483230385 +0530
++++ git/bfd/ChangeLog 2017-09-21 13:57:44.885008549 +0530
+@@ -73,6 +73,12 @@
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21582
++ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
++ bugs.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch
new file mode 100644
index 0000000..a033d3d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch
@@ -0,0 +1,75 @@
+commit 08c7881b814c546efc3996fd1decdf0877f7a779
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 11:52:02 2017 +0100
+
+ Prevent invalid array accesses when disassembling a corrupt bfin binary.
+
+ PR binutils/21586
+ * bfin-dis.c (gregs): Clip index to prevent overflow.
+ (regs): Likewise.
+ (regs_lo): Likewise.
+ (regs_hi): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9749
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/bfin-dis.c
+===================================================================
+--- git.orig/opcodes/bfin-dis.c 2017-09-21 13:53:52.667168259 +0530
++++ git/opcodes/bfin-dis.c 2017-09-21 13:54:00.603231339 +0530
+@@ -350,7 +350,7 @@
+ REG_P0, REG_P1, REG_P2, REG_P3, REG_P4, REG_P5, REG_SP, REG_FP,
+ };
+
+-#define gregs(x, i) REGNAME (decode_gregs[((i) << 3) | (x)])
++#define gregs(x, i) REGNAME (decode_gregs[(((i) << 3) | (x)) & 15])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs)]. */
+ static const enum machine_registers decode_regs[] =
+@@ -361,7 +361,7 @@
+ REG_B0, REG_B1, REG_B2, REG_B3, REG_L0, REG_L1, REG_L2, REG_L3,
+ };
+
+-#define regs(x, i) REGNAME (decode_regs[((i) << 3) | (x)])
++#define regs(x, i) REGNAME (decode_regs[(((i) << 3) | (x)) & 31])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs) Low Half]. */
+ static const enum machine_registers decode_regs_lo[] =
+@@ -372,7 +372,7 @@
+ REG_BL0, REG_BL1, REG_BL2, REG_BL3, REG_LL0, REG_LL1, REG_LL2, REG_LL3,
+ };
+
+-#define regs_lo(x, i) REGNAME (decode_regs_lo[((i) << 3) | (x)])
++#define regs_lo(x, i) REGNAME (decode_regs_lo[(((i) << 3) | (x)) & 31])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs) High Half]. */
+ static const enum machine_registers decode_regs_hi[] =
+@@ -383,7 +383,7 @@
+ REG_BH0, REG_BH1, REG_BH2, REG_BH3, REG_LH0, REG_LH1, REG_LH2, REG_LH3,
+ };
+
+-#define regs_hi(x, i) REGNAME (decode_regs_hi[((i) << 3) | (x)])
++#define regs_hi(x, i) REGNAME (decode_regs_hi[(((i) << 3) | (x)) & 31])
+
+ static const enum machine_registers decode_statbits[] =
+ {
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 13:54:00.543230862 +0530
++++ git/opcodes/ChangeLog 2017-09-21 14:06:03.772928105 +0530
+@@ -1,5 +1,13 @@
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21586
++ * bfin-dis.c (gregs): Clip index to prevent overflow.
++ (regs): Likewise.
++ (regs_lo): Likewise.
++ (regs_hi): Likewise.
++
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
new file mode 100644
index 0000000..3ea1725
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
@@ -0,0 +1,262 @@
+commit db5fa770268baf8cc82cf9b141d69799fd485fe2
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 13:35:06 2017 +0100
+
+ Fix address violation problems when disassembling a corrupt RX binary.
+
+ PR binutils/21587
+ * rx-decode.opc: Include libiberty.h
+ (GET_SCALE): New macro - validates access to SCALE array.
+ (GET_PSCALE): New macro - validates access to PSCALE array.
+ (DIs, SIs, S2Is, rx_disp): Use new macros.
+ * rx-decode.c: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9750
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/rx-decode.c
+===================================================================
+--- git.orig/opcodes/rx-decode.c 2017-09-21 14:41:57.478649861 +0530
++++ git/opcodes/rx-decode.c 2017-09-21 14:41:57.458649736 +0530
+@@ -27,6 +27,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -45,7 +46,7 @@
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -53,7 +54,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -61,7 +62,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -69,7 +70,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -89,6 +90,9 @@
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -107,7 +111,7 @@
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -115,7 +119,7 @@
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -124,7 +128,7 @@
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -211,7 +215,7 @@
+ }
+
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
++rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+ int disp;
+
+@@ -228,7 +232,7 @@
+ case 1:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+ disp = GETBYTE ();
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ case 2:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -238,7 +242,7 @@
+ #else
+ disp = disp + GETBYTE () * 256;
+ #endif
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ default:
+ abort ();
+Index: git/opcodes/rx-decode.opc
+===================================================================
+--- git.orig/opcodes/rx-decode.opc 2017-09-21 14:41:57.478649861 +0530
++++ git/opcodes/rx-decode.opc 2017-09-21 14:41:57.458649736 +0530
+@@ -26,6 +26,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -44,7 +45,7 @@
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -52,7 +53,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -60,7 +61,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -68,7 +69,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -88,6 +89,9 @@
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -106,7 +110,7 @@
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -114,7 +118,7 @@
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -123,7 +127,7 @@
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -210,7 +214,7 @@
+ }
+
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
++rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+ int disp;
+
+@@ -227,7 +231,7 @@
+ case 1:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+ disp = GETBYTE ();
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ case 2:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -237,7 +241,7 @@
+ #else
+ disp = disp + GETBYTE () * 256;
+ #endif
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ default:
+ abort ();
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 14:40:17.000000000 +0530
++++ git/opcodes/ChangeLog 2017-09-21 14:44:07.503461009 +0530
+@@ -15,6 +15,15 @@
+ array.
+ * rl78-decode.c: Regenerate.
+
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21587
++ * rx-decode.opc: Include libiberty.h
++ (GET_SCALE): New macro - validates access to SCALE array.
++ (GET_PSCALE): New macro - validates access to PSCALE array.
++ (DIs, SIs, S2Is, rx_disp): Use new macros.
++ * rx-decode.c: Regenerate.
++
+ 2016-08-03 Tristan Gingold <gingold@adacore.com>
+
+ * configure: Regenerate.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
new file mode 100644
index 0000000..0d525e8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
@@ -0,0 +1,3738 @@
+commit 63323b5b23bd83fa7b04ea00dff593c933e9b0e3
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:37:01 2017 +0100
+
+ Fix address violation when disassembling a corrupt RL78 binary.
+
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
+ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
+ array.
+ * rl78-decode.c: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9751
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/rl78-decode.c
+===================================================================
+--- git.orig/opcodes/rl78-decode.c 2017-09-21 13:14:42.256835775 +0530
++++ git/opcodes/rl78-decode.c 2017-09-21 13:14:49.444888350 +0530
+@@ -51,7 +51,9 @@
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -169,7 +171,7 @@
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld = &lds;
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+@@ -201,7 +203,7 @@
+ op[0]);
+ }
+ SYNTAX("nop");
+-#line 911 "rl78-decode.opc"
++#line 913 "rl78-decode.opc"
+ ID(nop);
+
+ /*----------------------------------------------------------------------*/
+@@ -214,7 +216,7 @@
+ case 0x07:
+ {
+ /** 0000 0rw1 addw %0, %1 */
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -224,7 +226,7 @@
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("addw %0, %1");
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -239,7 +241,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, %e!1");
+-#line 265 "rl78-decode.opc"
++#line 267 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -254,7 +256,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, #%1");
+-#line 271 "rl78-decode.opc"
++#line 273 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -269,7 +271,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, %1");
+-#line 277 "rl78-decode.opc"
++#line 279 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ }
+@@ -284,7 +286,7 @@
+ op[0]);
+ }
+ SYNTAX("xch a, x");
+-#line 1234 "rl78-decode.opc"
++#line 1236 "rl78-decode.opc"
+ ID(xch); DR(A); SR(X);
+
+ /*----------------------------------------------------------------------*/
+@@ -301,7 +303,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 678 "rl78-decode.opc"
++#line 680 "rl78-decode.opc"
+ ID(mov); DR(A); SM(B, IMMU(2));
+
+ }
+@@ -316,7 +318,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, #%1");
+-#line 228 "rl78-decode.opc"
++#line 230 "rl78-decode.opc"
+ ID(add); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -333,7 +335,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %1");
+-#line 222 "rl78-decode.opc"
++#line 224 "rl78-decode.opc"
+ ID(add); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -348,7 +350,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, #%1");
+-#line 216 "rl78-decode.opc"
++#line 218 "rl78-decode.opc"
+ ID(add); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -363,7 +365,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 204 "rl78-decode.opc"
++#line 206 "rl78-decode.opc"
+ ID(add); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -378,7 +380,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %ea1");
+-#line 210 "rl78-decode.opc"
++#line 212 "rl78-decode.opc"
+ ID(add); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -393,7 +395,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %e!1");
+-#line 201 "rl78-decode.opc"
++#line 203 "rl78-decode.opc"
+ ID(add); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -408,7 +410,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, #%1");
+-#line 280 "rl78-decode.opc"
++#line 282 "rl78-decode.opc"
+ ID(add); W(); DR(SP); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -425,7 +427,7 @@
+ op[0]);
+ }
+ SYNTAX("es:");
+-#line 193 "rl78-decode.opc"
++#line 195 "rl78-decode.opc"
+ DE(); SE();
+ op ++;
+ pc ++;
+@@ -440,7 +442,7 @@
+ case 0x16:
+ {
+ /** 0001 0ra0 movw %0, %1 */
+-#line 859 "rl78-decode.opc"
++#line 861 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -450,7 +452,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 859 "rl78-decode.opc"
++#line 861 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SR(AX);
+
+ }
+@@ -460,7 +462,7 @@
+ case 0x17:
+ {
+ /** 0001 0ra1 movw %0, %1 */
+-#line 856 "rl78-decode.opc"
++#line 858 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -470,7 +472,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 856 "rl78-decode.opc"
++#line 858 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SRW(ra);
+
+ }
+@@ -485,7 +487,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 729 "rl78-decode.opc"
++#line 731 "rl78-decode.opc"
+ ID(mov); DM(B, IMMU(2)); SR(A);
+
+ }
+@@ -500,7 +502,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 726 "rl78-decode.opc"
++#line 728 "rl78-decode.opc"
+ ID(mov); DM(B, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -515,7 +517,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, #%1");
+-#line 260 "rl78-decode.opc"
++#line 262 "rl78-decode.opc"
+ ID(addc); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -532,7 +534,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %1");
+-#line 257 "rl78-decode.opc"
++#line 259 "rl78-decode.opc"
+ ID(addc); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -547,7 +549,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, #%1");
+-#line 248 "rl78-decode.opc"
++#line 250 "rl78-decode.opc"
+ ID(addc); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -562,7 +564,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 236 "rl78-decode.opc"
++#line 238 "rl78-decode.opc"
+ ID(addc); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -577,7 +579,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %ea1");
+-#line 245 "rl78-decode.opc"
++#line 247 "rl78-decode.opc"
+ ID(addc); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -592,7 +594,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %e!1");
+-#line 233 "rl78-decode.opc"
++#line 235 "rl78-decode.opc"
+ ID(addc); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -607,7 +609,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, #%1");
+-#line 1198 "rl78-decode.opc"
++#line 1200 "rl78-decode.opc"
+ ID(sub); W(); DR(SP); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -620,7 +622,7 @@
+ case 0x27:
+ {
+ /** 0010 0rw1 subw %0, %1 */
+-#line 1192 "rl78-decode.opc"
++#line 1194 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -630,7 +632,7 @@
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("subw %0, %1");
+-#line 1192 "rl78-decode.opc"
++#line 1194 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -645,7 +647,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, %e!1");
+-#line 1183 "rl78-decode.opc"
++#line 1185 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -660,7 +662,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, #%1");
+-#line 1189 "rl78-decode.opc"
++#line 1191 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -675,7 +677,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, %1");
+-#line 1195 "rl78-decode.opc"
++#line 1197 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ }
+@@ -690,7 +692,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 741 "rl78-decode.opc"
++#line 743 "rl78-decode.opc"
+ ID(mov); DM(C, IMMU(2)); SR(A);
+
+ }
+@@ -705,7 +707,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 684 "rl78-decode.opc"
++#line 686 "rl78-decode.opc"
+ ID(mov); DR(A); SM(C, IMMU(2));
+
+ }
+@@ -720,7 +722,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, #%1");
+-#line 1146 "rl78-decode.opc"
++#line 1148 "rl78-decode.opc"
+ ID(sub); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -737,7 +739,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1140 "rl78-decode.opc"
++#line 1142 "rl78-decode.opc"
+ ID(sub); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -752,7 +754,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, #%1");
+-#line 1134 "rl78-decode.opc"
++#line 1136 "rl78-decode.opc"
+ ID(sub); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -767,7 +769,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1122 "rl78-decode.opc"
++#line 1124 "rl78-decode.opc"
+ ID(sub); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -782,7 +784,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %ea1");
+-#line 1128 "rl78-decode.opc"
++#line 1130 "rl78-decode.opc"
+ ID(sub); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -797,7 +799,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %e!1");
+-#line 1119 "rl78-decode.opc"
++#line 1121 "rl78-decode.opc"
+ ID(sub); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -808,7 +810,7 @@
+ case 0x36:
+ {
+ /** 0011 0rg0 movw %0, #%1 */
+-#line 853 "rl78-decode.opc"
++#line 855 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -818,7 +820,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("movw %0, #%1");
+-#line 853 "rl78-decode.opc"
++#line 855 "rl78-decode.opc"
+ ID(mov); W(); DRW(rg); SC(IMMU(2));
+
+ }
+@@ -830,7 +832,7 @@
+ case 0x00:
+ {
+ /** 0011 0001 0bit 0000 btclr %s1, $%a0 */
+-#line 416 "rl78-decode.opc"
++#line 418 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -840,7 +842,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %s1, $%a0");
+-#line 416 "rl78-decode.opc"
++#line 418 "rl78-decode.opc"
+ ID(branch_cond_clear); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ /*----------------------------------------------------------------------*/
+@@ -850,7 +852,7 @@
+ case 0x01:
+ {
+ /** 0011 0001 0bit 0001 btclr %1, $%a0 */
+-#line 410 "rl78-decode.opc"
++#line 412 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -860,7 +862,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %1, $%a0");
+-#line 410 "rl78-decode.opc"
++#line 412 "rl78-decode.opc"
+ ID(branch_cond_clear); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(T);
+
+ }
+@@ -868,7 +870,7 @@
+ case 0x02:
+ {
+ /** 0011 0001 0bit 0010 bt %s1, $%a0 */
+-#line 402 "rl78-decode.opc"
++#line 404 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -878,7 +880,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %s1, $%a0");
+-#line 402 "rl78-decode.opc"
++#line 404 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ /*----------------------------------------------------------------------*/
+@@ -888,7 +890,7 @@
+ case 0x03:
+ {
+ /** 0011 0001 0bit 0011 bt %1, $%a0 */
+-#line 396 "rl78-decode.opc"
++#line 398 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -898,7 +900,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %1, $%a0");
+-#line 396 "rl78-decode.opc"
++#line 398 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(T);
+
+ }
+@@ -906,7 +908,7 @@
+ case 0x04:
+ {
+ /** 0011 0001 0bit 0100 bf %s1, $%a0 */
+-#line 363 "rl78-decode.opc"
++#line 365 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -916,7 +918,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %s1, $%a0");
+-#line 363 "rl78-decode.opc"
++#line 365 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(F);
+
+ /*----------------------------------------------------------------------*/
+@@ -926,7 +928,7 @@
+ case 0x05:
+ {
+ /** 0011 0001 0bit 0101 bf %1, $%a0 */
+-#line 357 "rl78-decode.opc"
++#line 359 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -936,7 +938,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %1, $%a0");
+-#line 357 "rl78-decode.opc"
++#line 359 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(F);
+
+ }
+@@ -944,7 +946,7 @@
+ case 0x07:
+ {
+ /** 0011 0001 0cnt 0111 shl %0, %1 */
+-#line 1075 "rl78-decode.opc"
++#line 1077 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -954,7 +956,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1075 "rl78-decode.opc"
++#line 1077 "rl78-decode.opc"
+ ID(shl); DR(C); SC(cnt);
+
+ }
+@@ -962,7 +964,7 @@
+ case 0x08:
+ {
+ /** 0011 0001 0cnt 1000 shl %0, %1 */
+-#line 1072 "rl78-decode.opc"
++#line 1074 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -972,7 +974,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1072 "rl78-decode.opc"
++#line 1074 "rl78-decode.opc"
+ ID(shl); DR(B); SC(cnt);
+
+ }
+@@ -980,7 +982,7 @@
+ case 0x09:
+ {
+ /** 0011 0001 0cnt 1001 shl %0, %1 */
+-#line 1069 "rl78-decode.opc"
++#line 1071 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -990,7 +992,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1069 "rl78-decode.opc"
++#line 1071 "rl78-decode.opc"
+ ID(shl); DR(A); SC(cnt);
+
+ }
+@@ -998,7 +1000,7 @@
+ case 0x0a:
+ {
+ /** 0011 0001 0cnt 1010 shr %0, %1 */
+-#line 1086 "rl78-decode.opc"
++#line 1088 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1008,7 +1010,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shr %0, %1");
+-#line 1086 "rl78-decode.opc"
++#line 1088 "rl78-decode.opc"
+ ID(shr); DR(A); SC(cnt);
+
+ }
+@@ -1016,7 +1018,7 @@
+ case 0x0b:
+ {
+ /** 0011 0001 0cnt 1011 sar %0, %1 */
+-#line 1033 "rl78-decode.opc"
++#line 1035 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1026,7 +1028,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("sar %0, %1");
+-#line 1033 "rl78-decode.opc"
++#line 1035 "rl78-decode.opc"
+ ID(sar); DR(A); SC(cnt);
+
+ }
+@@ -1035,7 +1037,7 @@
+ case 0x8c:
+ {
+ /** 0011 0001 wcnt 1100 shlw %0, %1 */
+-#line 1081 "rl78-decode.opc"
++#line 1083 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1045,7 +1047,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shlw %0, %1");
+-#line 1081 "rl78-decode.opc"
++#line 1083 "rl78-decode.opc"
+ ID(shl); W(); DR(BC); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1056,7 +1058,7 @@
+ case 0x8d:
+ {
+ /** 0011 0001 wcnt 1101 shlw %0, %1 */
+-#line 1078 "rl78-decode.opc"
++#line 1080 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1066,7 +1068,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shlw %0, %1");
+-#line 1078 "rl78-decode.opc"
++#line 1080 "rl78-decode.opc"
+ ID(shl); W(); DR(AX); SC(wcnt);
+
+ }
+@@ -1075,7 +1077,7 @@
+ case 0x8e:
+ {
+ /** 0011 0001 wcnt 1110 shrw %0, %1 */
+-#line 1089 "rl78-decode.opc"
++#line 1091 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1085,7 +1087,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shrw %0, %1");
+-#line 1089 "rl78-decode.opc"
++#line 1091 "rl78-decode.opc"
+ ID(shr); W(); DR(AX); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1096,7 +1098,7 @@
+ case 0x8f:
+ {
+ /** 0011 0001 wcnt 1111 sarw %0, %1 */
+-#line 1036 "rl78-decode.opc"
++#line 1038 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1106,7 +1108,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("sarw %0, %1");
+-#line 1036 "rl78-decode.opc"
++#line 1038 "rl78-decode.opc"
+ ID(sar); W(); DR(AX); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1116,7 +1118,7 @@
+ case 0x80:
+ {
+ /** 0011 0001 1bit 0000 btclr %s1, $%a0 */
+-#line 413 "rl78-decode.opc"
++#line 415 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1126,7 +1128,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %s1, $%a0");
+-#line 413 "rl78-decode.opc"
++#line 415 "rl78-decode.opc"
+ ID(branch_cond_clear); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ }
+@@ -1134,7 +1136,7 @@
+ case 0x81:
+ {
+ /** 0011 0001 1bit 0001 btclr %e1, $%a0 */
+-#line 407 "rl78-decode.opc"
++#line 409 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1144,7 +1146,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %e1, $%a0");
+-#line 407 "rl78-decode.opc"
++#line 409 "rl78-decode.opc"
+ ID(branch_cond_clear); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(T);
+
+ }
+@@ -1152,7 +1154,7 @@
+ case 0x82:
+ {
+ /** 0011 0001 1bit 0010 bt %s1, $%a0 */
+-#line 399 "rl78-decode.opc"
++#line 401 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1162,7 +1164,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %s1, $%a0");
+-#line 399 "rl78-decode.opc"
++#line 401 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ }
+@@ -1170,7 +1172,7 @@
+ case 0x83:
+ {
+ /** 0011 0001 1bit 0011 bt %e1, $%a0 */
+-#line 393 "rl78-decode.opc"
++#line 395 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1180,7 +1182,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %e1, $%a0");
+-#line 393 "rl78-decode.opc"
++#line 395 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(T);
+
+ }
+@@ -1188,7 +1190,7 @@
+ case 0x84:
+ {
+ /** 0011 0001 1bit 0100 bf %s1, $%a0 */
+-#line 360 "rl78-decode.opc"
++#line 362 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1198,7 +1200,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %s1, $%a0");
+-#line 360 "rl78-decode.opc"
++#line 362 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(F);
+
+ }
+@@ -1206,7 +1208,7 @@
+ case 0x85:
+ {
+ /** 0011 0001 1bit 0101 bf %e1, $%a0 */
+-#line 354 "rl78-decode.opc"
++#line 356 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1216,7 +1218,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %e1, $%a0");
+-#line 354 "rl78-decode.opc"
++#line 356 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(F);
+
+ }
+@@ -1229,7 +1231,7 @@
+ case 0x37:
+ {
+ /** 0011 0ra1 xchw %0, %1 */
+-#line 1239 "rl78-decode.opc"
++#line 1241 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -1239,7 +1241,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("xchw %0, %1");
+-#line 1239 "rl78-decode.opc"
++#line 1241 "rl78-decode.opc"
+ ID(xch); W(); DR(AX); SRW(ra);
+
+ /*----------------------------------------------------------------------*/
+@@ -1256,7 +1258,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 738 "rl78-decode.opc"
++#line 740 "rl78-decode.opc"
+ ID(mov); DM(C, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -1271,7 +1273,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 732 "rl78-decode.opc"
++#line 734 "rl78-decode.opc"
+ ID(mov); DM(BC, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -1286,7 +1288,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, #%1");
+-#line 1178 "rl78-decode.opc"
++#line 1180 "rl78-decode.opc"
+ ID(subc); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1303,7 +1305,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1175 "rl78-decode.opc"
++#line 1177 "rl78-decode.opc"
+ ID(subc); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -1318,7 +1320,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, #%1");
+-#line 1166 "rl78-decode.opc"
++#line 1168 "rl78-decode.opc"
+ ID(subc); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1333,7 +1335,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1154 "rl78-decode.opc"
++#line 1156 "rl78-decode.opc"
+ ID(subc); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -1348,7 +1350,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %ea1");
+-#line 1163 "rl78-decode.opc"
++#line 1165 "rl78-decode.opc"
+ ID(subc); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1363,7 +1365,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %e!1");
+-#line 1151 "rl78-decode.opc"
++#line 1153 "rl78-decode.opc"
+ ID(subc); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1378,7 +1380,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %e!0, #%1");
+-#line 480 "rl78-decode.opc"
++#line 482 "rl78-decode.opc"
+ ID(cmp); DM(None, IMMU(2)); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1393,7 +1395,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 717 "rl78-decode.opc"
++#line 719 "rl78-decode.opc"
+ ID(mov); DR(ES); SC(IMMU(1));
+
+ }
+@@ -1408,7 +1410,7 @@
+ op[0]);
+ }
+ SYNTAX("cmpw %0, %e!1");
+-#line 531 "rl78-decode.opc"
++#line 533 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1418,7 +1420,7 @@
+ case 0x47:
+ {
+ /** 0100 0ra1 cmpw %0, %1 */
+-#line 540 "rl78-decode.opc"
++#line 542 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -1428,7 +1430,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("cmpw %0, %1");
+-#line 540 "rl78-decode.opc"
++#line 542 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SRW(ra); Fzac;
+
+ }
+@@ -1443,7 +1445,7 @@
+ op[0]);
+ }
+ SYNTAX("cmpw %0, #%1");
+-#line 537 "rl78-decode.opc"
++#line 539 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -1458,7 +1460,7 @@
+ op[0]);
+ }
+ SYNTAX("cmpw %0, %1");
+-#line 543 "rl78-decode.opc"
++#line 545 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1475,7 +1477,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 735 "rl78-decode.opc"
++#line 737 "rl78-decode.opc"
+ ID(mov); DM(BC, IMMU(2)); SR(A);
+
+ }
+@@ -1490,7 +1492,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 681 "rl78-decode.opc"
++#line 683 "rl78-decode.opc"
+ ID(mov); DR(A); SM(BC, IMMU(2));
+
+ }
+@@ -1505,7 +1507,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, #%1");
+-#line 483 "rl78-decode.opc"
++#line 485 "rl78-decode.opc"
+ ID(cmp); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1520,7 +1522,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 510 "rl78-decode.opc"
++#line 512 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(None, SADDR); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1537,7 +1539,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, #%1");
+-#line 501 "rl78-decode.opc"
++#line 503 "rl78-decode.opc"
+ ID(cmp); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1552,7 +1554,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 489 "rl78-decode.opc"
++#line 491 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -1567,7 +1569,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %ea1");
