aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--meta/classes/archiver.bbclass6
-rw-r--r--meta/classes/buildhistory.bbclass2
-rw-r--r--meta/classes/buildstats.bbclass5
-rw-r--r--meta/classes/image.bbclass4
-rw-r--r--meta/classes/insane.bbclass3
-rw-r--r--meta/classes/libc-package.bbclass39
-rw-r--r--meta/classes/packagegroup.bbclass2
-rw-r--r--meta/classes/populate_sdk_base.bbclass11
-rw-r--r--meta/classes/populate_sdk_ext.bbclass18
-rw-r--r--meta/classes/rootfs_deb.bbclass1
-rw-r--r--meta/classes/rootfs_ipk.bbclass1
-rw-r--r--meta/classes/rootfs_rpm.bbclass4
-rw-r--r--meta/classes/uninative.bbclass25
-rw-r--r--meta/conf/distro/include/default-distrovars.inc1
-rw-r--r--meta/conf/distro/include/tcmode-default.inc2
-rw-r--r--meta/conf/distro/include/world-broken.inc9
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc8
-rw-r--r--meta/conf/local.conf.sample2
-rw-r--r--meta/files/toolchain-shar-extract.sh8
-rw-r--r--meta/lib/oe/package.py13
-rw-r--r--meta/lib/oe/package_manager.py328
-rw-r--r--meta/lib/oe/sdk.py85
-rw-r--r--meta/lib/oe/terminal.py2
-rw-r--r--meta/lib/oeqa/selftest/signing.py2
-rw-r--r--meta/recipes-bsp/acpid/acpid.inc2
-rw-r--r--meta/recipes-bsp/gnu-efi/gnu-efi/0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch34
-rw-r--r--meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb21
-rw-r--r--meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch36
-rw-r--r--meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch92
-rw-r--r--meta/recipes-bsp/grub/files/0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch48
-rw-r--r--meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch248
-rw-r--r--meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch38
-rw-r--r--meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch175
-rw-r--r--meta/recipes-bsp/grub/grub-efi_2.00.bb1
-rw-r--r--meta/recipes-bsp/grub/grub2.inc5
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc2
-rw-r--r--meta/recipes-connectivity/portmap/portmap_6.0.bb2
-rw-r--r--meta/recipes-core/glib-2.0/glib.inc2
-rw-r--r--meta/recipes-core/glibc/cross-localedef-native_2.24.bb2
-rw-r--r--meta/recipes-core/glibc/glibc-collateral.inc2
-rw-r--r--meta/recipes-core/glibc/glibc-common.inc1
-rw-r--r--meta/recipes-core/glibc/glibc-initial.inc2
-rw-r--r--meta/recipes-core/glibc/glibc-locale.inc5
-rw-r--r--meta/recipes-core/glibc/glibc-mtrace.inc2
-rw-r--r--meta/recipes-core/glibc/glibc-package.inc45
-rw-r--r--meta/recipes-core/glibc/glibc-scripts.inc2
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch357
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch71
-rw-r--r--meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch27
-rw-r--r--meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch145
-rw-r--r--meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch231
-rw-r--r--meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch62
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2017-15670.patch38
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2017-8804.patch232
-rw-r--r--meta/recipes-core/glibc/glibc/archive-path.patch39
-rw-r--r--meta/recipes-core/glibc/glibc/relocate-locales.patch33
-rw-r--r--meta/recipes-core/glibc/glibc_2.24.bb14
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/meta/buildtools-tarball.bb1
-rw-r--r--meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch670
-rw-r--r--meta/recipes-core/systemd/systemd_230.bb3
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.27.inc58
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch49
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch240
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch97
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch375
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch113
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch384
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch45
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch241
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch153
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch40
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch48
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch66
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch42
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch49
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch47
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch120
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch55
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch52
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch81
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch55
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch53
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch105
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch201
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch114
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch80
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch72
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch102
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch50
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch147
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch72
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch56
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch83
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch84
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch62
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch88
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch40
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch45
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch75
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch262
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch3738
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch204
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch76
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch60
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch101
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch43
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch58
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch93
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch112
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch44
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch50
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch89
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch55
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch79
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch170
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch360
-rw-r--r--meta/recipes-devtools/cmake/cmake.inc1
-rw-r--r--meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch42
-rw-r--r--meta/recipes-devtools/distcc/distcc_3.2.bb2
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch62
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.bb1
-rw-r--r--meta/recipes-devtools/gcc/gcc-5.4.inc1
-rw-r--r--meta/recipes-devtools/gcc/gcc-5.4/CVE-2016-6131.patch251
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.2/0041-ssp_nonshared.patch28
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.2/0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch92
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.2/CVE-2016-4490.patch290
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.2/ubsan-fix-check-empty-string.patch28
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4.inc (renamed from meta/recipes-devtools/gcc/gcc-6.2.inc)34
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0002-uclibc-conf.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0002-uclibc-conf.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0003-gcc-uclibc-locale-ctype_touplow_t.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0003-gcc-uclibc-locale-ctype_touplow_t.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0004-uclibc-locale.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0004-uclibc-locale.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0005-uclibc-locale-no__x.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0005-uclibc-locale-no__x.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0006-uclibc-locale-wchar_fix.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0006-uclibc-locale-wchar_fix.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0007-uclibc-locale-update.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0007-uclibc-locale-update.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0008-missing-execinfo_h.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0008-missing-execinfo_h.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0009-c99-snprintf.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0009-c99-snprintf.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0010-gcc-poison-system-directories.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0010-gcc-poison-system-directories.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0011-gcc-poison-dir-extend.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0011-gcc-poison-dir-extend.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0012-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0012-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0013-64-bit-multilib-hack.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0013-64-bit-multilib-hack.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0014-optional-libstdc.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0014-optional-libstdc.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0015-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0015-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0016-COLLECT_GCC_OPTIONS.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0016-COLLECT_GCC_OPTIONS.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0017-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0017-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0018-fortran-cross-compile-hack.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0018-fortran-cross-compile-hack.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0019-cpp-honor-sysroot.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0019-cpp-honor-sysroot.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0020-MIPS64-Default-to-N64-ABI.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0020-MIPS64-Default-to-N64-ABI.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0021-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0021-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0022-gcc-Fix-argument-list-too-long-error.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0022-gcc-Fix-argument-list-too-long-error.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0023-Disable-sdt.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0023-Disable-sdt.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0024-libtool.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0024-libtool.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0025-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0025-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0026-Use-the-multilib-config-files-from-B-instead-of-usin.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0026-Use-the-multilib-config-files-from-B-instead-of-usin.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0027-Avoid-using-libdir-from-.la-which-usually-points-to-.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0027-Avoid-using-libdir-from-.la-which-usually-points-to-.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0028-export-CPP.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0028-export-CPP.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0029-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0029-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0030-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0030-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0031-Ensure-target-gcc-headers-can-be-included.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0031-Ensure-target-gcc-headers-can-be-included.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0032-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0032-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0033-Don-t-search-host-directory-during-relink-if-inst_pr.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0033-Don-t-search-host-directory-during-relink-if-inst_pr.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0034-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0034-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0035-aarch64-Add-support-for-musl-ldso.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0035-aarch64-Add-support-for-musl-ldso.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0036-libcc1-fix-libcc1-s-install-path-and-rpath.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0036-libcc1-fix-libcc1-s-install-path-and-rpath.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0037-handle-sysroot-support-for-nativesdk-gcc.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0037-handle-sysroot-support-for-nativesdk-gcc.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0039-Fix-various-_FOR_BUILD-and-related-variables.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0039-Fix-various-_FOR_BUILD-and-related-variables.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch87
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0045-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0045-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0046-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0046-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch (renamed from meta/recipes-devtools/gcc/gcc-6.2/0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch)2
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0048-sync-gcc-stddef.h-with-musl.patch91
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0054_all_nopie-all-flags.patch22
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0055-unwind_h-glibc26.patch139
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/0057-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch194
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0001-enable-FL_LPAE-flag-for-armv7ve-cores.patch67
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0001-i386-Move-struct-ix86_frame-to-machine_function.patch247
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.patch74
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.patch131
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0004-x86-Add-mindirect-branch.patch2154
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0005-x86-Add-mfunction-return.patch1570
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0006-x86-Add-mindirect-branch-register.patch946
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0007-x86-Add-V-register-operand-modifier.patch139
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0008-x86-Disallow-mindirect-branch-mfunction-return-with-.patch304
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.patch126
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0010-i386-Pass-INVALID_REGNUM-as-invalid-register-number.patch46
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0011-i386-Update-mfunction-return-for-return-with-pop.patch453
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/0012-i386-Add-TARGET_INDIRECT_BRANCH_REGISTER.patch1004
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.4/backport/CVE-2016-6131.patch223
-rw-r--r--meta/recipes-devtools/gcc/gcc-cross-canadian_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-cross-canadian_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-cross-initial_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-cross-initial_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-cross_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-cross_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-crosssdk-initial_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-crosssdk-initial_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-crosssdk_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-crosssdk_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-runtime.inc2
-rw-r--r--meta/recipes-devtools/gcc/gcc-runtime_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-runtime_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-sanitizers_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-sanitizers_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc-source_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc-source_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/gcc_6.4.bb (renamed from meta/recipes-devtools/gcc/gcc_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/libgcc-initial_6.4.bb (renamed from meta/recipes-devtools/gcc/libgcc-initial_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/libgcc_6.4.bb (renamed from meta/recipes-devtools/gcc/libgcc_6.2.bb)0
-rw-r--r--meta/recipes-devtools/gcc/libgfortran_6.4.bb (renamed from meta/recipes-devtools/gcc/libgfortran_6.2.bb)0
-rw-r--r--meta/recipes-devtools/pax-utils/pax-utils_1.1.6.bb3
-rw-r--r--meta/recipes-devtools/python/python.inc2
-rw-r--r--meta/recipes-devtools/python/python3/python-3.3-multilib.patch290
-rw-r--r--meta/recipes-devtools/qemu/qemu/memfd.patch57
-rw-r--r--meta/recipes-devtools/qemu/qemu_2.7.0.bb1
-rw-r--r--meta/recipes-devtools/ruby/ruby.inc5
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch164
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch89
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch79
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch33
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch24
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch26
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch36
-rw-r--r--meta/recipes-devtools/ruby/ruby/prevent-gc.patch32
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch41
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch41
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch32
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch34
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch59
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.4.3.bb (renamed from meta/recipes-devtools/ruby/ruby_2.2.5.bb)24
-rw-r--r--meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch37
-rw-r--r--meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb10
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch62
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch32
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch30
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch24
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch26
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch144
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb (renamed from meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb)24
-rw-r--r--meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch174
-rw-r--r--meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch115
-rw-r--r--meta/recipes-extended/tzcode/tzcode-native_2018c.bb (renamed from meta/recipes-extended/tzcode/tzcode-native_2017a.bb)16
-rw-r--r--meta/recipes-extended/tzdata/tzdata_2018c.bb (renamed from meta/recipes-extended/tzdata/tzdata_2017a.bb)8
-rw-r--r--meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Run-installation-commands-as-shell-jobs.patch82
-rw-r--r--meta/recipes-gnome/gnome/adwaita-icon-theme_3.20.bb1
-rw-r--r--meta/recipes-kernel/linux-firmware/linux-firmware_git.bb408
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.1.bb20
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.4.bb20
-rw-r--r--meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch62
-rw-r--r--meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch42
-rw-r--r--meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch100
-rw-r--r--meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb6
-rw-r--r--meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch223
-rw-r--r--meta/recipes-sato/webkit/files/musl-fixes.patch48
-rw-r--r--meta/recipes-sato/webkit/files/ppc-musl-fix.patch26
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch (renamed from meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch77
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch (renamed from meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch)23
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch (renamed from meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch (renamed from meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch)25
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch126
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch (renamed from meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch)24
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/cross-compile.patch23
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch46
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/x32_support.patch21
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.18.5.bb (renamed from meta/recipes-sato/webkit/webkitgtk_2.12.5.bb)72
-rw-r--r--meta/recipes-support/gnutls/gnutls/check_SYS_getrandom.patch35
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.5.3.bb1
-rw-r--r--meta/recipes-support/icu/icu.inc2
-rw-r--r--meta/recipes-support/libunwind/libunwind.inc1
-rw-r--r--meta/recipes-support/nspr/nspr/0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch30
-rw-r--r--meta/recipes-support/nspr/nspr_4.12.bb1
-rw-r--r--meta/recipes-support/p11-kit/p11-kit/0001-LINGUAS-drop-the-languages-for-which-upstream-does-n.patch32
-rw-r--r--meta/recipes-support/p11-kit/p11-kit_0.22.1.bb13
-rw-r--r--meta/recipes-support/sqlite/sqlite3.inc2
279 files changed, 23111 insertions, 2091 deletions
diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index 188f8c0..71c9fd5 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -67,6 +67,12 @@ python () {
else:
bb.debug(1, 'archiver: %s is included: %s' % (pn, reason))
+
+ # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
+ # so avoid archiving source here.
+ if pn.startswith('glibc-locale'):
+ return
+
# We just archive gcc-source for all the gcc related recipes
if d.getVar('BPN', True) in ['gcc', 'libgcc'] \
and not pn.startswith('gcc-source'):
diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass
index 3a5bc2c..d82e9bb 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -833,7 +833,7 @@ python write_srcrev() {
f.write('# SRCREV_%s = "%s"\n' % (name, orig_srcrev))
f.write('SRCREV_%s = "%s"\n' % (name, srcrev))
else:
- f.write('SRCREV = "%s"\n' % srcrevs.values())
+ f.write('SRCREV = "%s"\n' % next(iter(srcrevs.values())))
if len(tag_srcrevs) > 0:
for name, srcrev in tag_srcrevs.items():
f.write('# tag_%s = "%s"\n' % (name, srcrev))
diff --git a/meta/classes/buildstats.bbclass b/meta/classes/buildstats.bbclass
index 599a219..415d2ee 100644
--- a/meta/classes/buildstats.bbclass
+++ b/meta/classes/buildstats.bbclass
@@ -31,6 +31,11 @@ def get_process_cputime(pid):
i = f.readline().strip()
if not i:
break
+ if not ":" in i:
+ # one more extra line is appended (empty or containing "0")
+ # most probably due to race condition in kernel while
+ # updating IO stats
+ break
i = i.split(": ")
iostats[i[0]] = i[1]
resources = resource.getrusage(resource.RUSAGE_SELF)
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index a9ab2fa..02ff37f 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -439,6 +439,8 @@ python () {
# This means the task's hash can be stable rather than having hardcoded
# date/time values. It will get expanded at execution time.
# Similarly TMPDIR since otherwise we see QA stamp comparision problems
+ # Expand PV else it can trigger get_srcrev which can fail due to these variables being unset
+ localdata.setVar('PV', d.getVar('PV', True))
localdata.delVar('DATETIME')
localdata.delVar('TMPDIR')
@@ -604,7 +606,7 @@ do_patch[noexec] = "1"
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install[noexec] = "1"
-do_populate_sysroot[noexec] = "1"
+deltask do_populate_sysroot
do_package[noexec] = "1"
do_package_qa[noexec] = "1"
do_packagedata[noexec] = "1"
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 7bbe8b6..9a3f00a 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -1118,7 +1118,8 @@ python do_package_qa () {
oe.utils.write_ld_so_conf(d)
return warnchecks, errorchecks
- skip = (d.getVar('INSANE_SKIP_' + package, True) or "").split()
+ skip = set((d.getVar('INSANE_SKIP', True) or "").split() +
+ (d.getVar('INSANE_SKIP_' + package, True) or "").split())
if skip:
bb.note("Package %s skipping QA tests: %s" % (package, str(skip)))
diff --git a/meta/classes/libc-package.bbclass b/meta/classes/libc-package.bbclass
index 2dc90c4..071978b 100644
--- a/meta/classes/libc-package.bbclass
+++ b/meta/classes/libc-package.bbclass
@@ -9,6 +9,8 @@
GLIBC_INTERNAL_USE_BINARY_LOCALE ?= "ondevice"
+GLIBC_SPLIT_LC_PACKAGES ?= "0"
+
python __anonymous () {
enabled = d.getVar("ENABLE_BINARY_LOCALE_GENERATION", True)
@@ -219,13 +221,12 @@ python package_do_split_gconvs () {
(locale, encoding, locale))
def output_locale_binary_rdepends(name, pkgname, locale, encoding):
- m = re.match("(.*)\.(.*)", name)
- if m:
- libc_name = "%s.%s" % (m.group(1), m.group(2).lower())
- else:
- libc_name = name
- d.setVar('RDEPENDS_%s' % pkgname, legitimize_package_name('%s-binary-localedata-%s' \
- % (mlprefix+bpn, libc_name)))
+ dep = legitimize_package_name('%s-binary-localedata-%s' % (bpn, name))
+ lcsplit = d.getVar('GLIBC_SPLIT_LC_PACKAGES', True)
+ if lcsplit and int(lcsplit):
+ d.appendVar('PACKAGES', ' ' + dep)
+ d.setVar('ALLOW_EMPTY_%s' % dep, '1')
+ d.setVar('RDEPENDS_%s' % pkgname, mlprefix + dep)
commands = {}
@@ -337,6 +338,11 @@ python package_do_split_gconvs () {
else:
output_locale('%s.%s' % (base, charset), base, charset)
+ def metapkg_hook(file, pkg, pattern, format, basename):
+ name = basename.split('/', 1)[0]
+ metapkg = legitimize_package_name('%s-binary-localedata-%s' % (mlprefix+bpn, name))
+ d.appendVar('RDEPENDS_%s' % metapkg, ' ' + pkg)
+
if use_bin == "compile":
makefile = base_path_join(d.getVar("WORKDIR", True), "locale-tree", "Makefile")
m = open(makefile, "w")
@@ -350,13 +356,18 @@ python package_do_split_gconvs () {
bb.build.exec_func("oe_runmake", d)
bb.note("collecting binary locales from locale tree")
bb.build.exec_func("do_collect_bins_from_locale_tree", d)
- do_split_packages(d, binary_locales_dir, file_regex='(.*)', \
- output_pattern=bpn+'-binary-localedata-%s', \
- description='binary locale definition for %s', extra_depends='', allow_dirs=True)
- elif use_bin == "precompiled":
- do_split_packages(d, binary_locales_dir, file_regex='(.*)', \
- output_pattern=bpn+'-binary-localedata-%s', \
- description='binary locale definition for %s', extra_depends='', allow_dirs=True)
+
+ if use_bin in ('compile', 'precompiled'):
+ lcsplit = d.getVar('GLIBC_SPLIT_LC_PACKAGES', True)
+ if lcsplit and int(lcsplit):
+ do_split_packages(d, binary_locales_dir, file_regex='^(.*/LC_\w+)', \
+ output_pattern=bpn+'-binary-localedata-%s', \
+ description='binary locale definition for %s', recursive=True,
+ hook=metapkg_hook, extra_depends='', allow_dirs=True, match_path=True)
+ else:
+ do_split_packages(d, binary_locales_dir, file_regex='(.*)', \
+ output_pattern=bpn+'-binary-localedata-%s', \
+ description='binary locale definition for %s', extra_depends='', allow_dirs=True)
else:
bb.note("generation of binary locales disabled. this may break i18n!")
diff --git a/meta/classes/packagegroup.bbclass b/meta/classes/packagegroup.bbclass
index 3928c8a..15969af 100644
--- a/meta/classes/packagegroup.bbclass
+++ b/meta/classes/packagegroup.bbclass
@@ -46,7 +46,7 @@ do_patch[noexec] = "1"
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install[noexec] = "1"
-do_populate_sysroot[noexec] = "1"
+deltask do_populate_sysroot
python () {
initman = d.getVar("VIRTUAL-RUNTIME_init_manager", True)
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass
index 69aae26..e841fbe 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -17,9 +17,12 @@ def complementary_globs(featurevar, d):
globs.append(glob)
return ' '.join(globs)
-SDKIMAGE_FEATURES ??= "dev-pkgs dbg-pkgs"
+SDKIMAGE_FEATURES ??= "dev-pkgs dbg-pkgs ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'doc-pkgs', '', d)}"
SDKIMAGE_INSTALL_COMPLEMENTARY = '${@complementary_globs("SDKIMAGE_FEATURES", d)}'
+# List of locales to install, or "all" for all of them, or unset for none.