+-#line 498 "rl78-decode.opc"
++#line 500 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1582,7 +1584,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %e!1");
+-#line 486 "rl78-decode.opc"
++#line 488 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1597,7 +1599,7 @@
+ case 0x57:
+ {
+ /** 0101 0reg mov %0, #%1 */
+-#line 669 "rl78-decode.opc"
++#line 671 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -1607,7 +1609,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 669 "rl78-decode.opc"
++#line 671 "rl78-decode.opc"
+ ID(mov); DRB(reg); SC(IMMU(1));
+
+ }
+@@ -1622,7 +1624,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 871 "rl78-decode.opc"
++#line 873 "rl78-decode.opc"
+ ID(mov); W(); DM(B, IMMU(2)); SR(AX);
+
+ }
+@@ -1637,7 +1639,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 862 "rl78-decode.opc"
++#line 864 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(B, IMMU(2));
+
+ }
+@@ -1652,7 +1654,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, #%1");
+-#line 312 "rl78-decode.opc"
++#line 314 "rl78-decode.opc"
+ ID(and); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -1669,7 +1671,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %1");
+-#line 309 "rl78-decode.opc"
++#line 311 "rl78-decode.opc"
+ ID(and); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -1684,7 +1686,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, #%1");
+-#line 300 "rl78-decode.opc"
++#line 302 "rl78-decode.opc"
+ ID(and); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -1699,7 +1701,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 288 "rl78-decode.opc"
++#line 290 "rl78-decode.opc"
+ ID(and); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -1714,7 +1716,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %ea1");
+-#line 294 "rl78-decode.opc"
++#line 296 "rl78-decode.opc"
+ ID(and); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -1729,7 +1731,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %e!1");
+-#line 285 "rl78-decode.opc"
++#line 287 "rl78-decode.opc"
+ ID(and); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -1743,7 +1745,7 @@
+ case 0x67:
+ {
+ /** 0110 0rba mov %0, %1 */
+-#line 672 "rl78-decode.opc"
++#line 674 "rl78-decode.opc"
+ int rba AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -1753,7 +1755,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("mov %0, %1");
+-#line 672 "rl78-decode.opc"
++#line 674 "rl78-decode.opc"
+ ID(mov); DR(A); SRB(rba);
+
+ }
+@@ -1772,7 +1774,7 @@
+ case 0x07:
+ {
+ /** 0110 0001 0000 0reg add %0, %1 */
+-#line 225 "rl78-decode.opc"
++#line 227 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1782,7 +1784,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("add %0, %1");
+-#line 225 "rl78-decode.opc"
++#line 227 "rl78-decode.opc"
+ ID(add); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1796,7 +1798,7 @@
+ case 0x0f:
+ {
+ /** 0110 0001 0000 1rba add %0, %1 */
+-#line 219 "rl78-decode.opc"
++#line 221 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1806,7 +1808,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("add %0, %1");
+-#line 219 "rl78-decode.opc"
++#line 221 "rl78-decode.opc"
+ ID(add); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1821,7 +1823,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("addw %0, %ea1");
+-#line 268 "rl78-decode.opc"
++#line 270 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1836,7 +1838,7 @@
+ case 0x17:
+ {
+ /** 0110 0001 0001 0reg addc %0, %1 */
+-#line 254 "rl78-decode.opc"
++#line 256 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1846,7 +1848,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("addc %0, %1");
+-#line 254 "rl78-decode.opc"
++#line 256 "rl78-decode.opc"
+ ID(addc); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1860,7 +1862,7 @@
+ case 0x1f:
+ {
+ /** 0110 0001 0001 1rba addc %0, %1 */
+-#line 251 "rl78-decode.opc"
++#line 253 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1870,7 +1872,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("addc %0, %1");
+-#line 251 "rl78-decode.opc"
++#line 253 "rl78-decode.opc"
+ ID(addc); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1885,7 +1887,7 @@
+ case 0x27:
+ {
+ /** 0110 0001 0010 0reg sub %0, %1 */
+-#line 1143 "rl78-decode.opc"
++#line 1145 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1895,7 +1897,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1143 "rl78-decode.opc"
++#line 1145 "rl78-decode.opc"
+ ID(sub); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1909,7 +1911,7 @@
+ case 0x2f:
+ {
+ /** 0110 0001 0010 1rba sub %0, %1 */
+-#line 1137 "rl78-decode.opc"
++#line 1139 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1919,7 +1921,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1137 "rl78-decode.opc"
++#line 1139 "rl78-decode.opc"
+ ID(sub); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1934,7 +1936,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("subw %0, %ea1");
+-#line 1186 "rl78-decode.opc"
++#line 1188 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1949,7 +1951,7 @@
+ case 0x37:
+ {
+ /** 0110 0001 0011 0reg subc %0, %1 */
+-#line 1172 "rl78-decode.opc"
++#line 1174 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1959,7 +1961,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1172 "rl78-decode.opc"
++#line 1174 "rl78-decode.opc"
+ ID(subc); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1973,7 +1975,7 @@
+ case 0x3f:
+ {
+ /** 0110 0001 0011 1rba subc %0, %1 */
+-#line 1169 "rl78-decode.opc"
++#line 1171 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1983,7 +1985,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1169 "rl78-decode.opc"
++#line 1171 "rl78-decode.opc"
+ ID(subc); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1998,7 +2000,7 @@
+ case 0x47:
+ {
+ /** 0110 0001 0100 0reg cmp %0, %1 */
+-#line 507 "rl78-decode.opc"
++#line 509 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2008,7 +2010,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 507 "rl78-decode.opc"
++#line 509 "rl78-decode.opc"
+ ID(cmp); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -2022,7 +2024,7 @@
+ case 0x4f:
+ {
+ /** 0110 0001 0100 1rba cmp %0, %1 */
+-#line 504 "rl78-decode.opc"
++#line 506 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2032,7 +2034,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 504 "rl78-decode.opc"
++#line 506 "rl78-decode.opc"
+ ID(cmp); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -2047,7 +2049,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmpw %0, %ea1");
+-#line 534 "rl78-decode.opc"
++#line 536 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -2062,7 +2064,7 @@
+ case 0x57:
+ {
+ /** 0110 0001 0101 0reg and %0, %1 */
+-#line 306 "rl78-decode.opc"
++#line 308 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2072,7 +2074,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("and %0, %1");
+-#line 306 "rl78-decode.opc"
++#line 308 "rl78-decode.opc"
+ ID(and); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2086,7 +2088,7 @@
+ case 0x5f:
+ {
+ /** 0110 0001 0101 1rba and %0, %1 */
+-#line 303 "rl78-decode.opc"
++#line 305 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2096,7 +2098,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("and %0, %1");
+-#line 303 "rl78-decode.opc"
++#line 305 "rl78-decode.opc"
+ ID(and); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2111,7 +2113,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("inc %ea0");
+-#line 584 "rl78-decode.opc"
++#line 586 "rl78-decode.opc"
+ ID(add); DM(HL, IMMU(1)); SC(1); Fza;
+
+ }
+@@ -2126,7 +2128,7 @@
+ case 0x67:
+ {
+ /** 0110 0001 0110 0reg or %0, %1 */
+-#line 961 "rl78-decode.opc"
++#line 963 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2136,7 +2138,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("or %0, %1");
+-#line 961 "rl78-decode.opc"
++#line 963 "rl78-decode.opc"
+ ID(or); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2150,7 +2152,7 @@
+ case 0x6f:
+ {
+ /** 0110 0001 0110 1rba or %0, %1 */
+-#line 958 "rl78-decode.opc"
++#line 960 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2160,7 +2162,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("or %0, %1");
+-#line 958 "rl78-decode.opc"
++#line 960 "rl78-decode.opc"
+ ID(or); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2175,7 +2177,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("dec %ea0");
+-#line 551 "rl78-decode.opc"
++#line 553 "rl78-decode.opc"
+ ID(sub); DM(HL, IMMU(1)); SC(1); Fza;
+
+ }
+@@ -2190,7 +2192,7 @@
+ case 0x77:
+ {
+ /** 0110 0001 0111 0reg xor %0, %1 */
+-#line 1265 "rl78-decode.opc"
++#line 1267 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2200,7 +2202,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1265 "rl78-decode.opc"
++#line 1267 "rl78-decode.opc"
+ ID(xor); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2214,7 +2216,7 @@
+ case 0x7f:
+ {
+ /** 0110 0001 0111 1rba xor %0, %1 */
+-#line 1262 "rl78-decode.opc"
++#line 1264 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2224,7 +2226,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1262 "rl78-decode.opc"
++#line 1264 "rl78-decode.opc"
+ ID(xor); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2239,7 +2241,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("incw %ea0");
+-#line 598 "rl78-decode.opc"
++#line 600 "rl78-decode.opc"
+ ID(add); W(); DM(HL, IMMU(1)); SC(1);
+
+ }
+@@ -2255,7 +2257,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 207 "rl78-decode.opc"
++#line 209 "rl78-decode.opc"
+ ID(add); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2270,7 +2272,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 213 "rl78-decode.opc"
++#line 215 "rl78-decode.opc"
+ ID(add); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2309,9 +2311,9 @@
+ case 0xf7:
+ {
+ /** 0110 0001 1nnn 01mm callt [%x0] */
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ int nnn AU = (op[1] >> 4) & 0x07;
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ int mm AU = op[1] & 0x03;
+ if (trace)
+ {
+@@ -2322,7 +2324,7 @@
+ printf (" mm = 0x%x\n", mm);
+ }
+ SYNTAX("callt [%x0]");
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ ID(call); DM(None, 0x80 + mm*16 + nnn*2);
+
+ /*----------------------------------------------------------------------*/
+@@ -2338,7 +2340,7 @@
+ case 0x8f:
+ {
+ /** 0110 0001 1000 1reg xch %0, %1 */
+-#line 1224 "rl78-decode.opc"
++#line 1226 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2348,7 +2350,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("xch %0, %1");
+-#line 1224 "rl78-decode.opc"
++#line 1226 "rl78-decode.opc"
+ /* Note: DECW uses reg == X, so this must follow DECW */
+ ID(xch); DR(A); SRB(reg);
+
+@@ -2364,7 +2366,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("decw %ea0");
+-#line 565 "rl78-decode.opc"
++#line 567 "rl78-decode.opc"
+ ID(sub); W(); DM(HL, IMMU(1)); SC(1);
+
+ }
+@@ -2379,7 +2381,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 239 "rl78-decode.opc"
++#line 241 "rl78-decode.opc"
+ ID(addc); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2394,7 +2396,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 242 "rl78-decode.opc"
++#line 244 "rl78-decode.opc"
+ ID(addc); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2410,7 +2412,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1125 "rl78-decode.opc"
++#line 1127 "rl78-decode.opc"
+ ID(sub); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2425,7 +2427,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1131 "rl78-decode.opc"
++#line 1133 "rl78-decode.opc"
+ ID(sub); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2440,7 +2442,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %1");
+-#line 1228 "rl78-decode.opc"
++#line 1230 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, SADDR);
+
+ }
+@@ -2455,7 +2457,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1221 "rl78-decode.opc"
++#line 1223 "rl78-decode.opc"
+ ID(xch); DR(A); SM2(HL, C, 0);
+
+ }
+@@ -2470,7 +2472,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e!1");
+-#line 1203 "rl78-decode.opc"
++#line 1205 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, IMMU(2));
+
+ }
+@@ -2485,7 +2487,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %s1");
+-#line 1231 "rl78-decode.opc"
++#line 1233 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, SFR);
+
+ }
+@@ -2500,7 +2502,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1212 "rl78-decode.opc"
++#line 1214 "rl78-decode.opc"
+ ID(xch); DR(A); SM(HL, 0);
+
+ }
+@@ -2515,7 +2517,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %ea1");
+-#line 1218 "rl78-decode.opc"
++#line 1220 "rl78-decode.opc"
+ ID(xch); DR(A); SM(HL, IMMU(1));
+
+ }
+@@ -2530,7 +2532,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1206 "rl78-decode.opc"
++#line 1208 "rl78-decode.opc"
+ ID(xch); DR(A); SM(DE, 0);
+
+ }
+@@ -2545,7 +2547,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %ea1");
+-#line 1209 "rl78-decode.opc"
++#line 1211 "rl78-decode.opc"
+ ID(xch); DR(A); SM(DE, IMMU(1));
+
+ }
+@@ -2560,7 +2562,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1157 "rl78-decode.opc"
++#line 1159 "rl78-decode.opc"
+ ID(subc); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2575,7 +2577,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1160 "rl78-decode.opc"
++#line 1162 "rl78-decode.opc"
+ ID(subc); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2590,7 +2592,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 723 "rl78-decode.opc"
++#line 725 "rl78-decode.opc"
+ ID(mov); DR(ES); SM(None, SADDR);
+
+ }
+@@ -2605,7 +2607,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1215 "rl78-decode.opc"
++#line 1217 "rl78-decode.opc"
+ ID(xch); DR(A); SM2(HL, B, 0);
+
+ }
+@@ -2620,7 +2622,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 492 "rl78-decode.opc"
++#line 494 "rl78-decode.opc"
+ ID(cmp); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2635,7 +2637,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 495 "rl78-decode.opc"
++#line 497 "rl78-decode.opc"
+ ID(cmp); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2650,7 +2652,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("bh $%a0");
+-#line 340 "rl78-decode.opc"
++#line 342 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(None); COND(H);
+
+ }
+@@ -2665,7 +2667,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1094 "rl78-decode.opc"
++#line 1096 "rl78-decode.opc"
+ ID(skip); COND(C);
+
+ }
+@@ -2680,7 +2682,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 660 "rl78-decode.opc"
++#line 662 "rl78-decode.opc"
+ ID(mov); DR(A); SM2(HL, B, 0);
+
+ }
+@@ -2691,7 +2693,7 @@
+ case 0xfa:
+ {
+ /** 0110 0001 11rg 1010 call %0 */
+-#line 430 "rl78-decode.opc"
++#line 432 "rl78-decode.opc"
+ int rg AU = (op[1] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -2701,7 +2703,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("call %0");
+-#line 430 "rl78-decode.opc"
++#line 432 "rl78-decode.opc"
+ ID(call); DRW(rg);
+
+ }
+@@ -2716,7 +2718,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("br ax");
+-#line 380 "rl78-decode.opc"
++#line 382 "rl78-decode.opc"
+ ID(branch); DR(AX);
+
+ /*----------------------------------------------------------------------*/
+@@ -2733,7 +2735,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("brk");
+-#line 388 "rl78-decode.opc"
++#line 390 "rl78-decode.opc"
+ ID(break);
+
+ /*----------------------------------------------------------------------*/
+@@ -2750,7 +2752,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("pop %s0");
+-#line 989 "rl78-decode.opc"
++#line 991 "rl78-decode.opc"
+ ID(mov); W(); DR(PSW); SPOP();
+
+ /*----------------------------------------------------------------------*/
+@@ -2767,7 +2769,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("movs %ea0, %1");
+-#line 811 "rl78-decode.opc"
++#line 813 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SR(X); Fzc;
+
+ /*----------------------------------------------------------------------*/
+@@ -2780,7 +2782,7 @@
+ case 0xff:
+ {
+ /** 0110 0001 11rb 1111 sel rb%1 */
+-#line 1041 "rl78-decode.opc"
++#line 1043 "rl78-decode.opc"
+ int rb AU = (op[1] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -2790,7 +2792,7 @@
+ printf (" rb = 0x%x\n", rb);
+ }
+ SYNTAX("sel rb%1");
+-#line 1041 "rl78-decode.opc"
++#line 1043 "rl78-decode.opc"
+ ID(sel); SC(rb);
+
+ /*----------------------------------------------------------------------*/
+@@ -2807,7 +2809,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 291 "rl78-decode.opc"
++#line 293 "rl78-decode.opc"
+ ID(and); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -2822,7 +2824,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 297 "rl78-decode.opc"
++#line 299 "rl78-decode.opc"
+ ID(and); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -2837,7 +2839,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("bnh $%a0");
+-#line 343 "rl78-decode.opc"
++#line 345 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(None); COND(NH);
+
+ }
+@@ -2852,7 +2854,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1100 "rl78-decode.opc"
++#line 1102 "rl78-decode.opc"
+ ID(skip); COND(NC);
+
+ }
+@@ -2867,7 +2869,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 627 "rl78-decode.opc"
++#line 629 "rl78-decode.opc"
+ ID(mov); DM2(HL, B, 0); SR(A);
+
+ }
+@@ -2882,7 +2884,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("ror %0, %1");
+-#line 1022 "rl78-decode.opc"
++#line 1024 "rl78-decode.opc"
+ ID(ror); DR(A); SC(1);
+
+ }
+@@ -2897,7 +2899,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("rolc %0, %1");
+-#line 1016 "rl78-decode.opc"
++#line 1018 "rl78-decode.opc"
+ ID(rolc); DR(A); SC(1);
+
+ }
+@@ -2912,7 +2914,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("push %s1");
+-#line 997 "rl78-decode.opc"
++#line 999 "rl78-decode.opc"
+ ID(mov); W(); DPUSH(); SR(PSW);
+
+ /*----------------------------------------------------------------------*/
+@@ -2929,7 +2931,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmps %0, %ea1");
+-#line 526 "rl78-decode.opc"
++#line 528 "rl78-decode.opc"
+ ID(cmp); DR(X); SM(HL, IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -2946,7 +2948,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 946 "rl78-decode.opc"
++#line 948 "rl78-decode.opc"
+ ID(or); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -2961,7 +2963,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 952 "rl78-decode.opc"
++#line 954 "rl78-decode.opc"
+ ID(or); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -2976,7 +2978,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1097 "rl78-decode.opc"
++#line 1099 "rl78-decode.opc"
+ ID(skip); COND(H);
+
+ }
+@@ -2991,7 +2993,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1109 "rl78-decode.opc"
++#line 1111 "rl78-decode.opc"
+ ID(skip); COND(Z);
+
+ /*----------------------------------------------------------------------*/
+@@ -3008,7 +3010,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 663 "rl78-decode.opc"
++#line 665 "rl78-decode.opc"
+ ID(mov); DR(A); SM2(HL, C, 0);
+
+ }
+@@ -3023,7 +3025,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("rol %0, %1");
+-#line 1013 "rl78-decode.opc"
++#line 1015 "rl78-decode.opc"
+ ID(rol); DR(A); SC(1);
+
+ }
+@@ -3038,7 +3040,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("retb");
+-#line 1008 "rl78-decode.opc"
++#line 1010 "rl78-decode.opc"
+ ID(reti);
+
+ /*----------------------------------------------------------------------*/
+@@ -3055,7 +3057,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("halt");
+-#line 576 "rl78-decode.opc"
++#line 578 "rl78-decode.opc"
+ ID(halt);
+
+ /*----------------------------------------------------------------------*/
+@@ -3066,7 +3068,7 @@
+ case 0xfe:
+ {
+ /** 0110 0001 111r 1110 rolwc %0, %1 */
+-#line 1019 "rl78-decode.opc"
++#line 1021 "rl78-decode.opc"
+ int r AU = (op[1] >> 4) & 0x01;
+ if (trace)
+ {
+@@ -3076,7 +3078,7 @@
+ printf (" r = 0x%x\n", r);
+ }
+ SYNTAX("rolwc %0, %1");
+-#line 1019 "rl78-decode.opc"
++#line 1021 "rl78-decode.opc"
+ ID(rolc); W(); DRW(r); SC(1);
+
+ }
+@@ -3091,7 +3093,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1250 "rl78-decode.opc"
++#line 1252 "rl78-decode.opc"
+ ID(xor); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -3106,7 +3108,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1256 "rl78-decode.opc"
++#line 1258 "rl78-decode.opc"
+ ID(xor); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -3121,7 +3123,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1103 "rl78-decode.opc"
++#line 1105 "rl78-decode.opc"
+ ID(skip); COND(NH);
+
+ }
+@@ -3136,7 +3138,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1106 "rl78-decode.opc"
++#line 1108 "rl78-decode.opc"
+ ID(skip); COND(NZ);
+
+ }
+@@ -3151,7 +3153,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 636 "rl78-decode.opc"
++#line 638 "rl78-decode.opc"
+ ID(mov); DM2(HL, C, 0); SR(A);
+
+ }
+@@ -3166,7 +3168,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("rorc %0, %1");
+-#line 1025 "rl78-decode.opc"
++#line 1027 "rl78-decode.opc"
+ ID(rorc); DR(A); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -3186,7 +3188,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("reti");
+-#line 1005 "rl78-decode.opc"
++#line 1007 "rl78-decode.opc"
+ ID(reti);
+
+ }
+@@ -3201,7 +3203,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("stop");
+-#line 1114 "rl78-decode.opc"
++#line 1116 "rl78-decode.opc"
+ ID(stop);
+
+ /*----------------------------------------------------------------------*/
+@@ -3221,7 +3223,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 874 "rl78-decode.opc"
++#line 876 "rl78-decode.opc"
+ ID(mov); W(); DM(C, IMMU(2)); SR(AX);
+
+ }
+@@ -3236,7 +3238,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 865 "rl78-decode.opc"
++#line 867 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(C, IMMU(2));
+
+ }
+@@ -3251,7 +3253,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, #%1");
+-#line 967 "rl78-decode.opc"
++#line 969 "rl78-decode.opc"
+ ID(or); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -3268,7 +3270,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %1");
+-#line 964 "rl78-decode.opc"
++#line 966 "rl78-decode.opc"
+ ID(or); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -3283,7 +3285,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, #%1");
+-#line 955 "rl78-decode.opc"
++#line 957 "rl78-decode.opc"
+ ID(or); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -3298,7 +3300,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 943 "rl78-decode.opc"
++#line 945 "rl78-decode.opc"
+ ID(or); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -3313,7 +3315,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %ea1");
+-#line 949 "rl78-decode.opc"
++#line 951 "rl78-decode.opc"
+ ID(or); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -3328,7 +3330,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %e!1");
+-#line 940 "rl78-decode.opc"
++#line 942 "rl78-decode.opc"
+ ID(or); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -3342,7 +3344,7 @@
+ case 0x77:
+ {
+ /** 0111 0rba mov %0, %1 */
+-#line 696 "rl78-decode.opc"
++#line 698 "rl78-decode.opc"
+ int rba AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -3352,7 +3354,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("mov %0, %1");
+-#line 696 "rl78-decode.opc"
++#line 698 "rl78-decode.opc"
+ ID(mov); DRB(rba); SR(A);
+
+ }
+@@ -3371,7 +3373,7 @@
+ case 0x70:
+ {
+ /** 0111 0001 0bit 0000 set1 %e!0 */
+-#line 1046 "rl78-decode.opc"
++#line 1048 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3381,7 +3383,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %e!0");
+-#line 1046 "rl78-decode.opc"
++#line 1048 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); DB(bit); SC(1);
+
+ }
+@@ -3396,7 +3398,7 @@
+ case 0x71:
+ {
+ /** 0111 0001 0bit 0001 mov1 %0, cy */
+-#line 803 "rl78-decode.opc"
++#line 805 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3406,7 +3408,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %0, cy");
+-#line 803 "rl78-decode.opc"
++#line 805 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SCY();
+
+ }
+@@ -3421,7 +3423,7 @@
+ case 0x72:
+ {
+ /** 0111 0001 0bit 0010 set1 %0 */
+-#line 1064 "rl78-decode.opc"
++#line 1066 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3431,7 +3433,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %0");
+-#line 1064 "rl78-decode.opc"
++#line 1066 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -3448,7 +3450,7 @@
+ case 0x73:
+ {
+ /** 0111 0001 0bit 0011 clr1 %0 */
+-#line 456 "rl78-decode.opc"
++#line 458 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3458,7 +3460,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %0");
+-#line 456 "rl78-decode.opc"
++#line 458 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -3475,7 +3477,7 @@
+ case 0x74:
+ {
+ /** 0111 0001 0bit 0100 mov1 cy, %1 */
+-#line 797 "rl78-decode.opc"
++#line 799 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3485,7 +3487,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %1");
+-#line 797 "rl78-decode.opc"
++#line 799 "rl78-decode.opc"
+ ID(mov); DCY(); SM(None, SADDR); SB(bit);
+
+ }
+@@ -3500,7 +3502,7 @@
+ case 0x75:
+ {
+ /** 0111 0001 0bit 0101 and1 cy, %s1 */
+-#line 326 "rl78-decode.opc"
++#line 328 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3510,7 +3512,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %s1");
+-#line 326 "rl78-decode.opc"
++#line 328 "rl78-decode.opc"
+ ID(and); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3530,7 +3532,7 @@
+ case 0x76:
+ {
+ /** 0111 0001 0bit 0110 or1 cy, %s1 */
+-#line 981 "rl78-decode.opc"
++#line 983 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3540,7 +3542,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %s1");
+-#line 981 "rl78-decode.opc"
++#line 983 "rl78-decode.opc"
+ ID(or); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3557,7 +3559,7 @@
+ case 0x77:
+ {
+ /** 0111 0001 0bit 0111 xor1 cy, %s1 */
+-#line 1285 "rl78-decode.opc"
++#line 1287 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3567,7 +3569,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %s1");
+-#line 1285 "rl78-decode.opc"
++#line 1287 "rl78-decode.opc"
+ ID(xor); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3584,7 +3586,7 @@
+ case 0x78:
+ {
+ /** 0111 0001 0bit 1000 clr1 %e!0 */
+-#line 438 "rl78-decode.opc"
++#line 440 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3594,7 +3596,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %e!0");
+-#line 438 "rl78-decode.opc"
++#line 440 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); DB(bit); SC(0);
+
+ }
+@@ -3609,7 +3611,7 @@
+ case 0x79:
+ {
+ /** 0111 0001 0bit 1001 mov1 %s0, cy */
+-#line 806 "rl78-decode.opc"
++#line 808 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3619,7 +3621,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %s0, cy");
+-#line 806 "rl78-decode.opc"
++#line 808 "rl78-decode.opc"
+ ID(mov); DM(None, SFR); DB(bit); SCY();
+
+ /*----------------------------------------------------------------------*/
+@@ -3636,7 +3638,7 @@
+ case 0x7a:
+ {
+ /** 0111 0001 0bit 1010 set1 %s0 */
+-#line 1058 "rl78-decode.opc"
++#line 1060 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3646,7 +3648,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %s0");
+-#line 1058 "rl78-decode.opc"
++#line 1060 "rl78-decode.opc"
+ op0 = SFR;
+ ID(mov); DM(None, op0); DB(bit); SC(1);
+ if (op0 == RL78_SFR_PSW && bit == 7)
+@@ -3664,7 +3666,7 @@
+ case 0x7b:
+ {
+ /** 0111 0001 0bit 1011 clr1 %s0 */
+-#line 450 "rl78-decode.opc"
++#line 452 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3674,7 +3676,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %s0");
+-#line 450 "rl78-decode.opc"
++#line 452 "rl78-decode.opc"
+ op0 = SFR;
+ ID(mov); DM(None, op0); DB(bit); SC(0);
+ if (op0 == RL78_SFR_PSW && bit == 7)
+@@ -3692,7 +3694,7 @@
+ case 0x7c:
+ {
+ /** 0111 0001 0bit 1100 mov1 cy, %s1 */
+-#line 800 "rl78-decode.opc"
++#line 802 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3702,7 +3704,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %s1");
+-#line 800 "rl78-decode.opc"
++#line 802 "rl78-decode.opc"
+ ID(mov); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3717,7 +3719,7 @@
+ case 0x7d:
+ {
+ /** 0111 0001 0bit 1101 and1 cy, %s1 */
+-#line 323 "rl78-decode.opc"
++#line 325 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3727,7 +3729,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %s1");
+-#line 323 "rl78-decode.opc"
++#line 325 "rl78-decode.opc"
+ ID(and); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3742,7 +3744,7 @@
+ case 0x7e:
+ {
+ /** 0111 0001 0bit 1110 or1 cy, %s1 */
+-#line 978 "rl78-decode.opc"
++#line 980 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3752,7 +3754,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %s1");
+-#line 978 "rl78-decode.opc"
++#line 980 "rl78-decode.opc"
+ ID(or); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3767,7 +3769,7 @@
+ case 0x7f:
+ {
+ /** 0111 0001 0bit 1111 xor1 cy, %s1 */
+-#line 1282 "rl78-decode.opc"
++#line 1284 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3777,7 +3779,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %s1");
+-#line 1282 "rl78-decode.opc"
++#line 1284 "rl78-decode.opc"
+ ID(xor); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3792,7 +3794,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("set1 cy");
+-#line 1055 "rl78-decode.opc"
++#line 1057 "rl78-decode.opc"
+ ID(mov); DCY(); SC(1);
+
+ }
+@@ -3807,7 +3809,7 @@
+ case 0xf1:
+ {
+ /** 0111 0001 1bit 0001 mov1 %e0, cy */
+-#line 785 "rl78-decode.opc"
++#line 787 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3817,7 +3819,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %e0, cy");
+-#line 785 "rl78-decode.opc"
++#line 787 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SCY();
+
+ }
+@@ -3832,7 +3834,7 @@
+ case 0xf2:
+ {
+ /** 0111 0001 1bit 0010 set1 %e0 */
+-#line 1049 "rl78-decode.opc"
++#line 1051 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3842,7 +3844,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %e0");
+-#line 1049 "rl78-decode.opc"
++#line 1051 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SC(1);
+
+ }
+@@ -3857,7 +3859,7 @@
+ case 0xf3:
+ {
+ /** 0111 0001 1bit 0011 clr1 %e0 */
+-#line 441 "rl78-decode.opc"
++#line 443 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3867,7 +3869,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %e0");
+-#line 441 "rl78-decode.opc"
++#line 443 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SC(0);
+
+ }
+@@ -3882,7 +3884,7 @@
+ case 0xf4:
+ {
+ /** 0111 0001 1bit 0100 mov1 cy, %e1 */
+-#line 791 "rl78-decode.opc"
++#line 793 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3892,7 +3894,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %e1");
+-#line 791 "rl78-decode.opc"
++#line 793 "rl78-decode.opc"
+ ID(mov); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3907,7 +3909,7 @@
+ case 0xf5:
+ {
+ /** 0111 0001 1bit 0101 and1 cy, %e1 */
+-#line 317 "rl78-decode.opc"
++#line 319 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3917,7 +3919,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %e1");
+-#line 317 "rl78-decode.opc"
++#line 319 "rl78-decode.opc"
+ ID(and); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3932,7 +3934,7 @@
+ case 0xf6:
+ {
+ /** 0111 0001 1bit 0110 or1 cy, %e1 */
+-#line 972 "rl78-decode.opc"
++#line 974 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3942,7 +3944,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %e1");
+-#line 972 "rl78-decode.opc"
++#line 974 "rl78-decode.opc"
+ ID(or); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3957,7 +3959,7 @@
+ case 0xf7:
+ {
+ /** 0111 0001 1bit 0111 xor1 cy, %e1 */
+-#line 1276 "rl78-decode.opc"
++#line 1278 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3967,7 +3969,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %e1");
+-#line 1276 "rl78-decode.opc"
++#line 1278 "rl78-decode.opc"
+ ID(xor); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3982,7 +3984,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("clr1 cy");
+-#line 447 "rl78-decode.opc"
++#line 449 "rl78-decode.opc"
+ ID(mov); DCY(); SC(0);
+
+ }
+@@ -3997,7 +3999,7 @@
+ case 0xf9:
+ {
+ /** 0111 0001 1bit 1001 mov1 %e0, cy */
+-#line 788 "rl78-decode.opc"
++#line 790 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4007,7 +4009,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %e0, cy");
+-#line 788 "rl78-decode.opc"
++#line 790 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SCY();
+
+ }
+@@ -4022,7 +4024,7 @@
+ case 0xfa:
+ {
+ /** 0111 0001 1bit 1010 set1 %0 */
+-#line 1052 "rl78-decode.opc"
++#line 1054 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4032,7 +4034,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %0");
+-#line 1052 "rl78-decode.opc"
++#line 1054 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SC(1);
+
+ }
+@@ -4047,7 +4049,7 @@
+ case 0xfb:
+ {
+ /** 0111 0001 1bit 1011 clr1 %0 */
+-#line 444 "rl78-decode.opc"
++#line 446 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4057,7 +4059,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %0");
+-#line 444 "rl78-decode.opc"
++#line 446 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SC(0);
+
+ }
+@@ -4072,7 +4074,7 @@
+ case 0xfc:
+ {
+ /** 0111 0001 1bit 1100 mov1 cy, %e1 */
+-#line 794 "rl78-decode.opc"
++#line 796 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4082,7 +4084,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %e1");
+-#line 794 "rl78-decode.opc"
++#line 796 "rl78-decode.opc"
+ ID(mov); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4097,7 +4099,7 @@
+ case 0xfd:
+ {
+ /** 0111 0001 1bit 1101 and1 cy, %1 */
+-#line 320 "rl78-decode.opc"
++#line 322 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4107,7 +4109,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %1");
+-#line 320 "rl78-decode.opc"
++#line 322 "rl78-decode.opc"
+ ID(and); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4122,7 +4124,7 @@
+ case 0xfe:
+ {
+ /** 0111 0001 1bit 1110 or1 cy, %1 */
+-#line 975 "rl78-decode.opc"
++#line 977 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4132,7 +4134,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %1");
+-#line 975 "rl78-decode.opc"
++#line 977 "rl78-decode.opc"
+ ID(or); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4147,7 +4149,7 @@
+ case 0xff:
+ {
+ /** 0111 0001 1bit 1111 xor1 cy, %1 */
+-#line 1279 "rl78-decode.opc"
++#line 1281 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4157,7 +4159,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %1");
+-#line 1279 "rl78-decode.opc"
++#line 1281 "rl78-decode.opc"
+ ID(xor); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4172,7 +4174,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("not1 cy");
+-#line 916 "rl78-decode.opc"
++#line 918 "rl78-decode.opc"
+ ID(xor); DCY(); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4192,7 +4194,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 877 "rl78-decode.opc"
++#line 879 "rl78-decode.opc"
+ ID(mov); W(); DM(BC, IMMU(2)); SR(AX);
+
+ }
+@@ -4207,7 +4209,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 868 "rl78-decode.opc"
++#line 870 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(BC, IMMU(2));
+
+ }
+@@ -4222,7 +4224,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, #%1");
+-#line 1271 "rl78-decode.opc"
++#line 1273 "rl78-decode.opc"
+ ID(xor); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -4239,7 +4241,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1268 "rl78-decode.opc"
++#line 1270 "rl78-decode.opc"
+ ID(xor); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -4254,7 +4256,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, #%1");
+-#line 1259 "rl78-decode.opc"
++#line 1261 "rl78-decode.opc"
+ ID(xor); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -4269,7 +4271,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1247 "rl78-decode.opc"
++#line 1249 "rl78-decode.opc"
+ ID(xor); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -4284,7 +4286,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %ea1");
+-#line 1253 "rl78-decode.opc"
++#line 1255 "rl78-decode.opc"
+ ID(xor); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -4299,7 +4301,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %e!1");
+-#line 1244 "rl78-decode.opc"
++#line 1246 "rl78-decode.opc"
+ ID(xor); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -4314,7 +4316,7 @@
+ case 0x87:
+ {
+ /** 1000 0reg inc %0 */
+-#line 587 "rl78-decode.opc"
++#line 589 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -4324,7 +4326,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("inc %0");
+-#line 587 "rl78-decode.opc"
++#line 589 "rl78-decode.opc"
+ ID(add); DRB(reg); SC(1); Fza;
+
+ }
+@@ -4339,7 +4341,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 666 "rl78-decode.opc"
++#line 668 "rl78-decode.opc"
+ ID(mov); DR(A); SM(SP, IMMU(1));
+
+ }
+@@ -4354,7 +4356,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 648 "rl78-decode.opc"
++#line 650 "rl78-decode.opc"
+ ID(mov); DR(A); SM(DE, 0);
+
+ }
+@@ -4369,7 +4371,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 651 "rl78-decode.opc"
++#line 653 "rl78-decode.opc"
+ ID(mov); DR(A); SM(DE, IMMU(1));
+
+ }
+@@ -4384,7 +4386,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 654 "rl78-decode.opc"
++#line 656 "rl78-decode.opc"
+ ID(mov); DR(A); SM(HL, 0);
+
+ }
+@@ -4399,7 +4401,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 657 "rl78-decode.opc"
++#line 659 "rl78-decode.opc"
+ ID(mov); DR(A); SM(HL, IMMU(1));
+
+ }
+@@ -4414,7 +4416,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 690 "rl78-decode.opc"
++#line 692 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, SADDR);
+
+ }
+@@ -4429,7 +4431,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %s1");
+-#line 687 "rl78-decode.opc"
++#line 689 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, SFR);
+
+ }
+@@ -4444,7 +4446,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 645 "rl78-decode.opc"
++#line 647 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, IMMU(2));
+
+ }
+@@ -4459,7 +4461,7 @@
+ case 0x97:
+ {
+ /** 1001 0reg dec %0 */
+-#line 554 "rl78-decode.opc"
++#line 556 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -4469,7 +4471,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("dec %0");
+-#line 554 "rl78-decode.opc"
++#line 556 "rl78-decode.opc"
+ ID(sub); DRB(reg); SC(1); Fza;
+
+ }
+@@ -4484,7 +4486,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %a0, %1");
+-#line 642 "rl78-decode.opc"
++#line 644 "rl78-decode.opc"
+ ID(mov); DM(SP, IMMU(1)); SR(A);
+
+ }
+@@ -4499,7 +4501,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 615 "rl78-decode.opc"
++#line 617 "rl78-decode.opc"
+ ID(mov); DM(DE, 0); SR(A);
+
+ }
+@@ -4514,7 +4516,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, %1");
+-#line 621 "rl78-decode.opc"
++#line 623 "rl78-decode.opc"
+ ID(mov); DM(DE, IMMU(1)); SR(A);
+
+ }
+@@ -4529,7 +4531,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 624 "rl78-decode.opc"
++#line 626 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); SR(A);
+
+ }
+@@ -4544,7 +4546,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, %1");
+-#line 633 "rl78-decode.opc"
++#line 635 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SR(A);
+
+ }
+@@ -4559,7 +4561,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 747 "rl78-decode.opc"
++#line 749 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SR(A);
+
+ }
+@@ -4574,7 +4576,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %s0, %1");
+-#line 780 "rl78-decode.opc"
++#line 782 "rl78-decode.opc"
+ ID(mov); DM(None, SFR); SR(A);
+
+ /*----------------------------------------------------------------------*/
+@@ -4591,7 +4593,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e!0, %1");
+-#line 612 "rl78-decode.opc"
++#line 614 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SR(A);
+
+ }
+@@ -4606,7 +4608,7 @@
+ op[0]);
+ }
+ SYNTAX("inc %e!0");
+-#line 581 "rl78-decode.opc"
++#line 583 "rl78-decode.opc"
+ ID(add); DM(None, IMMU(2)); SC(1); Fza;
+
+ }
+@@ -4617,7 +4619,7 @@
+ case 0xa7:
+ {
+ /** 1010 0rg1 incw %0 */
+-#line 601 "rl78-decode.opc"
++#line 603 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -4627,7 +4629,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("incw %0");
+-#line 601 "rl78-decode.opc"
++#line 603 "rl78-decode.opc"
+ ID(add); W(); DRW(rg); SC(1);
+
+ }
+@@ -4642,7 +4644,7 @@
+ op[0]);
+ }
+ SYNTAX("incw %e!0");
+-#line 595 "rl78-decode.opc"
++#line 597 "rl78-decode.opc"
+ ID(add); W(); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -4657,7 +4659,7 @@
+ op[0]);
+ }
+ SYNTAX("inc %0");
+-#line 590 "rl78-decode.opc"
++#line 592 "rl78-decode.opc"
+ ID(add); DM(None, SADDR); SC(1); Fza;
+
+ /*----------------------------------------------------------------------*/
+@@ -4674,7 +4676,7 @@
+ op[0]);
+ }
+ SYNTAX("incw %0");
+-#line 604 "rl78-decode.opc"
++#line 606 "rl78-decode.opc"
+ ID(add); W(); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4691,7 +4693,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %a1");
+-#line 850 "rl78-decode.opc"
++#line 852 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(SP, IMMU(1));
+
+ }
+@@ -4706,7 +4708,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 838 "rl78-decode.opc"
++#line 840 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(DE, 0);
+
+ }
+@@ -4721,7 +4723,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %ea1");
+-#line 841 "rl78-decode.opc"
++#line 843 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(DE, IMMU(1));
+
+ }
+@@ -4736,7 +4738,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 844 "rl78-decode.opc"
++#line 846 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(HL, 0);
+
+ }
+@@ -4751,7 +4753,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %ea1");
+-#line 847 "rl78-decode.opc"
++#line 849 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(HL, IMMU(1));
+
+ }
+@@ -4766,7 +4768,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %1");
+-#line 880 "rl78-decode.opc"
++#line 882 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, SADDR);
+
+ }
+@@ -4781,7 +4783,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %s1");
+-#line 883 "rl78-decode.opc"
++#line 885 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, SFR);
+
+ }
+@@ -4796,7 +4798,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e!1");
+-#line 834 "rl78-decode.opc"
++#line 836 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, IMMU(2));
+
+
+@@ -4812,7 +4814,7 @@
+ op[0]);
+ }
+ SYNTAX("dec %e!0");
+-#line 548 "rl78-decode.opc"
++#line 550 "rl78-decode.opc"
+ ID(sub); DM(None, IMMU(2)); SC(1); Fza;
+
+ }
+@@ -4823,7 +4825,7 @@
+ case 0xb7:
+ {
+ /** 1011 0rg1 decw %0 */
+-#line 568 "rl78-decode.opc"
++#line 570 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -4833,7 +4835,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("decw %0");
+-#line 568 "rl78-decode.opc"
++#line 570 "rl78-decode.opc"
+ ID(sub); W(); DRW(rg); SC(1);
+
+ }
+@@ -4848,7 +4850,7 @@
+ op[0]);
+ }
+ SYNTAX("decw %e!0");
+-#line 562 "rl78-decode.opc"
++#line 564 "rl78-decode.opc"
+ ID(sub); W(); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -4863,7 +4865,7 @@
+ op[0]);
+ }
+ SYNTAX("dec %0");
+-#line 557 "rl78-decode.opc"
++#line 559 "rl78-decode.opc"
+ ID(sub); DM(None, SADDR); SC(1); Fza;
+
+ /*----------------------------------------------------------------------*/
+@@ -4880,7 +4882,7 @@
+ op[0]);
+ }
+ SYNTAX("decw %0");
+-#line 571 "rl78-decode.opc"
++#line 573 "rl78-decode.opc"
+ ID(sub); W(); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4897,7 +4899,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %a0, %1");
+-#line 831 "rl78-decode.opc"
++#line 833 "rl78-decode.opc"
+ ID(mov); W(); DM(SP, IMMU(1)); SR(AX);
+
+ }
+@@ -4912,7 +4914,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 819 "rl78-decode.opc"
++#line 821 "rl78-decode.opc"
+ ID(mov); W(); DM(DE, 0); SR(AX);
+
+ }
+@@ -4927,7 +4929,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %ea0, %1");
+-#line 822 "rl78-decode.opc"
++#line 824 "rl78-decode.opc"
+ ID(mov); W(); DM(DE, IMMU(1)); SR(AX);
+
+ }
+@@ -4942,7 +4944,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 825 "rl78-decode.opc"
++#line 827 "rl78-decode.opc"
+ ID(mov); W(); DM(HL, 0); SR(AX);
+
+ }
+@@ -4957,7 +4959,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %ea0, %1");
+-#line 828 "rl78-decode.opc"
++#line 830 "rl78-decode.opc"
+ ID(mov); W(); DM(HL, IMMU(1)); SR(AX);
+
+ }
+@@ -4972,7 +4974,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %1");
+-#line 895 "rl78-decode.opc"
++#line 897 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SADDR); SR(AX);
+
+ }
+@@ -4987,7 +4989,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %s0, %1");
+-#line 901 "rl78-decode.opc"
++#line 903 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SFR); SR(AX);
+
+ /*----------------------------------------------------------------------*/
+@@ -5004,7 +5006,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e!0, %1");
+-#line 816 "rl78-decode.opc"
++#line 818 "rl78-decode.opc"
+ ID(mov); W(); DM(None, IMMU(2)); SR(AX);
+
+ }
+@@ -5015,7 +5017,7 @@
+ case 0xc6:
+ {
+ /** 1100 0rg0 pop %0 */
+-#line 986 "rl78-decode.opc"
++#line 988 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -5025,7 +5027,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("pop %0");
+-#line 986 "rl78-decode.opc"
++#line 988 "rl78-decode.opc"
+ ID(mov); W(); DRW(rg); SPOP();
+
+ }
+@@ -5036,7 +5038,7 @@
+ case 0xc7:
+ {
+ /** 1100 0rg1 push %1 */
+-#line 994 "rl78-decode.opc"
++#line 996 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -5046,7 +5048,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("push %1");
+-#line 994 "rl78-decode.opc"
++#line 996 "rl78-decode.opc"
+ ID(mov); W(); DPUSH(); SRW(rg);
+
+ }
+@@ -5061,7 +5063,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %a0, #%1");
+-#line 639 "rl78-decode.opc"
++#line 641 "rl78-decode.opc"
+ ID(mov); DM(SP, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5076,7 +5078,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, #%1");
+-#line 892 "rl78-decode.opc"
++#line 894 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SADDR); SC(IMMU(2));
+
+ }
+@@ -5091,7 +5093,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, #%1");
+-#line 618 "rl78-decode.opc"
++#line 620 "rl78-decode.opc"
+ ID(mov); DM(DE, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5106,7 +5108,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %s0, #%1");
+-#line 898 "rl78-decode.opc"
++#line 900 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SFR); SC(IMMU(2));
+
+ }
+@@ -5121,7 +5123,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, #%1");
+-#line 630 "rl78-decode.opc"
++#line 632 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5136,7 +5138,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 744 "rl78-decode.opc"
++#line 746 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(IMMU(1));
+
+ }
+@@ -5151,7 +5153,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %s0, #%1");
+-#line 750 "rl78-decode.opc"
++#line 752 "rl78-decode.opc"
+ op0 = SFR;
+ op1 = IMMU(1);
+ ID(mov); DM(None, op0); SC(op1);
+@@ -5193,7 +5195,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e!0, #%1");
+-#line 609 "rl78-decode.opc"
++#line 611 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -5204,7 +5206,7 @@
+ case 0xd3:
+ {
+ /** 1101 00rg cmp0 %0 */
+-#line 518 "rl78-decode.opc"
++#line 520 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5214,7 +5216,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("cmp0 %0");
+-#line 518 "rl78-decode.opc"
++#line 520 "rl78-decode.opc"
+ ID(cmp); DRB(rg); SC(0); Fzac;
+
+ }
+@@ -5229,7 +5231,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp0 %0");
+-#line 521 "rl78-decode.opc"
++#line 523 "rl78-decode.opc"
+ ID(cmp); DM(None, SADDR); SC(0); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -5246,7 +5248,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp0 %e!0");
+-#line 515 "rl78-decode.opc"
++#line 517 "rl78-decode.opc"
+ ID(cmp); DM(None, IMMU(2)); SC(0); Fzac;
+
+ }
+@@ -5261,7 +5263,7 @@
+ op[0]);
+ }
+ SYNTAX("mulu x");
+-#line 906 "rl78-decode.opc"
++#line 908 "rl78-decode.opc"
+ ID(mulu);
+
+ /*----------------------------------------------------------------------*/
+@@ -5278,7 +5280,7 @@
+ op[0]);
+ }
+ SYNTAX("ret");
+-#line 1002 "rl78-decode.opc"
++#line 1004 "rl78-decode.opc"
+ ID(ret);
+
+ }
+@@ -5293,7 +5295,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 711 "rl78-decode.opc"
++#line 713 "rl78-decode.opc"
+ ID(mov); DR(X); SM(None, SADDR);
+
+ }
+@@ -5308,7 +5310,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 708 "rl78-decode.opc"
++#line 710 "rl78-decode.opc"
+ ID(mov); DR(X); SM(None, IMMU(2));
+
+ }
+@@ -5318,7 +5320,7 @@
+ case 0xfa:
+ {
+ /** 11ra 1010 movw %0, %1 */
+-#line 889 "rl78-decode.opc"
++#line 891 "rl78-decode.opc"
+ int ra AU = (op[0] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -5328,7 +5330,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 889 "rl78-decode.opc"
++#line 891 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SM(None, SADDR);
+
+ }
+@@ -5338,7 +5340,7 @@
+ case 0xfb:
+ {
+ /** 11ra 1011 movw %0, %es!1 */
+-#line 886 "rl78-decode.opc"
++#line 888 "rl78-decode.opc"
+ int ra AU = (op[0] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -5348,7 +5350,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %es!1");
+-#line 886 "rl78-decode.opc"
++#line 888 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SM(None, IMMU(2));
+
+ }
+@@ -5363,7 +5365,7 @@
+ op[0]);
+ }
+ SYNTAX("bc $%a0");
+-#line 334 "rl78-decode.opc"
++#line 336 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(C);
+
+ }
+@@ -5378,7 +5380,7 @@
+ op[0]);
+ }
+ SYNTAX("bz $%a0");
+-#line 346 "rl78-decode.opc"
++#line 348 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(Z);
+
+ }
+@@ -5393,7 +5395,7 @@
+ op[0]);
+ }
+ SYNTAX("bnc $%a0");
+-#line 337 "rl78-decode.opc"
++#line 339 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(NC);
+
+ }
+@@ -5408,7 +5410,7 @@
+ op[0]);
+ }
+ SYNTAX("bnz $%a0");
+-#line 349 "rl78-decode.opc"
++#line 351 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(NZ);
+
+ /*----------------------------------------------------------------------*/
+@@ -5421,7 +5423,7 @@
+ case 0xe3:
+ {
+ /** 1110 00rg oneb %0 */
+-#line 924 "rl78-decode.opc"
++#line 926 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5431,7 +5433,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("oneb %0");
+-#line 924 "rl78-decode.opc"
++#line 926 "rl78-decode.opc"
+ ID(mov); DRB(rg); SC(1);
+
+ }
+@@ -5446,7 +5448,7 @@
+ op[0]);
+ }
+ SYNTAX("oneb %0");
+-#line 927 "rl78-decode.opc"
++#line 929 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -5463,7 +5465,7 @@
+ op[0]);
+ }
+ SYNTAX("oneb %e!0");
+-#line 921 "rl78-decode.opc"
++#line 923 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -5478,7 +5480,7 @@
+ op[0]);
+ }
+ SYNTAX("onew %0");
+-#line 932 "rl78-decode.opc"
++#line 934 "rl78-decode.opc"
+ ID(mov); DR(AX); SC(1);
+
+ }
+@@ -5493,7 +5495,7 @@
+ op[0]);
+ }
+ SYNTAX("onew %0");
+-#line 935 "rl78-decode.opc"
++#line 937 "rl78-decode.opc"
+ ID(mov); DR(BC); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -5510,7 +5512,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 699 "rl78-decode.opc"
++#line 701 "rl78-decode.opc"
+ ID(mov); DR(B); SM(None, SADDR);
+
+ }
+@@ -5525,7 +5527,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 693 "rl78-decode.opc"
++#line 695 "rl78-decode.opc"
+ ID(mov); DR(B); SM(None, IMMU(2));
+
+ }
+@@ -5540,7 +5542,7 @@
+ op[0]);
+ }
+ SYNTAX("br !%!a0");
+-#line 368 "rl78-decode.opc"
++#line 370 "rl78-decode.opc"
+ ID(branch); DC(IMMU(3));
+
+ }
+@@ -5555,7 +5557,7 @@
+ op[0]);
+ }
+ SYNTAX("br %!a0");
+-#line 371 "rl78-decode.opc"
++#line 373 "rl78-decode.opc"
+ ID(branch); DC(IMMU(2));
+
+ }
+@@ -5570,7 +5572,7 @@
+ op[0]);
+ }
+ SYNTAX("br $%!a0");
+-#line 374 "rl78-decode.opc"
++#line 376 "rl78-decode.opc"
+ ID(branch); DC(pc+IMMS(2)+3);
+
+ }
+@@ -5585,7 +5587,7 @@
+ op[0]);
+ }
+ SYNTAX("br $%a0");
+-#line 377 "rl78-decode.opc"
++#line 379 "rl78-decode.opc"
+ ID(branch); DC(pc+IMMS(1)+2);
+
+ }
+@@ -5596,7 +5598,7 @@
+ case 0xf3:
+ {
+ /** 1111 00rg clrb %0 */
+-#line 464 "rl78-decode.opc"
++#line 466 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5606,7 +5608,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("clrb %0");
+-#line 464 "rl78-decode.opc"
++#line 466 "rl78-decode.opc"
+ ID(mov); DRB(rg); SC(0);
+
+ }
+@@ -5621,7 +5623,7 @@
+ op[0]);
+ }
+ SYNTAX("clrb %0");
+-#line 467 "rl78-decode.opc"
++#line 469 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -5638,7 +5640,7 @@
+ op[0]);
+ }
+ SYNTAX("clrb %e!0");
+-#line 461 "rl78-decode.opc"
++#line 463 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(0);
+
+ }
+@@ -5653,7 +5655,7 @@
+ op[0]);
+ }
+ SYNTAX("clrw %0");
+-#line 472 "rl78-decode.opc"
++#line 474 "rl78-decode.opc"
+ ID(mov); DR(AX); SC(0);
+
+ }
+@@ -5668,7 +5670,7 @@
+ op[0]);
+ }
+ SYNTAX("clrw %0");
+-#line 475 "rl78-decode.opc"
++#line 477 "rl78-decode.opc"
+ ID(mov); DR(BC); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -5685,7 +5687,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 705 "rl78-decode.opc"
++#line 707 "rl78-decode.opc"
+ ID(mov); DR(C); SM(None, SADDR);
+
+ }
+@@ -5700,7 +5702,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 702 "rl78-decode.opc"
++#line 704 "rl78-decode.opc"
+ ID(mov); DR(C); SM(None, IMMU(2));
+
+ }
+@@ -5715,7 +5717,7 @@
+ op[0]);
+ }
+ SYNTAX("call !%!a0");
+-#line 421 "rl78-decode.opc"
++#line 423 "rl78-decode.opc"
+ ID(call); DC(IMMU(3));
+
+ }
+@@ -5730,7 +5732,7 @@
+ op[0]);
+ }
+ SYNTAX("call %!a0");
+-#line 424 "rl78-decode.opc"
++#line 426 "rl78-decode.opc"
+ ID(call); DC(IMMU(2));
+
+ }
+@@ -5745,7 +5747,7 @@
+ op[0]);
+ }
+ SYNTAX("call $%!a0");
+-#line 427 "rl78-decode.opc"
++#line 429 "rl78-decode.opc"
+ ID(call); DC(pc+IMMS(2)+3);
+
+ }
+@@ -5760,13 +5762,13 @@
+ op[0]);
+ }
+ SYNTAX("brk1");
+-#line 385 "rl78-decode.opc"
++#line 387 "rl78-decode.opc"
+ ID(break);
+
+ }
+ break;
+ }
+-#line 1290 "rl78-decode.opc"
++#line 1292 "rl78-decode.opc"
+
+ return rl78->n_bytes;
+ }
+Index: git/opcodes/rl78-decode.opc
+===================================================================
+--- git.orig/opcodes/rl78-decode.opc 2017-09-21 13:14:42.256835775 +0530
++++ git/opcodes/rl78-decode.opc 2017-09-21 13:14:49.444888350 +0530
+@@ -50,7 +50,9 @@
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -168,7 +170,7 @@
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld = &lds;
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 13:14:41.676831533 +0530
++++ git/opcodes/ChangeLog 2017-09-21 13:16:51.065779064 +0530
+@@ -1,3 +1,12 @@
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21588
++ * rl78-decode.opc (OP_BUF_LEN): Define.
++ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
++ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
++ array.
++ * rl78-decode.c: Regenerate.
++
+ 2016-08-03 Tristan Gingold <gingold@adacore.com>
+
+ * configure: Regenerate.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
new file mode 100644
index 0000000..fce5b14
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
@@ -0,0 +1,204 @@
+commit c53d2e6d744da000aaafe0237bced090aab62818
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 11:27:15 2017 +0100
+
+ Fix potential address violations when processing a corrupt Alpha VMA binary.
+
+ PR binutils/21589
+ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
+ maximum value for the ascic pointer. Check that name processing
+ does not read beyond this value.
+ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
+ end of etir record.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9752
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-09-21 15:00:19.117805347 +0530
++++ git/bfd/vms-alpha.c 2017-09-21 15:00:20.673815960 +0530
+@@ -1507,7 +1507,7 @@
+ /* Write multiple bytes to section image. */
+
+ static bfd_boolean
+-image_write (bfd *abfd, unsigned char *ptr, int size)
++image_write (bfd *abfd, unsigned char *ptr, unsigned int size)
+ {
+ #if VMS_DEBUG
+ _bfd_vms_debug (8, "image_write from (%p, %d) to (%ld)\n", ptr, size,
+@@ -1654,14 +1654,16 @@
+ #define HIGHBIT(op) ((op & 0x80000000L) == 0x80000000L)
+
+ static void
+-_bfd_vms_get_value (bfd *abfd, const unsigned char *ascic,
++_bfd_vms_get_value (bfd *abfd,
++ const unsigned char *ascic,
++ const unsigned char *max_ascic,
+ struct bfd_link_info *info,
+ bfd_vma *vma,
+ struct alpha_vms_link_hash_entry **hp)
+ {
+ char name[257];
+- int len;
+- int i;
++ unsigned int len;
++ unsigned int i;
+ struct alpha_vms_link_hash_entry *h;
+
+ /* Not linking. Do not try to resolve the symbol. */
+@@ -1673,6 +1675,14 @@
+ }
+
+ len = *ascic;
++ if (ascic + len >= max_ascic)
++ {
++ _bfd_error_handler (_("Corrupt vms value"));
++ *vma = 0;
++ *hp = NULL;
++ return;
++ }
++
+ for (i = 0; i < len; i++)
+ name[i] = ascic[i + 1];
+ name[i] = 0;
+@@ -1797,6 +1807,15 @@
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+
++ /* PR 21589: Check for a corrupt ETIR record. */
++ if (cmd_length < 4)
++ {
++ corrupt_etir:
++ _bfd_error_handler (_("Corrupt ETIR record encountered"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ switch (cmd)
+ {
+ /* Stack global
+@@ -1804,7 +1823,7 @@
+
+ stack 32 bit value of symbol (high bits set to 0). */
+ case ETIR__C_STA_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ _bfd_vms_push (abfd, op1, alpha_vms_sym_to_ctxt (h));
+ break;
+
+@@ -1813,6 +1832,8 @@
+
+ stack 32 bit value, sign extend to 64 bit. */
+ case ETIR__C_STA_LW:
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ _bfd_vms_push (abfd, bfd_getl32 (ptr), RELC_NONE);
+ break;
+
+@@ -1821,6 +1842,8 @@
+
+ stack 64 bit value of symbol. */
+ case ETIR__C_STA_QW:
++ if (ptr + 8 >= maxptr)
++ goto corrupt_etir;
+ _bfd_vms_push (abfd, bfd_getl64 (ptr), RELC_NONE);
+ break;
+
+@@ -1834,6 +1857,8 @@
+ {
+ int psect;
+
++ if (ptr + 12 >= maxptr)
++ goto corrupt_etir;
+ psect = bfd_getl32 (ptr);
+ if ((unsigned int) psect >= PRIV (section_count))
+ {
+@@ -1923,6 +1948,8 @@
+ {
+ int size;
+
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ size = bfd_getl32 (ptr);
+ _bfd_vms_pop (abfd, &op1, &rel1);
+ if (rel1 != RELC_NONE)
+@@ -1935,7 +1962,7 @@
+ /* Store global: write symbol value
+ arg: cs global symbol name. */
+ case ETIR__C_STO_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->typ == EGSD__C_SYMG)
+@@ -1957,7 +1984,7 @@
+ /* Store code address: write address of entry point
+ arg: cs global symbol name (procedure). */
+ case ETIR__C_STO_CA:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->flags & EGSY__V_NORM)
+@@ -2002,8 +2029,10 @@
+ da data. */
+ case ETIR__C_STO_IMM:
+ {
+- int size;
++ unsigned int size;
+
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ size = bfd_getl32 (ptr);
+ image_write (abfd, ptr + 4, size);
+ }
+@@ -2016,7 +2045,7 @@
+ store global longword: store 32bit value of symbol
+ arg: cs symbol name. */
+ case ETIR__C_STO_GBL_LW:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ #if 0
+ abort ();
+ #endif
+@@ -2069,7 +2098,7 @@
+ da signature. */
+
+ case ETIR__C_STC_LP_PSB:
+- _bfd_vms_get_value (abfd, ptr + 4, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr + 4, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->typ == EGSD__C_SYMG)
+@@ -2165,6 +2194,8 @@
+ /* Augment relocation base: increment image location counter by offset
+ arg: lw offset value. */
+ case ETIR__C_CTL_AUGRB:
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ op1 = bfd_getl32 (ptr);
+ image_inc_ptr (abfd, op1);
+ break;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 15:04:44.000000000 +0530
++++ git/bfd/ChangeLog 2017-09-21 15:07:58.268949291 +0530
+@@ -81,6 +81,15 @@
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21589
++ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
++ maximum value for the ascic pointer. Check that name processing
++ does not read beyond this value.
++ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
++ end of etir record.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch
new file mode 100644
index 0000000..fe1f9a1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch
@@ -0,0 +1,76 @@
+commit 04f963fd489cae724a60140e13984415c205f4ac
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 10:35:16 2017 +0100
+
+ Fix seg-faults in objdump when disassembling a corrupt versados binary.
+
+ PR binutils/21591
+ * versados.c (versados_mkobject): Zero the allocated tdata structure.
+ (process_otr): Check for an invalid offset in the otr structure.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9753 and CVE-2017-9754
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/versados.c
+===================================================================
+--- git.orig/bfd/versados.c 2017-09-21 15:08:34.445197987 +0530
++++ git/bfd/versados.c 2017-09-21 15:08:34.429197878 +0530
+@@ -149,7 +149,7 @@
+ if (abfd->tdata.versados_data == NULL)
+ {
+ bfd_size_type amt = sizeof (tdata_type);
+- tdata_type *tdata = bfd_alloc (abfd, amt);
++ tdata_type *tdata = bfd_zalloc (abfd, amt);
+
+ if (tdata == NULL)
+ return FALSE;
+@@ -344,13 +344,13 @@
+ };
+
+ static int
+-get_offset (int len, unsigned char *ptr)
++get_offset (unsigned int len, unsigned char *ptr)
+ {
+ int val = 0;
+
+ if (len)
+ {
+- int i;
++ unsigned int i;
+
+ val = *ptr++;
+ if (val & 0x80)
+@@ -393,9 +393,13 @@
+ int flag = *srcp++;
+ int esdids = (flag >> 5) & 0x7;
+ int sizeinwords = ((flag >> 3) & 1) ? 2 : 1;
+- int offsetlen = flag & 0x7;
++ unsigned int offsetlen = flag & 0x7;
+ int j;
+
++ /* PR 21591: Check for invalid lengths. */
++ if (srcp + esdids + offsetlen >= endp)
++ return;
++
+ if (esdids == 0)
+ {
+ /* A zero esdid means the new pc is the offset given. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 15:08:34.445197987 +0530
++++ git/bfd/ChangeLog 2017-09-21 15:08:34.429197878 +0530
+@@ -90,6 +90,12 @@
+ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
+ end of etir record.
+
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21591
++ * versados.c (versados_mkobject): Zero the allocated tdata structure.
++ (process_otr): Check for an invalid offset in the otr structure.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
new file mode 100644
index 0000000..3ad3218
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
@@ -0,0 +1,60 @@
+commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Thu Jun 15 06:40:17 2017 -0700
+
+ i386-dis: Check valid bnd register
+
+ Since there are only 4 bnd registers, return "(bad)" for register
+ number > 3.
+
+ PR binutils/21594
+ * i386-dis.c (OP_E_register): Check valid bnd register.
+ (OP_G): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530
++++ git/opcodes/i386-dis.c 2017-09-21 15:38:54.703174976 +0530
+@@ -15211,6 +15211,11 @@
+ names = address_mode == mode_64bit ? names64 : names32;
+ break;
+ case bnd_mode:
++ if (reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ names = names_bnd;
+ break;
+ case indir_v_mode:
+@@ -15751,6 +15756,11 @@
+ oappend (names64[modrm.reg + add]);
+ break;
+ case bnd_mode:
++ if (modrm.reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ oappend (names_bnd[modrm.reg]);
+ break;
+ case v_mode:
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 15:38:54.531175122 +0530
++++ git/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
+@@ -1,3 +1,9 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * i386-dis.c (OP_E_register): Check valid bnd register.
++ (OP_G): Likewise.
++
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21586
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
new file mode 100644
index 0000000..69e1607
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
@@ -0,0 +1,101 @@
+commit 8cac017d35ef374e65acc98818a17cf8a652cbd0
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Thu Jun 15 08:21:48 2017 -0700
+
+ i386-dis: Add 2 tests with invalid bnd register
+
+ PR binutils/21594
+ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
+ register.
+ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
+ * testsuite/gas/i386/mpx.d: Updated.
+ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/gas/testsuite/gas/i386/mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -130,4 +130,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd ret
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%eax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -157,3 +157,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -182,4 +182,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd retq
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%rax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -209,3 +209,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog 2017-09-21 15:38:53.143176323 +0530
++++ git/gas/ChangeLog 2017-09-21 15:48:07.134368927 +0530
+@@ -1,3 +1,12 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
++ register.
++ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
++ * testsuite/gas/i386/mpx.d: Updated.
++ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR gas/20898
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
new file mode 100644
index 0000000..e40a26e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
@@ -0,0 +1,43 @@
+commit cd3ea7c69acc5045eb28f9bf80d923116e15e4f5
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 13:26:54 2017 +0100
+
+ Prevent address violation problem when disassembling corrupt aarch64 binary.
+
+ PR binutils/21595
+ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
+ range value.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9756
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/aarch64-dis.c
+===================================================================
+--- git.orig/opcodes/aarch64-dis.c 2017-09-21 15:48:27.154646380 +0530
++++ git/opcodes/aarch64-dis.c 2017-09-21 15:48:27.134646104 +0530
+@@ -381,6 +381,9 @@
+ info->reglist.first_regno = extract_field (FLD_Rt, code, 0);
+ /* opcode */
+ value = extract_field (FLD_opcode, code, 0);
++ /* PR 21595: Check for a bogus value. */
++ if (value >= ARRAY_SIZE (data))
++ return 0;
+ if (expected_num != data[value].num_elements || data[value].is_reserved)
+ return 0;
+ info->reglist.num_regs = data[value].num_regs;
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
++++ git/opcodes/ChangeLog 2017-09-21 15:49:53.751803571 +0530
+@@ -1,3 +1,9 @@
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21595
++ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
++ range value.
++
+ 2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21594
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
new file mode 100644
index 0000000..2651572
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
+commit 04e15b4a9462cb1ae819e878a6009829aab8020b
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 26 15:46:34 2017 +0100
+
+ Fix address violation parsing a corrupt texhex format file.
+
+ PR binutils/21670
+ * tekhex.c (getvalue): Check for the source pointer exceeding the
+ end pointer before the first byte is read.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9954
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/tekhex.c
+===================================================================
+--- git.orig/bfd/tekhex.c 2017-09-21 16:19:42.570877476 +0530
++++ git/bfd/tekhex.c 2017-09-21 16:20:06.878964516 +0530
+@@ -273,6 +273,9 @@
+ bfd_vma value = 0;
+ unsigned int len;
+
++ if (src >= endp)
++ return FALSE;
++
+ if (!ISHEX (*src))
+ return FALSE;
+
+@@ -514,9 +517,10 @@
+ /* To the front of the file. */
+ if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
+ return FALSE;
++
+ while (! is_eof)
+ {
+- char src[MAXCHUNK];
++ static char src[MAXCHUNK];
+ char type;
+
+ /* Find first '%'. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:20:06.822964309 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:22:29.383577439 +0530
+@@ -55,6 +55,12 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21670
++ * tekhex.c (getvalue): Check for the source pointer exceeding the
++ end pointer before the first byte is read.
++
+ 2017-06-21 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21637
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
new file mode 100644
index 0000000..6cd86c2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
@@ -0,0 +1,93 @@
+commit cfd14a500e0485374596234de4db10e88ebc7618
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 26 15:25:08 2017 +0100
+
+ Fix address violations when atempting to parse fuzzed binaries.
+
+ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Check for and reject
+ a section whoes size is greater than the size of the entire file.
+ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
+ contain a notes section.
+
+ binutils* objdump.c (disassemble_section): Skip any section that is bigger
+ than the entire file.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c 2017-09-21 17:32:51.645611404 +0530
++++ git/bfd/compress.c 2017-09-21 17:32:52.965622987 +0530
+@@ -239,6 +239,12 @@
+ *ptr = NULL;
+ return TRUE;
+ }
++ else if (bfd_get_file_size (abfd) > 0
++ && sz > (bfd_size_type) bfd_get_file_size (abfd))
++ {
++ *ptr = NULL;
++ return FALSE;
++ }
+
+ switch (sec->compress_status)
+ {
+Index: git/bfd/elf32-v850.c
+===================================================================
+--- git.orig/bfd/elf32-v850.c 2017-09-21 17:32:35.053465773 +0530
++++ git/bfd/elf32-v850.c 2017-09-21 17:32:52.965622987 +0530
+@@ -2448,7 +2448,9 @@
+ BFD_ASSERT (bfd_malloc_and_get_section (ibfd, inotes, & icont));
+
+ if ((ocont = elf_section_data (onotes)->this_hdr.contents) == NULL)
+- BFD_ASSERT (bfd_malloc_and_get_section (obfd, onotes, & ocont));
++ /* If the output is being stripped then it is possible for
++ the notes section to disappear. In this case do nothing. */
++ return;
+
+ /* Copy/overwrite notes from the input to the output. */
+ memcpy (ocont, icont, bfd_section_size (obfd, onotes));
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 17:32:52.337617476 +0530
++++ git/binutils/objdump.c 2017-09-21 17:32:52.965622987 +0530
+@@ -1973,7 +1973,7 @@
+ return;
+
+ datasize = bfd_get_section_size (section);
+- if (datasize == 0)
++ if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+ return;
+
+ if (start_address == (bfd_vma) -1
+@@ -2839,7 +2839,7 @@
+ static void
+ dump_section (bfd *abfd, asection *section, void *dummy ATTRIBUTE_UNUSED)
+ {
+- bfd_byte *data = 0;
++ bfd_byte *data = NULL;
+ bfd_size_type datasize;
+ bfd_vma addr_offset;
+ bfd_vma start_offset;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 17:32:52.909622495 +0530
++++ git/bfd/ChangeLog 2017-09-21 17:35:57.863164167 +0530
+@@ -11,6 +11,14 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * compress.c (bfd_get_full_section_contents): Check for and reject
++ a section whoes size is greater than the size of the entire file.
++ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
++ contain a notes section.
++
+ 2017-07-24 Nick Clifton <nickc@redhat.com>
+
+ PR 21813
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
new file mode 100644
index 0000000..6e1824b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
@@ -0,0 +1,112 @@
+commit 0630b49c470ca2e3c3f74da4c7e4ff63440dd71f
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Mon Jun 26 09:24:49 2017 -0700
+
+ Check file size before getting section contents
+
+ Don't check the section size in bfd_get_full_section_contents since
+ the size of a decompressed section may be larger than the file size.
+ Instead, check file size in _bfd_generic_get_section_contents.
+
+ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Don't check the
+ file size here.
+ * libbfd.c (_bfd_generic_get_section_contents): Check for and
+ reject a section whoes size + offset is greater than the size
+ of the entire file.
+ (_bfd_generic_get_section_contents_in_window): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 17:41:59.457841691 +0530
++++ git/bfd/libbfd.c 2017-09-21 17:42:18.269987768 +0530
+@@ -780,6 +780,7 @@
+ bfd_size_type count)
+ {
+ bfd_size_type sz;
++ file_ptr filesz;
+ if (count == 0)
+ return TRUE;
+
+@@ -801,8 +802,15 @@
+ sz = section->rawsize;
+ else
+ sz = section->size;
++ filesz = bfd_get_file_size (abfd);
++ if (filesz < 0)
++ {
++ /* This should never happen. */
++ abort ();
++ }
+ if (offset + count < count
+- || offset + count > sz)
++ || offset + count > sz
++ || (section->filepos + offset + sz) > (bfd_size_type) filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -825,6 +833,7 @@
+ {
+ #ifdef USE_MMAP
+ bfd_size_type sz;
++ file_ptr filesz;
+
+ if (count == 0)
+ return TRUE;
+@@ -857,7 +866,13 @@
+ sz = section->rawsize;
+ else
+ sz = section->size;
++ filesz = bfd_get_file_size (abfd);
++ {
++ /* This should never happen. */
++ abort ();
++ }
+ if (offset + count > sz
++ || (section->filepos + offset + sz) > (bfd_size_type) filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c 2017-09-21 17:42:18.213987332 +0530
++++ git/bfd/compress.c 2017-09-21 17:45:17.107399434 +0530
+@@ -239,12 +239,6 @@
+ *ptr = NULL;
+ return TRUE;
+ }
+- else if (bfd_get_file_size (abfd) > 0
+- && sz > (bfd_size_type) bfd_get_file_size (abfd))
+- {
+- *ptr = NULL;
+- return FALSE;
+- }
+
+ switch (sec->compress_status)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 17:42:18.213987332 +0530
++++ git/bfd/ChangeLog 2017-09-21 17:47:03.668256850 +0530
+@@ -11,6 +11,16 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21665
++ * compress.c (bfd_get_full_section_contents): Don't check the
++ file size here.
++ * libbfd.c (_bfd_generic_get_section_contents): Check for and
++ reject a section whoes size + offset is greater than the size
++ of the entire file.
++ (_bfd_generic_get_section_contents_in_window): Likewise.
++
+ 2017-06-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
new file mode 100644
index 0000000..c8741b1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
@@ -0,0 +1,44 @@
+commit 1f473e3d0ad285195934e6a077c7ed32afe66437
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Mon Jun 26 15:47:16 2017 -0700
+
+ Add a missing line to _bfd_generic_get_section_contents_in_window
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Add
+ a missing line.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 17:57:11.424955516 +0530
++++ git/bfd/libbfd.c 2017-09-21 17:58:57.000000000 +0530
+@@ -867,6 +867,7 @@
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
++ if (filesz < 0)
+ {
+ /* This should never happen. */
+ abort ();
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 17:57:11.424955516 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:01:32.258884464 +0530
+@@ -14,6 +14,12 @@
+ 2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Add
++ a missing line.
++
++2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Don't check the
+ file size here.
+ * libbfd.c (_bfd_generic_get_section_contents): Check for and
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
new file mode 100644
index 0000000..d6b6a14
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
@@ -0,0 +1,50 @@
+commit ab27f80c5dceaa23c4ba7f62c0d5d22a5d5dd7a1
+Author: Pedro Alves <palves@redhat.com>
+Date: Tue Jun 27 00:21:25 2017 +0100
+
+ Fix GDB regressions caused by previous bfd_get_section_contents changes
+
+ Ref: https://sourceware.org/ml/binutils/2017-06/msg00343.html
+
+ bfd/ChangeLog:
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
+ "sz".
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 18:01:58.079078554 +0530
++++ git/bfd/libbfd.c 2017-09-21 18:01:58.063078433 +0530
+@@ -810,7 +810,7 @@
+ }
+ if (offset + count < count
+ || offset + count > sz
+- || (section->filepos + offset + sz) > (bfd_size_type) filesz)
++ || (section->filepos + offset + count) > (bfd_size_type) filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 18:01:32.258884464 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530
+@@ -11,6 +11,12 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-26 Pedro Alves <palves@redhat.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
++ "sz".
++
+ 2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
new file mode 100644
index 0000000..3634421
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
@@ -0,0 +1,89 @@
+commit 7211ae501eb0de1044983f2dfb00091a58fbd66c
+Author: Alan Modra <amodra@gmail.com>
+Date: Tue Jun 27 09:45:04 2017 +0930
+
+ More fixes for bfd_get_section_contents change
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+ Use unsigned file pointer type, and remove cast.
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+ Add "count", not "sz".
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 18:04:47.316362760 +0530
++++ git/bfd/libbfd.c 2017-09-21 18:04:47.300362638 +0530
+@@ -780,7 +780,7 @@
+ bfd_size_type count)
+ {
+ bfd_size_type sz;
+- file_ptr filesz;
++ ufile_ptr filesz;
+ if (count == 0)
+ return TRUE;
+
+@@ -803,14 +803,9 @@
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+- if (filesz < 0)
+- {
+- /* This should never happen. */
+- abort ();
+- }
+ if (offset + count < count
+ || offset + count > sz
+- || (section->filepos + offset + count) > (bfd_size_type) filesz)
++ || section->filepos + offset + count > filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -833,7 +828,7 @@
+ {
+ #ifdef USE_MMAP
+ bfd_size_type sz;
+- file_ptr filesz;
++ ufile_ptr filesz;
+
+ if (count == 0)
+ return TRUE;
+@@ -867,13 +862,8 @@
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+- if (filesz < 0)
+- {
+- /* This should never happen. */
+- abort ();
+- }
+ if (offset + count > sz
+- || (section->filepos + offset + sz) > (bfd_size_type) filesz
++ || section->filepos + offset + count > filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:06:39.973228125 +0530
+@@ -11,6 +11,14 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-27 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
++ Use unsigned file pointer type, and remove cast.
++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
++ Add "count", not "sz".
++
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
new file mode 100644
index 0000000..55feb79
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
@@ -0,0 +1,55 @@
+commit ea9aafc41a764e4e2dbb88a7b031e886b481b99a
+Author: Alan Modra <amodra@gmail.com>
+Date: Tue Jun 27 14:43:49 2017 +0930
+
+ Warning fix
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Warning fix.
+ (_bfd_generic_get_section_contents_in_window): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 18:07:34.777651818 +0530
++++ git/bfd/libbfd.c 2017-09-21 18:07:34.761651695 +0530
+@@ -805,7 +805,7 @@
+ filesz = bfd_get_file_size (abfd);
+ if (offset + count < count
+ || offset + count > sz
+- || section->filepos + offset + count > filesz)
++ || (ufile_ptr) section->filepos + offset + count > filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -863,7 +863,7 @@
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+ if (offset + count > sz
+- || section->filepos + offset + count > filesz
++ || (ufile_ptr) section->filepos + offset + count > filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 18:06:39.973228125 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:09:41.798640031 +0530
+@@ -19,6 +19,12 @@
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+ Add "count", not "sz".
+
++2017-06-27 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Warning fix.
++ (_bfd_generic_get_section_contents_in_window): Likewise.
++
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
new file mode 100644
index 0000000..0950561
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
@@ -0,0 +1,79 @@
+commit 60a02042bacf8d25814430080adda61ed086bca6
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Jun 30 11:03:37 2017 +0100
+
+ Fix failures in MMIX linker tests introduced by fix for PR 21665.
+
+ PR binutils/21665
+ * objdump.c (disassemble_section): Move check for an overlarge
+ section to just before the allocation of memory. Do not check
+ section size against file size, but instead use an arbitrary 2Gb
+ limit. Issue a warning message if the section is too big.
+
+Upstream-Status: CVE-2017-9955
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 18:10:55.499217078 +0530
++++ git/binutils/objdump.c 2017-09-21 18:10:55.483216953 +0530
+@@ -1973,7 +1973,7 @@
+ return;
+
+ datasize = bfd_get_section_size (section);
+- if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
++ if (datasize == 0)
+ return;
+
+ if (start_address == (bfd_vma) -1
+@@ -2037,6 +2037,29 @@
+ }
+ rel_ppend = rel_pp + rel_count;
+
++ /* PR 21665: Check for overlarge datasizes.
++ Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
++ this fails when using compressed sections or compressed file formats
++ (eg MMO, tekhex).
++
++ The call to xmalloc below will fail if too much memory is requested,
++ which will catch the problem in the normal use case. But if a memory
++ checker is in use, eg valgrind or sanitize, then an exception will
++ be still generated, so we try to catch the problem first.
++
++ Unfortunately there is no simple way to determine how much memory can
++ be allocated by calling xmalloc. So instead we use a simple, arbitrary
++ limit of 2Gb. Hopefully this should be enough for most users. If
++ someone does start trying to disassemble sections larger then 2Gb in
++ size they will doubtless complain and we can increase the limit. */
++#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
++ if (datasize > MAX_XMALLOC)
++ {
++ non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
++ section->name, (unsigned long) datasize);
++ return;
++ }
++
+ data = (bfd_byte *) xmalloc (datasize);
+
+ bfd_get_section_contents (abfd, section, data, 0, datasize);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 17:57:10.448948416 +0530
++++ git/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530
+@@ -4,6 +4,14 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-06-30 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * objdump.c (disassemble_section): Move check for an overlarge
++ section to just before the allocation of memory. Do not check
++ section size against file size, but instead use an arbitrary 2Gb
++ limit. Issue a warning message if the section is too big.
++
+ 2017-05-02 Nick Clifton <nickc@redhat.com>
+
+ PR 21440
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
new file mode 100644
index 0000000..8035ab3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
@@ -0,0 +1,170 @@
+commit bae7501e87ab614115d9d3213b4dd18d96e604db
+Author: Alan Modra <amodra@gmail.com>
+Date: Sat Jul 1 21:58:10 2017 +0930
+
+ Use bfd_malloc_and_get_section
+
+ It's nicer than xmalloc followed by bfd_get_section_contents, since
+ xmalloc exits on failure and needs a check that its size_t arg doesn't
+ lose high bits when converted from bfd_size_type.
+
+ PR binutils/21665
+ * objdump.c (strtab): Make var a bfd_byte*.
+ (disassemble_section): Don't limit malloc size. Instead, use
+ bfd_malloc_and_get_section.
+ (read_section_stabs): Use bfd_malloc_and_get_section. Return
+ bfd_byte*.
+ (find_stabs_section): Remove now unnecessary cast.
+ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
+ contents on error return.
+ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/nlmconv.c
+===================================================================
+--- git.orig/binutils/nlmconv.c 2017-09-21 18:14:15.792797232 +0530
++++ git/binutils/nlmconv.c 2017-09-21 18:14:15.776797105 +0530
+@@ -1224,7 +1224,7 @@
+ const char *inname;
+ asection *outsec;
+ bfd_size_type size;
+- void *contents;
++ bfd_byte *contents;
+ long reloc_size;
+ bfd_byte buf[4];
+ bfd_size_type add;
+@@ -1240,9 +1240,7 @@
+ contents = NULL;
+ else
+ {
+- contents = xmalloc (size);
+- if (! bfd_get_section_contents (inbfd, insec, contents,
+- (file_ptr) 0, size))
++ if (!bfd_malloc_and_get_section (inbfd, insec, &contents))
+ bfd_fatal (bfd_get_filename (inbfd));
+ }
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 18:14:15.792797232 +0530
++++ git/binutils/objdump.c 2017-09-21 18:23:30.420895459 +0530
+@@ -180,7 +180,7 @@
+ static bfd_byte *stabs;
+ static bfd_size_type stab_size;
+
+-static char *strtab;
++static bfd_byte *strtab;
+ static bfd_size_type stabstr_size;
+
+ static bfd_boolean is_relocatable = FALSE;
+@@ -2037,33 +2037,13 @@
+ }
+ rel_ppend = rel_pp + rel_count;
+
+- /* PR 21665: Check for overlarge datasizes.
+- Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
+- this fails when using compressed sections or compressed file formats
+- (eg MMO, tekhex).
+-
+- The call to xmalloc below will fail if too much memory is requested,
+- which will catch the problem in the normal use case. But if a memory
+- checker is in use, eg valgrind or sanitize, then an exception will
+- be still generated, so we try to catch the problem first.
+-
+- Unfortunately there is no simple way to determine how much memory can
+- be allocated by calling xmalloc. So instead we use a simple, arbitrary
+- limit of 2Gb. Hopefully this should be enough for most users. If
+- someone does start trying to disassemble sections larger then 2Gb in
+- size they will doubtless complain and we can increase the limit. */
+-#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
+- if (datasize > MAX_XMALLOC)
++ if (!bfd_malloc_and_get_section (abfd, section, &data))
+ {
+- non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
+- section->name, (unsigned long) datasize);
++ non_fatal (_("Reading section %s failed because: %s"),
++ section->name, bfd_errmsg (bfd_get_error ()));
+ return;
+ }
+
+- data = (bfd_byte *) xmalloc (datasize);
+-
+- bfd_get_section_contents (abfd, section, data, 0, datasize);
+-
+ paux->sec = section;
+ pinfo->buffer = data;
+ pinfo->buffer_vma = section->vma;
+@@ -2579,12 +2559,11 @@
+ /* Read ABFD's stabs section STABSECT_NAME, and return a pointer to
+ it. Return NULL on failure. */
+
+-static char *
++static bfd_byte *
+ read_section_stabs (bfd *abfd, const char *sect_name, bfd_size_type *size_ptr)
+ {
+ asection *stabsect;
+- bfd_size_type size;
+- char *contents;
++ bfd_byte *contents;
+
+ stabsect = bfd_get_section_by_name (abfd, sect_name);
+ if (stabsect == NULL)
+@@ -2593,10 +2572,7 @@
+ return FALSE;
+ }
+
+- size = bfd_section_size (abfd, stabsect);
+- contents = (char *) xmalloc (size);
+-
+- if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size))
++ if (!bfd_malloc_and_get_section (abfd, stabsect, &contents))
+ {
+ non_fatal (_("reading %s section of %s failed: %s"),
+ sect_name, bfd_get_filename (abfd),
+@@ -2606,7 +2582,7 @@
+ return NULL;
+ }
+
+- *size_ptr = size;
++ *size_ptr = bfd_section_size (abfd, stabsect);
+
+ return contents;
+ }
+@@ -2733,8 +2709,7 @@
+
+ if (strtab)
+ {
+- stabs = (bfd_byte *) read_section_stabs (abfd, section->name,
+- &stab_size);
++ stabs = read_section_stabs (abfd, section->name, &stab_size);
+ if (stabs)
+ print_section_stabs (abfd, section->name, &sought->string_offset);
+ }
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530
++++ git/binutils/ChangeLog 2017-09-21 18:25:00.195937741 +0530
+@@ -4,6 +4,19 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-07-01 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * objdump.c (strtab): Make var a bfd_byte*.
++ (disassemble_section): Don't limit malloc size. Instead, use
++ bfd_malloc_and_get_section.
++ (read_section_stabs): Use bfd_malloc_and_get_section. Return
++ bfd_byte*.