+SDKIMAGE_LINGUAS ?= "all"
+
inherit rootfs_${IMAGE_PKGTYPE}
SDK_DIR = "${WORKDIR}/sdk"
@@ -42,7 +45,8 @@ TOOLCHAIN_TARGET_TASK_ATTEMPTONLY ?= ""
TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}"
SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}"
-SDK_DEPENDS = "virtual/fakeroot-native pixz-native"
+SDK_DEPENDS = "virtual/fakeroot-native pixz-native cross-localedef-native"
+SDK_DEPENDS_append_libc-glibc = " nativesdk-glibc-locale"
# We want the MULTIARCH_TARGET_SYS to point to the TUNE_PKGARCH, not PACKAGE_ARCH as it
# could be set to the MACHINE_ARCH
@@ -222,6 +226,7 @@ EOF
-e 's#@SDK_VERSION@#${SDK_VERSION}#g' \
-e '/@SDK_PRE_INSTALL_COMMAND@/d' \
-e '/@SDK_POST_INSTALL_COMMAND@/d' \
+ -e 's#@SDK_GCC_VER@#${@oe.utils.host_gcc_version(d)}#g' \
${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.sh
# add execution permission
@@ -269,6 +274,6 @@ do_populate_sdk[file-checksums] += "${COREBASE}/meta/files/toolchain-shar-reloca
do_populate_sdk[dirs] = "${PKGDATA_DIR} ${TOPDIR}"
do_populate_sdk[depends] += "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_DEPENDS', True).split()])} ${@d.getVarFlag('do_rootfs', 'depends', False)}"
-do_populate_sdk[rdepends] = "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_RDEPENDS', True).split()])}"
+do_populate_sdk[rdepends] = "${@' '.join([x + ':do_package_write_${IMAGE_PKGTYPE} ' + x + ':do_packagedata' for x in d.getVar('SDK_RDEPENDS', True).split()])}"
do_populate_sdk[recrdeptask] += "do_packagedata do_package_write_rpm do_package_write_ipk do_package_write_deb"
addtask populate_sdk
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index 39f6142..dedd3b0 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -242,11 +242,12 @@ python copy_buildsystem () {
# Copy uninative tarball
# For now this is where uninative.bbclass expects the tarball
- uninative_file = d.expand('${SDK_DEPLOY}/${BUILD_ARCH}-nativesdk-libc.tar.bz2')
- uninative_checksum = bb.utils.sha256_file(uninative_file)
- uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
- bb.utils.mkdirhier(uninative_outdir)
- shutil.copy(uninative_file, uninative_outdir)
+ if bb.data.inherits_class('uninative', d):
+ uninative_file = d.expand('${UNINATIVE_DLDIR}/' + d.getVarFlag("UNINATIVE_CHECKSUM", d.getVar("BUILD_ARCH", True), True) + '/${UNINATIVE_TARBALL}')
+ uninative_checksum = bb.utils.sha256_file(uninative_file)
+ uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
+ bb.utils.mkdirhier(uninative_outdir)
+ shutil.copy(uninative_file, uninative_outdir)
env_whitelist = (d.getVar('BB_ENV_EXTRAWHITE', True) or '').split()
env_whitelist_values = {}
@@ -621,7 +622,8 @@ fakeroot python do_populate_sdk_ext() {
d.setVar('SDK_REQUIRED_UTILITIES', get_sdk_required_utilities(buildtools_fn, d))
d.setVar('SDK_BUILDTOOLS_INSTALLER', buildtools_fn)
d.setVar('SDKDEPLOYDIR', '${SDKEXTDEPLOYDIR}')
-
+ # ESDKs have a libc from the buildtools so ensure we don't ship linguas twice
+ d.delVar('SDKIMAGE_LINGUAS')
populate_sdk_common(d)
}
@@ -659,7 +661,7 @@ def get_sdk_ext_rdepends(d):
do_populate_sdk_ext[dirs] = "${@d.getVarFlag('do_populate_sdk', 'dirs', False)}"
do_populate_sdk_ext[depends] = "${@d.getVarFlag('do_populate_sdk', 'depends', False)} \
- buildtools-tarball:do_populate_sdk uninative-tarball:do_populate_sdk \
+ buildtools-tarball:do_populate_sdk \
${@'meta-world-pkgdata:do_collect_packagedata' if d.getVar('SDK_INCLUDE_PKGDATA', True) == '1' else ''} \
${@'meta-extsdk-toolchain:do_locked_sigs' if d.getVar('SDK_INCLUDE_TOOLCHAIN', True) == '1' else ''}"
@@ -678,7 +680,7 @@ SDKEXTDEPLOYDIR = "${WORKDIR}/deploy-${PN}-populate-sdk-ext"
SSTATETASKS += "do_populate_sdk_ext"
SSTATE_SKIP_CREATION_task-populate-sdk-ext = '1'
-do_populate_sdk_ext[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk_ext[cleandirs] = "${SDKEXTDEPLOYDIR}"
do_populate_sdk_ext[sstate-inputdirs] = "${SDKEXTDEPLOYDIR}"
do_populate_sdk_ext[sstate-outputdirs] = "${SDK_DEPLOY}"
do_populate_sdk_ext[stamp-extra-info] = "${MACHINE}"
diff --git a/meta/classes/rootfs_deb.bbclass b/meta/classes/rootfs_deb.bbclass
index f79fca6..09f4039 100644
--- a/meta/classes/rootfs_deb.bbclass
+++ b/meta/classes/rootfs_deb.bbclass
@@ -12,6 +12,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
do_rootfs[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
do_populate_sdk[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
+do_populate_sdk_ext[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
python rootfs_deb_bad_recommendations() {
if d.getVar("BAD_RECOMMENDATIONS", True):
diff --git a/meta/classes/rootfs_ipk.bbclass b/meta/classes/rootfs_ipk.bbclass
index d5c38fe..0252ba2 100644
--- a/meta/classes/rootfs_ipk.bbclass
+++ b/meta/classes/rootfs_ipk.bbclass
@@ -16,6 +16,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
do_rootfs[lockfiles] += "${WORKDIR}/ipk.lock"
do_populate_sdk[lockfiles] += "${WORKDIR}/ipk.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/ipk.lock"
OPKG_PREPROCESS_COMMANDS = ""
diff --git a/meta/classes/rootfs_rpm.bbclass b/meta/classes/rootfs_rpm.bbclass
index 37730a7..61ad766 100644
--- a/meta/classes/rootfs_rpm.bbclass
+++ b/meta/classes/rootfs_rpm.bbclass
@@ -24,6 +24,10 @@ do_populate_sdk[depends] += "${RPMROOTFSDEPENDS}"
do_rootfs[recrdeptask] += "do_package_write_rpm"
do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
+do_rootfs[lockfiles] += "${WORKDIR}/rpm.lock"
+do_populate_sdk[lockfiles] += "${WORKDIR}/rpm.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/rpm.lock"
+
python () {
if d.getVar('BUILD_IMAGES_FROM_FEEDS', True):
flags = d.getVarFlag('do_rootfs', 'recrdeptask', True)
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 9754669..62a29a1 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -59,6 +59,11 @@ python uninative_event_fetchloader() {
if localpath != tarballpath and os.path.exists(localpath) and not os.path.exists(tarballpath):
os.symlink(localpath, tarballpath)
+ # ldd output is "ldd (Ubuntu GLIBC 2.23-0ubuntu10) 2.23", extract last option from first line
+ glibcver = subprocess.check_output(["ldd", "--version"]).decode('utf-8').split('\n')[0].split()[-1]
+ if bb.utils.vercmp_string(d.getVar("UNINATIVE_MAXGLIBCVERSION", True), glibcver) < 0:
+ raise RuntimeError("Your host glibc verson (%s) is newer than that in uninative (%s). Disabling uninative so that sstate is not corrupted." % (glibcver, d.getVar("UNINATIVE_MAXGLIBCVERSION", True)))
+
cmd = d.expand("mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; cd ${UNINATIVE_STAGING_DIR}-uninative; tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux ${UNINATIVE_LOADER} ${UNINATIVE_LOADER} ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
subprocess.check_call(cmd, shell=True)
@@ -67,6 +72,8 @@ python uninative_event_fetchloader() {
enable_uninative(d)
+ except RuntimeError as e:
+ bb.warn(str(e))
except bb.fetch2.BBFetchException as exc:
bb.warn("Disabling uninative as unable to fetch uninative tarball: %s" % str(exc))
bb.warn("To build your own uninative loader, please bitbake uninative-tarball and set UNINATIVE_TARBALL appropriately.")
@@ -91,6 +98,7 @@ def enable_uninative(d):
bb.debug(2, "Enabling uninative")
d.setVar("NATIVELSBSTRING", "universal%s" % oe.utils.host_gcc_version(d))
d.appendVar("SSTATEPOSTUNPACKFUNCS", " uninative_changeinterp")
+ d.setVar("EXTRAINSTALLFUNCS_class-native", "uninative_relocate")
d.prependVar("PATH", "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${bindir_native}:")
python uninative_changeinterp () {
@@ -128,3 +136,20 @@ python uninative_changeinterp () {
bb.fatal("'%s' failed with exit code %d and the following output:\n%s" %
(e.cmd, e.returncode, e.output))
}
+
+# In morty we have a problem since files can come from sstate or be built locally. Mixing interpreters
+# for local vs. sstate objects can result in hard to debug futex hangs in shared memory regions (e.g.
+# from smart/rpm/libdb).
+# To resolve this, relocate natively build binaries too. This fix isn't needed post morty since RSS
+# always uses uninative interpreter manipulations for code path simplicity.
+EXTRAINSTALLFUNCS = ""
+do_install[vardepsexclude] = "uninative_relocate"
+do_install[postfuncs] += "${EXTRAINSTALLFUNCS}"
+
+python uninative_relocate () {
+ # (re)Use uninative_changeinterp() to change the interpreter in files in ${D}
+ orig = d.getVar('SSTATE_INSTDIR', False)
+ d.setVar('SSTATE_INSTDIR', "${D}")
+ bb.build.exec_func("uninative_changeinterp", d)
+ d.setVar('SSTATE_INSTDIR', orig)
+}
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index f7ed943..6b52ad3 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -8,6 +8,7 @@ IMAGE_LINGUAS ?= "en-us en-gb"
ENABLE_BINARY_LOCALE_GENERATION ?= "1"
LOCALE_UTF8_ONLY ?= "0"
LOCALE_UTF8_IS_DEFAULT ?= "1"
+LOCALE_UTF8_IS_DEFAULT_class-nativesdk = "0"
DISTRO_FEATURES_DEFAULT ?= "alsa argp bluetooth ext2 irda largefile pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11"
DISTRO_FEATURES_LIBC_DEFAULT ?= "ipv4 ipv6 libc-backtrace libc-big-macros libc-bsd libc-cxx-tests libc-catgets libc-charsets libc-crypt \
diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
index ca3c5ec..c06e352 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -22,7 +22,7 @@ PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}libc-initial = "${TCLIBC}-initial"
PREFERRED_PROVIDER_virtual/nativesdk-${SDK_PREFIX}libc-initial ?= "nativesdk-glibc-initial"
PREFERRED_PROVIDER_virtual/gettext ??= "gettext"
-GCCVERSION ?= "6.2%"
+GCCVERSION ?= "6.4%"
SDKGCCVERSION ?= "${GCCVERSION}"
BINUVERSION ?= "2.27%"
GDBVERSION ?= "7.11%"
diff --git a/meta/conf/distro/include/world-broken.inc b/meta/conf/distro/include/world-broken.inc
index d4bdddf..8f56103 100644
--- a/meta/conf/distro/include/world-broken.inc
+++ b/meta/conf/distro/include/world-broken.inc
@@ -5,11 +5,6 @@
# rt-tests needs PI mutex support in libc
EXCLUDE_FROM_WORLD_pn-rt-tests_libc-musl = "1"
-# error: no member named 'sin_port' in 'struct sockaddr_in6'
-# this is due to libtirpc using ipv6 but portmap rpc expecting ipv4
-EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1"
-EXCLUDE_FROM_WORLD_pn-unfs3_libc-musl = "1"
-
# error: use of undeclared identifier '_STAT_VER'
EXCLUDE_FROM_WORLD_pn-pseudo_libc-musl = "1"
@@ -33,6 +28,10 @@ EXCLUDE_FROM_WORLD_pn-lttng-tools_libc-musl = "1"
EXCLUDE_FROM_WORLD_pn-systemtap_libc-musl = "1"
EXCLUDE_FROM_WORLD_pn-systemtap-uprobes_libc-musl = "1"
+# portmap.c:488:32: error: 'struct sockaddr_in6' has no member named 'sin_port'; did you mean 'sin6_port'?
+# We removed portmap in rocko onwards and it doesn't work with libtirpc
+EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1"
+
# error: a parameter list without types is only allowed in a function definition
# void (*_function)(sigval_t);
EXCLUDE_FROM_WORLD_pn-qemu_libc-musl = "1"
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 839c19a..cd5fc0b 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,6 +6,8 @@
# to the distro running on the build machine.
#
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.7/"
-UNINATIVE_CHECKSUM[i686] ?= "d7c341460035936c19d63fe02f354ef1bc993c62d694ae3a31458d1c6997f0c5"
-UNINATIVE_CHECKSUM[x86_64] ?= "ed033c868b87852b07957a4400f3b744c00aef5d6470346ea1a59b6d3e03075e"
+UNINATIVE_MAXGLIBCVERSION = "2.27"
+
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.8/"
+UNINATIVE_CHECKSUM[i686] ?= "427ce522ec97f65c75fd89587d90ef789e8cbca4a617abc4b5822abb01c2d0ae"
+UNINATIVE_CHECKSUM[x86_64] ?= "de4947e98e09e1432d069311cc2093974ecb9138a714fd5466f73524de66a693"
diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample
index 85c5e21..e74e1f3 100644
--- a/meta/conf/local.conf.sample
+++ b/meta/conf/local.conf.sample
@@ -169,7 +169,7 @@ PATCHRESOLVE = "noop"
# files and damages the build in ways which may not be easily recoverable.
# It's necesary to monitor /tmp, if there is no space left the build will fail
# with very exotic errors.
-BB_DISKMON_DIRS = "\
+BB_DISKMON_DIRS ??= "\
STOPTASKS,${TMPDIR},1G,100K \
STOPTASKS,${DL_DIR},1G,100K \
STOPTASKS,${SSTATE_DIR},1G,100K \
diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index 9295ddc..3f54c96 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -11,6 +11,9 @@ export PATH=`echo "$PATH" | sed -e 's/:\.//' -e 's/::/:/'`
INST_ARCH=$(uname -m | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/")
SDK_ARCH=$(echo @SDK_ARCH@ | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/")
+INST_GCC_VER=$(gcc --version | sed -ne 's/.* \([0-9]\+\.[0-9]\+\)\.[0-9]\+.*/\1/p')
+SDK_GCC_VER='@SDK_GCC_VER@'
+
verlte () {
[ "$1" = "`printf "$1\n$2" | sort -V | head -n1`" ]
}
@@ -112,6 +115,11 @@ fi
# SDK_EXTENSIBLE is exposed from the SDK_PRE_INSTALL_COMMAND above
if [ "$SDK_EXTENSIBLE" = "1" ]; then
DEFAULT_INSTALL_DIR="@SDKEXTPATH@"
+ if [ "$INST_GCC_VER" = '4.8' -a "$SDK_GCC_VER" = '4.9' ] || [ "$INST_GCC_VER" = '4.8' -a "$SDK_GCC_VER" = '' ] || \
+ [ "$INST_GCC_VER" = '4.9' -a "$SDK_GCC_VER" = '' ]; then
+ echo "Error: Incompatible SDK installer! Your host gcc version is $INST_GCC_VER and this SDK was built by gcc higher version."