++ (find_stabs_section): Remove now unnecessary cast.
++ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
++ contents on error return.
++ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
++
+ 2017-06-30 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
new file mode 100644
index 0000000..2f50337
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
@@ -0,0 +1,360 @@
+commit 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Tue May 30 06:34:05 2017 -0700
+
+ Add bfd_get_file_size to get archive element size
+
+ We can't use stat() to get archive element size. Add bfd_get_file_size
+ to get size for both normal files and archive elements.
+
+ bfd/
+
+ PR binutils/21519
+ * bfdio.c (bfd_get_file_size): New function.
+ * bfd-in2.h: Regenerated.
+
+ binutils/
+
+ PR binutils/21519
+ * objdump.c (dump_relocs_in_section): Replace get_file_size
+ with bfd_get_file_size to get archive element size.
+ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
+ proc.
+ (test_objdump_h): Likewise.
+ (test_objdump_t): Likewise.
+ (test_objdump_r): Likewise.
+ (test_objdump_s): Likewise.
+ Add objdump tests on archive.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h 2017-09-21 20:09:13.475032861 +0530
++++ git/bfd/bfd-in2.h 2017-09-21 20:09:16.375051269 +0530
+@@ -1208,6 +1208,8 @@
+
+ file_ptr bfd_get_size (bfd *abfd);
+
++file_ptr bfd_get_file_size (bfd *abfd);
++
+ void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len,
+ int prot, int flags, file_ptr offset,
+ void **map_addr, bfd_size_type *map_len);
+Index: git/bfd/bfdio.c
+===================================================================
+--- git.orig/bfd/bfdio.c 2017-09-21 20:08:55.774919453 +0530
++++ git/bfd/bfdio.c 2017-09-21 20:09:16.375051269 +0530
+@@ -434,6 +434,29 @@
+ return buf.st_size;
+ }
+
++/*
++FUNCTION
++ bfd_get_file_size
++
++SYNOPSIS
++ file_ptr bfd_get_file_size (bfd *abfd);
++
++DESCRIPTION
++ Return the file size (as read from file system) for the file
++ associated with BFD @var{abfd}. It supports both normal files
++ and archive elements.
++
++*/
++
++file_ptr
++bfd_get_file_size (bfd *abfd)
++{
++ if (abfd->my_archive != NULL
++ && !bfd_is_thin_archive (abfd->my_archive))
++ return arelt_size (abfd);
++
++ return bfd_get_size (abfd);
++}
+
+ /*
+ FUNCTION
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 20:09:16.319050914 +0530
++++ git/binutils/objdump.c 2017-09-21 20:09:16.375051269 +0530
+@@ -3240,7 +3240,7 @@
+ }
+
+ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+- && relsize > get_file_size (bfd_get_filename (abfd)))
++ && relsize > bfd_get_file_size (abfd))
+ {
+ printf (" (too many: 0x%x)\n", section->reloc_count);
+ bfd_set_error (bfd_error_file_truncated);
+Index: git/binutils/testsuite/binutils-all/objdump.exp
+===================================================================
+--- git.orig/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:08:55.982920797 +0530
++++ git/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:09:16.375051269 +0530
+@@ -64,96 +64,168 @@
+ if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest.o]} then {
+ return
+ }
++if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest2.o]} then {
++ return
++}
+ if [is_remote host] {
+ set testfile [remote_download host tmpdir/bintest.o]
++ set testfile2 [remote_download host tmpdir/bintest2.o]
+ } else {
+ set testfile tmpdir/bintest.o
++ set testfile2 tmpdir/bintest2.o
++}
++
++if { ![istarget "alpha-*-*"] || [is_elf_format] } then {
++ remote_file host file delete tmpdir/bintest.a
++ set got [binutils_run $AR "rc tmpdir/bintest.a $testfile2"]
++ if ![string match "" $got] then {
++ fail "bintest.a"
++ remote_file host delete tmpdir/bintest.a
++ } else {
++ if [is_remote host] {
++ set testarchive [remote_download host tmpdir/bintest.a]
++ } else {
++ set testarchive tmpdir/bintest.a
++ }
++ }
++ remote_file host delete tmpdir/bintest2.o
+ }
+
+ # Test objdump -f
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
++proc test_objdump_f { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
++ global cpus_regex
+
+-set want "$testfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
+
+-if ![regexp $want $got] then {
+- fail "objdump -f"
+-} else {
+- pass "objdump -f"
++ set want "$dumpfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
++
++ if ![regexp $want $got] then {
++ fail "objdump -f ($testfile, $dumpfile)"
++ } else {
++ pass "objdump -f ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_f $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_f $testarchive bintest2.o
+ }
+
+ # Test objdump -h
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
++proc test_objdump_h { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
+
+-if ![regexp $want $got all text_name text_size data_name data_size] then {
+- fail "objdump -h"
+-} else {
+- verbose "text name is $text_name size is $text_size"
+- verbose "data name is $data_name size is $data_size"
+- set ets 8
+- set eds 4
+- # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
+- if [istarget *c4x*-*-*] then {
+- set ets 2
+- set eds 1
+- }
+- # c54x section sizes are in bytes, not octets; adjust accordingly
+- if [istarget *c54x*-*-*] then {
+- set ets 4
+- set eds 2
+- }
+- if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
+- send_log "sizes too small\n"
+- fail "objdump -h"
++ set want "$dumpfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
++
++ if ![regexp $want $got all text_name text_size data_name data_size] then {
++ fail "objdump -h ($testfile, $dumpfile)"
+ } else {
+- pass "objdump -h"
++ verbose "text name is $text_name size is $text_size"
++ verbose "data name is $data_name size is $data_size"
++ set ets 8
++ set eds 4
++ # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
++ if [istarget *c4x*-*-*] then {
++ set ets 2
++ set eds 1
++ }
++ # c54x section sizes are in bytes, not octets; adjust accordingly
++ if [istarget *c54x*-*-*] then {
++ set ets 4
++ set eds 2
++ }
++ if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
++ send_log "sizes too small\n"
++ fail "objdump -h ($testfile, $dumpfile)"
++ } else {
++ pass "objdump -h ($testfile, $dumpfile)"
++ }
+ }
+ }
+
++test_objdump_h $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_h $testarchive bintest2.o
++}
++
+ # Test objdump -t
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
++proc test_objdump_t { testfile} {
++ global OBJDUMP
++ global OBJDUMPFLAGS
++
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
++
++ if [info exists vars] then { unset vars }
++ while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
++ set vars($symbol) 1
++ set got $rest
++ }
+
+-if [info exists vars] then { unset vars }
+-while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
+- set vars($symbol) 1
+- set got $rest
++ if {![info exists vars(text_symbol)] \
++ || ![info exists vars(data_symbol)] \
++ || ![info exists vars(common_symbol)] \
++ || ![info exists vars(external_symbol)]} then {
++ fail "objdump -t ($testfile)"
++ } else {
++ pass "objdump -t ($testfile)"
++ }
+ }
+
+-if {![info exists vars(text_symbol)] \
+- || ![info exists vars(data_symbol)] \
+- || ![info exists vars(common_symbol)] \
+- || ![info exists vars(external_symbol)]} then {
+- fail "objdump -t"
+-} else {
+- pass "objdump -t"
++test_objdump_t $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_t $testarchive
+ }
+
+ # Test objdump -r
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
++proc test_objdump_r { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
+
+-if [regexp $want $got] then {
+- pass "objdump -r"
+-} else {
+- fail "objdump -r"
++ set want "$dumpfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
++
++ if [regexp $want $got] then {
++ pass "objdump -r ($testfile, $dumpfile)"
++ } else {
++ fail "objdump -r ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_r $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_r $testarchive bintest2.o
+ }
+
+ # Test objdump -s
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
++proc test_objdump_s { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
+
+-if [regexp $want $got] then {
+- pass "objdump -s"
+-} else {
+- fail "objdump -s"
++ set want "$dumpfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
++
++ if [regexp $want $got] then {
++ pass "objdump -s ($testfile, $dumpfile)"
++ } else {
++ fail "objdump -s ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_s $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_s $testarchive bintest2.o
+ }
+
+ # Test objdump -s on a file that contains a compressed .debug section
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 20:09:16.207050204 +0530
++++ git/bfd/ChangeLog 2017-09-21 20:13:41.504562787 +0530
+@@ -158,6 +158,12 @@
+ (bfd_perform_relocation, bfd_install_relocation): Use it.
+ (_bfd_final_link_relocate): Likewise.
+
++2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21519
++ * bfdio.c (bfd_get_file_size): New function.
++ * bfd-in2.h: Regenerated.
++
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21434
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 20:09:16.319050914 +0530
++++ git/binutils/ChangeLog 2017-09-21 20:12:42.624252645 +0530
+@@ -25,6 +25,19 @@
+ section size against file size, but instead use an arbitrary 2Gb
+ limit. Issue a warning message if the section is too big.
+
++2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21519
++ * objdump.c (dump_relocs_in_section): Replace get_file_size
++ with bfd_get_file_size to get archive element size.
++ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
++ proc.
++ (test_objdump_h): Likewise.
++ (test_objdump_t): Likewise.
++ (test_objdump_r): Likewise.
++ (test_objdump_s): Likewise.
++ Add objdump tests on archive.
++
+ 2017-05-02 Nick Clifton <nickc@redhat.com>
+
+ PR 21440
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 4fcb0b1..821bb81 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -14,6 +14,7 @@ CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV', True).split('.')[0:2])}"
SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
file://support-oe-qt4-tools-names.patch \
file://qt4-fail-silent.patch \
+ file://avoid-gcc-warnings-with-Wstrict-prototypes.patch \
"
SRC_URI[md5sum] = "d6dd661380adacdb12f41b926ec99545"
diff --git a/meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch b/meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch
new file mode 100644
index 0000000..8b8d480
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch
@@ -0,0 +1,42 @@
+From 4bc17345c01ea467099e28c7df30c23ace9e7811 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Fri, 14 Oct 2016 16:26:58 -0700
+Subject: [PATCH] CheckFunctionExists.c: avoid gcc warnings with
+ -Wstrict-prototypes
+
+Avoid warnings (and therefore build failures etc) if a user happens
+to add -Wstrict-prototypes to CFLAGS.
+
+ | $ gcc --version
+ | gcc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4
+ |
+ | $ gcc -Wstrict-prototypes -Werror -DCHECK_FUNCTION_EXISTS=pthread_create -o foo.o -c Modules/CheckFunctionExists.c
+ | Modules/CheckFunctionExists.c:7:3: error: function declaration isn't a prototype [-Werror=strict-prototypes]
+ | CHECK_FUNCTION_EXISTS();
+ | ^
+ | cc1: all warnings being treated as errors
+ |
+
+Upstream-Status: Pending
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ Modules/CheckFunctionExists.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Modules/CheckFunctionExists.c b/Modules/CheckFunctionExists.c
+index 2304000..224e340 100644
+--- a/Modules/CheckFunctionExists.c
++++ b/Modules/CheckFunctionExists.c
+@@ -4,7 +4,7 @@
+ extern "C"
+ #endif
+ char
+- CHECK_FUNCTION_EXISTS();
++ CHECK_FUNCTION_EXISTS(void);
+ #ifdef __CLASSIC_C__
+ int main()
+ {
+--
+1.9.1
+
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 79a431c..a8c48e8 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -16,6 +16,8 @@ SRC_URI[sha256sum] = "d7837121dd5652a05fef807c361909d255d173280c4e1a4ded94d73d80
# also, exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>2(\.\d+)+).tar"
+CVE_PRODUCT = "python"
+
PYTHON_MAJMIN = "2.7"
inherit autotools
diff --git a/meta/recipes-devtools/python/python3/python-3.3-multilib.patch b/meta/recipes-devtools/python/python3/python-3.3-multilib.patch
index 8601903..08c4403 100644
--- a/meta/recipes-devtools/python/python3/python-3.3-multilib.patch
+++ b/meta/recipes-devtools/python/python3/python-3.3-multilib.patch
@@ -1,16 +1,34 @@
-Upstream-Status: Pending
-
-get the sys.lib from python itself and do not use hardcoded value of 'lib'
+From 51fe6f22d0ba113674fb358bd11d75fe659bd26e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 14 May 2013 15:00:26 -0700
+Subject: [PATCH 01/13] get the sys.lib from python itself and do not use
+ hardcoded value of 'lib'
02/2015 Rebased for 3.4.2
+Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
-Index: Python-3.5.2/Include/pythonrun.h
-===================================================================
---- Python-3.5.2.orig/Include/pythonrun.h
-+++ Python-3.5.2/Include/pythonrun.h
+---
+ Include/pythonrun.h | 3 +++
+ Lib/distutils/command/install.py | 4 +++-
+ Lib/pydoc.py | 2 +-
+ Lib/site.py | 4 ++--
+ Lib/sysconfig.py | 18 +++++++++---------
+ Lib/trace.py | 4 ++--
+ Makefile.pre.in | 7 +++++--
+ Modules/getpath.c | 10 +++++++++-
+ Python/getplatform.c | 20 ++++++++++++++++++++
+ Python/sysmodule.c | 4 ++++
+ configure.ac | 35 +++++++++++++++++++++++++++++++++++
+ setup.py | 9 ++++-----
+ 12 files changed, 97 insertions(+), 23 deletions(-)
+
+diff --git a/Include/pythonrun.h b/Include/pythonrun.h
+index 9c2e813..2f79cb6 100644
+--- a/Include/pythonrun.h
++++ b/Include/pythonrun.h
@@ -23,6 +23,9 @@ typedef struct {
} PyCompilerFlags;
#endif
@@ -21,10 +39,10 @@ Index: Python-3.5.2/Include/pythonrun.h
#ifndef Py_LIMITED_API
PyAPI_FUNC(int) PyRun_SimpleStringFlags(const char *, PyCompilerFlags *);
PyAPI_FUNC(int) PyRun_AnyFileFlags(FILE *, const char *, PyCompilerFlags *);
-Index: Python-3.5.2/Lib/distutils/command/install.py
-===================================================================
---- Python-3.5.2.orig/Lib/distutils/command/install.py
-+++ Python-3.5.2/Lib/distutils/command/install.py
+diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py
+index 67db007..b46b45b 100644
+--- a/Lib/distutils/command/install.py
++++ b/Lib/distutils/command/install.py
@@ -19,6 +19,8 @@ from site import USER_BASE
from site import USER_SITE
HAS_USER_SITE = True
@@ -43,10 +61,10 @@ Index: Python-3.5.2/Lib/distutils/command/install.py
'headers': '$base/include/python$py_version_short$abiflags/$dist_name',
'scripts': '$base/bin',
'data' : '$base',
-Index: Python-3.5.2/Lib/pydoc.py
-===================================================================
---- Python-3.5.2.orig/Lib/pydoc.py
-+++ Python-3.5.2/Lib/pydoc.py
+diff --git a/Lib/pydoc.py b/Lib/pydoc.py
+index 3ca08c9..6528730 100755
+--- a/Lib/pydoc.py
++++ b/Lib/pydoc.py
@@ -384,7 +384,7 @@ class Doc:
docmodule = docclass = docroutine = docother = docproperty = docdata = fail
@@ -56,10 +74,75 @@ Index: Python-3.5.2/Lib/pydoc.py
"python%d.%d" % sys.version_info[:2])):
"""Return the location of module docs or None"""
-Index: Python-3.5.2/Lib/trace.py
-===================================================================
---- Python-3.5.2.orig/Lib/trace.py
-+++ Python-3.5.2/Lib/trace.py
+diff --git a/Lib/site.py b/Lib/site.py
+index 3f78ef5..511931e 100644
+--- a/Lib/site.py
++++ b/Lib/site.py
+@@ -303,12 +303,12 @@ def getsitepackages(prefixes=None):
+ seen.add(prefix)
+
+ if os.sep == '/':
+- sitepackages.append(os.path.join(prefix, "lib",
++ sitepackages.append(os.path.join(prefix, sys.lib,
+ "python" + sys.version[:3],
+ "site-packages"))
+ else:
+ sitepackages.append(prefix)
+- sitepackages.append(os.path.join(prefix, "lib", "site-packages"))
++ sitepackages.append(os.path.join(prefix, sys.lib, "site-packages"))
+ if sys.platform == "darwin":
+ # for framework builds *only* we add the standard Apple
+ # locations.
+diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
+index 9c34be0..3d1181a 100644
+--- a/Lib/sysconfig.py
++++ b/Lib/sysconfig.py
+@@ -20,10 +20,10 @@ __all__ = [
+
+ _INSTALL_SCHEMES = {
+ 'posix_prefix': {
+- 'stdlib': '{installed_base}/lib/python{py_version_short}',
+- 'platstdlib': '{platbase}/lib/python{py_version_short}',
++ 'stdlib': '{installed_base}/'+sys.lib+'/python{py_version_short}',
++ 'platstdlib': '{platbase}/'+sys.lib+'/python{py_version_short}',
+ 'purelib': '{base}/lib/python{py_version_short}/site-packages',
+- 'platlib': '{platbase}/lib/python{py_version_short}/site-packages',
++ 'platlib': '{platbase}/'+sys.lib+'/python{py_version_short}/site-packages',
+ 'include':
+ '{installed_base}/include/python{py_version_short}{abiflags}',
+ 'platinclude':
+@@ -32,10 +32,10 @@ _INSTALL_SCHEMES = {
+ 'data': '{base}',
+ },
+ 'posix_home': {
+- 'stdlib': '{installed_base}/lib/python',
+- 'platstdlib': '{base}/lib/python',
++ 'stdlib': '{installed_base}/'+sys.lib+'/python',
++ 'platstdlib': '{base}/'+sys.lib+'/python',
+ 'purelib': '{base}/lib/python',
+- 'platlib': '{base}/lib/python',
++ 'platlib': '{base}/'+sys.lib+'/python',
+ 'include': '{installed_base}/include/python',
+ 'platinclude': '{installed_base}/include/python',
+ 'scripts': '{base}/bin',
+@@ -61,10 +61,10 @@ _INSTALL_SCHEMES = {
+ 'data': '{userbase}',
+ },
+ 'posix_user': {
+- 'stdlib': '{userbase}/lib/python{py_version_short}',
+- 'platstdlib': '{userbase}/lib/python{py_version_short}',
++ 'stdlib': '{userbase}/'+sys.lib+'/python{py_version_short}',
++ 'platstdlib': '{userbase}/'+sys.lib+'/python{py_version_short}',
+ 'purelib': '{userbase}/lib/python{py_version_short}/site-packages',
+- 'platlib': '{userbase}/lib/python{py_version_short}/site-packages',
++ 'platlib': '{userbase}/'+sys.lib+'/python{py_version_short}/site-packages',
+ 'include': '{userbase}/include/python{py_version_short}',
+ 'scripts': '{userbase}/bin',
+ 'data': '{userbase}',
+diff --git a/Lib/trace.py b/Lib/trace.py
+index f108266..7fd83f2 100755
+--- a/Lib/trace.py
++++ b/Lib/trace.py
@@ -749,10 +749,10 @@ def main(argv=None):
# should I also call expanduser? (after all, could use $HOME)
@@ -73,11 +156,11 @@ Index: Python-3.5.2/Lib/trace.py
"python" + sys.version[:3]))
s = os.path.normpath(s)
ignore_dirs.append(s)
-Index: Python-3.5.2/Makefile.pre.in
-===================================================================
---- Python-3.5.2.orig/Makefile.pre.in
-+++ Python-3.5.2/Makefile.pre.in
-@@ -106,6 +106,8 @@ PY_CORE_CFLAGS= $(PY_CFLAGS) $(PY_CFLAGS
+diff --git a/Makefile.pre.in b/Makefile.pre.in
+index 109f402..61a41e2 100644
+--- a/Makefile.pre.in
++++ b/Makefile.pre.in
+@@ -106,6 +106,8 @@ PY_CORE_CFLAGS= $(PY_CFLAGS) $(PY_CFLAGS_NODIST) $(PY_CPPFLAGS) $(CFLAGSFORSHARE
# Machine-dependent subdirectories
MACHDEP= @MACHDEP@
@@ -95,7 +178,7 @@ Index: Python-3.5.2/Makefile.pre.in
ABIFLAGS= @ABIFLAGS@
# Detailed destination directories
-@@ -755,6 +757,7 @@ Modules/getpath.o: $(srcdir)/Modules/get
+@@ -755,6 +757,7 @@ Modules/getpath.o: $(srcdir)/Modules/getpath.c Makefile
-DEXEC_PREFIX='"$(exec_prefix)"' \
-DVERSION='"$(VERSION)"' \
-DVPATH='"$(VPATH)"' \
@@ -103,7 +186,7 @@ Index: Python-3.5.2/Makefile.pre.in
-o $@ $(srcdir)/Modules/getpath.c
Programs/python.o: $(srcdir)/Programs/python.c
-@@ -835,7 +838,7 @@ $(OPCODE_H): $(srcdir)/Lib/opcode.py $(O
+@@ -835,7 +838,7 @@ $(OPCODE_H): $(srcdir)/Lib/opcode.py $(OPCODE_H_SCRIPT)
Python/compile.o Python/symtable.o Python/ast.o: $(GRAMMAR_H) $(AST_H)
Python/getplatform.o: $(srcdir)/Python/getplatform.c
@@ -112,10 +195,10 @@ Index: Python-3.5.2/Makefile.pre.in
Python/importdl.o: $(srcdir)/Python/importdl.c
$(CC) -c $(PY_CORE_CFLAGS) -I$(DLINCLDIR) -o $@ $(srcdir)/Python/importdl.c
-Index: Python-3.5.2/Modules/getpath.c
-===================================================================
---- Python-3.5.2.orig/Modules/getpath.c
-+++ Python-3.5.2/Modules/getpath.c
+diff --git a/Modules/getpath.c b/Modules/getpath.c
+index 18deb60..a01c3f8 100644
+--- a/Modules/getpath.c
++++ b/Modules/getpath.c
@@ -105,6 +105,13 @@
#error "PREFIX, EXEC_PREFIX, VERSION, and VPATH must be constant defined"
#endif
@@ -147,10 +230,10 @@ Index: Python-3.5.2/Modules/getpath.c
if (!_pythonpath || !_prefix || !_exec_prefix || !lib_python) {
Py_FatalError(
-Index: Python-3.5.2/Python/getplatform.c
-===================================================================
---- Python-3.5.2.orig/Python/getplatform.c
-+++ Python-3.5.2/Python/getplatform.c
+diff --git a/Python/getplatform.c b/Python/getplatform.c
+index 6899140..66a49c6 100644
+--- a/Python/getplatform.c
++++ b/Python/getplatform.c
@@ -10,3 +10,23 @@ Py_GetPlatform(void)
{
return PLATFORM;
@@ -175,10 +258,10 @@ Index: Python-3.5.2/Python/getplatform.c
+{
+ return LIB;
+}
-Index: Python-3.5.2/Python/sysmodule.c
-===================================================================
---- Python-3.5.2.orig/Python/sysmodule.c
-+++ Python-3.5.2/Python/sysmodule.c
+diff --git a/Python/sysmodule.c b/Python/sysmodule.c
+index 8d7e05a..d9dee0f 100644
+--- a/Python/sysmodule.c
++++ b/Python/sysmodule.c
@@ -1790,6 +1790,10 @@ _PySys_Init(void)
PyUnicode_FromString(Py_GetCopyright()));
SET_SYS_FROM_STRING("platform",
@@ -190,93 +273,10 @@ Index: Python-3.5.2/Python/sysmodule.c
SET_SYS_FROM_STRING("executable",
PyUnicode_FromWideChar(
Py_GetProgramFullPath(), -1));
-Index: Python-3.5.2/setup.py
-===================================================================
---- Python-3.5.2.orig/setup.py
-+++ Python-3.5.2/setup.py
-@@ -495,7 +495,7 @@ class PyBuildExt(build_ext):
- # directories (i.e. '.' and 'Include') must be first. See issue
- # 10520.
- if not cross_compiling:
-- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
-+ add_dir_to_list(self.compiler.library_dirs, os.path.join('/usr/local', sys.lib))
- add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
- # only change this for cross builds for 3.3, issues on Mageia
- if cross_compiling:
-@@ -553,8 +553,7 @@ class PyBuildExt(build_ext):
- # be assumed that no additional -I,-L directives are needed.
- if not cross_compiling:
- lib_dirs = self.compiler.library_dirs + [
-- '/lib64', '/usr/lib64',
-- '/lib', '/usr/lib',
-+ '/' + sys.lib, '/usr/' + sys.lib,
- ]
- inc_dirs = self.compiler.include_dirs + ['/usr/include']
- else:
-@@ -746,11 +745,11 @@ class PyBuildExt(build_ext):
- elif curses_library:
- readline_libs.append(curses_library)
- elif self.compiler.find_library_file(lib_dirs +
-- ['/usr/lib/termcap'],
-+ ['/usr/'+sys.lib+'/termcap'],
- 'termcap'):
- readline_libs.append('termcap')
- exts.append( Extension('readline', ['readline.c'],
-- library_dirs=['/usr/lib/termcap'],
-+ library_dirs=['/usr/'+sys.lib+'/termcap'],
- extra_link_args=readline_extra_link_args,
- libraries=readline_libs) )
- else:
-Index: Python-3.5.2/Lib/sysconfig.py
-===================================================================
---- Python-3.5.2.orig/Lib/sysconfig.py
-+++ Python-3.5.2/Lib/sysconfig.py
-@@ -20,10 +20,10 @@ __all__ = [
-
- _INSTALL_SCHEMES = {
- 'posix_prefix': {
-- 'stdlib': '{installed_base}/lib/python{py_version_short}',
-- 'platstdlib': '{platbase}/lib/python{py_version_short}',
-+ 'stdlib': '{installed_base}/'+sys.lib+'/python{py_version_short}',
-+ 'platstdlib': '{platbase}/'+sys.lib+'/python{py_version_short}',
- 'purelib': '{base}/lib/python{py_version_short}/site-packages',
-- 'platlib': '{platbase}/lib/python{py_version_short}/site-packages',
-+ 'platlib': '{platbase}/'+sys.lib+'/python{py_version_short}/site-packages',
- 'include':
- '{installed_base}/include/python{py_version_short}{abiflags}',
- 'platinclude':
-@@ -32,10 +32,10 @@ _INSTALL_SCHEMES = {
- 'data': '{base}',
- },
- 'posix_home': {
-- 'stdlib': '{installed_base}/lib/python',
-- 'platstdlib': '{base}/lib/python',
-+ 'stdlib': '{installed_base}/'+sys.lib+'/python',
-+ 'platstdlib': '{base}/'+sys.lib+'/python',
- 'purelib': '{base}/lib/python',
-- 'platlib': '{base}/lib/python',
-+ 'platlib': '{base}/'+sys.lib+'/python',
- 'include': '{installed_base}/include/python',
- 'platinclude': '{installed_base}/include/python',
- 'scripts': '{base}/bin',
-@@ -61,10 +61,10 @@ _INSTALL_SCHEMES = {
- 'data': '{userbase}',
- },
- 'posix_user': {
-- 'stdlib': '{userbase}/lib/python{py_version_short}',
-- 'platstdlib': '{userbase}/lib/python{py_version_short}',
-+ 'stdlib': '{userbase}/'+sys.lib+'/python{py_version_short}',
-+ 'platstdlib': '{userbase}/'+sys.lib+'/python{py_version_short}',
- 'purelib': '{userbase}/lib/python{py_version_short}/site-packages',
-- 'platlib': '{userbase}/lib/python{py_version_short}/site-packages',
-+ 'platlib': '{userbase}/'+sys.lib+'/python{py_version_short}/site-packages',
- 'include': '{userbase}/include/python{py_version_short}',
- 'scripts': '{userbase}/bin',
- 'data': '{userbase}',
-Index: Python-3.5.2/configure.ac
-===================================================================
---- Python-3.5.2.orig/configure.ac
-+++ Python-3.5.2/configure.ac
+diff --git a/configure.ac b/configure.ac
+index 707324d..e8d59a3 100644
+--- a/configure.ac
++++ b/configure.ac
@@ -883,6 +883,41 @@ PLATDIR=plat-$MACHDEP
AC_SUBST(PLATDIR)
AC_SUBST(PLATFORM_TRIPLET)
@@ -319,3 +319,43 @@ Index: Python-3.5.2/configure.ac
AC_MSG_CHECKING([for -Wl,--no-as-needed])
save_LDFLAGS="$LDFLAGS"
+diff --git a/setup.py b/setup.py
+index 6d26deb..7b14215 100644
+--- a/setup.py
++++ b/setup.py
+@@ -495,7 +495,7 @@ class PyBuildExt(build_ext):
+ # directories (i.e. '.' and 'Include') must be first. See issue
+ # 10520.