+ exit 1
+ fi
fi
if [ "$target_sdk_dir" = "" ]; then
diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py
index 02642f2..ae60a58 100644
--- a/meta/lib/oe/package.py
+++ b/meta/lib/oe/package.py
@@ -18,23 +18,24 @@ def runstrip(arg):
newmode = origmode | stat.S_IWRITE | stat.S_IREAD
os.chmod(file, newmode)
- extraflags = ""
+ stripcmd = [strip]
# kernel module
if elftype & 16:
- extraflags = "--strip-debug --remove-section=.comment --remove-section=.note --preserve-dates"
+ stripcmd.extend(["--strip-debug", "--remove-section=.comment",
+ "--remove-section=.note", "--preserve-dates"])
# .so and shared library
elif ".so" in file and elftype & 8:
- extraflags = "--remove-section=.comment --remove-section=.note --strip-unneeded"
+ stripcmd.extend(["--remove-section=.comment", "--remove-section=.note", "--strip-unneeded"])
# shared or executable:
elif elftype & 8 or elftype & 4:
- extraflags = "--remove-section=.comment --remove-section=.note"
+ stripcmd.extend(["--remove-section=.comment", "--remove-section=.note"])
- stripcmd = "'%s' %s '%s'" % (strip, extraflags, file)
+ stripcmd.append(file)
bb.debug(1, "runstrip: %s" % stripcmd)
try:
- output = subprocess.check_output(stripcmd, stderr=subprocess.STDOUT, shell=True)
+ output = subprocess.check_output(stripcmd, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
bb.error("runstrip: '%s' strip command failed with %s (%s)" % (stripcmd, e.returncode, e.output))
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 13577b1..13717a7 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -165,6 +165,10 @@ class RpmIndexer(Indexer):
archs = archs.union(set(sdk_pkg_archs))
rpm_createrepo = bb.utils.which(os.getenv('PATH'), "createrepo")
+ if not rpm_createrepo:
+ bb.error("Cannot rebuild index as createrepo was not found in %s" % os.environ['PATH'])
+ return
+
if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
else:
@@ -358,12 +362,11 @@ class RpmPkgsList(PkgsList):
RpmIndexer(d, rootfs_dir).get_ml_prefix_and_os_list(arch_var, os_var)
# Determine rpm version
- cmd = "%s --version" % self.rpm_cmd
try:
- output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
+ output = subprocess.check_output([self.rpm_cmd, "--version"], stderr=subprocess.STDOUT).decode("utf-8")
except subprocess.CalledProcessError as e:
bb.fatal("Getting rpm version failed. Command '%s' "
- "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (self.rpm_cmd, e.returncode, e.output.decode("utf-8")))
'''
Translate the RPM/Smart format names to the OE multilib format names
@@ -412,16 +415,15 @@ class RpmPkgsList(PkgsList):
return output
def list_pkgs(self):
- cmd = self.rpm_cmd + ' --root ' + self.rootfs_dir
- cmd += ' -D "_dbpath /var/lib/rpm" -qa'
- cmd += " --qf '[%{NAME} %{ARCH} %{VERSION} %{PACKAGEORIGIN}\n]'"
+ cmd = [self.rpm_cmd, '--root', self.rootfs_dir]
+ cmd.extend(['-D', '_dbpath /var/lib/rpm'])
+ cmd.extend(['-qa', '--qf', '[%{NAME} %{ARCH} %{VERSION} %{PACKAGEORIGIN}\n]'])
try:
- # bb.note(cmd)
- tmp_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).strip().decode("utf-8")
+ tmp_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).strip().decode("utf-8")
except subprocess.CalledProcessError as e:
bb.fatal("Cannot get the installed packages list. Command '%s' "
- "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
output = dict()
deps = dict()
@@ -561,6 +563,29 @@ class PackageManager(object, metaclass=ABCMeta):
pass
"""
+ Install all packages that match a glob.
+ """
+ def install_glob(self, globs, sdk=False):
+ # TODO don't have sdk here but have a property on the superclass
+ # (and respect in install_complementary)
+ if sdk:
+ pkgdatadir = self.d.expand("${STAGING_DIR}/${SDK_ARCH}-${SDKPKGSUFFIX}${SDK_VENDOR}-${SDK_OS}/pkgdata")
+ else:
+ pkgdatadir = self.d.getVar("PKGDATA_DIR", True)
+
+ try:
+ bb.note("Installing globbed packages...")
+ cmd = ["oe-pkgdata-util", "-p", pkgdatadir, "list-pkgs", globs]
+ pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
+ self.install(pkgs.split(), attempt_only=True)
+ except subprocess.CalledProcessError as e:
+ # Return code 1 means no packages matched
+ if e.returncode != 1:
+ bb.fatal("Could not compute globbed packages list. Command "
+ "'%s' returned %d:\n%s" %
+ (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
+
+ """
Install complementary packages based upon the list of currently installed
packages e.g. locales, *-dev, *-dbg, etc. This will only attempt to install
these packages, if they don't exist then no error will occur. Note: every
@@ -568,15 +593,6 @@ class PackageManager(object, metaclass=ABCMeta):
installation
"""
def install_complementary(self, globs=None):
- # we need to write the list of installed packages to a file because the
- # oe-pkgdata-util reads it from a file
- installed_pkgs_file = os.path.join(self.d.getVar('WORKDIR', True),
- "installed_pkgs.txt")
- with open(installed_pkgs_file, "w+") as installed_pkgs:
- pkgs = self.list_installed()
- output = oe.utils.format_pkg_list(pkgs, "arch")
- installed_pkgs.write(output)
-
if globs is None:
globs = self.d.getVar('IMAGE_INSTALL_COMPLEMENTARY', True)
split_linguas = set()
@@ -593,22 +609,29 @@ class PackageManager(object, metaclass=ABCMeta):
if globs is None:
return
- cmd = [bb.utils.which(os.getenv('PATH'), "oe-pkgdata-util"),
- "-p", self.d.getVar('PKGDATA_DIR', True), "glob", installed_pkgs_file,
- globs]
- exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY', True)
- if exclude:
- cmd.extend(['--exclude=' + '|'.join(exclude.split())])
- try:
- bb.note("Installing complementary packages ...")
- bb.note('Running %s' % cmd)
- complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
- except subprocess.CalledProcessError as e:
- bb.fatal("Could not compute complementary packages list. Command "
- "'%s' returned %d:\n%s" %
- (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
- self.install(complementary_pkgs.split(), attempt_only=True)
- os.remove(installed_pkgs_file)
+ # we need to write the list of installed packages to a file because the
+ # oe-pkgdata-util reads it from a file
+ with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs:
+ pkgs = self.list_installed()
+ output = oe.utils.format_pkg_list(pkgs, "arch")
+ installed_pkgs.write(output)
+ installed_pkgs.flush()
+
+ cmd = ["oe-pkgdata-util",
+ "-p", self.d.getVar('PKGDATA_DIR', True), "glob", installed_pkgs.name,
+ globs]
+ exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY', True)
+ if exclude:
+ cmd.extend(['--exclude=' + '|'.join(exclude.split())])
+ try:
+ bb.note("Installing complementary packages ...")
+ bb.note('Running %s' % cmd)
+ complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
+ self.install(complementary_pkgs.split(), attempt_only=True)
+ except subprocess.CalledProcessError as e:
+ bb.fatal("Could not compute complementary packages list. Command "
+ "'%s' returned %d:\n%s" %
+ (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
def deploy_dir_lock(self):
if self.deploy_dir is None:
@@ -654,7 +677,8 @@ class RpmPM(PackageManager):
task_name='target',
providename=None,
arch_var=None,
- os_var=None):
+ os_var=None,
+ rpm_repo_workdir="oe-rootfs-repo"):
super(RpmPM, self).__init__(d)
self.target_rootfs = target_rootfs
self.target_vendor = target_vendor
@@ -672,11 +696,11 @@ class RpmPM(PackageManager):
# 2 = --log-level=debug
# 3 = --log-level=debug plus dumps of scriplet content and command invocation
self.debug_level = int(d.getVar('ROOTFS_RPM_DEBUG', True) or "0")
- self.smart_opt = "--log-level=%s --data-dir=%s" % \
+ self.smart_opt = ["--log-level=%s" %
("warning" if self.debug_level == 0 else
"info" if self.debug_level == 1 else
- "debug",
- os.path.join(target_rootfs, 'var/lib/smart'))
+ "debug"), "--data-dir=%s" %
+ os.path.join(target_rootfs, 'var/lib/smart')]
self.scriptlet_wrapper = self.d.expand('${WORKDIR}/scriptlet_wrapper')
self.solution_manifest = self.d.expand('${T}/saved/%s_solution' %
self.task_name)
@@ -732,18 +756,18 @@ class RpmPM(PackageManager):
for arch in arch_list:
bb.note('Adding Smart channel url%d%s (%s)' %
(uri_iterator, arch, channel_priority))
- self._invoke_smart('channel --add url%d-%s type=rpm-md baseurl=%s/%s -y'
- % (uri_iterator, arch, uri, arch))
- self._invoke_smart('channel --set url%d-%s priority=%d' %
- (uri_iterator, arch, channel_priority))
+ self._invoke_smart(['channel', '--add', 'url%d-%s' % (uri_iterator, arch),
+ 'type=rpm-md', 'baseurl=%s/%s' % (uri, arch), '-y'])
+ self._invoke_smart(['channel', '--set', 'url%d-%s' % (uri_iterator, arch),
+ 'priority=%d' % channel_priority])
channel_priority -= 5
else:
bb.note('Adding Smart channel url%d (%s)' %
(uri_iterator, channel_priority))
- self._invoke_smart('channel --add url%d type=rpm-md baseurl=%s -y'
- % (uri_iterator, uri))
- self._invoke_smart('channel --set url%d priority=%d' %
- (uri_iterator, channel_priority))
+ self._invoke_smart(['channel', '--add', 'url%d' % uri_iterator,
+ 'type=rpm-md', 'baseurl=%s' % uri, '-y'])
+ self._invoke_smart(['channel', '--set', 'url%d' % uri_iterator,
+ 'priority=%d' % channel_priority])
channel_priority -= 5
uri_iterator += 1
@@ -774,18 +798,17 @@ class RpmPM(PackageManager):
self._create_configs(platform, platform_extra)
+ #takes array args
def _invoke_smart(self, args):
- cmd = "%s %s %s" % (self.smart_cmd, self.smart_opt, args)
+ cmd = [self.smart_cmd] + self.smart_opt + args
# bb.note(cmd)
try:
- complementary_pkgs = subprocess.check_output(cmd,
- stderr=subprocess.STDOUT,
- shell=True).decode("utf-8")
+ complementary_pkgs = subprocess.check_output(cmd,stderr=subprocess.STDOUT).decode("utf-8")
# bb.note(complementary_pkgs)
return complementary_pkgs
except subprocess.CalledProcessError as e:
bb.fatal("Could not invoke smart. Command "
- "'%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "'%s' returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
def _search_pkg_name_in_feeds(self, pkg, feed_archs):
for arch in feed_archs:
@@ -800,19 +823,23 @@ class RpmPM(PackageManager):
# Search provides if not found by pkgname.
bb.note('Not found %s by name, searching provides ...' % pkg)
- cmd = "%s %s query --provides %s --show-format='$name-$version'" % \
- (self.smart_cmd, self.smart_opt, pkg)
- cmd += " | sed -ne 's/ *Provides://p'"
- bb.note('cmd: %s' % cmd)
- output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
- # Found a provider
- if output:
- bb.note('Found providers for %s: %s' % (pkg, output))
- for p in output.split():
- for arch in feed_archs:
- arch = arch.replace('-', '_')
- if p.rstrip().endswith('@' + arch):
- return p
+ cmd = [self.smart_cmd] + self.smart_opt + ["query", "--provides", pkg,
+ "--show-format=$name-$version"]
+ bb.note('cmd: %s' % ' '.join(cmd))
+ ps = subprocess.Popen(cmd, stdout=subprocess.PIPE)
+ try:
+ output = subprocess.check_output(["sed", "-ne", "s/ *Provides://p"],
+ stdin=ps.stdout, stderr=subprocess.STDOUT).decode("utf-8")
+ # Found a provider
+ if output:
+ bb.note('Found providers for %s: %s' % (pkg, output))
+ for p in output.split():
+ for arch in feed_archs:
+ arch = arch.replace('-', '_')
+ if p.rstrip().endswith('@' + arch):
+ return p
+ except subprocess.CalledProcessError as e:
+ bb.error("Failed running smart query on package %s." % pkg)
return ""
@@ -949,30 +976,32 @@ class RpmPM(PackageManager):
open(db_config_dir, 'w+').write(DB_CONFIG_CONTENT)
# Create database so that smart doesn't complain (lazy init)
- opt = "-qa"
- cmd = "%s --root %s --dbpath /var/lib/rpm %s > /dev/null" % (
- self.rpm_cmd, self.target_rootfs, opt)
+ cmd = [self.rpm_cmd, '--root', self.target_rootfs, '--dbpath', '/var/lib/rpm', '-qa']
try:
- subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+ subprocess.check_output(cmd, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
bb.fatal("Create rpm database failed. Command '%s' "
- "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
# Import GPG key to RPM database of the target system
if self.d.getVar('RPM_SIGN_PACKAGES', True) == '1':
pubkey_path = self.d.getVar('RPM_GPG_PUBKEY', True)
- cmd = "%s --root %s --dbpath /var/lib/rpm --import %s > /dev/null" % (
- self.rpm_cmd, self.target_rootfs, pubkey_path)
- subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+ cmd = [self.rpm_cmd, '--root', self.target_rootfs, '--dbpath', '/var/lib/rpm', '--import', pubkey_path]
+ try:
+ subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ bb.fatal("Import GPG key failed. Command '%s' "
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
+
# Configure smart
bb.note("configuring Smart settings")
bb.utils.remove(os.path.join(self.target_rootfs, 'var/lib/smart'),
True)
- self._invoke_smart('config --set rpm-root=%s' % self.target_rootfs)
- self._invoke_smart('config --set rpm-dbpath=/var/lib/rpm')
- self._invoke_smart('config --set rpm-extra-macros._var=%s' %
- self.d.getVar('localstatedir', True))
- cmd = "config --set rpm-extra-macros._tmppath=/%s/tmp" % (self.install_dir_name)
+ self._invoke_smart(['config', '--set', 'rpm-root=%s' % self.target_rootfs])
+ self._invoke_smart(['config', '--set', 'rpm-dbpath=/var/lib/rpm'])
+ self._invoke_smart(['config', '--set', 'rpm-extra-macros._var=%s' %
+ self.d.getVar('localstatedir', True)])
+ cmd = ["config", "--set", "rpm-extra-macros._tmppath=/%s/tmp" % self.install_dir_name]
prefer_color = self.d.getVar('RPM_PREFER_ELF_ARCH', True)
if prefer_color:
@@ -986,32 +1015,32 @@ class RpmPM(PackageManager):
['mips64', 'mips64el']:
bb.fatal("RPM_PREFER_ELF_ARCH = \"4\" is for mips64 or mips64el "
"only.")