+ if not cross_compiling:
+- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
++ add_dir_to_list(self.compiler.library_dirs, os.path.join('/usr/local', sys.lib))
+ add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
+ # only change this for cross builds for 3.3, issues on Mageia
+ if cross_compiling:
+@@ -553,8 +553,7 @@ class PyBuildExt(build_ext):
+ # be assumed that no additional -I,-L directives are needed.
+ if not cross_compiling:
+ lib_dirs = self.compiler.library_dirs + [
+- '/lib64', '/usr/lib64',
+- '/lib', '/usr/lib',
++ '/' + sys.lib, '/usr/' + sys.lib,
+ ]
+ inc_dirs = self.compiler.include_dirs + ['/usr/include']
+ else:
+@@ -746,11 +745,11 @@ class PyBuildExt(build_ext):
+ elif curses_library:
+ readline_libs.append(curses_library)
+ elif self.compiler.find_library_file(lib_dirs +
+- ['/usr/lib/termcap'],
++ ['/usr/'+sys.lib+'/termcap'],
+ 'termcap'):
+ readline_libs.append('termcap')
+ exts.append( Extension('readline', ['readline.c'],
+- library_dirs=['/usr/lib/termcap'],
++ library_dirs=['/usr/'+sys.lib+'/termcap'],
+ extra_link_args=readline_extra_link_args,
+ libraries=readline_libs) )
+ else:
+--
+2.11.0
+
diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
index fde67e9..d719898 100644
--- a/meta/recipes-devtools/ruby/ruby.inc
+++ b/meta/recipes-devtools/ruby/ruby.inc
@@ -8,10 +8,10 @@ HOMEPAGE = "http://www.ruby-lang.org/"
SECTION = "devel/ruby"
LICENSE = "Ruby | BSD | GPLv2"
LIC_FILES_CHKSUM = "\
- file://COPYING;md5=837b32593517ae48b9c3b5c87a5d288c \
+ file://COPYING;md5=8a960b08d972f43f91ae84a6f00dcbfb \
file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\
file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\
- file://LEGAL;md5=c440adb575ba4e6e2344c2630b6a5584\
+ file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \
"
DEPENDS = "ruby-native zlib openssl tcl libyaml db gdbm readline"
@@ -22,6 +22,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
file://extmk.patch \
file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
"
+UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
inherit autotools
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch b/meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch
deleted file mode 100644
index 2b8772b..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-cipher: don't set dummy encryption key in Cipher#initialize
-Remove the encryption key initialization from Cipher#initialize. This
-is effectively a revert of r32723 ("Avoid possible SEGV from AES
-encryption/decryption", 2011-07-28).
-
-r32723, which added the key initialization, was a workaround for
-Ruby Bug #2768. For some certain ciphers, calling EVP_CipherUpdate()
-before setting an encryption key caused segfault. It was not a problem
-until OpenSSL implemented GCM mode - the encryption key could be
-overridden by repeated calls of EVP_CipherInit_ex(). But, it is not the
-case for AES-GCM ciphers. Setting a key, an IV, a key, in this order
-causes the IV to be reset to an all-zero IV.
-
-The problem of Bug #2768 persists on the current versions of OpenSSL.
-So, make Cipher#update raise an exception if a key is not yet set by the
-user. Since encrypting or decrypting without key does not make any
-sense, this should not break existing applications.
-
-Users can still call Cipher#key= and Cipher#iv= multiple times with
-their own responsibility.
-
-Reference: https://bugs.ruby-lang.org/issues/2768
-Reference: https://bugs.ruby-lang.org/issues/8221
-
-Upstream-Status: Backport
-CVE: CVE-2016-7798
-
-Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
-
-Index: ruby-2.2.2/ext/openssl/ossl_cipher.c
-===================================================================
---- ruby-2.2.2.orig/ext/openssl/ossl_cipher.c
-+++ ruby-2.2.2/ext/openssl/ossl_cipher.c
-@@ -35,6 +35,7 @@
- */
- VALUE cCipher;
- VALUE eCipherError;
-+static ID id_key_set;
-
- static VALUE ossl_cipher_alloc(VALUE klass);
- static void ossl_cipher_free(void *ptr);
-@@ -119,7 +120,6 @@ ossl_cipher_initialize(VALUE self, VALUE
- EVP_CIPHER_CTX *ctx;
- const EVP_CIPHER *cipher;
- char *name;
-- unsigned char key[EVP_MAX_KEY_LENGTH];
-
- name = StringValuePtr(str);
- GetCipherInit(self, ctx);
-@@ -131,14 +131,7 @@ ossl_cipher_initialize(VALUE self, VALUE
- if (!(cipher = EVP_get_cipherbyname(name))) {
- ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name);
- }
-- /*
-- * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
-- * uninitialized key, but other EVPs (such as AES) does not allow it.
-- * Calling EVP_CipherUpdate() without initializing key causes SEGV so we
-- * set the data filled with "\0" as the key by default.
-- */
-- memset(key, 0, EVP_MAX_KEY_LENGTH);
-- if (EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, -1) != 1)
-+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
- ossl_raise(eCipherError, NULL);
-
- return self;
-@@ -256,6 +249,8 @@ ossl_cipher_init(int argc, VALUE *argv,
- if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
- ossl_raise(eCipherError, NULL);
- }
-+ if (p_key)
-+ rb_ivar_set(self, id_key_set, Qtrue);
-
- return self;
- }
-@@ -343,6 +338,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL
- OPENSSL_cleanse(key, sizeof key);
- OPENSSL_cleanse(iv, sizeof iv);
-
-+ rb_ivar_set(self, id_key_set, Qtrue);
-+
- return Qnil;
- }
-
-@@ -396,6 +393,9 @@ ossl_cipher_update(int argc, VALUE *argv
-
- rb_scan_args(argc, argv, "11", &data, &str);
-
-+ if (!RTEST(rb_attr_get(self, id_key_set)))
-+ ossl_raise(eCipherError, "key not set");
-+
- StringValue(data);
- in = (unsigned char *)RSTRING_PTR(data);
- if ((in_len = RSTRING_LEN(data)) == 0)
-@@ -495,6 +495,8 @@ ossl_cipher_set_key(VALUE self, VALUE ke
- if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1)
- ossl_raise(eCipherError, NULL);
-
-+ rb_ivar_set(self, id_key_set, Qtrue);
-+
- return key;
- }
-
-@@ -1013,5 +1015,7 @@ Init_ossl_cipher(void)
- rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
- rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
- rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
-+
-+ id_key_set = rb_intern_const("key_set");
- }
-
-Index: ruby-2.2.2/test/openssl/test_cipher.rb
-===================================================================
---- ruby-2.2.2.orig/test/openssl/test_cipher.rb
-+++ ruby-2.2.2/test/openssl/test_cipher.rb
-@@ -80,6 +80,7 @@ class OpenSSL::TestCipher < Test::Unit::
-
- def test_empty_data
- @c1.encrypt
-+ @c1.random_key
- assert_raise(ArgumentError){ @c1.update("") }
- end
-
-@@ -127,13 +128,10 @@ class OpenSSL::TestCipher < Test::Unit::
- assert_equal(pt, c2.update(ct) + c2.final)
- }
- end
--
-- def test_AES_crush
-- 500.times do
-- assert_nothing_raised("[Bug #2768]") do
-- # it caused OpenSSL SEGV by uninitialized key
-- OpenSSL::Cipher::AES128.new("ECB").update "." * 17
-- end
-+ def test_update_raise_if_key_not_set
-+ assert_raise(OpenSSL::Cipher::CipherError) do
-+ # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
-+ OpenSSL::Cipher::AES128.new("ECB").update "." * 17
- end
- end
- end
-@@ -236,6 +234,23 @@ class OpenSSL::TestCipher < Test::Unit::
- end
-
- end
-+ def test_aes_gcm_key_iv_order_issue
-+ pt = "[ruby/openssl#49]"
-+ cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
-+ cipher.key = "x" * 16
-+ cipher.iv = "a" * 12
-+ ct1 = cipher.update(pt) << cipher.final
-+ tag1 = cipher.auth_tag
-+
-+ cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
-+ cipher.iv = "a" * 12
-+ cipher.key = "x" * 16
-+ ct2 = cipher.update(pt) << cipher.final
-+ tag2 = cipher.auth_tag
-+
-+ assert_equal ct1, ct2
-+ assert_equal tag1, tag2
-+ end if has_cipher?("aes-128-gcm")
-
- private
-
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch
deleted file mode 100644
index cbcd18c..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 1648afef33c1d97fb203c82291b8a61269e85d3b Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 19 Sep 2016 15:38:44 +0900
-Subject: [PATCH] asn1: fix out-of-bounds read in decoding constructed objects
-
-OpenSSL::ASN1.{decode,decode_all,traverse} have a bug of out-of-bounds
-read. int_ossl_asn1_decode0_cons() does not give the correct available
-length to ossl_asn1_decode() when decoding the inner components of a
-constructed object. This can cause out-of-bounds read if a crafted input
-given.
-
-Reference: https://hackerone.com/reports/170316
-
-Upstream-Status: Backport
-CVE: CVE-2017-14033
-
-Signed-off-by: Rajkumar Veer<rveer@mvista.com>
----
- ext/openssl/ossl_asn1.c | 13 ++++++-------
- test/test_asn1.rb | 23 +++++++++++++++++++++++
- 2 files changed, 29 insertions(+), 7 deletions(-)
---- a/ext/openssl/ossl_asn1.c
-+++ b/ext/openssl/ossl_asn1.c
-@@ -871,19 +871,18 @@
- {
- VALUE value, asn1data, ary;
- int infinite;
-- long off = *offset;
-+ long available_len, off = *offset;
-
- infinite = (j == 0x21);
- ary = rb_ary_new();
-
-- while (length > 0 || infinite) {
-+ available_len = infinite ? max_len : length;
-+ while (available_len > 0 ) {
- long inner_read = 0;
-- value = ossl_asn1_decode0(pp, max_len, &off, depth + 1, yield, &inner_read);
-+ value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read);
- *num_read += inner_read;
-- max_len -= inner_read;
-+ available_len -= inner_read;
- rb_ary_push(ary, value);
-- if (length > 0)
-- length -= inner_read;
-
- if (infinite &&
- NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC &&
-@@ -974,7 +973,7 @@
- if(j & V_ASN1_CONSTRUCTED) {
- *pp += hlen;
- off += hlen;
-- asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read);
-+ asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read);
- inner_read += hlen;
- }
- else {
---- a/test/openssl/test_asn1.rb
-+++ b/test/openssl/test_asn1.rb
-@@ -595,6 +595,29 @@
- assert_equal(false, asn1.value[3].infinite_length)
- end
-
-+ def test_decode_constructed_overread
-+ test = %w{ 31 06 31 02 30 02 05 00 }
-+ # ^ <- invalid
-+ raw = [test.join].pack("H*")
-+ ret = []
-+ assert_raise(OpenSSL::ASN1::ASN1Error) {
-+ OpenSSL::ASN1.traverse(raw) { |x| ret << x }
-+ }
-+ assert_equal 2, ret.size
-+ assert_equal 17, ret[0][6]
-+ assert_equal 17, ret[1][6]
-+
-+ test = %w{ 31 80 30 03 00 00 }
-+ # ^ <- invalid
-+ raw = [test.join].pack("H*")
-+ ret = []
-+ assert_raise(OpenSSL::ASN1::ASN1Error) {
-+ OpenSSL::ASN1.traverse(raw) { |x| ret << x }
-+ }
-+ assert_equal 1, ret.size
-+ assert_equal 17, ret[0][6]
-+ end
-+
- private
-
- def assert_universal(tag, asn1)
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
index 073d214..700d1bc 100644
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
@@ -1,19 +1,54 @@
-From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
-From: Florian Frank <flori@ping.de>
-Date: Thu, 2 Mar 2017 12:12:33 +0100
-Subject: [PATCH] Fix arbitrary heap exposure problem
+From d86d283fcb35d1442a121b92030884523908a331 Mon Sep 17 00:00:00 2001
+From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Sat, 22 Apr 2017 07:29:01 +0000
+Subject: [PATCH] merge revision(s) 58323,58324:
+
+ Merge json-2.0.4.
+
+ * https://github.com/flori/json/releases/tag/v2.0.4
+ * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
+ Use `assert_raise` instead of `assert_raises`.
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58445 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Upstream-Status: Backport
CVE: CVE-2017-14064
-Signed-off-by: Rajkumar Veer<rveer@mvista.com>
+Signed-off-by: Armin Kuster <akuster@mvisa.com>
+
---
- ext/json/ext/generator/generator.c | 12 ++++++------
- ext/json/ext/generator/generator.h | 1 -
- 2 files changed, 6 insertions(+), 7 deletions(-)
---- a/ext/json/generator/generator.c
-+++ b/ext/json/generator/generator.c
-@@ -301,7 +301,7 @@
+ ext/json/fbuffer/fbuffer.h | 3 ---
+ ext/json/generator/generator.c | 12 +++++-----
+ ext/json/generator/generator.h | 1 -
+ ext/json/json.gemspec | Bin 5473 -> 5474 bytes
+ ext/json/lib/json/version.rb | 2 +-
+ ext/json/parser/parser.c | 48 +++++++++++++++++++++++----------------
+ ext/json/parser/parser.rl | 14 +++++++++---
+ test/json/json_encoding_test.rb | 2 ++
+ test/json/json_generator_test.rb | 0
+ version.h | 2 +-
+ 10 files changed, 49 insertions(+), 35 deletions(-)
+ mode change 100755 => 100644 test/json/json_generator_test.rb
+
+Index: ruby-2.4.0/ext/json/fbuffer/fbuffer.h
+===================================================================
+--- ruby-2.4.0.orig/ext/json/fbuffer/fbuffer.h
++++ ruby-2.4.0/ext/json/fbuffer/fbuffer.h
+@@ -12,9 +12,6 @@
+ #define RFLOAT_VALUE(val) (RFLOAT(val)->value)
+ #endif
+
+-#ifndef RARRAY_PTR
+-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
+-#endif
+ #ifndef RARRAY_LEN
+ #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
+ #endif
+Index: ruby-2.4.0/ext/json/generator/generator.c
+===================================================================
+--- ruby-2.4.0.orig/ext/json/generator/generator.c
++++ ruby-2.4.0/ext/json/generator/generator.c
+@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, u
char *result;
if (len <= 0) return NULL;
result = ALLOC_N(char, len);
@@ -22,7 +57,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com>
return result;
}
-@@ -1055,7 +1055,7 @@
+@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE sel
}
} else {
if (state->indent) ruby_xfree(state->indent);
@@ -31,7 +66,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com>
state->indent_len = len;
}
return Qnil;
-@@ -1093,7 +1093,7 @@
+@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self
}
} else {
if (state->space) ruby_xfree(state->space);
@@ -40,7 +75,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com>
state->space_len = len;
}
return Qnil;
-@@ -1129,7 +1129,7 @@
+@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VAL
}
} else {
if (state->space_before) ruby_xfree(state->space_before);
@@ -49,7 +84,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com>
state->space_before_len = len;
}
return Qnil;
-@@ -1166,7 +1166,7 @@
+@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE
}
} else {
if (state->object_nl) ruby_xfree(state->object_nl);
@@ -58,17 +93,19 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com>
state->object_nl_len = len;
}
return Qnil;
-@@ -1201,7 +1201,7 @@
+@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE s
}
} else {
if (state->array_nl) ruby_xfree(state->array_nl);
- state->array_nl = strdup(RSTRING_PTR(array_nl));
-+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
state->array_nl_len = len;
}
return Qnil;
---- a/ext/json/generator/generator.h
-+++ b/ext/json/generator/generator.h
+Index: ruby-2.4.0/ext/json/generator/generator.h
+===================================================================
+--- ruby-2.4.0.orig/ext/json/generator/generator.h
++++ ruby-2.4.0/ext/json/generator/generator.h
@@ -1,7 +1,6 @@
#ifndef _GENERATOR_H_
#define _GENERATOR_H_
@@ -77,3 +114,240 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com>
#include <math.h>
#include <ctype.h>
+Index: ruby-2.4.0/ext/json/lib/json/version.rb
+===================================================================
+--- ruby-2.4.0.orig/ext/json/lib/json/version.rb
++++ ruby-2.4.0/ext/json/lib/json/version.rb
+@@ -1,7 +1,7 @@
+ # frozen_string_literal: false
+ module JSON
+ # JSON version
+- VERSION = '2.0.2'
++ VERSION = '2.0.4'
+ VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
+ VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
+ VERSION_MINOR = VERSION_ARRAY[1] # :nodoc:
+Index: ruby-2.4.0/ext/json/parser/parser.c
+===================================================================
+--- ruby-2.4.0.orig/ext/json/parser/parser.c
++++ ruby-2.4.0/ext/json/parser/parser.c
+@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE
+ break;
+ case 'u':
+ if (pe > stringEnd - 4) {
+- return Qnil;
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
++ );
+ } else {
+ UTF32 ch = unescape_unicode((unsigned char *) ++pe);
+ pe += 3;
+ if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
+ pe++;
+- if (pe > stringEnd - 6) return Qnil;
++ if (pe > stringEnd - 6) {
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete surrogate pair at '%s'", __LINE__, p
++ );
++ }
+ if (pe[0] == '\\' && pe[1] == 'u') {
+ UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
+ ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
+@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE
+ }
+
+
+-#line 1475 "parser.c"
++#line 1483 "parser.c"
+ enum {JSON_string_start = 1};
+ enum {JSON_string_first_final = 8};
+ enum {JSON_string_error = 0};
+@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
+ enum {JSON_string_en_main = 1};
+
+
+-#line 504 "parser.rl"
++#line 512 "parser.rl"
+
+
+ static int
+@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Pars
+
+ *result = rb_str_buf_new(0);
+
+-#line 1505 "parser.c"
++#line 1513 "parser.c"
+ {
+ cs = JSON_string_start;
+ }
+
+-#line 525 "parser.rl"
++#line 533 "parser.rl"
+ json->memo = p;
+
+-#line 1513 "parser.c"
++#line 1521 "parser.c"
+ {
+ if ( p == pe )
+ goto _test_eof;
+@@ -1534,7 +1542,7 @@ case 2:
+ goto st0;
+ goto st2;
+ tr2:
+-#line 490 "parser.rl"
++#line 498 "parser.rl"
+ {
+ *result = json_string_unescape(*result, json->memo + 1, p);
+ if (NIL_P(*result)) {
+@@ -1545,14 +1553,14 @@ tr2:
+ {p = (( p + 1))-1;}
+ }
+ }
+-#line 501 "parser.rl"
++#line 509 "parser.rl"
+ { p--; {p++; cs = 8; goto _out;} }
+ goto st8;
+ st8:
+ if ( ++p == pe )
+ goto _test_eof8;
+ case 8:
+-#line 1556 "parser.c"
++#line 1564 "parser.c"
+ goto st0;
+ st3:
+ if ( ++p == pe )
+@@ -1628,7 +1636,7 @@ case 7:
+ _out: {}
+ }
+
+-#line 527 "parser.rl"
++#line 535 "parser.rl"
+
+ if (json->create_additions && RTEST(match_string = json->match_string)) {
+ VALUE klass;
+@@ -1675,7 +1683,7 @@ static VALUE convert_encoding(VALUE sour
+ }
+ FORCE_UTF8(source);
+ } else {
+- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
++ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
+ }
+ #endif
+ return source;
+@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc
+ }
+
+
+-#line 1812 "parser.c"
++#line 1820 "parser.c"
+ enum {JSON_start = 1};
+ enum {JSON_first_final = 10};
+ enum {JSON_error = 0};
+@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
+ enum {JSON_en_main = 1};
+
+
+-#line 720 "parser.rl"
++#line 728 "parser.rl"
+
+
+ /*
+@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
+ GET_PARSER;
+
+
+-#line 1837 "parser.c"
++#line 1845 "parser.c"
+ {
+ cs = JSON_start;
+ }
+
+-#line 736 "parser.rl"
++#line 744 "parser.rl"
+ p = json->source;
+ pe = p + json->len;
+
+-#line 1846 "parser.c"
++#line 1854 "parser.c"
+ {
+ if ( p == pe )
+ goto _test_eof;
+@@ -1876,7 +1884,7 @@ st0:
+ cs = 0;
+ goto _out;
+ tr2:
+-#line 712 "parser.rl"
++#line 720 "parser.rl"
+ {
+ char *np = JSON_parse_value(json, p, pe, &result, 0);
+ if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
+@@ -1886,7 +1894,7 @@ st10:
+ if ( ++p == pe )
+ goto _test_eof10;
+ case 10:
+-#line 1890 "parser.c"
++#line 1898 "parser.c"
+ switch( (*p) ) {
+ case 13: goto st10;
+ case 32: goto st10;
+@@ -1975,7 +1983,7 @@ case 9:
+ _out: {}
+ }
+
+-#line 739 "parser.rl"
++#line 747 "parser.rl"
+
+ if (cs >= JSON_first_final && p == pe) {
+ return result;
+Index: ruby-2.4.0/ext/json/parser/parser.rl
+===================================================================
+--- ruby-2.4.0.orig/ext/json/parser/parser.rl
++++ ruby-2.4.0/ext/json/parser/parser.rl
+@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE
+ break;
+ case 'u':
+ if (pe > stringEnd - 4) {
+- return Qnil;
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
++ );
+ } else {
+ UTF32 ch = unescape_unicode((unsigned char *) ++pe);
+ pe += 3;
+ if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
+ pe++;
+- if (pe > stringEnd - 6) return Qnil;
++ if (pe > stringEnd - 6) {
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete surrogate pair at '%s'", __LINE__, p
++ );
++ }
+ if (pe[0] == '\\' && pe[1] == 'u') {
+ UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
+ ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
+@@ -570,7 +578,7 @@ static VALUE convert_encoding(VALUE sour
+ }
+ FORCE_UTF8(source);
+ } else {
+- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
++ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
+ }
+ #endif
+ return source;
+Index: ruby-2.4.0/test/json/json_encoding_test.rb
+===================================================================
+--- ruby-2.4.0.orig/test/json/json_encoding_test.rb
++++ ruby-2.4.0/test/json/json_encoding_test.rb
+@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::Tes
+ json = '["\ud840\udc01"]'
+ assert_equal json, generate(utf8, :ascii_only => true)
+ assert_equal utf8, parse(json)
++ assert_raise(JSON::ParserError) { parse('"\u"') }
++ assert_raise(JSON::ParserError) { parse('"\ud800"') }
+ end
+
+ def test_chars
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch
deleted file mode 100644
index fc783e8..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-commit f015fbdd95f76438cd86366467bb2b39870dd7c6
-Author: K.Kosako <kosako@sofnec.co.jp>
-Date: Fri May 19 15:44:47 2017 +0900
-
- fix #55 : Byte value expressed in octal must be smaller than 256
-
-Upstream-Status: Backport
-
-CVE: CVE-2017-9226
-Signed-off-by: Thiruvadi Rajaraman <tajaraman@mvista.com>
-
-Index: ruby-2.2.5/regparse.c
-===================================================================
---- ruby-2.2.5.orig/regparse.c 2017-09-12 16:33:21.977835068 +0530
-+++ ruby-2.2.5/regparse.c 2017-09-12 16:34:40.987117744 +0530
-@@ -3222,7 +3222,7 @@
- PUNFETCH;
- prev = p;
- num = scan_unsigned_octal_number(&p, end, 3, enc);
-- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
-+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
- if (p == prev) { /* can't read nothing. */
- num = 0; /* but, it's not error */
- }
-@@ -3676,7 +3676,7 @@
- if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
- prev = p;
- num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
-- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
-+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
- if (p == prev) { /* can't read nothing. */
- num = 0; /* but, it's not error */
- }
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch
deleted file mode 100644
index f6eaefb..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-commit 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
-Author: K.Kosako <kosako@sofnec.co.jp>
-Date: Tue May 23 16:15:35 2017 +0900
-
- fix #58 : access to invalid address by reg->dmin value
-
-Upstream-Status: backport
-
-CVE: CVE-2017-9227
-Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
-
-Index: ruby-2.2.5/regexec.c
-===================================================================
---- ruby-2.2.5.orig/regexec.c 2014-09-15 21:48:41.000000000 +0530
-+++ ruby-2.2.5/regexec.c 2017-08-30 12:18:04.054828426 +0530
-@@ -3678,6 +3678,8 @@
- }
- else {
- UChar *q = p + reg->dmin;
-+
-+ if (q >= end) return 0; /* fail */
- while (p < q) p += enclen(reg->enc, p, end);
- }
- }
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
deleted file mode 100644
index dc911bb..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-commit 3b63d12038c8d8fc278e81c942fa9bec7c704c8b
-Author: K.Kosako <kosako@sofnec.co.jp>
-Date: Wed May 24 13:43:25 2017 +0900
-
- fix #60 : invalid state(CCS_VALUE) in parse_char_class()
-
-Upstream-Status: Backport
-
-CVE: CVE-2017-9228
-Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
-
-Index: ruby-2.2.5/regparse.c
-===================================================================
---- ruby-2.2.5.orig/regparse.c 2014-09-16 08:14:10.000000000 +0530
-+++ ruby-2.2.5/regparse.c 2017-08-30 11:58:25.774275722 +0530
-@@ -4458,7 +4458,9 @@
- }
- }
-
-- *state = CCS_VALUE;
-+ if (*state != CCS_START)
-+ *state = CCS_VALUE;
-+
- *type = CCV_CLASS;
- return 0;
- }
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch
deleted file mode 100644
index 75bdfad..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-commit b690371bbf97794b4a1d3f295d4fb9a8b05d402d
-Author: K.Kosako <kosako@sofnec.co.jp>
-Date: Wed May 24 10:27:04 2017 +0900
-
- fix #59 : access to invalid address by reg->dmax value
-
-Upstream-Status: Backport
-
-CVE: CVE-2017-9229
-Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
-
-Index: ruby-2.2.5/regexec.c
-===================================================================
---- ruby-2.2.5.orig/regexec.c 2017-09-13 12:17:08.429254209 +0530
-+++ ruby-2.2.5/regexec.c 2017-09-13 12:24:03.365312311 +0530
-@@ -3763,6 +3763,12 @@
- }
- else {
- if (reg->dmax != ONIG_INFINITE_DISTANCE) {
-+ if (p - str < reg->dmax) {
-+ *low = (UChar* )str;
-+ if (low_prev)
-+ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end);
-+ }
-+ else {
- *low = p - reg->dmax;
- if (*low > s) {
- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
-@@ -3776,6 +3782,7 @@
- *low_prev = onigenc_get_prev_char_head(reg->enc,
- (pprev ? pprev : str), *low, end);
- }
-+ }
- }
- }
- /* no needs to adjust *high, *high is used as range check only */
diff --git a/meta/recipes-devtools/ruby/ruby/prevent-gc.patch b/meta/recipes-devtools/ruby/ruby/prevent-gc.patch
deleted file mode 100644
index 2eaa955..0000000
--- a/meta/recipes-devtools/ruby/ruby/prevent-gc.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fix marshaling with gcc7. Based on upstream revision 57410:
-https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57410
-https://github.com/ruby/ruby/commit/7c1b30a602ab109d8d5388d7dfb3c5b180ba24e1
-https://bugs.ruby-lang.org/issues/13150
-
-with the upstream patches intent ported to Ruby 2.2.5
-
-Upstream-Status: Backport
-
-Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
-
-Index: ruby-2.2.5/marshal.c
-===================================================================
---- ruby-2.2.5.orig/marshal.c
-+++ ruby-2.2.5/marshal.c
-@@ -17,7 +17,6 @@
- #include "ruby/io.h"
- #include "ruby/st.h"
- #include "ruby/util.h"
--
- #include <math.h>
- #ifdef HAVE_FLOAT_H
- #include <float.h>
-@@ -985,7 +984,7 @@ marshal_dump(int argc, VALUE *argv)
- VALUE obj, port, a1, a2;
- int limit = -1;
- struct dump_arg *arg;
-- VALUE wrapper; /* used to avoid memory leak in case of exception */
-+ volatile VALUE wrapper; /* used to avoid memory leak in case of exception */
-
- port = Qnil;
- rb_scan_args(argc, argv, "12", &obj, &a1, &a2);
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
new file mode 100644
index 0000000..848139b
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
@@ -0,0 +1,41 @@
+From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Tue, 23 May 2017 10:28:58 +0900
+Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
+
+---
+ regexec.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- end of original header
+
+CVE: CVE-2017-9224
+
+Context modified so that patch applies for version 2.4.1.
+
+Upstream-Status: Pending
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/regexec.c b/regexec.c
+index 35fef11..d4e577d 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+ NEXT;
+
+ CASE(OP_EXACT1) MOP_IN(OP_EXACT1);
+-#if 0
+ DATA_ENSURE(1);
+ if (*p != *s) goto fail;
+ p++; s++;
+-#endif
+- if (*p != *s++) goto fail;
+- DATA_ENSURE(0);
+- p++;
+ MOP_OUT;
+ break;
+
+--
+1.7.9.5
+
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
new file mode 100644
index 0000000..0f2a430
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
@@ -0,0 +1,41 @@
+From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Thu, 18 May 2017 17:05:27 +0900
+Subject: [PATCH] fix #55 : check too big code point value for single byte
+ value in next_state_val()
+
+---
+ regparse.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- end of original header
+
+CVE: CVE-2017-9226
+
+Add check for octal number bigger than 255.
+
+Upstream-Status: Pending
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+--- ruby-2.4.1.orig/regparse.c
++++ ruby-2.4.1/regparse.c
+@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src,
+ if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
+ prev = p;
+ num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
+- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
++ if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
+ if (p == prev) { /* can't read nothing. */
+ num = 0; /* but, it's not error */
+ }
+@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
+ switch (*state) {
+ case CCS_VALUE:
+ if (*type == CCV_SB) {
++ if (*vs > 0xff)
++ return ONIGERR_INVALID_CODE_POINT_VALUE;
++
+ BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs));
+ if (IS_NOT_NULL(asc_cc))
+ BITSET_SET_BIT(asc_cc->bs, (int )(*vs));
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch
new file mode 100644
index 0000000..85e7ccb
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch
@@ -0,0 +1,32 @@
+From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Tue, 23 May 2017 16:15:35 +0900
+Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value
+
+---
+ regexec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- end of original header
+
+CVE: CVE-2017-9227
+
+Upstream-Status: Inappropriate [not author]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+diff --git a/regexec.c b/regexec.c
+index d4e577d..2fa0f3d 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
+ }
+ else {
+ UChar *q = p + reg->dmin;
++
++ if (q >= end) return 0; /* fail */
+ while (p < q) p += enclen(reg->enc, p, end);
+ }
+ }
+--
+1.7.9.5
+
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch
new file mode 100644
index 0000000..d8bfba4
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch
@@ -0,0 +1,34 @@
+From 3b63d12038c8d8fc278e81c942fa9bec7c704c8b Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Wed, 24 May 2017 13:43:25 +0900
+Subject: [PATCH] fix #60 : invalid state(CCS_VALUE) in parse_char_class()
+
+---
+ regparse.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- end of original header
+
+CVE: CVE-2017-9228
+
+Upstream-Status: Inappropriate [not author]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+diff --git a/regparse.c b/regparse.c
+index 69875fa..1988747 100644
+--- a/regparse.c
++++ b/regparse.c
+@@ -4081,7 +4081,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type,
+ }
+ }
+
+- *state = CCS_VALUE;
++ if (*state != CCS_START)
++ *state = CCS_VALUE;
++
+ *type = CCV_CLASS;
+ return 0;
+ }
+--
+1.7.9.5
+
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
new file mode 100644
index 0000000..6e765bf
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
@@ -0,0 +1,59 @@
+From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Wed, 24 May 2017 10:27:04 +0900
+Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
+
+---
+ regexec.c | 27 +++++++++++++++++----------
+ 1 file changed, 17 insertions(+), 10 deletions(-)
+
+--- end of original header
+
+CVE: CVE-2017-9229
+
+Upstream-Status: Inappropriate [not author]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+diff --git a/regexec.c b/regexec.c
+index 49bcc50..c0626ef 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
+ }
+ else {
+ if (reg->dmax != ONIG_INFINITE_DISTANCE) {
+- *low = p - reg->dmax;
+- if (*low > s) {
+- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
+- *low, end, (const UChar** )low_prev);
+- if (low_prev && IS_NULL(*low_prev))
+- *low_prev = onigenc_get_prev_char_head(reg->enc,
+- (pprev ? pprev : s), *low, end);
++ if (p - str < reg->dmax) {
++ *low = (UChar* )str;
++ if (low_prev)
++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end);
+ }
+ else {
+- if (low_prev)
+- *low_prev = onigenc_get_prev_char_head(reg->enc,
+- (pprev ? pprev : str), *low, end);
++ *low = p - reg->dmax;
++ if (*low > s) {
++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
++ *low, end, (const UChar** )low_prev);
++ if (low_prev && IS_NULL(*low_prev))
++ *low_prev = onigenc_get_prev_char_head(reg->enc,
++ (pprev ? pprev : s), *low, end);
++ }
++ else {
++ if (low_prev)
++ *low_prev = onigenc_get_prev_char_head(reg->enc,
++ (pprev ? pprev : str), *low, end);
++ }
+ }
+ }
+ }
+--
+1.7.9.5
+
diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
index 750ddc6..b08837c 100644
--- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
@@ -1,17 +1,16 @@
require ruby.inc
-SRC_URI[md5sum] = "bd8e349d4fb2c75d90817649674f94be"
-SRC_URI[sha256sum] = "30c4b31697a4ca4ea0c8db8ad30cf45e6690a0f09687e5d483c933c03ca335e3"
-
-SRC_URI += "file://prevent-gc.patch \
- file://CVE-2016-7798.patch \
- file://CVE-2017-9227.patch \
- file://CVE-2017-9228.patch \
- file://CVE-2017-9226.patch \
- file://CVE-2017-9229.patch \
- file://CVE-2017-14033.patch \
- file://CVE-2017-14064.patch \
-"
+SRC_URI += " \
+ file://ruby-CVE-2017-9224.patch \
+ file://ruby-CVE-2017-9226.patch \
+ file://ruby-CVE-2017-9227.patch \
+ file://ruby-CVE-2017-9228.patch \
+ file://ruby-CVE-2017-9229.patch \
+ file://CVE-2017-14064.patch \
+ "
+
+SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"
+SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"
# it's unknown to configure script, but then passed to extconf.rb
# maybe it's not really needed as we're hardcoding the result with
@@ -25,6 +24,8 @@ PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind"
PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp"
PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo,"
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
EXTRA_OECONF = "\
--disable-versioned-paths \
--disable-rpath \
diff --git a/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Run-installation-commands-as-shell-jobs.patch b/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Run-installation-commands-as-shell-jobs.patch
new file mode 100644
index 0000000..6c38e23
--- /dev/null
+++ b/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Run-installation-commands-as-shell-jobs.patch
@@ -0,0 +1,82 @@
+From 8dcd73b45a660dbdc560676835ba46f495334f14 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Tue, 13 Jun 2017 18:10:06 +0300
+Subject: [PATCH] Run installation commands as shell jobs
+
+This greatly speeds up installation time on multi-core systems.
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ src/fullcolor/Makefile.am | 3 ++-
+ src/spinner/Makefile.am | 5 +++--
+ src/symbolic/Makefile.am | 7 ++++---
+ 3 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/src/fullcolor/Makefile.am b/src/fullcolor/Makefile.am
+index 1c940a5..3998ee6 100644
+--- a/src/fullcolor/Makefile.am
++++ b/src/fullcolor/Makefile.am
+@@ -9,9 +9,10 @@ install-data-local:
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/$$size && find . -name "*.png"`; do \
+ context="`dirname $$file`"; \
+ $(mkdir_p) $(DESTDIR)$(themedir)/$$size/$$context; \
+- $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/$$size/$$file $(DESTDIR)$(themedir)/$$size/$$file; \
++ $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/$$size/$$file $(DESTDIR)$(themedir)/$$size/$$file & \
+ done; \
+ done;
++ wait
+
+ ## FIXME we should add a way to remove links generated by icon mapping
+ uninstall-local:
+diff --git a/src/spinner/Makefile.am b/src/spinner/Makefile.am
+index 86f4d7c..3fae8c1 100644
+--- a/src/spinner/Makefile.am
++++ b/src/spinner/Makefile.am
+@@ -24,13 +24,14 @@ install-data-local:
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/$$size; find . -name "*.png"`; do \
+ context="`dirname $$file`"; \
+ $(mkdir_p) $(DESTDIR)$(themedir)/$$size/$$context; \
+- $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/$$size/$$file $(DESTDIR)$(themedir)/$$size/$$file; \
++ $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/$$size/$$file $(DESTDIR)$(themedir)/$$size/$$file & \
+ done; \
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/scalable-up-to-32; find . -name "*.svg"`; do \
+ context="`dirname $$file`"; \
+ $(mkdir_p) $(DESTDIR)$(themedir)/scalable-up-to-32/$$context; \
+- $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/scalable-up-to-32/$$file $(DESTDIR)$(themedir)/scalable-up-to-32/$$file; \
++ $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/scalable-up-to-32/$$file $(DESTDIR)$(themedir)/scalable-up-to-32/$$file & \
+ done
++ wait
+
+ uninstall-local:
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/scalable-up-to-32; find . -name "*.svg"`; do \
+diff --git a/src/symbolic/Makefile.am b/src/symbolic/Makefile.am
+index 24aac9b..61ba071 100644
+--- a/src/symbolic/Makefile.am
++++ b/src/symbolic/Makefile.am
+@@ -25,18 +25,19 @@ install-data-local:
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/$$size; find . -name "*.png"`; do \
+ context="`dirname $$file`"; \
+ $(mkdir_p) $(DESTDIR)$(themedir)/$$size/$$context; \
+- $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/$$size/$$file $(DESTDIR)$(themedir)/$$size/$$file; \
++ $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/$$size/$$file $(DESTDIR)$(themedir)/$$size/$$file & \
+ done; \
+ done
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/scalable; find . -name "*.svg"`; do \
+ context="`dirname $$file`"; \
+ $(mkdir_p) $(DESTDIR)$(themedir)/scalable/$$context; \
+- $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/scalable/$$file $(DESTDIR)$(themedir)/scalable/$$file; \
++ $(install_sh_DATA) $(top_srcdir)/$(SVGOUTDIR)/scalable/$$file $(DESTDIR)$(themedir)/scalable/$$file & \
+ for size in $(symbolic_encode_sizes); do \
+ $(mkdir_p) $(DESTDIR)$(themedir)/$$size/$$context; \
+- $(GTK_ENCODE_SYMBOLIC_SVG) $(top_srcdir)/$(SVGOUTDIR)/scalable/$$file $$size -o $(DESTDIR)$(themedir)/$$size/$$context; \
++ $(GTK_ENCODE_SYMBOLIC_SVG) $(top_srcdir)/$(SVGOUTDIR)/scalable/$$file $$size -o $(DESTDIR)$(themedir)/$$size/$$context & \
+ done \
+ done
++ wait
+
+ uninstall-local:
+ for file in `cd $(top_srcdir)/$(SVGOUTDIR)/scalable; find . -name "*.svg"`; do \
+--
+2.11.0
+
diff --git a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.20.bb b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.20.bb
index bb0eaeb..70d2abc 100644
--- a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.20.bb
+++ b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.20.bb
@@ -11,6 +11,7 @@ inherit allarch autotools pkgconfig gettext gtk-icon-cache upstream-version-is-e
MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
+ file://0001-Run-installation-commands-as-shell-jobs.patch \
"
SRC_URI[md5sum] = "411be2bd68dd8b0a3c86aca2eb351ce4"
diff --git a/meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch b/meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
deleted file mode 100644
index 25b3c9f..0000000
--- a/meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
+++ /dev/null
@@ -1,223 +0,0 @@
-From 53a00058184cd710c6f4375f4daab49d7e885a30 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 17 Apr 2016 12:35:41 -0700
-Subject: [PATCH] WebKitMacros: Append to -I and not to -isystem
-
-gcc-6 has now introduced stdlib.h in libstdc++ for better
-compliance and its including the C library stdlib.h using
-include_next which is sensitive to order of system header
-include paths. Its infact better to not tinker with the
-system header include paths at all. Since adding /usr/include
-to -system is redundant and compiler knows about it moreover
-now with gcc6 it interferes with compiler's functioning
-and ends up with compile errors e.g.
-
-/usr/include/c++/6.0.0/cstdlib:75:25: fatal error: stdlib.h: No such file or directory
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- Source/cmake/WebKitMacros.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: webkitgtk-2.12.1/Source/JavaScriptCore/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Source/JavaScriptCore/CMakeLists.txt
-+++ webkitgtk-2.12.1/Source/JavaScriptCore/CMakeLists.txt
-@@ -1311,7 +1311,7 @@ add_subdirectory(shell)
-
- WEBKIT_WRAP_SOURCELIST(${JavaScriptCore_SOURCES})
- include_directories(${JavaScriptCore_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
- add_library(JavaScriptCore ${JavaScriptCore_LIBRARY_TYPE} ${JavaScriptCore_HEADERS} ${JavaScriptCore_SOURCES})
- target_link_libraries(JavaScriptCore ${JavaScriptCore_LIBRARIES})
- set_target_properties(JavaScriptCore PROPERTIES COMPILE_DEFINITIONS "BUILDING_JavaScriptCore")
-Index: webkitgtk-2.12.1/Source/WTF/wtf/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WTF/wtf/CMakeLists.txt
-+++ webkitgtk-2.12.1/Source/WTF/wtf/CMakeLists.txt
-@@ -286,7 +286,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- WEBKIT_WRAP_SOURCELIST(${WTF_SOURCES})
- include_directories(${WTF_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WTF_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WTF_SYSTEM_INCLUDE_DIRECTORIES})
- add_library(WTF ${WTF_LIBRARY_TYPE} ${WTF_HEADERS} ${WTF_SOURCES})
- target_link_libraries(WTF ${WTF_LIBRARIES})
- set_target_properties(WTF PROPERTIES COMPILE_DEFINITIONS "BUILDING_WTF")
-Index: webkitgtk-2.12.1/Source/WebCore/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebCore/CMakeLists.txt
-+++ webkitgtk-2.12.1/Source/WebCore/CMakeLists.txt
-@@ -3748,7 +3748,7 @@ WEBKIT_WRAP_SOURCELIST(${WebCore_IDL_FIL
- WEBKIT_WRAP_SOURCELIST(${WebCoreTestSupport_IDL_FILES} ${WebCoreTestSupport_SOURCES})
-
- include_directories(${WebCore_INCLUDE_DIRECTORIES} ${WebCoreTestSupport_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebCore_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebCore_SYSTEM_INCLUDE_DIRECTORIES})
-
- if (MSVC)
- ADD_PRECOMPILED_HEADER("WebCorePrefix.h" "WebCorePrefix.cpp" WebCore_SOURCES)
-Index: webkitgtk-2.12.1/Source/WebKit/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebKit/CMakeLists.txt
-+++ webkitgtk-2.12.1/Source/WebKit/CMakeLists.txt
-@@ -28,7 +28,7 @@ set(WebKit_LIBRARIES
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- include_directories(${WebKit_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKit_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKit_SYSTEM_INCLUDE_DIRECTORIES})
-
- if (MSVC)
- ADD_PRECOMPILED_HEADER("WebKitPrefix.h" "win/WebKitPrefix.cpp" WebKit_SOURCES)
-Index: webkitgtk-2.12.1/Source/WebKit2/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebKit2/CMakeLists.txt
-+++ webkitgtk-2.12.1/Source/WebKit2/CMakeLists.txt
-@@ -756,7 +756,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
- GENERATE_WEBKIT2_MESSAGE_SOURCES(WebKit2_DERIVED_SOURCES "${WebKit2_MESSAGES_IN_FILES}")
-
- include_directories(${WebKit2_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKit2_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKit2_SYSTEM_INCLUDE_DIRECTORIES})
- add_library(WebKit2 ${WebKit2_LIBRARY_TYPE} ${WebKit2_SOURCES} ${WebKit2_DERIVED_SOURCES})
-
- add_dependencies(WebKit2 WebCore ${WEBKIT2_EXTRA_DEPENDENCIES})
-Index: webkitgtk-2.12.1/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-+++ webkitgtk-2.12.1/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-@@ -42,7 +42,7 @@ set(WebKitTestNetscapePlugin_SYSTEM_INCL
- )
-
- include_directories(${WebKitTestNetscapePlugin_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKitTestNetscapePlugin_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKitTestNetscapePlugin_SYSTEM_INCLUDE_DIRECTORIES})
-
- set(WebKitTestNetscapePlugin_LIBRARIES
- ${X11_LIBRARIES}
-Index: webkitgtk-2.12.1/Tools/ImageDiff/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Tools/ImageDiff/CMakeLists.txt
-+++ webkitgtk-2.12.1/Tools/ImageDiff/CMakeLists.txt
-@@ -14,7 +14,7 @@ set(IMAGE_DIFF_LIBRARIES
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- include_directories(${IMAGE_DIFF_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${IMAGE_DIFF_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${IMAGE_DIFF_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(ImageDiff ${IMAGE_DIFF_SOURCES})
- target_link_libraries(ImageDiff ${IMAGE_DIFF_LIBRARIES})
- set_target_properties(ImageDiff PROPERTIES FOLDER "Tools")
-Index: webkitgtk-2.12.1/Tools/MiniBrowser/gtk/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Tools/MiniBrowser/gtk/CMakeLists.txt
-+++ webkitgtk-2.12.1/Tools/MiniBrowser/gtk/CMakeLists.txt
-@@ -55,7 +55,7 @@ endif ()
- add_definitions(-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_6)
-
- include_directories(${MiniBrowser_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(MiniBrowser ${MiniBrowser_SOURCES})
- target_link_libraries(MiniBrowser ${MiniBrowser_LIBRARIES})
- set_target_properties(MiniBrowser PROPERTIES FOLDER "Tools")
-Index: webkitgtk-2.12.1/Tools/WebKitTestRunner/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Tools/WebKitTestRunner/CMakeLists.txt
-+++ webkitgtk-2.12.1/Tools/WebKitTestRunner/CMakeLists.txt
-@@ -115,7 +115,7 @@ GENERATE_BINDINGS(WebKitTestRunner_SOURC
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- include_directories(${WebKitTestRunner_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKitTestRunner_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKitTestRunner_SYSTEM_INCLUDE_DIRECTORIES})
-
- add_library(TestRunnerInjectedBundle SHARED ${WebKitTestRunnerInjectedBundle_SOURCES})
- target_link_libraries(TestRunnerInjectedBundle ${WebKitTestRunner_LIBRARIES})
-Index: webkitgtk-2.12.1/Source/WebCore/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebCore/PlatformGTK.cmake
-+++ webkitgtk-2.12.1/Source/WebCore/PlatformGTK.cmake
-@@ -324,7 +324,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
- ${GTK2_INCLUDE_DIRS}
- ${GDK2_INCLUDE_DIRS}
- )
-- target_include_directories(WebCorePlatformGTK2 SYSTEM PRIVATE
-+ target_include_directories(WebCorePlatformGTK2 PRIVATE
- ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
- )
- target_link_libraries(WebCorePlatformGTK2
-@@ -366,7 +366,7 @@ WEBKIT_SET_EXTRA_COMPILER_FLAGS(WebCoreP
- target_include_directories(WebCorePlatformGTK PRIVATE
- ${WebCore_INCLUDE_DIRECTORIES}
- )
--target_include_directories(WebCorePlatformGTK SYSTEM PRIVATE
-+target_include_directories(WebCorePlatformGTK PRIVATE
- ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
- ${GTK_INCLUDE_DIRS}
- ${GDK_INCLUDE_DIRS}
-@@ -384,7 +384,7 @@ include_directories(
- "${DERIVED_SOURCES_GOBJECT_DOM_BINDINGS_DIR}"
- )
-
--include_directories(SYSTEM
-+include_directories(
- ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
- )
-
-Index: webkitgtk-2.12.1/Tools/TestWebKitAPI/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.12.1.orig/Tools/TestWebKitAPI/PlatformGTK.cmake
-+++ webkitgtk-2.12.1/Tools/TestWebKitAPI/PlatformGTK.cmake
-@@ -20,7 +20,7 @@ include_directories(
- ${WEBKIT2_DIR}/UIProcess/API/gtk
- )
-
--include_directories(SYSTEM
-+include_directories(
- ${GDK3_INCLUDE_DIRS}
- ${GLIB_INCLUDE_DIRS}
- ${GTK3_INCLUDE_DIRS}
-Index: webkitgtk-2.12.1/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-+++ webkitgtk-2.12.1/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-@@ -23,7 +23,7 @@ include_directories(
- ${TOOLS_DIR}/TestWebKitAPI/gtk/WebKit2Gtk
- )
-
--include_directories(SYSTEM
-+include_directories(
- ${ATSPI_INCLUDE_DIRS}
- ${GLIB_INCLUDE_DIRS}
- ${GSTREAMER_INCLUDE_DIRS}
-Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebKit2/PlatformGTK.cmake
-+++ webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-@@ -816,7 +816,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
- target_include_directories(WebKitPluginProcess2 PRIVATE
- ${WebKit2CommonIncludeDirectories}
- )
-- target_include_directories(WebKitPluginProcess2 SYSTEM PRIVATE
-+ target_include_directories(WebKitPluginProcess2 PRIVATE
- ${WebKit2CommonSystemIncludeDirectories}
- ${GTK2_INCLUDE_DIRS}
- ${GDK2_INCLUDE_DIRS}
-Index: webkitgtk-2.12.1/Source/JavaScriptCore/shell/CMakeLists.txt
-===================================================================
---- webkitgtk-2.12.1.orig/Source/JavaScriptCore/shell/CMakeLists.txt
-+++ webkitgtk-2.12.1/Source/JavaScriptCore/shell/CMakeLists.txt
-@@ -20,7 +20,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- WEBKIT_WRAP_SOURCELIST(${JSC_SOURCES})
- include_directories(./ ${JavaScriptCore_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(jsc ${JSC_SOURCES})
- target_link_libraries(jsc ${JSC_LIBRARIES})
- set_target_properties(jsc PROPERTIES FOLDER "JavaScriptCore")
diff --git a/meta/recipes-sato/webkit/files/musl-fixes.patch b/meta/recipes-sato/webkit/files/musl-fixes.patch
deleted file mode 100644
index 4fdd56f..0000000
--- a/meta/recipes-sato/webkit/files/musl-fixes.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Replace __GLIBC__ with __linux__ since musl also supports it
-so checking __linux__ is more accomodating
-
-See http://git.alpinelinux.org/cgit/aports/tree/community/webkit2gtk/musl-fixes.patch?id=219435d86d7e8fac9474344a7431c62bd2525184
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: webkitgtk-2.12.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-===================================================================
---- webkitgtk-2.12.1.orig/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-+++ webkitgtk-2.12.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-@@ -566,7 +566,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__) && ENABLE(JIT)
-+#elif defined(__linux__) && ENABLE(JIT)
-
- #if CPU(X86)
- return reinterpret_cast<void*>((uintptr_t) regs.machineContext.gregs[REG_ESP]);
-@@ -665,7 +665,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -747,7 +747,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -838,7 +838,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
diff --git a/meta/recipes-sato/webkit/files/ppc-musl-fix.patch b/meta/recipes-sato/webkit/files/ppc-musl-fix.patch
deleted file mode 100644
index 5f58e49..0000000
--- a/meta/recipes-sato/webkit/files/ppc-musl-fix.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-ucontext structure is different between musl and glibc for ppc
-therefore its not enough just to check for arch alone, we also
-need to check for libc type.
-
-Fixes errors like
-
-Source/JavaScriptCore/heap/MachineStackMarker.cpp:90:65: error: 'struct mcontext_t' has no member named 'uc_regs'; did you mean 'gregs'?
- thread->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: webkitgtk-2.12.3/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-===================================================================
---- webkitgtk-2.12.3.orig/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-+++ webkitgtk-2.12.3/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-@@ -86,7 +86,7 @@ static void pthreadSignalHandlerSuspendR
- }
-
- ucontext_t* userContext = static_cast<ucontext_t*>(ucontext);
--#if CPU(PPC)
-+#if CPU(PPC) && defined(__GLIBC__)
- thread->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
- #else
- thread->suspendedMachineContext = userContext->uc_mcontext;
diff --git a/meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
index fae3b0b..fae3b0b 100644
--- a/meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
new file mode 100644
index 0000000..7cc4514
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
@@ -0,0 +1,77 @@
+From 415e31bd5444fa360af58b069f1b9db6607fca7d Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 6 Oct 2017 17:00:08 +0300
+Subject: [PATCH] Fix build with musl
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Source/JavaScriptCore/runtime/MachineContext.h | 10 +++++-----
+ Source/WTF/wtf/Platform.h | 2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/Source/JavaScriptCore/runtime/MachineContext.h b/Source/JavaScriptCore/runtime/MachineContext.h
+index 95080b9..2bb689c 100644
+--- a/Source/JavaScriptCore/runtime/MachineContext.h
++++ b/Source/JavaScriptCore/runtime/MachineContext.h
+@@ -146,7 +146,7 @@ inline void*& stackPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ #if CPU(X86)
+ return reinterpret_cast<void*&>((uintptr_t&) machineContext.gregs[REG_ESP]);
+@@ -251,7 +251,7 @@ inline void*& framePointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -354,7 +354,7 @@ inline void*& instructionPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -466,7 +466,7 @@ inline void*& argumentPointer<1>(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -583,7 +583,7 @@ inline void*& llintInstructionPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
+index 5a2863b..b36c3ff 100644
+--- a/Source/WTF/wtf/Platform.h
++++ b/Source/WTF/wtf/Platform.h
+@@ -680,7 +680,7 @@
+ #define HAVE_CFNETWORK_STORAGE_PARTITIONING 1
+ #endif
+
+-#if OS(DARWIN) || ((OS(FREEBSD) || defined(__GLIBC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
++#if OS(DARWIN) || ((OS(FREEBSD) || defined(__linux__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
+ #define HAVE_MACHINE_CONTEXT 1
+ #endif
+
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
index 615fe4f..896890b 100644
--- a/meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
@@ -1,19 +1,20 @@
-From 5760d346b42807b596f479c81f7a6b42eb36065e Mon Sep 17 00:00:00 2001
+From b7f40eceef0f23bf88090789d4c5845c35f048ae Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 29 Aug 2016 16:38:11 +0300
-Subject: [PATCH] Fix racy parallel build of WebKit2-4.0.gir
+Subject: [PATCH 4/9] Fix racy parallel build of WebKit2-4.0.gir
Upstream-Status: Pending
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
- Source/WebKit2/PlatformGTK.cmake | 9 +++++----
+ Source/WebKit/PlatformGTK.cmake | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
-diff --git a/Source/WebKit2/PlatformGTK.cmake b/Source/WebKit2/PlatformGTK.cmake
-index adaa010..f18cf8a 100644
---- a/Source/WebKit2/PlatformGTK.cmake
-+++ b/Source/WebKit2/PlatformGTK.cmake
-@@ -906,8 +906,9 @@ endif ()
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index a33c6a86..d83a2e77 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1122,8 +1122,9 @@ endif ()
string(REGEX MATCHALL "-L[^ ]*"
INTROSPECTION_ADDITIONAL_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}")
@@ -25,7 +26,7 @@ index adaa010..f18cf8a 100644
DEPENDS WebKit2
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS} LDFLAGS=
-@@ -950,7 +951,7 @@ add_custom_command(
+@@ -1168,7 +1169,7 @@ add_custom_command(
add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
@@ -34,7 +35,7 @@ index adaa010..f18cf8a 100644
COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS}
LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
-@@ -1004,7 +1005,7 @@ add_custom_command(
+@@ -1225,7 +1226,7 @@ add_custom_command(
add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.typelib
@@ -44,5 +45,5 @@ index adaa010..f18cf8a 100644
)
--
-2.9.3
+2.14.1
diff --git a/meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch b/meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch
index 93a69c0..93a69c0 100644
--- a/meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch
diff --git a/meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
index 586dd23..83fd512 100644
--- a/meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
@@ -1,8 +1,8 @@
-From 4eeeaec775e190cf3f5885d7c6717acebd0201a8 Mon Sep 17 00:00:00 2001
+From 9b09974003097c9a408bbeea568996768efe705b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Thu, 11 Aug 2016 17:13:51 +0300
-Subject: [PATCH] Tweak gtkdoc settings so that gtkdoc generation works under
- OpenEmbedded build system
+Subject: [PATCH 05/10] Tweak gtkdoc settings so that gtkdoc generation works
+ under OpenEmbedded build system
This requires setting a few environment variables so that the transient
binary is build and linked correctly, and disabling the tweaks to RUN
@@ -10,26 +10,27 @@ variable from gtkdoc.py script so that our qemu wrapper is taken into use.