- self._invoke_smart('config --set rpm-extra-macros._prefer_color=%s'
- % prefer_color)
+ self._invoke_smart(['config', '--set', 'rpm-extra-macros._prefer_color=%s'
+ % prefer_color])
self._invoke_smart(cmd)
- self._invoke_smart('config --set rpm-ignoresize=1')
+ self._invoke_smart(['config', '--set', 'rpm-ignoresize=1'])
# Write common configuration for host and target usage
- self._invoke_smart('config --set rpm-nolinktos=1')
- self._invoke_smart('config --set rpm-noparentdirs=1')
+ self._invoke_smart(['config', '--set', 'rpm-nolinktos=1'])
+ self._invoke_smart(['config', '--set', 'rpm-noparentdirs=1'])
check_signature = self.d.getVar('RPM_CHECK_SIGNATURES', True)
if check_signature and check_signature.strip() == "0":
- self._invoke_smart('config --set rpm-check-signatures=false')
+ self._invoke_smart(['config', '--set rpm-check-signatures=false'])
for i in self.d.getVar('BAD_RECOMMENDATIONS', True).split():
- self._invoke_smart('flag --set ignore-recommends %s' % i)
+ self._invoke_smart(['flag', '--set', 'ignore-recommends', i])
# Do the following configurations here, to avoid them being
# saved for field upgrade
if self.d.getVar('NO_RECOMMENDATIONS', True).strip() == "1":
- self._invoke_smart('config --set ignore-all-recommends=1')
+ self._invoke_smart(['config', '--set', 'ignore-all-recommends=1'])
pkg_exclude = self.d.getVar('PACKAGE_EXCLUDE', True) or ""
for i in pkg_exclude.split():
- self._invoke_smart('flag --set exclude-packages %s' % i)
+ self._invoke_smart(['flag', '--set', 'exclude-packages', i])
# Optional debugging
- # self._invoke_smart('config --set rpm-log-level=debug')
- # cmd = 'config --set rpm-log-file=/tmp/smart-debug-logfile'
+ # self._invoke_smart(['config', '--set', 'rpm-log-level=debug'])
+ # cmd = ['config', '--set', 'rpm-log-file=/tmp/smart-debug-logfile']
# self._invoke_smart(cmd)
ch_already_added = []
for canonical_arch in platform_extra:
@@ -1030,16 +1059,16 @@ class RpmPM(PackageManager):
if not arch in ch_already_added:
bb.note('Adding Smart channel %s (%s)' %
(arch, channel_priority))
- self._invoke_smart('channel --add %s type=rpm-md baseurl=%s -y'
- % (arch, arch_channel))
- self._invoke_smart('channel --set %s priority=%d' %
- (arch, channel_priority))
+ self._invoke_smart(['channel', '--add', arch, 'type=rpm-md',
+ 'baseurl=%s' % arch_channel, '-y'])
+ self._invoke_smart(['channel', '--set', arch, 'priority=%d' %
+ channel_priority])
channel_priority -= 5
ch_already_added.append(arch)
bb.note('adding Smart RPM DB channel')
- self._invoke_smart('channel --add rpmsys type=rpm-sys -y')
+ self._invoke_smart(['channel', '--add', 'rpmsys', 'type=rpm-sys', '-y'])
# Construct install scriptlet wrapper.
# Scripts need to be ordered when executed, this ensures numeric order.
@@ -1102,15 +1131,15 @@ class RpmPM(PackageManager):
bb.note("configuring RPM cross-install scriptlet_wrapper")
os.chmod(self.scriptlet_wrapper, 0o755)
- cmd = 'config --set rpm-extra-macros._cross_scriptlet_wrapper=%s' % \
- self.scriptlet_wrapper
+ cmd = ['config', '--set', 'rpm-extra-macros._cross_scriptlet_wrapper=%s' %
+ self.scriptlet_wrapper]
self._invoke_smart(cmd)
# Debug to show smart config info
- # bb.note(self._invoke_smart('config --show'))
+ # bb.note(self._invoke_smart(['config', '--show']))
def update(self):
- self._invoke_smart('update rpmsys')
+ self._invoke_smart(['update', 'rpmsys'])
def get_rdepends_recursively(self, pkgs):
# pkgs will be changed during the loop, so use [:] to make a copy.
@@ -1207,20 +1236,19 @@ class RpmPM(PackageManager):
return
if not attempt_only:
bb.note('to be installed: %s' % ' '.join(pkgs))
- cmd = "%s %s install -y %s" % \
- (self.smart_cmd, self.smart_opt, ' '.join(pkgs))
- bb.note(cmd)
+ cmd = [self.smart_cmd] + self.smart_opt + ["install", "-y"] + pkgs
+ bb.note(' '.join(cmd))
else:
bb.note('installing attempt only packages...')
bb.note('Attempting %s' % ' '.join(pkgs))
- cmd = "%s %s install --attempt -y %s" % \
- (self.smart_cmd, self.smart_opt, ' '.join(pkgs))
+ cmd = [self.smart_cmd] + self.smart_opt + ["install", "--attempt",
+ "-y"] + pkgs
try:
- output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8")
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
bb.note(output)
except subprocess.CalledProcessError as e:
bb.fatal("Unable to install packages. Command '%s' "
- "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
'''
Remove pkgs with smart, the pkg name is smart/rpm format
@@ -1229,24 +1257,19 @@ class RpmPM(PackageManager):
bb.note('to be removed: ' + ' '.join(pkgs))
if not with_dependencies:
- cmd = "%s -e --nodeps " % self.rpm_cmd
- cmd += "--root=%s " % self.target_rootfs
- cmd += "--dbpath=/var/lib/rpm "
- cmd += "--define='_cross_scriptlet_wrapper %s' " % \
- self.scriptlet_wrapper
- cmd += "--define='_tmppath /%s/tmp' %s" % (self.install_dir_name, ' '.join(pkgs))
+ cmd = [self.rpm_cmd] + ["-e", "--nodeps", "--root=%s" %
+ self.target_rootfs, "--dbpath=/var/lib/rpm",
+ "--define='_cross_scriptlet_wrapper %s'" %
+ self.scriptlet_wrapper,
+ "--define='_tmppath /%s/tmp'" % self.install_dir_name] + pkgs
else:
# for pkg in pkgs:
# bb.note('Debug: What required: %s' % pkg)
- # bb.note(self._invoke_smart('query %s --show-requiredby' % pkg))
-
- cmd = "%s %s remove -y %s" % (self.smart_cmd,
- self.smart_opt,
- ' '.join(pkgs))
-
+ # bb.note(self._invoke_smart(['query', pkg, '--show-requiredby']))
+ cmd = [self.smart_cmd] + self.smart_opt + ["remove", "-y"] + pkgs
try:
- bb.note(cmd)
- output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
+ bb.note(' '.join(cmd))
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
bb.note(output)
except subprocess.CalledProcessError as e:
bb.note("Unable to remove packages. Command '%s' "
@@ -1254,7 +1277,7 @@ class RpmPM(PackageManager):
def upgrade(self):
bb.note('smart upgrade')
- self._invoke_smart('upgrade')
+ self._invoke_smart(['upgrade'])
def write_index(self):
result = self.indexer.write_index()
@@ -1307,25 +1330,24 @@ class RpmPM(PackageManager):
pkgs = self._pkg_translate_oe_to_smart(pkgs, False)
install_pkgs = list()
- cmd = "%s %s install -y --dump %s 2>%s" % \
- (self.smart_cmd,
- self.smart_opt,
- ' '.join(pkgs),
- self.solution_manifest)
+ cmd = [self.smart_cmd] + self.smart_opt + ['install', '-y', '--dump'] + pkgs
try:
# Disable rpmsys channel for the fake install
- self._invoke_smart('channel --disable rpmsys')
+ self._invoke_smart(['channel', '--disable', 'rpmsys'])
- subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+ output = subprocess.check_output(cmd,stderr=subprocess.STDOUT).decode('utf-8')
+ f = open(self.solution_manifest, 'w')
+ f.write(output)
+ f.close()
with open(self.solution_manifest, 'r') as manifest:
for pkg in manifest.read().split('\n'):
if '@' in pkg:
- install_pkgs.append(pkg)
+ install_pkgs.append(pkg.strip())
except subprocess.CalledProcessError as e:
bb.note("Unable to dump install packages. Command '%s' "
"returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
# Recovery rpmsys channel
- self._invoke_smart('channel --enable rpmsys')
+ self._invoke_smart(['channel', '--enable', 'rpmsys'])
return install_pkgs
'''
@@ -1355,17 +1377,16 @@ class RpmPM(PackageManager):
def dump_all_available_pkgs(self):
available_manifest = self.d.expand('${T}/saved/available_pkgs.txt')
available_pkgs = list()
- cmd = "%s %s query --output %s" % \
- (self.smart_cmd, self.smart_opt, available_manifest)
+ cmd = [self.smart_cmd] + self.smart_opt + ['query', '--output', available_manifest]
try:
- subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+ subprocess.check_output(cmd, stderr=subprocess.STDOUT)
with open(available_manifest, 'r') as manifest:
for pkg in manifest.read().split('\n'):
if '@' in pkg:
available_pkgs.append(pkg.strip())
except subprocess.CalledProcessError as e:
bb.note("Unable to list all available packages. Command '%s' "
- "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
self.fullpkglist = available_pkgs
@@ -1404,11 +1425,11 @@ class RpmPM(PackageManager):
bb.utils.remove(os.path.join(self.target_rootfs, 'var/lib/smart'),
True)
- self._invoke_smart('config --set rpm-nolinktos=1')
- self._invoke_smart('config --set rpm-noparentdirs=1')
+ self._invoke_smart(['config', '--set', 'rpm-nolinktos=1'])
+ self._invoke_smart(['config', '--set', 'rpm-noparentdirs=1'])
for i in self.d.getVar('BAD_RECOMMENDATIONS', True).split():
- self._invoke_smart('flag --set ignore-recommends %s' % i)
- self._invoke_smart('channel --add rpmsys type=rpm-sys -y')
+ self._invoke_smart(['flag', '--set', 'ignore-recommends', i])
+ self._invoke_smart(['channel', '--add', 'rpmsys', 'type=rpm-sys', '-y'])
'''
The rpm db lock files were produced after invoking rpm to query on
@@ -1425,12 +1446,12 @@ class RpmPM(PackageManager):
Returns a dictionary with the package info.
"""
def package_info(self, pkg):
- cmd = "%s %s info --urls %s" % (self.smart_cmd, self.smart_opt, pkg)
+ cmd = [self.smart_cmd] + self.smart_opt + ['info', '--urls', pkg]
try:
- output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
except subprocess.CalledProcessError as e:
bb.fatal("Unable to list available packages. Command '%s' "
- "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
# Set default values to avoid UnboundLocalError
arch = ""
@@ -1550,18 +1571,18 @@ class OpkgDpkgPM(PackageManager):
os.chdir(tmp_dir)
try:
- cmd = "%s x %s" % (ar_cmd, pkg_path)
- output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
- cmd = "%s xf data.tar.*" % tar_cmd
- output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+ cmd = [ar_cmd, 'x', pkg_path]
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ cmd = [tar_cmd, 'xf', 'data.tar.*']
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
bb.utils.remove(tmp_dir, recurse=True)
bb.fatal("Unable to extract %s package. Command '%s' "
- "returned %d:\n%s" % (pkg_path, cmd, e.returncode, e.output.decode("utf-8")))
+ "returned %d:\n%s" % (pkg_path, ' '.join(cmd), e.returncode, e.output.decode("utf-8")))
except OSError as e:
bb.utils.remove(tmp_dir, recurse=True)
bb.fatal("Unable to extract %s package. Command '%s' "
- "returned %d:\n%s at %s" % (pkg_path, cmd, e.errno, e.strerror, e.filename))
+ "returned %d:\n%s at %s" % (pkg_path, ' '.join(cmd), e.errno, e.strerror, e.filename))
bb.note("Extracted %s to %s" % (pkg_path, tmp_dir))
bb.utils.remove(os.path.join(tmp_dir, "debian-binary"))
@@ -2000,7 +2021,10 @@ class DpkgPM(OpkgDpkgPM):
"""
def run_pre_post_installs(self, package_name=None):
info_dir = self.target_rootfs + "/var/lib/dpkg/info"
- suffixes = [(".preinst", "Preinstall"), (".postinst", "Postinstall")]
+ ControlScript = collections.namedtuple("ControlScript", ["suffix", "name", "argument"])
+ control_scripts = [
+ ControlScript(".preinst", "Preinstall", "install"),
+ ControlScript(".postinst", "Postinstall", "configure")]
status_file = self.target_rootfs + "/var/lib/dpkg/status"
installed_pkgs = []
@@ -2023,16 +2047,18 @@ class DpkgPM(OpkgDpkgPM):
failed_pkgs = []
for pkg_name in installed_pkgs:
- for suffix in suffixes:
- p_full = os.path.join(info_dir, pkg_name + suffix[0])
+ for control_script in control_scripts:
+ p_full = os.path.join(info_dir, pkg_name + control_script.suffix)
if os.path.exists(p_full):
try:
bb.note("Executing %s for package: %s ..." %
- (suffix[1].lower(), pkg_name))
- subprocess.check_output(p_full, stderr=subprocess.STDOUT)
+ (control_script.name.lower(), pkg_name))
+ subprocess.check_output([p_full, control_script.argument],
+ stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
bb.note("%s for package %s failed with %d:\n%s" %
- (suffix[1], pkg_name, e.returncode, e.output.decode("utf-8")))
+ (control_script.name, pkg_name, e.returncode,
+ e.output.decode("utf-8")))
failed_pkgs.append(pkg_name)
break
diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py
index c74525f..ec0af3e 100644
--- a/meta/lib/oe/sdk.py
+++ b/meta/lib/oe/sdk.py
@@ -7,6 +7,51 @@ import shutil
import glob
import traceback
+def generate_locale_archive(d, rootfs):
+ # Pretty sure we don't need this for SDK archive generation but
+ # keeping it to be safe...
+ target_arch = d.getVar('SDK_ARCH', True)
+ locale_arch_options = { \
+ "arm": ["--uint32-align=4", "--little-endian"],
+ "armeb": ["--uint32-align=4", "--big-endian"],
+ "aarch64": ["--uint32-align=4", "--little-endian"],
+ "aarch64_be": ["--uint32-align=4", "--big-endian"],
+ "sh4": ["--uint32-align=4", "--big-endian"],
+ "powerpc": ["--uint32-align=4", "--big-endian"],
+ "powerpc64": ["--uint32-align=4", "--big-endian"],
+ "mips": ["--uint32-align=4", "--big-endian"],
+ "mipsisa32r6": ["--uint32-align=4", "--big-endian"],
+ "mips64": ["--uint32-align=4", "--big-endian"],
+ "mipsisa64r6": ["--uint32-align=4", "--big-endian"],
+ "mipsel": ["--uint32-align=4", "--little-endian"],
+ "mipsisa32r6el": ["--uint32-align=4", "--little-endian"],
+ "mips64el": ["--uint32-align=4", "--little-endian"],
+ "mipsisa64r6el": ["--uint32-align=4", "--little-endian"],
+ "i586": ["--uint32-align=4", "--little-endian"],
+ "i686": ["--uint32-align=4", "--little-endian"],
+ "x86_64": ["--uint32-align=4", "--little-endian"]
+ }
+ if target_arch in locale_arch_options:
+ arch_options = locale_arch_options[target_arch]
+ else:
+ bb.error("locale_arch_options not found for target_arch=" + target_arch)
+ bb.fatal("unknown arch:" + target_arch + " for locale_arch_options")
+
+ localedir = oe.path.join(rootfs, d.getVar("libdir_nativesdk", True), "locale")
+ # Need to set this so cross-localedef knows where the archive is
+ env = dict(os.environ)
+ env["LOCALEARCHIVE"] = oe.path.join(localedir, "locale-archive")
+
+ for name in os.listdir(localedir):
+ path = os.path.join(localedir, name)
+ if os.path.isdir(path):
+ try:
+ cmd = ["cross-localedef", "--verbose"]
+ cmd += arch_options
+ cmd += ["--add-to-archive", path]
+ subprocess.check_output(cmd, env=env, stderr=subprocess.STDOUT)
+ except Exception as e:
+ bb.fatal("Cannot create locale archive: %s" % e.output)
class Sdk(object, metaclass=ABCMeta):
def __init__(self, d, manifest_dir):
@@ -84,8 +129,32 @@ class Sdk(object, metaclass=ABCMeta):
bb.debug(1, "printing the stack trace\n %s" %traceback.format_exc())
bb.warn("cannot remove SDK dir: %s" % path)
+ def install_locales(self, pm):
+ # This is only relevant for glibc
+ if self.d.getVar("TCLIBC", True) != "glibc":
+ return
+
+ linguas = self.d.getVar("SDKIMAGE_LINGUAS", True)
+ if linguas:
+ import fnmatch
+ # Install the binary locales
+ if linguas == "all":
+ pm.install_glob("nativesdk-glibc-binary-localedata-*.utf-8", sdk=True)
+ else:
+ for lang in linguas.split():
+ pm.install("nativesdk-glibc-binary-localedata-%s.utf-8" % lang)
+ # Generate a locale archive of them
+ generate_locale_archive(self.d, oe.path.join(self.sdk_host_sysroot, self.sdk_native_path))
+ # And now delete the binary locales
+ pkgs = fnmatch.filter(pm.list_installed(), "nativesdk-glibc-binary-localedata-*.utf-8")
+ pm.remove(pkgs, with_dependencies=False)
+ else:
+ # No linguas so do nothing
+ pass
+
+
class RpmSdk(Sdk):
- def __init__(self, d, manifest_dir=None):
+ def __init__(self, d, manifest_dir=None, rpm_workdir="oe-sdk-repo"):
super(RpmSdk, self).__init__(d, manifest_dir)
self.target_manifest = RpmManifest(d, self.manifest_dir,
@@ -100,11 +169,17 @@ class RpmSdk(Sdk):
'pkgconfig'
]
+ rpm_repo_workdir = "oe-sdk-repo"
+ if "sdk_ext" in d.getVar("BB_RUNTASK", True):
+ rpm_repo_workdir = "oe-sdk-ext-repo"
+
+
self.target_pm = RpmPM(d,
self.sdk_target_sysroot,
self.d.getVar('TARGET_VENDOR', True),
'target',
- target_providename
+ target_providename,
+ rpm_repo_workdir=rpm_repo_workdir
)
sdk_providename = ['/bin/sh',
@@ -122,7 +197,8 @@ class RpmSdk(Sdk):
'host',
sdk_providename,
"SDK_PACKAGE_ARCHS",
- "SDK_OS"
+ "SDK_OS",
+ rpm_repo_workdir=rpm_repo_workdir
)
def _populate_sysroot(self, pm, manifest):
@@ -158,6 +234,7 @@ class RpmSdk(Sdk):
bb.note("Installing NATIVESDK packages")
self._populate_sysroot(self.host_pm, self.host_manifest)
+ self.install_locales(self.host_pm)
execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND", True))
@@ -237,6 +314,7 @@ class OpkgSdk(Sdk):
bb.note("Installing NATIVESDK packages")
self._populate_sysroot(self.host_pm, self.host_manifest)
+ self.install_locales(self.host_pm)
execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND", True))
@@ -321,6 +399,7 @@ class DpkgSdk(Sdk):
bb.note("Installing NATIVESDK packages")
self._populate_sysroot(self.host_pm, self.host_manifest)
+ self.install_locales(self.host_pm)
execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND", True))
diff --git a/meta/lib/oe/terminal.py b/meta/lib/oe/terminal.py
index 3c8ef59..df4c75b 100644
--- a/meta/lib/oe/terminal.py
+++ b/meta/lib/oe/terminal.py
@@ -67,7 +67,7 @@ class Gnome(XTerminal):
import tempfile
pidfile = tempfile.NamedTemporaryFile(delete = False).name
try:
- sh_cmd = "oe-gnome-terminal-phonehome " + pidfile + " " + sh_cmd
+ sh_cmd = bb.utils.which(os.getenv('PATH'), "oe-gnome-terminal-phonehome") + " " + pidfile + " " + sh_cmd
XTerminal.__init__(self, sh_cmd, title, env, d)
while os.stat(pidfile).st_size <= 0:
continue
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py
index 3b5c2da..02e5f5a 100644
--- a/meta/lib/oeqa/selftest/signing.py
+++ b/meta/lib/oeqa/selftest/signing.py
@@ -26,7 +26,7 @@ class Signing(oeSelfTest):
cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub")
cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret")
- runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
+ runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
@classmethod
def tearDownClass(cls):
diff --git a/meta/recipes-bsp/acpid/acpid.inc b/meta/recipes-bsp/acpid/acpid.inc
index 12ec19b..766ed4f 100644
--- a/meta/recipes-bsp/acpid/acpid.inc
+++ b/meta/recipes-bsp/acpid/acpid.inc
@@ -9,6 +9,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/acpid2/acpid-${PV}.tar.xz \
file://acpid.service \
"
+CVE_PRODUCT = "acpid2"
+
inherit autotools update-rc.d systemd
INITSCRIPT_NAME = "acpid"
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi/0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch
new file mode 100644
index 0000000..d0aeb2d
--- /dev/null
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch
@@ -0,0 +1,34 @@
+From 676a8a9001f06808b4dbe0a545d76b5d9a8ebf48 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 2 Feb 2017 13:51:27 -0500
+Subject: [PATCH] Mark our explicit fall through so -Wextra will work in gcc 7
+
+gcc 7 introduces detection of fall-through behavior in switch/case
+statements, and will warn if -Wimplicit-fallthrough is present and there
+is no comment stating that the fall-through is intentional. This is
+also triggered by -Wextra, as it enables -Wimplicit-fallthrough=1.
+
+This patch adds the comment in the one place we use fall-through.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+Upstream-Status: Pending
+
+ lib/print.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/print.c b/lib/print.c
+index b8a9d38..cb732f0 100644
+--- a/lib/print.c
++++ b/lib/print.c
+@@ -1131,6 +1131,7 @@ Returns:
+ case 'X':
+ Item.Width = Item.Long ? 16 : 8;
+ Item.Pad = '0';
++ /* falls through */
+ case 'x':
+ ValueToHex (
+ Item.Scratch,
+--
+2.12.2
+
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb
index e0d8ee7..313b13e 100644
--- a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb
@@ -17,7 +17,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
file://lib-Makefile-fix-parallel-issue.patch \
file://gcc46-compatibility.patch \
file://aarch64-initplat.c-fix-const-qualifier.patch \
- "
+ file://0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch \
+ "
SRC_URI[md5sum] = "612e0f327f31c4b8468ef55f4eeb9649"
SRC_URI[sha256sum] = "51a00428c3ccb96db24089ed8394843c4f83cf8f42c6a4dfddb4b7c23f2bf8af"
@@ -25,6 +26,11 @@ SRC_URI[sha256sum] = "51a00428c3ccb96db24089ed8394843c4f83cf8f42c6a4dfddb4b7c23f
COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux"
COMPATIBLE_HOST_armv4 = 'null'
+do_configure_linux-gnux32_prepend() {
+ cp ${STAGING_INCDIR}/gnu/stubs-x32.h ${STAGING_INCDIR}/gnu/stubs-64.h
+ cp ${STAGING_INCDIR}/bits/long-double-32.h ${STAGING_INCDIR}/bits/long-double-64.h
+}
+
def gnu_efi_arch(d):
import re
tarch = d.getVar("TARGET_ARCH", True)
@@ -46,9 +52,22 @@ do_install() {
FILES_${PN} += "${libdir}/*.lds"
+# 64-bit binaries are expected for EFI when targeting X32
+INSANE_SKIP_${PN}-dev_append_linux-gnux32 = " arch"
+INSANE_SKIP_${PN}-dev_append_linux-muslx32 = " arch"
+
BBCLASSEXTEND = "native"
# It doesn't support sse, its make.defaults sets:
# CFLAGS += -mno-mmx -mno-sse
# So also remove -mfpmath=sse from TUNE_CCARGS
TUNE_CCARGS_remove = "-mfpmath=sse"
+
+python () {
+ ccargs = d.getVar('TUNE_CCARGS', True).split()
+ if '-mx32' in ccargs:
+ # use x86_64 EFI ABI
+ ccargs.remove('-mx32')
+ ccargs.append('-m64')
+ d.setVar('TUNE_CCARGS', ' '.join(ccargs))
+}
diff --git a/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch b/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch
new file mode 100644
index 0000000..217a775
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch
@@ -0,0 +1,36 @@
+From 6cef7f6079550af3bf91dbff824398eaef08c3c5 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:22:32 +0300
+Subject: [PATCH 1/4] btrfs: avoid "used uninitialized" error with GCC7
+
+sblock was local and so considered new variable on every loop
+iteration.
+
+Closes: 50597
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/fs/btrfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 9cffa91..4849c1c 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -227,11 +227,11 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data,
+ static grub_err_t
+ read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb)
+ {
++ struct grub_btrfs_superblock sblock;
+ unsigned i;
+ grub_err_t err = GRUB_ERR_NONE;
+ for (i = 0; i < ARRAY_SIZE (superblock_sectors); i++)
+ {
+- struct grub_btrfs_superblock sblock;
+ /* Don't try additional superblocks beyond device size. */
+ if (i && (grub_le_to_cpu64 (sblock.this_device.size)
+ >> GRUB_DISK_SECTOR_BITS) <= superblock_sectors[i])
+--
+1.9.1
+
diff --git a/meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch b/meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch
new file mode 100644
index 0000000..f95b9ef
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch
@@ -0,0 +1,92 @@
+From 7a5b301e3adb8e054288518a325135a1883c1c6c Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 19 Apr 2016 14:27:22 -0400
+Subject: [PATCH] build: Use AC_HEADER_MAJOR to find device macros
+
+Depending on the OS/libc, device macros are defined in different
+headers. This change ensures we include the right one.
+
+sys/types.h - BSD
+sys/mkdev.h - Sun
+sys/sysmacros.h - glibc (Linux)
+
+glibc currently pulls sys/sysmacros.h into sys/types.h, but this may
+change in a future release.
+
+https://sourceware.org/ml/libc-alpha/2015-11/msg00253.html
+---
+Upstream-Status: Backport
+
+ configure.ac | 3 ++-
+ grub-core/osdep/devmapper/getroot.c | 6 ++++++
+ grub-core/osdep/devmapper/hostdisk.c | 5 +++++
+ grub-core/osdep/linux/getroot.c | 6 ++++++
+ grub-core/osdep/unix/getroot.c | 4 +++-
+ 5 files changed, 22 insertions(+), 2 deletions(-)
+
+Index: grub-2.00/configure.ac
+===================================================================
+--- grub-2.00.orig/configure.ac
++++ grub-2.00/configure.ac
+@@ -326,7 +326,8 @@ fi
+
+ # Check for functions and headers.
+ AC_CHECK_FUNCS(posix_memalign memalign asprintf vasprintf getextmntent)
+-AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h sys/mkdev.h limits.h)
++AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
++AC_HEADER_MAJOR
+
+ AC_CHECK_MEMBERS([struct statfs.f_fstypename],,,[$ac_includes_default
+ #include <sys/param.h>
+Index: grub-2.00/grub-core/kern/emu/hostdisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/kern/emu/hostdisk.c
++++ grub-2.00/grub-core/kern/emu/hostdisk.c
+@@ -41,6 +41,12 @@
+ #include <errno.h>
+ #include <limits.h>
+
++#if defined(MAJOR_IN_MKDEV)
++#include <sys/mkdev.h>
++#elif defined(MAJOR_IN_SYSMACROS)
++#include <sys/sysmacros.h>
++#endif
++
+ #ifdef __linux__
+ # include <sys/ioctl.h> /* ioctl */
+ # include <sys/mount.h>
+Index: grub-2.00/util/getroot.c
+===================================================================
+--- grub-2.00.orig/util/getroot.c
++++ grub-2.00/util/getroot.c
+@@ -35,6 +35,13 @@
+ #ifdef HAVE_LIMITS_H
+ #include <limits.h>
+ #endif
++
++#if defined(MAJOR_IN_MKDEV)
++#include <sys/mkdev.h>
++#elif defined(MAJOR_IN_SYSMACROS)
++#include <sys/sysmacros.h>
++#endif
++
+ #include <grub/util/misc.h>
+ #include <grub/util/lvm.h>
+ #include <grub/cryptodisk.h>
+Index: grub-2.00/util/raid.c
+===================================================================
+--- grub-2.00.orig/util/raid.c
++++ grub-2.00/util/raid.c
+@@ -29,6 +29,12 @@
+ #include <errno.h>
+ #include <sys/types.h>
+
++#if defined(MAJOR_IN_MKDEV)
++#include <sys/mkdev.h>
++#elif defined(MAJOR_IN_SYSMACROS)
++#include <sys/sysmacros.h>
++#endif
++
+ #include <linux/types.h>
+ #include <linux/major.h>
+ #include <linux/raid/md_p.h>
diff --git a/meta/recipes-bsp/grub/files/0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch b/meta/recipes-bsp/grub/files/0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch
new file mode 100644
index 0000000..23717e3
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch
@@ -0,0 +1,48 @@
+From 07662af7aed55bcec448bc2a6610de1f0cb62100 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Thu, 22 Dec 2016 22:48:25 +0300
+Subject: [PATCH] configure: fix check for sys/sysmacros.h under glibc 2.25+
+
+glibc 2.25 still includes sys/sysmacros.h in sys/types.h but also emits
+deprecation warning. So test for sys/types.h succeeds in configure but later
+compilation fails because we use -Werror by default.
+
+While this is fixed in current autoconf GIT, we really cannot force everyone
+to use bleeding edge (that is not even released right now). So run test under
+-Werror as well to force proper detection.
+
+This should have no impact on autoconf 2.70+ as AC_HEADER_MAJOR in this version
+simply checks for header existence.
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/grub.git/commit/?id=07662af7aed55bcec448bc2a6610de1f0cb62100]
+
+Reported and tested by Khem Raj <raj.khem@gmail.com>
+
+Signed-off-by: Andrei Borzenkov <arvidjaar@gmail.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ configure.ac | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index dc56564..4e980c5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -389,7 +389,14 @@ fi
+ # Check for functions and headers.
+ AC_CHECK_FUNCS(posix_memalign memalign getextmntent)
+ AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
++
++# glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation
++# warning which causes compilation failure later with -Werror. So use -Werror here
++# as well to force proper sys/sysmacros.h detection.
++SAVED_CFLAGS="$CFLAGS"
++CFLAGS="$HOST_CFLAGS -Werror"
+ AC_HEADER_MAJOR
++CFLAGS="$SAVED_CFLAGS"
+
+ AC_CHECK_MEMBERS([struct statfs.f_fstypename],,,[$ac_includes_default
+ #include <sys/param.h>
+--
+2.4.0
+
diff --git a/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch b/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch
new file mode 100644
index 0000000..94f048c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch
@@ -0,0 +1,248 @@
+From 4bd4a88725604471fdbd86316c91967a7f4dba5a Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:23:55 +0300
+Subject: [PATCH 2/4] i386, x86_64, ppc: fix switch fallthrough cases with GCC7
+
+In util/getroot and efidisk slightly modify exitsing comment to mostly
+retain it but still make GCC7 compliant with respect to fall through
+annotation.
+
+In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
+upstream.
+
+In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
+suppress GCC7 warning.
+
+In grub-core/gnulib/regexec.c use new __attribute__, because existing
+annotation is not recognized by GCC7 parser (which requires that comment
+immediately precedes case statement).
+
+Otherwise add FALLTHROUGH comment.
+
+Closes: 50598
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/commands/hdparm.c | 1 +
+ grub-core/commands/nativedisk.c | 1 +
+ grub-core/disk/cryptodisk.c | 1 +
+ grub-core/disk/efi/efidisk.c | 2 +-
+ grub-core/efiemu/mm.c | 1 +
+ grub-core/gdb/cstub.c | 1 +
+ grub-core/gnulib/regexec.c | 3 +++
+ grub-core/lib/xzembed/xz_dec_lzma2.c | 4 ++++
+ grub-core/lib/xzembed/xz_dec_stream.c | 6 ++++++
+ grub-core/loader/i386/linux.c | 3 +++
+ grub-core/tests/setjmp_test.c | 5 ++++-
+ grub-core/video/ieee1275.c | 1 +
+ grub-core/video/readers/jpeg.c | 1 +
+ util/getroot.c | 2 +-
+ util/grub-install.c | 1 +
+ util/grub-mkimagexx.c | 1 +
+ util/grub-mount.c | 1 +
+ 17 files changed, 32 insertions(+), 3 deletions(-)
+
+Index: grub-2.00/grub-core/commands/hdparm.c
+===================================================================
+--- grub-2.00.orig/grub-core/commands/hdparm.c
++++ grub-2.00/grub-core/commands/hdparm.c
+@@ -328,6 +328,7 @@ grub_cmd_hdparm (grub_extcmd_context_t c
+ ata = ((struct grub_scsi *) disk->data)->data;
+ break;
+ }
++ /* FALLTHROUGH */
+ default:
+ return grub_error (GRUB_ERR_IO, "not an ATA device");
+ }
+Index: grub-2.00/grub-core/disk/cryptodisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/cryptodisk.c
++++ grub-2.00/grub-core/disk/cryptodisk.c
+@@ -268,6 +268,7 @@ grub_cryptodisk_endecrypt (struct grub_c
+ break;
+ case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
+ iv[1] = grub_cpu_to_le32 (sector >> 32);
++ /* FALLTHROUGH */
+ case GRUB_CRYPTODISK_MODE_IV_PLAIN:
+ iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
+ break;
+Index: grub-2.00/grub-core/disk/efi/efidisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/efi/efidisk.c
++++ grub-2.00/grub-core/disk/efi/efidisk.c
+@@ -262,7 +262,7 @@ name_devices (struct grub_efidisk_data *
+ {
+ case GRUB_EFI_HARD_DRIVE_DEVICE_PATH_SUBTYPE:
+ is_hard_drive = 1;
+- /* Fall through by intention. */
++ /* Intentionally fall through. */
+ case GRUB_EFI_CDROM_DEVICE_PATH_SUBTYPE:
+ {
+ struct grub_efidisk_data *parent, *parent2;
+Index: grub-2.00/grub-core/efiemu/mm.c
+===================================================================
+--- grub-2.00.orig/grub-core/efiemu/mm.c
++++ grub-2.00/grub-core/efiemu/mm.c
+@@ -410,6 +410,7 @@ grub_efiemu_mmap_fill (void)
+ default:
+ grub_dprintf ("efiemu",
+ "Unknown memory type %d. Assuming unusable\n", type);
++ /* FALLTHROUGH */
+ case GRUB_MEMORY_RESERVED:
+ return grub_efiemu_add_to_mmap (addr, size,
+ GRUB_EFI_UNUSABLE_MEMORY);
+Index: grub-2.00/grub-core/gdb/cstub.c
+===================================================================
+--- grub-2.00.orig/grub-core/gdb/cstub.c
++++ grub-2.00/grub-core/gdb/cstub.c
+@@ -336,6 +336,7 @@ grub_gdb_trap (int trap_no)
+ /* sAA..AA: Step one instruction from AA..AA(optional). */
+ case 's':
+ stepping = 1;
++ /* FALLTHROUGH */
+
+ /* cAA..AA: Continue at address AA..AA(optional). */
+ case 'c':
+Index: grub-2.00/grub-core/gnulib/regexec.c
+===================================================================
+--- grub-2.00.orig/grub-core/gnulib/regexec.c
++++ grub-2.00/grub-core/gnulib/regexec.c
+@@ -4104,6 +4104,9 @@ check_node_accept (const re_match_contex
+ case OP_UTF8_PERIOD:
+ if (ch >= ASCII_CHARS)
+ return false;
++#if defined __GNUC__ && __GNUC__ >= 7
++ __attribute__ ((fallthrough));
++#endif
+ /* FALLTHROUGH */
+ #endif
+ case OP_PERIOD:
+Index: grub-2.00/grub-core/lib/xzembed/xz_dec_lzma2.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/xzembed/xz_dec_lzma2.c
++++ grub-2.00/grub-core/lib/xzembed/xz_dec_lzma2.c
+@@ -1042,6 +1042,8 @@ enum xz_ret xz_dec_lzma2_run(
+
+ s->lzma2.sequence = SEQ_LZMA_PREPARE;
+
++ /* Fall through */
++
+ case SEQ_LZMA_PREPARE:
+ if (s->lzma2.compressed < RC_INIT_BYTES)
+ return XZ_DATA_ERROR;
+@@ -1052,6 +1054,8 @@ enum xz_ret xz_dec_lzma2_run(
+ s->lzma2.compressed -= RC_INIT_BYTES;
+ s->lzma2.sequence = SEQ_LZMA_RUN;
+
++ /* Fall through */
++
+ case SEQ_LZMA_RUN:
+ /*
+ * Set dictionary limit to indicate how much we want
+Index: grub-2.00/grub-core/lib/xzembed/xz_dec_stream.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/xzembed/xz_dec_stream.c
++++ grub-2.00/grub-core/lib/xzembed/xz_dec_stream.c
+@@ -749,6 +749,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_START;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_START:
+ /* We need one byte of input to continue. */
+ if (b->in_pos == b->in_size)
+@@ -772,6 +773,7 @@ static enum xz_ret dec_main(struct xz_de
+ s->temp.pos = 0;
+ s->sequence = SEQ_BLOCK_HEADER;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_HEADER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+@@ -782,6 +784,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_UNCOMPRESS;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_UNCOMPRESS:
+ ret = dec_block(s, b);
+ if (ret != XZ_STREAM_END)
+@@ -809,6 +812,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_CHECK;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_CHECK:
+ ret = hash_validate(s, b, 0);
+ if (ret != XZ_STREAM_END)
+@@ -863,6 +867,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_INDEX_CRC32;
+
++ /* FALLTHROUGH */
+ case SEQ_INDEX_CRC32:
+ ret = hash_validate(s, b, 1);
+ if (ret != XZ_STREAM_END)
+@@ -871,6 +876,7 @@ static enum xz_ret dec_main(struct xz_de
+ s->temp.size = STREAM_HEADER_SIZE;
+ s->sequence = SEQ_STREAM_FOOTER;
+
++ /* FALLTHROUGH */
+ case SEQ_STREAM_FOOTER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+Index: grub-2.00/grub-core/loader/i386/linux.c
+===================================================================
+--- grub-2.00.orig/grub-core/loader/i386/linux.c
++++ grub-2.00/grub-core/loader/i386/linux.c
+@@ -977,10 +977,13 @@ grub_cmd_linux (grub_command_t cmd __att
+ {
+ case 'g':
+ shift += 10;
++ /* FALLTHROUGH */
+ case 'm':
+ shift += 10;
++ /* FALLTHROUGH */
+ case 'k':
+ shift += 10;
++ /* FALLTHROUGH */
+ default:
+ break;
+ }
+Index: grub-2.00/grub-core/video/readers/jpeg.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/readers/jpeg.c
++++ grub-2.00/grub-core/video/readers/jpeg.c
+@@ -701,6 +701,7 @@ grub_jpeg_decode_jpeg (struct grub_jpeg_
+ case JPEG_MARKER_SOS: /* Start Of Scan. */
+ if (grub_jpeg_decode_sos (data))
+ break;
++ /* FALLTHROUGH */
+ case JPEG_MARKER_RST0: /* Restart. */
+ case JPEG_MARKER_RST1:
+ case JPEG_MARKER_RST2:
+Index: grub-2.00/util/grub-mkimagexx.c
+===================================================================
+--- grub-2.00.orig/util/grub-mkimagexx.c
++++ grub-2.00/util/grub-mkimagexx.c
+@@ -485,6 +485,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e
+ + sym->st_value
+ - image_target->vaddr_offset));
+ }
++ /* FALLTHROUGH */
+ case R_IA64_LTOFF_FPTR22:
+ *gpptr = grub_host_to_target64 (addend + sym_addr);
+ add_value_to_slot_21 ((grub_addr_t) target,
+Index: grub-2.00/util/grub-mount.c
+===================================================================
+--- grub-2.00.orig/util/grub-mount.c
++++ grub-2.00/util/grub-mount.c
+@@ -487,6 +487,7 @@ argp_parser (int key, char *arg, struct
+ if (arg[0] != '-')
+ break;
+
++ /* FALLTHROUGH */
+ default:
+ if (!arg)
+ return 0;
diff --git a/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch b/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch
new file mode 100644
index 0000000..fcfbf5c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch
@@ -0,0 +1,38 @@
+From 007f0b407f72314ec832d77e15b83ea40b160037 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:37:47 +0300
+Subject: [PATCH 3/4] Add gnulib-fix-gcc7-fallthrough.diff
+
+As long as the code is not upstream, add it as explicit patch for the
+case of gnulib refresh.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/gnulib-fix-gcc7-fallthrough.diff | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644 grub-core/gnulib-fix-gcc7-fallthrough.diff
+
+diff --git a/grub-core/gnulib-fix-gcc7-fallthrough.diff b/grub-core/gnulib-fix-gcc7-fallthrough.diff
+new file mode 100644
+index 0000000..9802e2d
+--- /dev/null
++++ b/grub-core/gnulib-fix-gcc7-fallthrough.diff
+@@ -0,0 +1,14 @@
++diff --git grub-core/gnulib/regexec.c grub-core/gnulib/regexec.c
++index f632cd4..a7776f0 100644
++--- grub-core/gnulib/regexec.c
+++++ grub-core/gnulib/regexec.c
++@@ -4099,6 +4099,9 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node,
++ case OP_UTF8_PERIOD:
++ if (ch >= ASCII_CHARS)
++ return false;
+++#if defined __GNUC__ && __GNUC__ >= 7
+++ __attribute__ ((fallthrough));
+++#endif
++ /* FALLTHROUGH */
++ #endif
++ case OP_PERIOD:
+--
+1.9.1
+
diff --git a/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch b/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch
new file mode 100644
index 0000000..78a70a2
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch
@@ -0,0 +1,175 @@
+From d454509bb866d4eaefbb558d94dd0ef0228830eb Mon Sep 17 00:00:00 2001
+From: Vladimir Serbinenko <phcoder@gmail.com>
+Date: Wed, 12 Apr 2017 01:42:38 +0000
+Subject: [PATCH 4/4] Fix remaining cases of gcc 7 fallthrough warning.