Upstream-Status: Inappropriate [oe-specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
Source/PlatformGTK.cmake | 2 +-
Tools/gtk/gtkdoc.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/Source/PlatformGTK.cmake b/Source/PlatformGTK.cmake
-index af4d2e3..b7b93c7 100644
+index 50b5393..7a31db5 100644
--- a/Source/PlatformGTK.cmake
+++ b/Source/PlatformGTK.cmake
-@@ -25,7 +25,7 @@ macro(ADD_GTKDOC_GENERATOR _stamp_name _extra_args)
+@@ -24,7 +24,7 @@ macro(ADD_GTKDOC_GENERATOR _stamp_name _extra_args)
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/${_stamp_name}"
DEPENDS ${DocumentationDependencies}
-- COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
-+ COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} LD=${CMAKE_C_COMPILER} LDFLAGS=${CMAKE_C_LINK_FLAGS} RUN=${CMAKE_BINARY_DIR}/gtkdoc-qemuwrapper GIR_EXTRA_LIBS_PATH=${CMAKE_BINARY_DIR}/lib ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
+- COMMAND ${CMAKE_COMMAND} -E env "CC=${CMAKE_C_COMPILER}" "CFLAGS=${CMAKE_C_FLAGS} -Wno-unused-parameter" ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
++ COMMAND ${CMAKE_COMMAND} -E env "CC=${CMAKE_C_COMPILER}" "CFLAGS=${CMAKE_C_FLAGS} -Wno-unused-parameter" "LD=${CMAKE_C_COMPILER}" "LDFLAGS=${CMAKE_C_LINK_FLAGS}" "RUN=${CMAKE_BINARY_DIR}/gtkdoc-qemuwrapper" ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc -v ${_extra_args}
COMMAND touch ${_stamp_name}
WORKING_DIRECTORY "${CMAKE_BINARY_DIR}"
- )
+ VERBATIM
diff --git a/Tools/gtk/gtkdoc.py b/Tools/gtk/gtkdoc.py
-index 4c8237b..c0205f0 100644
+index 03c8e8e..34fbaff 100644
--- a/Tools/gtk/gtkdoc.py
+++ b/Tools/gtk/gtkdoc.py
@@ -318,9 +318,9 @@ class GTKDoc(object):
@@ -38,12 +39,12 @@ index 4c8237b..c0205f0 100644
current_ld_library_path = env.get('LD_LIBRARY_PATH')
- if current_ld_library_path:
+ if current_ld_library_path and 'RUN' not in env:
- env['RUN'] = 'LD_LIBRARY_PATH="%s:%s" ' % (self.library_path, current_ld_library_path)
+ env['LD_LIBRARY_PATH'] = '%s:%s' % (self.library_path, current_ld_library_path)
- else:
+ elif 'RUN' not in env:
- env['RUN'] = 'LD_LIBRARY_PATH="%s" ' % self.library_path
+ env['LD_LIBRARY_PATH'] = self.library_path
if ldflags:
--
-2.8.1
+2.15.1
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch b/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
new file mode 100644
index 0000000..dfdc116
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
@@ -0,0 +1,126 @@
+From ef832a115b40861c08df333339b1366da49e5393 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 17 Apr 2016 12:35:41 -0700
+Subject: [PATCH 9/9] WebKitMacros: Append to -I and not to -isystem
+
+gcc-6 has now introduced stdlib.h in libstdc++ for better
+compliance and its including the C library stdlib.h using
+include_next which is sensitive to order of system header
+include paths. Its infact better to not tinker with the
+system header include paths at all. Since adding /usr/include
+to -system is redundant and compiler knows about it moreover
+now with gcc6 it interferes with compiler's functioning
+and ends up with compile errors e.g.
+
+/usr/include/c++/6.0.0/cstdlib:75:25: fatal error: stdlib.h: No such file or directory
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Source/JavaScriptCore/shell/CMakeLists.txt | 2 +-
+ Source/WebCore/PlatformGTK.cmake | 6 +++---
+ Source/WebKit/PlatformGTK.cmake | 2 +-
+ Source/cmake/WebKitMacros.cmake | 2 +-
+ Tools/MiniBrowser/gtk/CMakeLists.txt | 2 +-
+ Tools/TestWebKitAPI/PlatformGTK.cmake | 2 +-
+ 6 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/Source/JavaScriptCore/shell/CMakeLists.txt b/Source/JavaScriptCore/shell/CMakeLists.txt
+index bc37dd31..4e49871f 100644
+--- a/Source/JavaScriptCore/shell/CMakeLists.txt
++++ b/Source/JavaScriptCore/shell/CMakeLists.txt
+@@ -35,7 +35,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
+ WEBKIT_WRAP_SOURCELIST(${JSC_SOURCES})
+ WEBKIT_WRAP_SOURCELIST(${TESTAPI_SOURCES})
+ include_directories(./ ${JavaScriptCore_INCLUDE_DIRECTORIES})
+-include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
++include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
+ add_executable(jsc ${JSC_SOURCES})
+ target_link_libraries(jsc ${JSC_LIBRARIES})
+
+diff --git a/Source/WebCore/PlatformGTK.cmake b/Source/WebCore/PlatformGTK.cmake
+index 73506c74..8eb8b415 100644
+--- a/Source/WebCore/PlatformGTK.cmake
++++ b/Source/WebCore/PlatformGTK.cmake
+@@ -281,7 +281,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
+ ${GTK2_INCLUDE_DIRS}
+ ${GDK2_INCLUDE_DIRS}
+ )
+- target_include_directories(WebCorePlatformGTK2 SYSTEM PRIVATE
++ target_include_directories(WebCorePlatformGTK2 PRIVATE
+ ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
+ )
+ target_link_libraries(WebCorePlatformGTK2
+@@ -305,7 +305,7 @@ add_dependencies(WebCorePlatformGTK WebCore)
+ target_include_directories(WebCorePlatformGTK PRIVATE
+ ${WebCore_INCLUDE_DIRECTORIES}
+ )
+-target_include_directories(WebCorePlatformGTK SYSTEM PRIVATE
++target_include_directories(WebCorePlatformGTK PRIVATE
+ ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
+ ${GTK_INCLUDE_DIRS}
+ ${GDK_INCLUDE_DIRS}
+@@ -321,7 +321,7 @@ include_directories(
+ "${WEBCORE_DIR}/bindings/gobject/"
+ )
+
+-include_directories(SYSTEM
++include_directories(
+ ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
+ )
+
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index d83a2e77..401246f4 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1050,7 +1050,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
+ target_include_directories(WebKitPluginProcess2 PRIVATE
+ ${WebKit2CommonIncludeDirectories}
+ )
+- target_include_directories(WebKitPluginProcess2 SYSTEM PRIVATE
++ target_include_directories(WebKitPluginProcess2 PRIVATE
+ ${WebKit2CommonSystemIncludeDirectories}
+ ${GTK2_INCLUDE_DIRS}
+ ${GDK2_INCLUDE_DIRS}
+diff --git a/Source/cmake/WebKitMacros.cmake b/Source/cmake/WebKitMacros.cmake
+index 7bc89543..d9818fa4 100644
+--- a/Source/cmake/WebKitMacros.cmake
++++ b/Source/cmake/WebKitMacros.cmake
+@@ -78,7 +78,7 @@ macro(WEBKIT_FRAMEWORK_DECLARE _target)
+ endmacro()
+
+ macro(WEBKIT_FRAMEWORK _target)
+- include_directories(SYSTEM ${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
++ include_directories(${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
+ target_sources(${_target} PRIVATE
+ ${${_target}_HEADERS}
+ ${${_target}_SOURCES}
+diff --git a/Tools/MiniBrowser/gtk/CMakeLists.txt b/Tools/MiniBrowser/gtk/CMakeLists.txt
+index e832a86d..ce92c864 100644
+--- a/Tools/MiniBrowser/gtk/CMakeLists.txt
++++ b/Tools/MiniBrowser/gtk/CMakeLists.txt
+@@ -57,7 +57,7 @@ endif ()
+ add_definitions(-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_6)
+
+ include_directories(${MiniBrowser_INCLUDE_DIRECTORIES})
+-include_directories(SYSTEM ${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
++include_directories(${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
+ add_executable(MiniBrowser ${MiniBrowser_SOURCES})
+ target_link_libraries(MiniBrowser ${MiniBrowser_LIBRARIES})
+
+diff --git a/Tools/TestWebKitAPI/PlatformGTK.cmake b/Tools/TestWebKitAPI/PlatformGTK.cmake
+index 1be3dd52..7bdddf37 100644
+--- a/Tools/TestWebKitAPI/PlatformGTK.cmake
++++ b/Tools/TestWebKitAPI/PlatformGTK.cmake
+@@ -20,7 +20,7 @@ include_directories(
+ ${WEBKIT2_DIR}/UIProcess/API/gtk
+ )
+
+-include_directories(SYSTEM
++include_directories(
+ ${GDK3_INCLUDE_DIRS}
+ ${GLIB_INCLUDE_DIRS}
+ ${GTK3_INCLUDE_DIRS}
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch b/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
index 3f71297..fb4c4dc 100644
--- a/meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
@@ -1,23 +1,24 @@
-From bae9f73b2c693b5aa156fed717d6481b60682786 Mon Sep 17 00:00:00 2001
+From 98b1359a0cd87bbdb22cef98ba594440f4c57d92 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 28 Oct 2015 14:18:57 +0200
-Subject: [PATCH] When building introspection files, add CMAKE_C_FLAGS to the
- compiler flags.
+Subject: [PATCH 2/9] When building introspection files, add CMAKE_C_FLAGS to
+ the compiler flags.
g-ir-compiler is using a C compiler internally, so it needs to set
the proper flags for it.
Upstream-Status: Pending [review on oe-core list]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
- Source/WebKit2/PlatformGTK.cmake | 4 ++--
+ Source/WebKit/PlatformGTK.cmake | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
-Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebKit2/PlatformGTK.cmake
-+++ webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-@@ -910,7 +910,7 @@ add_custom_command(
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index 7f92ae72..a33c6a86 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1126,7 +1126,7 @@ add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
DEPENDS WebKit2
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
@@ -26,7 +27,7 @@ Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
${INTROSPECTION_SCANNER}
--quiet
-@@ -951,7 +951,7 @@ add_custom_command(
+@@ -1169,7 +1169,7 @@ add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
@@ -35,3 +36,6 @@ Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
${INTROSPECTION_SCANNER}
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/cross-compile.patch b/meta/recipes-sato/webkit/webkitgtk/cross-compile.patch
new file mode 100644
index 0000000..4d1de72
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/cross-compile.patch
@@ -0,0 +1,23 @@
+Disable the tests meant to run when compiling natively
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: webkitgtk-2.14.5/Source/cmake/OptionsCommon.cmake
+===================================================================
+--- webkitgtk-2.14.5.orig/Source/cmake/OptionsCommon.cmake
++++ webkitgtk-2.14.5/Source/cmake/OptionsCommon.cmake
+@@ -67,8 +67,11 @@ endif ()
+ # Detect Cortex-A53 core if CPU is ARM64 and OS is Linux.
+ # Query /proc/cpuinfo for each available core and check reported CPU part number: 0xd03 signals Cortex-A53.
+ # (see Main ID Register in ARM Cortex-A53 MPCore Processor Technical Reference Manual)
+-set(WTF_CPU_ARM64_CORTEXA53_INITIALVALUE OFF)
+-if (WTF_CPU_ARM64 AND (${CMAKE_SYSTEM_NAME} STREQUAL "Linux"))
++if( NOT WTF_CPU_ARM64_CORTEXA53_INITIALVALUE)
++ set(WTF_CPU_ARM64_CORTEXA53_INITIALVALUE OFF)
++endif(WTF_CPU_ARM64_CORTEXA53_INITIALVALUE)
++
++if (WTF_CPU_ARM64 AND NOT CMAKE_CROSSCOMPILING AND (${CMAKE_SYSTEM_NAME} STREQUAL "Linux"))
+ execute_process(COMMAND nproc OUTPUT_VARIABLE PROC_COUNT)
+ math(EXPR PROC_MAX ${PROC_COUNT}-1)
+ foreach (PROC_ID RANGE ${PROC_MAX})
diff --git a/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch b/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
new file mode 100644
index 0000000..c6157e1
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
@@ -0,0 +1,46 @@
+From 0b3811771ae6385503f2d949f9433d8f810d2ff9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 17 May 2017 22:34:24 -0700
+Subject: [PATCH 8/9] webkitgtk: Fix build for armv5
+
+Taken from
+https://bugs.webkit.org/show_bug.cgi?id=161900
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Source/WTF/wtf/CMakeLists.txt | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Source/WTF/wtf/CMakeLists.txt b/Source/WTF/wtf/CMakeLists.txt
+index 6b5e45b9..46ee3c22 100644
+--- a/Source/WTF/wtf/CMakeLists.txt
++++ b/Source/WTF/wtf/CMakeLists.txt
+@@ -205,7 +205,6 @@ set(WTF_HEADERS
+
+ set(WTF_SOURCES
+ Assertions.cpp
+- Atomics.cpp
+ AutomaticThread.cpp
+ BitVector.cpp
+ CPUTime.cpp
+@@ -336,6 +335,15 @@ if (NOT USE_SYSTEM_MALLOC)
+ list(APPEND WTF_LIBRARIES bmalloc)
+ endif ()
+
++file(WRITE ${CMAKE_BINARY_DIR}/test_atomics.cpp
++ "int main(void)\n"
++ "{ long long x = 1; return (int) __sync_add_and_fetch_8(&x, 1); }\n")
++try_compile(ATOMICS_BUILD_SUCCEEDED ${CMAKE_BINARY_DIR} ${CMAKE_BINARY_DIR}/test_atomics.cpp)
++if (NOT ATOMICS_BUILD_SUCCEEDED)
++ list(APPEND WTF_SOURCES Atomics.cpp)
++endif ()
++file(REMOVE ${CMAKE_BINARY_DIR}/test_atomics.cpp)
++
+ list(APPEND WTF_SOURCES
+ unicode/icu/CollatorICU.cpp
+ )
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/x32_support.patch b/meta/recipes-sato/webkit/webkitgtk/x32_support.patch
new file mode 100644
index 0000000..5f23837
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/x32_support.patch
@@ -0,0 +1,21 @@
+From: Daniel Schepler <dschepler@gmail.com>
+Subject: Fix FTBFS in x32
+Bug-Debian: https://bugs.debian.org/700795
+Upstream-Status: Pending
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Index: webkitgtk-2.16.1/Source/WTF/wtf/Platform.h
+===================================================================
+--- webkitgtk-2.16.1.orig/Source/WTF/wtf/Platform.h
++++ webkitgtk-2.16.1/Source/WTF/wtf/Platform.h
+@@ -172,7 +172,11 @@
+ /* CPU(X86_64) - AMD64 / Intel64 / x86_64 64-bit */
+ #if defined(__x86_64__) \
+ || defined(_M_X64)
++#ifdef __ILP32__
++#define WTF_CPU_X86_64_32 1
++#else
+ #define WTF_CPU_X86_64 1
++#endif
+ #define WTF_CPU_X86_SSE2 1
+ #endif
+
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.12.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.18.5.bb
index 11c91c1..ccef5ff 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.12.5.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.18.5.bb
@@ -4,45 +4,42 @@ BUGTRACKER = "http://bugs.webkit.org/"
LICENSE = "BSD & LGPLv2+"
LIC_FILES_CHKSUM = "file://Source/JavaScriptCore/COPYING.LIB;md5=d0c6d6397a5d84286dda758da57bd691 \
- file://Source/WebKit/LICENSE;md5=4646f90082c40bcf298c285f8bab0b12 \
file://Source/WebCore/LICENSE-APPLE;md5=4646f90082c40bcf298c285f8bab0b12 \
file://Source/WebCore/LICENSE-LGPL-2;md5=36357ffde2b64ae177b2494445b79d21 \
file://Source/WebCore/LICENSE-LGPL-2.1;md5=a778a33ef338abbaf8b8a7c36b6eec80 \
"
-SRC_URI = "\
- http://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
- file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
- file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \
- file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \
- file://0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch \
- file://musl-fixes.patch \
- file://ppc-musl-fix.patch \
- file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \
- file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \
- "
-SRC_URI[md5sum] = "7a9ea00ec195488db90fdeb2d174ddaf"
-SRC_URI[sha256sum] = "6b147854b864a5f115fadb97b2b6200b2f696db015216a34e7298d11c88b1c40"
+SRC_URI = "http://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
+ file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
+ file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \
+ file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \
+ file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \
+ file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \
+ file://x32_support.patch \
+ file://cross-compile.patch \
+ file://detect-atomics-during-configure.patch \
+ file://0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch \
+ file://0001-Fix-build-with-musl.patch \
+ "
+
+SRC_URI[md5sum] = "af18c2cfa00cadfd0b4d8db21cab011d"
+SRC_URI[sha256sum] = "0c6d80cc7eb5d32f8063041fa11a1a6f17a29765c2f69c6bc862cd47c2d539b8"
inherit cmake pkgconfig gobject-introspection perlnative distro_features_check upstream-version-is-even gtk-doc
-# We cannot inherit pythonnative because that would conflict with inheriting python3native
-# (which is done by gobject-introspection). But webkit only needs the path to native Python 2.x binary
-# so we simply set it explicitly here.
-EXTRANATIVEPATH += "python-native"
-
# depends on libxt
REQUIRED_DISTRO_FEATURES = "x11"
-DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libxt libidn gnutls \
+DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libxt libidn libgcrypt \
gtk+3 gstreamer1.0 gstreamer1.0-plugins-base flex-native gperf-native sqlite3 \
pango icu bison-native gawk intltool-native libwebp \
atk udev harfbuzz jpeg libpng pulseaudio librsvg libtheora libvorbis libxcomposite libxtst \
ruby-native libnotify gstreamer1.0-plugins-bad \
+ gettext-native glib-2.0 glib-2.0-native libtasn1 \
"
PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'wayland' ,d)} \
- ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'webgl', '' ,d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'webgl opengl', '' ,d)} \
enchant \
libsecret \
"
@@ -54,7 +51,8 @@ PACKAGECONFIG[enchant] = "-DENABLE_SPELLCHECK=ON,-DENABLE_SPELLCHECK=OFF,enchant
PACKAGECONFIG[gtk2] = "-DENABLE_PLUGIN_PROCESS_GTK2=ON,-DENABLE_PLUGIN_PROCESS_GTK2=OFF,gtk+"
PACKAGECONFIG[gles2] = "-DENABLE_GLES2=ON,-DENABLE_GLES2=OFF,virtual/libgles2"
PACKAGECONFIG[webgl] = "-DENABLE_WEBGL=ON,-DENABLE_WEBGL=OFF,virtual/libgl"
-PACKAGECONFIG[libsecret] = "-DENABLE_CREDENTIAL_STORAGE=ON,-DENABLE_CREDENTIAL_STORAGE=OFF,libsecret"
+PACKAGECONFIG[opengl] = "-DENABLE_OPENGL=ON,-DENABLE_OPENGL=OFF,virtual/libgl"
+PACKAGECONFIG[libsecret] = "-DUSE_LIBSECRET=ON,-DUSE_LIBSECRET=OFF,libsecret"
PACKAGECONFIG[libhyphen] = "-DUSE_LIBHYPHEN=ON,-DUSE_LIBHYPHEN=OFF,libhyphen"
EXTRA_OECMAKE = " \
@@ -63,8 +61,13 @@ EXTRA_OECMAKE = " \
${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_INTROSPECTION=ON', '-DENABLE_INTROSPECTION=OFF', d)} \
${@bb.utils.contains('GTKDOC_ENABLED', 'True', '-DENABLE_GTKDOC=ON', '-DENABLE_GTKDOC=OFF', d)} \
-DENABLE_MINIBROWSER=ON \
+ -DPYTHON_EXECUTABLE=`which python` \
"
+# GL/GLES header clash: both define the same thing, differently, on 32 bit x86
+EXTRA_OECMAKE_append_x86 = " -DUSE_GSTREAMER_GL=OFF "
+EXTRA_OECMAKE_append_x86-x32 = " -DUSE_GSTREAMER_GL=OFF "
+
# Javascript JIT is not supported on powerpc
EXTRA_OECMAKE_append_powerpc = " -DENABLE_JIT=OFF "
EXTRA_OECMAKE_append_powerpc64 = " -DENABLE_JIT=OFF "
@@ -77,19 +80,28 @@ EXTRA_OECMAKE_append_armv4 = " -DENABLE_JIT=OFF "
# binutils 2.25.1 has a bug on aarch64:
# https://sourceware.org/bugzilla/show_bug.cgi?id=18430
EXTRA_OECMAKE_append_aarch64 = " -DUSE_LD_GOLD=OFF "
-EXTRA_OECMAKE_append_mips = " -DUSE_LD_GOLD=OFF "
-EXTRA_OECMAKE_append_mips64 = " -DUSE_LD_GOLD=OFF "
+EXTRA_OECMAKE_append_mipsarch = " -DUSE_LD_GOLD=OFF "
+EXTRA_OECMAKE_append_powerpc = " -DUSE_LD_GOLD=OFF "
EXTRA_OECMAKE_append_toolchain-clang = " -DUSE_LD_GOLD=OFF "
+EXTRA_OECMAKE_append_aarch64 = " -DWTF_CPU_ARM64_CORTEXA53=ON"
+
# JIT not supported on MIPS either
-EXTRA_OECMAKE_append_mips = " -DENABLE_JIT=OFF "
-EXTRA_OECMAKE_append_mips64 = " -DENABLE_JIT=OFF "
+EXTRA_OECMAKE_append_mipsarch = " -DENABLE_JIT=OFF "
+
+# JIT not supported on X32
+# An attempt was made to upstream JIT support for x32 in
+# https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as
+# unresolved due to limited X32 adoption.
+EXTRA_OECMAKE_append_x86-x32 = " -DENABLE_JIT=OFF "
SECURITY_CFLAGS_remove_aarch64 = "-fpie"
SECURITY_CFLAGS_append_aarch64 = " -fPIE"
FILES_${PN} += "${libdir}/webkit2gtk-4.0/injected-bundle/libwebkit2gtkinjectedbundle.so"
+RRECOMMENDS_${PN} += "ca-certificates shared-mime-info"
+
# http://errors.yoctoproject.org/Errors/Details/20370/
ARM_INSTRUCTION_SET_armv4 = "arm"
ARM_INSTRUCTION_SET_armv5 = "arm"
@@ -105,4 +117,10 @@ ARM_INSTRUCTION_SET_armv7ve = "thumb"
# WebKit2-4.0: ../../libgpg-error-1.21/src/posix-lock.c:119: get_lock_object: Assertion `!"sizeof lock obj"' failed.
# qemu: uncaught target signal 6 (Aborted) - core dumped
-EXTRA_OECMAKE_append_mips64 = " -DENABLE_INTROSPECTION=OFF -DENABLE_GTKDOC=OFF"
+EXTRA_OECMAKE_append_mipsarchn32 = " -DENABLE_INTROSPECTION=OFF -DENABLE_GTKDOC=OFF"
+EXTRA_OECMAKE_append_mipsarchn64 = " -DENABLE_INTROSPECTION=OFF -DENABLE_GTKDOC=OFF"
+
+# qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+# Segmentation fault
+GI_DATA_ENABLED_armv7a = "False"
+GI_DATA_ENABLED_armv7ve = "False"
diff --git a/meta/recipes-support/icu/icu.inc b/meta/recipes-support/icu/icu.inc
index cc6f222..e5da292 100644
--- a/meta/recipes-support/icu/icu.inc
+++ b/meta/recipes-support/icu/icu.inc
@@ -9,6 +9,8 @@ LICENSE = "ICU"
DEPENDS = "icu-native"
DEPENDS_class-native = ""
+CVE_PRODUCT = "international_components_for_unicode"
+
S = "${WORKDIR}/icu/source"
SPDX_S = "${WORKDIR}/icu"
STAGING_ICU_DIR_NATIVE = "${STAGING_DATADIR_NATIVE}/${BPN}/${PV}"
diff --git a/meta/recipes-support/libunwind/libunwind.inc b/meta/recipes-support/libunwind/libunwind.inc
index e4ae8df..c8ff836 100644
--- a/meta/recipes-support/libunwind/libunwind.inc
+++ b/meta/recipes-support/libunwind/libunwind.inc
@@ -9,6 +9,7 @@ inherit autotools
PACKAGECONFIG ??= ""
PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
+PACKAGECONFIG[latexdocs] = "--enable-documentaiton, --disable-documentation, latex2man-native"
EXTRA_OECONF_arm = "--enable-debug-frame"
EXTRA_OECONF_aarch64 = "--enable-debug-frame"
diff --git a/meta/recipes-support/nspr/nspr/0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch b/meta/recipes-support/nspr/nspr/0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch
new file mode 100644
index 0000000..b3bdd8e
--- /dev/null
+++ b/meta/recipes-support/nspr/nspr/0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch
@@ -0,0 +1,30 @@
+From f7551ec58e2f0a892295e0c2a650083101e12c54 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 20 May 2017 13:24:26 -0700
+Subject: [PATCH] include stdint.h for SSIZE_MAX and SIZE_MAX definitions
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ pr/tests/prfz.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/pr/tests/prfz.c b/pr/tests/prfz.c
+index 0c5a432..9c17590 100644
+--- a/pr/tests/prfz.c
++++ b/pr/tests/prfz.c
+@@ -10,7 +10,9 @@
+ #include <sys/types.h>
+ #include <limits.h>
+ #include <string.h>
+-
++#ifdef XP_UNIX
++#include <stdint.h>
++#endif
+ int
+ main(int argc, char **argv)
+ {
+--
+2.13.0
+
diff --git a/meta/recipes-support/nspr/nspr_4.12.bb b/meta/recipes-support/nspr/nspr_4.12.bb
index 9345a51..5f5daf4 100644
--- a/meta/recipes-support/nspr/nspr_4.12.bb
+++ b/meta/recipes-support/nspr/nspr_4.12.bb
@@ -10,6 +10,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/nspr/releases/v${PV}/src/nspr-${PV}.tar.gz
file://fix-build-on-x86_64.patch \
file://remove-srcdir-from-configure-in.patch \
file://0002-Add-nios2-support.patch \
+ file://0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch \
file://nspr.pc.in \
"
diff --git a/meta/recipes-support/sqlite/sqlite3.inc b/meta/recipes-support/sqlite/sqlite3.inc
index 5bff33b..b875fae 100644
--- a/meta/recipes-support/sqlite/sqlite3.inc
+++ b/meta/recipes-support/sqlite/sqlite3.inc
@@ -17,6 +17,8 @@ S = "${WORKDIR}/sqlite-autoconf-${SQLITE_PV}"
UPSTREAM_CHECK_URI = "http://www.sqlite.org/"
UPSTREAM_CHECK_REGEX = "releaselog/(?P<pver>(\d+[\.\-_]*)+)\.html"
+CVE_PRODUCT = "sqlite"
+
inherit autotools pkgconfig
PACKAGECONFIG ?= ""