+
+They are all intended, so just add the relevant comment.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/kern/ia64/dl.c | 1 +
+ grub-core/kern/mips/dl.c | 1 +
+ grub-core/kern/sparc64/dl.c | 1 +
+ grub-core/loader/i386/coreboot/chainloader.c | 1 +
+ 4 files changed, 4 insertions(+)
+
+Index: grub-2.00/grub-core/kern/ia64/dl.c
+===================================================================
+--- grub-2.00.orig/grub-core/kern/ia64/dl.c
++++ grub-2.00/grub-core/kern/ia64/dl.c
+@@ -257,6 +257,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t
+ case R_IA64_LTOFF22:
+ if (ELF_ST_TYPE (sym->st_info) == STT_FUNC)
+ value = *(grub_uint64_t *) sym->st_value + rel->r_addend;
++ /* Fallthrough. */
+ case R_IA64_LTOFF_FPTR22:
+ *gpptr = value;
+ add_value_to_slot_21 (addr, (grub_addr_t) gpptr - (grub_addr_t) gp);
+Index: grub-2.00/grub-core/disk/diskfilter.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/diskfilter.c
++++ grub-2.00/grub-core/disk/diskfilter.c
+@@ -71,10 +71,12 @@ is_lv_readable (struct grub_diskfilter_l
+ case GRUB_DISKFILTER_RAID6:
+ if (!easily)
+ need--;
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_RAID4:
+ case GRUB_DISKFILTER_RAID5:
+ if (!easily)
+ need--;
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_STRIPED:
+ break;
+
+@@ -507,6 +509,7 @@ read_segment (struct grub_diskfilter_seg
+ if (seg->node_count == 1)
+ return grub_diskfilter_read_node (&seg->nodes[0],
+ sector, size, buf);
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_MIRROR:
+ case GRUB_DISKFILTER_RAID10:
+ {
+Index: grub-2.00/grub-core/font/font.c
+===================================================================
+--- grub-2.00.orig/grub-core/font/font.c
++++ grub-2.00/grub-core/font/font.c
+@@ -1297,6 +1297,7 @@ blit_comb (const struct grub_unicode_gly
+ - grub_font_get_xheight (combining_glyphs[i]->font) - 1;
+ if (space <= 0)
+ space = 1 + (grub_font_get_xheight (main_glyph->font)) / 8;
++ /* Fallthrough. */
+
+ case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
+ do_blit (combining_glyphs[i], targetx,
+@@ -1338,6 +1339,7 @@ blit_comb (const struct grub_unicode_gly
+ + combining_glyphs[i]->height);
+ if (space <= 0)
+ space = 1 + (grub_font_get_xheight (main_glyph->font)) / 8;
++ /* Fallthrough. */
+
+ case GRUB_UNICODE_STACK_ATTACHED_BELOW:
+ do_blit (combining_glyphs[i], targetx, -(bounds.y - space));
+Index: grub-2.00/grub-core/fs/udf.c
+===================================================================
+--- grub-2.00.orig/grub-core/fs/udf.c
++++ grub-2.00/grub-core/fs/udf.c
+@@ -970,6 +970,7 @@ grub_udf_read_symlink (grub_fshelp_node_
+ case 1:
+ if (ptr[1])
+ goto fail;
++ break;
+ case 2:
+ /* in 4 bytes. out: 1 byte. */
+ optr = out;
+Index: grub-2.00/grub-core/lib/legacy_parse.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/legacy_parse.c
++++ grub-2.00/grub-core/lib/legacy_parse.c
+@@ -626,6 +626,7 @@ grub_legacy_parse (const char *buf, char
+ {
+ case TYPE_FILE_NO_CONSUME:
+ hold_arg = 1;
++ /* Fallthrough. */
+ case TYPE_PARTITION:
+ case TYPE_FILE:
+ args[i] = adjust_file (curarg, curarglen);
+Index: grub-2.00/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
++++ grub-2.00/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
+@@ -96,7 +96,8 @@ do_setkey (RIJNDAEL_context *ctx, const
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ int ROUNDS;
+- int i,j, r, t, rconpointer = 0;
++ unsigned int i, t, rconpointer = 0;
++ int j, r;
+ int KC;
+ union
+ {
+Index: grub-2.00/grub-core/mmap/efi/mmap.c
+===================================================================
+--- grub-2.00.orig/grub-core/mmap/efi/mmap.c
++++ grub-2.00/grub-core/mmap/efi/mmap.c
+@@ -72,6 +72,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ GRUB_MEMORY_AVAILABLE);
+ break;
+ }
++ /* Fallthrough. */
+ case GRUB_EFI_RUNTIME_SERVICES_CODE:
+ hook (desc->physical_start, desc->num_pages * 4096,
+ GRUB_MEMORY_CODE);
+@@ -86,6 +87,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ grub_printf ("Unknown memory type %d, considering reserved\n",
+ desc->type);
+
++ /* Fallthrough. */
+ case GRUB_EFI_BOOT_SERVICES_DATA:
+ if (!avoid_efi_boot_services)
+ {
+@@ -93,6 +95,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ GRUB_MEMORY_AVAILABLE);
+ break;
+ }
++ /* Fallthrough. */
+ case GRUB_EFI_RESERVED_MEMORY_TYPE:
+ case GRUB_EFI_RUNTIME_SERVICES_DATA:
+ case GRUB_EFI_MEMORY_MAPPED_IO:
+Index: grub-2.00/grub-core/normal/charset.c
+===================================================================
+--- grub-2.00.orig/grub-core/normal/charset.c
++++ grub-2.00/grub-core/normal/charset.c
+@@ -858,6 +858,7 @@ grub_bidi_line_logical_to_visual (const
+ case GRUB_BIDI_TYPE_R:
+ case GRUB_BIDI_TYPE_AL:
+ bidi_needed = 1;
++ /* Fallthrough. */
+ default:
+ {
+ if (join_state == JOIN_FORCE)
+Index: grub-2.00/grub-core/video/bochs.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/bochs.c
++++ grub-2.00/grub-core/video/bochs.c
+@@ -351,6 +351,7 @@ grub_video_bochs_setup (unsigned int wid
+ case 32:
+ framebuffer.mode_info.reserved_mask_size = 8;
+ framebuffer.mode_info.reserved_field_pos = 24;
++ /* Fallthrough. */
+
+ case 24:
+ framebuffer.mode_info.red_mask_size = 8;
+Index: grub-2.00/grub-core/video/cirrus.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/cirrus.c
++++ grub-2.00/grub-core/video/cirrus.c
+@@ -431,6 +431,7 @@ grub_video_cirrus_setup (unsigned int wi
+ case 32:
+ framebuffer.mode_info.reserved_mask_size = 8;
+ framebuffer.mode_info.reserved_field_pos = 24;
++ /* Fallthrough. */
+
+ case 24:
+ framebuffer.mode_info.red_mask_size = 8;
diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb b/meta/recipes-bsp/grub/grub-efi_2.00.bb
index 5a0dc95..013fe42 100644
--- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
+++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
@@ -6,6 +6,7 @@ PR = "r3"
SRC_URI += " \
file://cfg \
+ file://0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch \
"
S = "${WORKDIR}/grub-${PV}"
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index b69de9f..a93c99e 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -35,6 +35,11 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://0001-Enforce-no-pie-if-the-compiler-supports-it.patch \
file://0001-grub-core-kern-efi-mm.c-grub_efi_finish_boot_service.patch \
file://0002-grub-core-kern-efi-mm.c-grub_efi_get_memory_map-Neve.patch \
+ file://0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch \
+ file://0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch \
+ file://0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch \
+ file://0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch \
+ file://0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch \
"
DEPENDS = "flex-native bison-native autogen-native"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 3421c38..a61d6f6 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -27,6 +27,8 @@ SRC_URI = "\
"
S = "${WORKDIR}/bluez-${PV}"
+CVE_PRODUCT = "bluez"
+
inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest
EXTRA_OECONF = "\
diff --git a/meta/recipes-connectivity/portmap/portmap_6.0.bb b/meta/recipes-connectivity/portmap/portmap_6.0.bb
index 999b4a9..d970095 100644
--- a/meta/recipes-connectivity/portmap/portmap_6.0.bb
+++ b/meta/recipes-connectivity/portmap/portmap_6.0.bb
@@ -4,7 +4,7 @@ DEPENDS_append_libc-musl = " libtirpc "
PR = "r9"
-SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \
+SRC_URI = "https://fossies.org/linux/misc/old/portmap-6.0.tgz \
file://destdir-no-strip.patch \
file://tcpd-config.patch \
file://portmap.init \
diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc
index 906e0d4..fc1406f 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \
BUGTRACKER = "http://bugzilla.gnome.org"
SECTION = "libs"
+CVE_PRODUCT = "glib"
+
BBCLASSEXTEND = "native nativesdk"
DEPENDS = "virtual/libiconv libffi zlib glib-2.0-native"
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.24.bb b/meta/recipes-core/glibc/cross-localedef-native_2.24.bb
index d4ccced..ceaaf97 100644
--- a/meta/recipes-core/glibc/cross-localedef-native_2.24.bb
+++ b/meta/recipes-core/glibc/cross-localedef-native_2.24.bb
@@ -36,6 +36,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0023-eglibc-Install-PIC-archives.patch \
file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+ file://0001-Include-locale_t.h-compatibility-header.patch \
+ file://archive-path.patch \
"
# Makes for a rather long rev (22 characters), but...
#
diff --git a/meta/recipes-core/glibc/glibc-collateral.inc b/meta/recipes-core/glibc/glibc-collateral.inc
index 60655eb..5159a6d 100644
--- a/meta/recipes-core/glibc/glibc-collateral.inc
+++ b/meta/recipes-core/glibc/glibc-collateral.inc
@@ -15,7 +15,7 @@ do_patch[noexec] = "1"
do_configure[noexec] = "1"
do_compile[noexec] = "1"
-do_install[depends] += "virtual/${MLPREFIX}libc:do_populate_sysroot"
+do_install[depends] += "virtual/${MLPREFIX}libc:do_stash_locale"
COMPATIBLE_HOST_libc-musl_class-target = "null"
COMPATIBLE_HOST_libc-uclibc_class-target = "null"
diff --git a/meta/recipes-core/glibc/glibc-common.inc b/meta/recipes-core/glibc/glibc-common.inc
index bba1568..b05e162 100644
--- a/meta/recipes-core/glibc/glibc-common.inc
+++ b/meta/recipes-core/glibc/glibc-common.inc
@@ -7,3 +7,4 @@ LIC_FILES_CHKSUM ?= "file://LICENSES;md5=07a394b26e0902b9ffdec03765209770 \
file://COPYING;md5=393a5ca445f6965873eca0259a17f833 \
file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff "
+CVE_PRODUCT = "glibc"
diff --git a/meta/recipes-core/glibc/glibc-initial.inc b/meta/recipes-core/glibc/glibc-initial.inc
index 2e3bc81..8058b68 100644
--- a/meta/recipes-core/glibc/glibc-initial.inc
+++ b/meta/recipes-core/glibc/glibc-initial.inc
@@ -48,7 +48,7 @@ do_install () {
done
}
-do_install_locale() {
+do_stash_locale() {
:
}
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc
index 3fecdf9..d09e6e3 100644
--- a/meta/recipes-core/glibc/glibc-locale.inc
+++ b/meta/recipes-core/glibc/glibc-locale.inc
@@ -12,7 +12,7 @@ BINUTILSDEP = "virtual/${MLPREFIX}${TARGET_PREFIX}binutils:do_populate_sysroot"
BINUTILSDEP_class-nativesdk = "virtual/${TARGET_PREFIX}binutils-crosssdk:do_populate_sysroot"
do_package[depends] += "${BINUTILSDEP}"
-# localedef links with libc.so and glibc-collateral.incinhibits all default deps
+# localedef links with libc.so and glibc-collateral.inc inhibits all default deps
# cannot add virtual/libc to DEPENDS, because it would conflict with libc-initial in RSS
RDEPENDS_localedef += "glibc"
@@ -39,7 +39,6 @@ PACKAGES = "localedef ${PN}-dbg"
PACKAGES_DYNAMIC = "^locale-base-.* \
^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
- ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
^${MLPREFIX}glibc-gconv$"
# Create a glibc-binaries package
@@ -70,7 +69,7 @@ DESCRIPTION_localedef = "glibc: compile locale definition files"
FILES_${MLPREFIX}glibc-gconv = "${libdir}/gconv/*"
FILES_localedef = "${bindir}/localedef"
-LOCALETREESRC = "${STAGING_INCDIR}/glibc-locale-internal-${MULTIMACH_TARGET_SYS}"
+LOCALETREESRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
do_install () {
mkdir -p ${D}${bindir} ${D}${datadir} ${D}${libdir}
diff --git a/meta/recipes-core/glibc/glibc-mtrace.inc b/meta/recipes-core/glibc/glibc-mtrace.inc
index e12b079..a7f9f78 100644
--- a/meta/recipes-core/glibc/glibc-mtrace.inc
+++ b/meta/recipes-core/glibc/glibc-mtrace.inc
@@ -5,7 +5,7 @@ DESCRIPTION = "mtrace utility provided by glibc"
RDEPENDS_${PN} = "perl"
RPROVIDES_${PN} = "libc-mtrace"
-SRC = "${STAGING_INCDIR}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}"
+SRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
do_install() {
install -d -m 0755 ${D}${bindir}
diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc
index bad6424..6f4e71d 100644
--- a/meta/recipes-core/glibc/glibc-package.inc
+++ b/meta/recipes-core/glibc/glibc-package.inc
@@ -145,8 +145,11 @@ do_install_append_aarch64 () {
fi
}
-do_install_locale () {
- dest=${D}/${includedir}/glibc-locale-internal-${MULTIMACH_TARGET_SYS}
+LOCALESTASH = "${WORKDIR}/stashed-locale"
+bashscripts = "mtrace sotruss xtrace"
+
+do_stash_locale () {
+ dest=${LOCALESTASH}
install -d ${dest}${base_libdir} ${dest}${bindir} ${dest}${libdir} ${dest}${datadir}
if [ "${base_libdir}" != "${libdir}" ]; then
cp -fpPR ${D}${base_libdir}/* ${dest}${base_libdir}
@@ -166,14 +169,8 @@ do_install_locale () {
cp -fpPR ${D}${datadir}/* ${dest}${datadir}
rm -rf ${D}${datadir}/locale/
cp -fpPR ${WORKDIR}/SUPPORTED ${dest}
-}
-
-addtask do_install_locale after do_install before do_populate_sysroot do_package
-bashscripts = "mtrace sotruss xtrace"
-
-do_evacuate_scripts () {
- target=${D}${includedir}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}
+ target=${dest}/scripts
mkdir -p $target
for i in ${bashscripts}; do
if [ -f ${D}${bindir}/$i ]; then
@@ -182,22 +179,36 @@ do_evacuate_scripts () {
done
}
-addtask evacuate_scripts after do_install before do_populate_sysroot do_package
+addtask do_stash_locale after do_install before do_populate_sysroot do_package
+do_stash_locale[dirs] = "${B}"
+do_stash_locale[cleandirs] = "${LOCALESTASH}"
+SSTATETASKS += "do_stash_locale"
+do_stash_locale[sstate-inputdirs] = "${LOCALESTASH}"
+do_stash_locale[sstate-outputdirs] = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
+do_stash_locale[sstate-fixmedir] = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
-PACKAGE_PREPROCESS_FUNCS += "glibc_package_preprocess"
+python do_stash_locale_setscene () {
+ sstate_setscene(d)
+}
+addtask do_stash_locale_setscene
-glibc_package_preprocess () {
- rm -rf ${PKGD}/${includedir}/glibc-locale-internal-${MULTIMACH_TARGET_SYS}
- rm -rf ${PKGD}/${includedir}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}
+do_poststash_install_cleanup () {
+ # Remove all files which do_stash_locale would remove (mv)
+ # since that task could have come from sstate and not get run.
for i in ${bashscripts}; do
- rm -f ${PKGD}${bindir}/$i
+ rm -f ${D}${bindir}/$i
done
- rm -rf ${PKGD}/${localedir}
+ rm -f ${D}${bindir}/localedef
+ rm -rf ${D}${datadir}/i18n
+ rm -rf ${D}${libdir}/gconv
+ rm -rf ${D}/${localedir}
+ rm -rf ${D}${datadir}/locale
if [ "${libdir}" != "${exec_prefix}/lib" ]; then
# This dir only exists to hold locales
- rm -rf ${PKGD}${exec_prefix}/lib
+ rm -rf ${D}${exec_prefix}/lib
fi
}
+addtask do_poststash_install_cleanup after do_stash_locale do_install before do_populate_sysroot do_package
pkg_postinst_nscd () {
if [ -z "$D" ]; then
diff --git a/meta/recipes-core/glibc/glibc-scripts.inc b/meta/recipes-core/glibc/glibc-scripts.inc
index bce0a42..c661f2b 100644
--- a/meta/recipes-core/glibc/glibc-scripts.inc
+++ b/meta/recipes-core/glibc/glibc-scripts.inc
@@ -4,7 +4,7 @@ SUMMARY = "utility scripts provided by glibc"
DESCRIPTION = "utility scripts provided by glibc"
RDEPENDS_${PN} = "bash glibc-mtrace"
-SRC = "${STAGING_INCDIR}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}"
+SRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
bashscripts = "sotruss xtrace"
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch
new file mode 100644
index 0000000..ba0bebe
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch
@@ -0,0 +1,357 @@
+From ff9b7c4fb73295cd2de2d2ccfbbf4f6d50883d47 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Sat, 31 Dec 2016 20:22:09 +0100
+Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ
+ #18784]
+
+Also rename T_UNSPEC because an upcoming public header file
+update will use that name.
+
+(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=patch;h=b3b37f1a5559a7620e31c8053ed1b44f798f2b6d
+
+CVE: CVE-2015-5180
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 14 ++++
+ NEWS | 6 ++
+ include/arpa/nameser_compat.h | 6 +-
+ resolv/Makefile | 5 ++
+ resolv/nss_dns/dns-host.c | 2 +-
+ resolv/res_mkquery.c | 4 +
+ resolv/res_query.c | 6 +-
+ resolv/tst-resolv-qtypes.c | 185 ++++++++++++++++++++++++++++++++++++++++++
+ 8 files changed, 221 insertions(+), 7 deletions(-)
+ create mode 100644 resolv/tst-resolv-qtypes.c
+
+diff --git a/ChangeLog b/ChangeLog
+index 893262de11..2bdaf69e43 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,17 @@
++2016-12-31 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #18784]
++ CVE-2015-5180
++ * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from
++ T_UNSPEC. Adjust value.
++ * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it.
++ * resolv/res_query.c (__libc_res_nquery): Likewise.
++ * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range
++ QTYPEs.
++ * resolv/tst-resolv-qtypes.c: New file.
++ * resolv/Makefile (xtests): Add tst-resolv-qtypes.
++ (tst-resolv-qtypes): Link against libresolv and libpthread.
++
+ 2016-10-26 Carlos O'Donell <carlos@redhat.com>
+
+ * include/atomic.h
+diff --git a/NEWS b/NEWS
+index 3002773c16..4b1ca3cb65 100644
+--- a/NEWS
++++ b/NEWS
+@@ -11,6 +11,12 @@ using `glibc' in the "product" field.
+ printers show various pthread variables in human-readable form when read
+ using the 'print' or 'display' commands in gdb.
+
++* The DNS stub resolver functions would crash due to a NULL pointer
++ dereference when processing a query with a valid DNS question type which
++ was used internally in the implementation. The stub resolver now uses a
++ question type which is outside the range of valid question type values.
++ (CVE-2015-5180)
++
+ Version 2.24
+
+ * The minimum Linux kernel version that this version of the GNU C Library
+diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h
+index 2e735ede4c..7c0deed9ae 100644
+--- a/include/arpa/nameser_compat.h
++++ b/include/arpa/nameser_compat.h
+@@ -1,8 +1,8 @@
+ #ifndef _ARPA_NAMESER_COMPAT_
+ #include <resolv/arpa/nameser_compat.h>
+
+-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e.,
+- T_A and T_AAAA). */
+-#define T_UNSPEC 62321
++/* The number is outside the 16-bit RR type range and is used
++ internally by the implementation. */
++#define T_QUERY_A_AND_AAAA 439963904
+
+ #endif
+diff --git a/resolv/Makefile b/resolv/Makefile
+index 8be41d3ae1..a4c86b9762 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes)
+ extra-libs += libanl
+ routines += gai_sigqueue
+ tests += tst-res_hconf_reorder
++
++# This test sends millions of packets and is rather slow.
++xtests += tst-resolv-qtypes
+ endif
+ extra-libs-others = $(extra-libs)
+ libresolv-routines := gethnamaddr res_comp res_debug \
+@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace
+ $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \
+ $(evaluate-test)
++
++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5f9e35701b..d16fa4b8ed 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+
+ int olderr = errno;
+ enum nss_status status;
+- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA,
+ host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+ if (n >= 0)
+diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
+index 12f9730199..d80b5318e5 100644
+--- a/resolv/res_mkquery.c
++++ b/resolv/res_mkquery.c
+@@ -103,6 +103,10 @@ res_nmkquery(res_state statp,
+ int n;
+ u_char *dnptrs[20], **dpp, **lastdnptr;
+
++ if (class < 0 || class > 65535
++ || type < 0 || type > 65535)
++ return -1;
++
+ #ifdef DEBUG
+ if (statp->options & RES_DEBUG)
+ printf(";; res_nmkquery(%s, %s, %s, %s)\n",
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 944d1a90f5..07dc6f6583 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp,
+ int n, use_malloc = 0;
+ u_int oflags = statp->_flags;
+
+- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE;
+ u_char *buf = alloca (bufsize);
+ u_char *query1 = buf;
+ int nquery1 = -1;
+@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp,
+ printf(";; res_query(%s, %d, %d)\n", name, class, type);
+ #endif
+
+- if (type == T_UNSPEC)
++ if (type == T_QUERY_A_AND_AAAA)
+ {
+ n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
+ query1, bufsize);
+@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp,
+ if (__builtin_expect (n <= 0, 0) && !use_malloc) {
+ /* Retry just in case res_nmkquery failed because of too
+ short buffer. Shouldn't happen. */
+- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET;
+ buf = malloc (bufsize);
+ if (buf != NULL) {
+ query1 = buf;
+diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c
+new file mode 100644
+index 0000000000..b3e60c693b
+--- /dev/null
++++ b/resolv/tst-resolv-qtypes.c
+@@ -0,0 +1,185 @@
++/* Exercise low-level query functions with different QTYPEs.
++ Copyright (C) 2016 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <resolv.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/test-driver.h>
++#include <support/xmemstream.h>
++
++/* If ture, the response function will send the actual response packet
++ over TCP instead of UDP. */
++static volatile bool force_tcp;
++
++/* Send back a fake resource record matching the QTYPE. */
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ if (force_tcp && ctx->tcp)
++ {
++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 });
++ resolv_response_add_question (b, qname, qclass, qtype);
++ return;
++ }
++
++ resolv_response_init (b, (struct resolv_response_flags) { });
++ resolv_response_add_question (b, qname, qclass, qtype);
++ resolv_response_section (b, ns_s_an);
++ resolv_response_open_record (b, qname, qclass, qtype, 0);
++ resolv_response_add_data (b, &qtype, sizeof (qtype));
++ resolv_response_close_record (b);
++}
++
++static const const char *domain = "www.example.com";
++
++static int
++wrap_res_query (int type, unsigned char *answer, int answer_length)
++{
++ return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_search (int type, unsigned char *answer, int answer_length)
++{
++ return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_querydomain (int type, unsigned char *answer, int answer_length)
++{
++ return res_querydomain ("www", "example.com", C_IN, type,
++ answer, answer_length);
++}
++
++static int
++wrap_res_send (int type, unsigned char *answer, int answer_length)
++{
++ unsigned char buf[512];
++ int ret = res_mkquery (QUERY, domain, C_IN, type,
++ (const unsigned char *) "", 0, NULL,
++ buf, sizeof (buf));
++ if (type < 0 || type >= 65536)
++ {
++ /* res_mkquery fails for out-of-range record types. */
++ TEST_VERIFY_EXIT (ret == -1);
++ return -1;
++ }
++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */
++ return res_send (buf, ret, answer, answer_length);
++}
++
++static int
++wrap_res_nquery (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nsearch (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type,
++ answer, answer_length);
++}
++
++static int
++wrap_res_nsend (int type, unsigned char *answer, int answer_length)
++{
++ unsigned char buf[512];
++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type,
++ (const unsigned char *) "", 0, NULL,
++ buf, sizeof (buf));
++ if (type < 0 || type >= 65536)
++ {
++ /* res_mkquery fails for out-of-range record types. */
++ TEST_VERIFY_EXIT (ret == -1);
++ return -1;
++ }
++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */
++ return res_nsend (&_res, buf, ret, answer, answer_length);
++}
++
++static void
++test_function (const char *fname,
++ int (*func) (int type,
++ unsigned char *answer, int answer_length))
++{
++ unsigned char buf[512];
++ for (int tcp = 0; tcp < 2; ++tcp)
++ {
++ force_tcp = tcp;
++ for (unsigned int type = 1; type <= 65535; ++type)
++ {
++ if (test_verbose)
++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n",
++ type, fname, tcp);
++ int ret = func (type, buf, sizeof (buf));
++ if (ret != 47)
++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d",
++ fname,tcp, type, ret);
++ /* One question, one answer record. */
++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0);
++ /* Question section. */
++ static const char qname[] = "\3www\7example\3com";
++ size_t qname_length = sizeof (qname);
++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0);
++ /* RDATA part of answer. */
++ uint16_t type16 = type;
++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0);
++ }
++ }
++
++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1));
++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1));
++}
++
++static int
++do_test (void)
++{
++ struct resolv_redirect_config config =
++ {
++ .response_callback = response,
++ };
++ struct resolv_test *obj = resolv_test_start (config);
++
++ test_function ("res_query", &wrap_res_query);
++ test_function ("res_search", &wrap_res_search);
++ test_function ("res_querydomain", &wrap_res_querydomain);
++ test_function ("res_send", &wrap_res_send);
++
++ test_function ("res_nquery", &wrap_res_nquery);
++ test_function ("res_nsearch", &wrap_res_nsearch);
++ test_function ("res_nquerydomain", &wrap_res_nquerydomain);
++ test_function ("res_nsend", &wrap_res_nsend);
++
++ resolv_test_end (obj);
++ return 0;
++}
++
++#define TIMEOUT 300
++#include <support/test-driver.c>
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
new file mode 100644
index 0000000..78e9ea9
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
@@ -0,0 +1,71 @@
+From 400f170750a4b2c94a2670ca44de166cc5dd6e3b Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 18:33:26 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac
+https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=stretch&id=2755c57269f24e9d59c22c49788f92515346c1bb
+
+CVE: CVE-2017-1000366
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 7 +++++++
+ NEWS | 1 +
+ elf/rtld.c | 3 ++-
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 2bdaf69e43..7a999802dd 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++2017-06-19 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #21624]
++ CVE-2017-1000366
++ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
++ __libc_enable_secure.
++
+ 2016-12-31 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #18784]
+diff --git a/NEWS b/NEWS
+index 4b1ca3cb65..66b49dbbc0 100644
+--- a/NEWS
++++ b/NEWS
+@@ -17,6 +17,7 @@ using `glibc' in the "product" field.
+ question type which is outside the range of valid question type values.
+ (CVE-2015-5180)
+
++ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ Version 2.24
+
+ * The minimum Linux kernel version that this version of the GNU C Library
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 647661ca45..215a9aec8f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2437,7 +2437,8 @@ process_envvars (enum mode *modep)
+
+ case 12:
+ /* The library search path. */
+- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ {
+ library_path = &envline[13];
+ break;
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch b/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch
new file mode 100644
index 0000000..634f8d8
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch
@@ -0,0 +1,27 @@
+From abfeb0cf4e3261a66a7a23abc9aed33c034c850d Mon Sep 17 00:00:00 2001
+From: Joshua Watt <Joshua.Watt@garmin.com>
+Date: Wed, 6 Dec 2017 13:26:19 -0600
+Subject: [PATCH] Include locale_t.h compatibility header
+
+Newer versions of glibc (since 2.26) moved the locale typedefs from
+xlocale.h to bits/types/locale_t.h. Create a compatibility header for
+these newer versions of glibc
+
+See f0be25b6336db7492e47d2e8e72eb8af53b5506d in glibc
+
+Upstream-Status: Inappropriate
+---
+ locale/bits/types/locale_t.h | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 locale/bits/types/locale_t.h
+
+diff --git a/locale/bits/types/locale_t.h b/locale/bits/types/locale_t.h
+new file mode 100644
+index 0000000000..b519a6c5f8
+--- /dev/null
++++ b/locale/bits/types/locale_t.h
+@@ -0,0 +1 @@
++#include <xlocale.h>
+--
+2.14.3
+
diff --git a/meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch b/meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
new file mode 100644
index 0000000..7f81ed1
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
@@ -0,0 +1,145 @@
+From 6d49272e6d6741496e3456f2cc22ebc2b9f7f989 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+(cherry picked from commit 6d0ba622891bed9d8394eef1935add53003b12e8)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=aab04ca5d359150e17631e6a9b44b65e93bdc467
+https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=stretch&id=2755c57269f24e9d59c22c49788f92515346c1bb
+
+CVE: CVE-2017-1000366
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 7 ++++++
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 73 insertions(+), 16 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7a999802dd..ea5ecd4a1e 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++2017-06-19 Florian Weimer <fweimer@redhat.com>
++
++ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
++ (dso_name_valid_for_suid): New function.
++ (handle_ld_preload): Likewise.
++ (dl_main): Call it. Remove alloca.
++
+ 2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21624]
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 215a9aec8f..1d8eab9fe2 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+
++/* Length limits for names and paths, to protect the dynamic linker,
++ particularly when __libc_enable_secure is active. */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++ directories and is not overly long. Reject empty names
++ unconditionally. */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++ if (__glibc_unlikely (__libc_enable_secure))
++ {
++ /* Ignore pathnames with directories for AT_SECURE=1
++ programs, and also skip overlong names. */
++ size_t len = strlen (p);
++ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++ return false;
++ }
++ return *p != '\0';
++}
+
+ /* List of auditing DSOs. */
+ static struct audit_list
+@@ -730,6 +759,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed. */
+ static int version_info attribute_relro;
+
++/* The LD_PRELOAD environment variable gives list of libraries
++ separated by white space or colons that are loaded before the
++ executable's dependencies and prepended to the global scope list.
++ (If the binary is running setuid all elements containing a '/' are
++ ignored since it is insecure.) Return the number of preloads
++ performed. */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++ unsigned int npreloads = 0;
++ const char *p = preloadlist;
++ char fname[SECURE_PATH_LIMIT];
++
++ while (*p != '\0')
++ {
++ /* Split preload list at space/colon. */
++ size_t len = strcspn (p, " :");
++ if (len > 0 && len < sizeof (fname))
++ {
++ memcpy (fname, p, len);
++ fname[len] = '\0';
++ }
++ else
++ fname[0] = '\0';
++
++ /* Skip over the substring and the following delimiter. */
++ p += len;
++ if (*p != '\0')
++ ++p;
++
++ if (dso_name_valid_for_suid (fname))
++ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++ }
++ return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+ ElfW(Word) phnum,
+@@ -1481,23 +1546,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+
+ if (__glibc_unlikely (preloadlist != NULL))
+ {
+- /* The LD_PRELOAD environment variable gives list of libraries
+- separated by white space or colons that are loaded before the
+- executable's dependencies and prepended to the global scope
+- list. If the binary is running setuid all elements
+- containing a '/' are ignored since it is insecure. */
+- char *list = strdupa (preloadlist);
+- char *p;
+-
+ HP_TIMING_NOW (start);
+-
+- /* Prevent optimizing strsep. Speed is not important here. */
+- while ((p = (strsep) (&list, " :")) != NULL)
+- if (p[0] != '\0'
+- && (__builtin_expect (! __libc_enable_secure, 1)
+- || strchr (p, '/') == NULL))
+- npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++ npreloads += handle_ld_preload (preloadlist, main_map);
+ HP_TIMING_NOW (stop);
+ HP_TIMING_DIFF (diff, start, stop);
+ HP_TIMING_ACCUM_NT (load_time, diff);
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch b/meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
new file mode 100644
index 0000000..b52b8a1
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
@@ -0,0 +1,231 @@
+From c0b25407def32718147530da72959a034cd1318d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+(cherry picked from commit 81b82fb966ffbd94353f793ad17116c6088dedd9)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=2febff860b31df3666bef5ade0d0744c93f76a74
+https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=stretch&id=2755c57269f24e9d59c22c49788f92515346c1bb
+
+CVE: CVE-2017-1000366
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 11 +++++++
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 2 files changed, 106 insertions(+), 15 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index ea5ecd4a1e..638cb632b1 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,14 @@
++2017-06-19 Florian Weimer <fweimer@redhat.com>
++
++ * elf/rtld.c (audit_list_string): New variable.
++ (audit_list): Update comment.
++ (struct audit_list_iter): Define.
++ (audit_list_iter_init, audit_list_iter_next): New function.
++ (dl_main): Use struct audit_list_iter to process audit modules.
++ (process_dl_audit): Call dso_name_valid_for_suid.
++ (process_envvars): Set audit_list_string instead of calling
++ process_dl_audit.
++
+ 2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 1d8eab9fe2..302bb63620 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+ return *p != '\0';
+ }
+
+-/* List of auditing DSOs. */
++/* LD_AUDIT variable contents. Must be processed before the
++ audit_list below. */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs. audit_list->next is the first
++ element. */
+ static struct audit_list
+ {
+ const char *name;
+ struct audit_list *next;
+ } *audit_list;
+
++/* Iterator for audit_list_string followed by audit_list. */
++struct audit_list_iter
++{
++ /* Tail of audit_list_string still needing processing, or NULL. */
++ const char *audit_list_tail;
++
++ /* The list element returned in the previous iteration. NULL before
++ the first element. */
++ struct audit_list *previous;
++
++ /* Scratch buffer for returning a name which is part of
++ audit_list_string. */
++ char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator. */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++ iter->audit_list_tail = audit_list_string;
++ iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list. */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++ if (iter->audit_list_tail != NULL)
++ {
++ /* First iterate over audit_list_string. */
++ while (*iter->audit_list_tail != '\0')
++ {
++ /* Split audit list at colon. */
++ size_t len = strcspn (iter->audit_list_tail, ":");
++ if (len > 0 && len < sizeof (iter->fname))
++ {
++ memcpy (iter->fname, iter->audit_list_tail, len);
++ iter->fname[len] = '\0';
++ }
++ else
++ /* Do not return this name to the caller. */
++ iter->fname[0] = '\0';
++
++ /* Skip over the substring and the following delimiter. */
++ iter->audit_list_tail += len;
++ if (*iter->audit_list_tail == ':')
++ ++iter->audit_list_tail;
++
++ /* If the name is valid, return it. */
++ if (dso_name_valid_for_suid (iter->fname))
++ return iter->fname;
++ /* Otherwise, wrap around and try the next name. */
++ }
++ /* Fall through to the procesing of audit_list. */
++ }
++
++ if (iter->previous == NULL)
++ {
++ if (audit_list == NULL)
++ /* No pre-parsed audit list. */
++ return NULL;
++ /* Start of audit list. The first list element is at
++ audit_list->next (cyclic list). */
++ iter->previous = audit_list->next;
++ return iter->previous->name;
++ }
++ if (iter->previous == audit_list)
++ /* Cyclic list wrap-around. */
++ return NULL;
++ iter->previous = iter->previous->next;
++ return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+ libraries, cleared before the executable's entry point runs. This
+@@ -1322,11 +1400,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+ GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+
+ /* If we have auditing DSOs to load, do it now. */
+- if (__glibc_unlikely (audit_list != NULL))
++ bool need_security_init = true;
++ if (__glibc_unlikely (audit_list != NULL)
++ || __glibc_unlikely (audit_list_string != NULL))
+ {
+- /* Iterate over all entries in the list. The order is important. */
+ struct audit_ifaces *last_audit = NULL;
+- struct audit_list *al = audit_list->next;
++ struct audit_list_iter al_iter;
++ audit_list_iter_init (&al_iter);
+
+ /* Since we start using the auditing DSOs right away we need to
+ initialize the data structures now. */
+@@ -1337,9 +1417,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+ use different values (especially the pointer guard) and will
+ fail later on. */
+ security_init ();
++ need_security_init = false;
+
+- do
++ while (true)
+ {
++ const char *name = audit_list_iter_next (&al_iter);
++ if (name == NULL)
++ break;
++
+ int tls_idx = GL(dl_tls_max_dtv_idx);
+
+ /* Now it is time to determine the layout of the static TLS
+@@ -1348,7 +1433,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ no DF_STATIC_TLS bit is set. The reason is that we know
+ glibc will use the static model. */
+ struct dlmopen_args dlmargs;
+- dlmargs.fname = al->name;
++ dlmargs.fname = name;
+ dlmargs.map = NULL;
+
+ const char *objname;
+@@ -1361,7 +1446,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ not_loaded:
+ _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+- al->name, err_str);
++ name, err_str);
+ if (malloced)
+ free ((char *) err_str);
+ }
+@@ -1465,10 +1550,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ goto not_loaded;
+ }
+ }
+-
+- al = al->next;
+ }
+- while (al != audit_list->next);
+
+ /* If we have any auditing modules, announce that we already
+ have two objects loaded. */
+@@ -1732,7 +1814,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ if (tcbp == NULL)
+ tcbp = init_tls ();
+
+- if (__glibc_likely (audit_list == NULL))
++ if (__glibc_likely (need_security_init))
+ /* Initialize security features. But only if we have not done it
+ earlier. */
+ security_init ();
+@@ -2363,9 +2445,7 @@ process_dl_audit (char *str)
+ char *p;
+
+ while ((p = (strsep) (&str, ":")) != NULL)
+- if (p[0] != '\0'
+- && (__builtin_expect (! __libc_enable_secure, 1)
+- || strchr (p, '/') == NULL))
++ if (dso_name_valid_for_suid (p))
+ {
+ /* This is using the local malloc, not the system malloc. The
+ memory can never be freed. */
+@@ -2429,7 +2509,7 @@ process_envvars (enum mode *modep)
+ break;
+ }
+ if (memcmp (envline, "AUDIT", 5) == 0)
+- process_dl_audit (&envline[6]);
++ audit_list_string = &envline[6];
+ break;
+
+ case 7:
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch b/meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch
new file mode 100644
index 0000000..43c4398
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch
@@ -0,0 +1,62 @@
+From 203835b3bf6f1edfe1ebe4a7fa15dc085e6dc8f7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 14 Jun 2017 08:11:22 +0200
+Subject: [PATCH] i686: Add missing IS_IN (libc) guards to vectorized strcspn
+
+Since commit d957c4d3fa48d685ff2726c605c988127ef99395 (i386: Compile
+rtld-*.os with -mno-sse -mno-mmx -mfpmath=387), vector intrinsics can
+no longer be used in ld.so, even if the compiled code never makes it
+into the final ld.so link. This commit adds the missing IS_IN (libc)
+guard to the SSE 4.2 strcspn implementation, so that it can be used from
+ld.so in the future.
+
+(cherry picked from commit 69052a3a95da37169a08f9e59b2cc1808312753c)
+
+Upstream-Status: Backport
+https://sourceware.org/git/?p=glibc.git;a=commit;h=86ac4a78a9218d1e1dcfbacc6f7d09957c1fe3a4
+
+Required to build fixes for CVE-2017-1000366.
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+---
+ ChangeLog | 5 +++++
+ sysdeps/i386/i686/multiarch/strcspn-c.c | 6 ++++--
+ sysdeps/i386/i686/multiarch/varshift.c | 4 +++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 638cb632b1..3f89a2cdb2 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-14 Florian Weimer <fweimer@redhat.com>
++
++ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
++ * sysdeps/i386/i686/multiarch/varshift.c: Likewise.
++
+ 2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ * elf/rtld.c (audit_list_string): New variable.
+diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c
+index 6d61e190a8..ec230fb383 100644
+--- a/sysdeps/i386/i686/multiarch/strcspn-c.c
++++ b/sysdeps/i386/i686/multiarch/strcspn-c.c
+@@ -1,2 +1,4 @@
+-#define __strcspn_sse2 __strcspn_ia32
+-#include <sysdeps/x86_64/multiarch/strcspn-c.c>
++#if IS_IN (libc)
++# define __strcspn_sse2 __strcspn_ia32
++# include <sysdeps/x86_64/multiarch/strcspn-c.c>
++#endif
+diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c
+index 7760b966e2..6742a35d41 100644
+--- a/sysdeps/i386/i686/multiarch/varshift.c
++++ b/sysdeps/i386/i686/multiarch/varshift.c
+@@ -1 +1,3 @@
+-#include <sysdeps/x86_64/multiarch/varshift.c>
++#if IS_IN (libc)
++# include <sysdeps/x86_64/multiarch/varshift.c>
++#endif
+--
+2.15.0
+
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 0000000..b606cc2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,38 @@
+commit a76376df7c07e577a9515c3faa5dbd50bda5da07
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri Oct 20 18:41:14 2017 +0200
+
+ CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15670
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog 2017-11-16 18:12:32.457928327 +0530
++++ git/ChangeLog 2017-11-16 18:18:24.423642908 +0530
+@@ -1,3 +1,9 @@
++2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
+ 2017-05-05 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21461]
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c 2017-11-16 18:12:14.833843602 +0530
++++ git/posix/glob.c 2017-11-16 18:16:39.511127432 +0530
+@@ -856,7 +856,7 @@
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch b/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
new file mode 100644
index 0000000..5e5bbe2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
@@ -0,0 +1,232 @@
+From: fweimer at redhat dot com (Florian Weimer)
+Date: Fri, 05 May 2017 15:18:28 +0200
+Subject: [PATCH] sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
+
+[BZ #21461]
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8804
+Signed-off-by: Rajkumar Veer<rveer@mvista.
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -20,6 +20,9 @@ using `glibc' in the "product" field.
+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ Version 2.24
+
++* The xdr_bytes and xdr_string routines free the internally allocated buffer
++ if deserialization of the buffer contents fails for any reason.
++
+ * The minimum Linux kernel version that this version of the GNU C Library
+ can be used with is 3.2, except on i[4567]86 and x86_64, where Linux
+ kernel version 2.6.32 or later suffices (on architectures that already
+Index: git/sunrpc/Makefile
+===================================================================
+--- git.orig/sunrpc/Makefile
++++ git/sunrpc/Makefile
+@@ -96,9 +96,16 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_
+ extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
+ others += rpcgen
+
+-tests = tst-xdrmem tst-xdrmem2 test-rpcent
++tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-xdrmem3
+ xtests := tst-getmyaddr
+
++tests-special += $(objpfx)mtrace-tst-xdrmem3.out
++generated += mtrace-tst-xdrmem3.out tst-xdrmem3.mtrace
++tst-xdrmem3-ENV = MALLOC_TRACE=$(objpfx)tst-xdrmem3.mtrace
++$(objpfx)mtrace-tst-xdrmem3.out: $(objpfx)tst-xdrmem3.out
++ $(common-objpfx)malloc/mtrace $(objpfx)tst-xdrmem3.mtrace > $@; \
++ $(evaluate-test)
++
+ ifeq ($(have-thread-library),yes)
+ xtests += thrsvc
+ endif
+@@ -153,6 +160,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
+ $(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
++$(objpfx)tst-xdrmem3: $(common-objpfx)linkobj/libc.so
+
+ $(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
+
+Index: git/sunrpc/tst-xdrmem3.c
+===================================================================
+--- /dev/null
++++ git/sunrpc/tst-xdrmem3.c
+@@ -0,0 +1,83 @@
++/* Test xdr_bytes, xdr_string behavior on deserialization failure.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <mcheck.h>
++#include <rpc/rpc.h>
++#include <support/check.h>
++#include <support/support.h>
++
++static int
++do_test (void)
++{
++ mtrace ();
++
++ /* If do_own_buffer, allocate the buffer and pass it to the
++ deserialization routine. Otherwise the routine is requested to
++ allocate the buffer. */
++ for (int do_own_buffer = 0; do_own_buffer < 2; ++do_own_buffer)
++ {
++ /* Length 16 MiB, but only 2 bytes of data in the packet. */
++ unsigned char buf[] = "\x01\x00\x00\x00\xff";
++ XDR xdrs;
++ char *result;
++ unsigned int result_len;
++
++ /* Test xdr_bytes. */
++ xdrmem_create (&xdrs, (char *) buf, sizeof (buf), XDR_DECODE);
++ result_len = 0;
++ if (do_own_buffer)
++ {
++ char *own_buffer = xmalloc (10);
++ result = own_buffer;
++ TEST_VERIFY (!xdr_bytes (&xdrs, &result, &result_len, 10));
++ TEST_VERIFY (result == own_buffer);
++ free (own_buffer);
++ }
++ else
++ {
++ result = NULL;
++ TEST_VERIFY (!xdr_bytes (&xdrs, &result, &result_len, -1));
++ TEST_VERIFY (result == NULL);
++ }
++ TEST_VERIFY (result_len == 16 * 1024 * 1024);
++ xdr_destroy (&xdrs);
++
++ /* Test xdr_string. */
++ xdrmem_create (&xdrs, (char *) buf, sizeof (buf), XDR_DECODE);
++ if (do_own_buffer)
++ {
++ char *own_buffer = xmalloc (10);
++ result = own_buffer;
++ TEST_VERIFY (!xdr_string (&xdrs, &result, 10));
++ TEST_VERIFY (result == own_buffer);
++ free (own_buffer);
++ }
++ else
++ {
++ result = NULL;
++ TEST_VERIFY (!xdr_string (&xdrs, &result, -1));
++ TEST_VERIFY (result == NULL);
++ }
++ xdr_destroy (&xdrs);
++ }
++
++ return 0;
++}
++
++#include <support/test-driver.c>
++
+Index: git/sunrpc/xdr.c
+===================================================================
+--- git.orig/sunrpc/xdr.c
++++ git/sunrpc/xdr.c
+@@ -620,14 +620,24 @@ xdr_bytes (XDR *xdrs, char **cpp, u_int
+ }
+ if (sp == NULL)
+ {
+- *cpp = sp = (char *) mem_alloc (nodesize);
+- }
+- if (sp == NULL)
+- {
+- (void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
++ sp = (char *) mem_alloc (nodesize);
++ if (sp == NULL)
++ {
++ (void) __fxprintf (NULL, "%s: %s", __func__,
++ _("out of memory\n"));
++ return FALSE;
++ }
++ }
++ if (!xdr_opaque (xdrs, sp, nodesize))
++ {
++ if (sp != *cpp)
++ /* *cpp was NULL, so this function allocated a new
++ buffer. */
++ free (sp);
+ return FALSE;
+ }
+- /* fall into ... */
++ *cpp = sp;
++ return TRUE;
+
+ case XDR_ENCODE:
+ return xdr_opaque (xdrs, sp, nodesize);
+@@ -781,14 +791,27 @@ xdr_string (XDR *xdrs, char **cpp, u_int
+ {
+ case XDR_DECODE:
+ if (sp == NULL)
+- *cpp = sp = (char *) mem_alloc (nodesize);
+- if (sp == NULL)
+ {
+- (void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
+- return FALSE;
++ sp = (char *) mem_alloc (nodesize);
++ if (sp == NULL)
++ {
++ (void) __fxprintf (NULL, "%s: %s", __func__,
++ _("out of memory\n"));
++ return FALSE;
++ }
+ }
+ sp[size] = 0;
+- /* fall into ... */
++
++ if (!xdr_opaque (xdrs, sp, size))
++ {
++ if (sp != *cpp)
++ /* *cpp was NULL, so this function allocated a new
++ buffer. */
++ free (sp);
++ return FALSE;
++ }
++ *cpp = sp;
++ return TRUE;
+
+ case XDR_ENCODE:
+ return xdr_opaque (xdrs, sp, size);
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,16 @@
++2017-05-05 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #21461]
++ * sunrpc/xdr.c (xdr_bytes): Deallocate allocated buffer on error.
++ (xdr_string): Likewise.
++ * sunrpc/Makefile (tests): Add tst-xdrmem3.
++ (tests-special): Add mtrace-tst-xdrmem3.out.
++ (generated): Add mtrace-tst-xdrmem3.out, tst-xdrmem3.mtrace.
++ (tst-xdrmem3-ENV): Set MALLOC_TRACE.
++ (mtrace-tst-xdrmem3.out): Run mtrace.
++ (tst-xdrmem3): Link against full libc.
++ * sunrpc/tst-xdrmem3.c: New file.
++
+ 2017-06-14 Florian Weimer <fweimer@redhat.com>
+
+ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
diff --git a/meta/recipes-core/glibc/glibc/archive-path.patch b/meta/recipes-core/glibc/glibc/archive-path.patch
new file mode 100644
index 0000000..b0d3158
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/archive-path.patch
@@ -0,0 +1,39 @@
+localedef --add-to-archive uses a hard-coded locale path which doesn't exist in
+normal use, and there's no way to pass an alternative filename.
+
+Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
+index ca332a34..6b7ba9b2 100644
+--- a/locale/programs/locarchive.c
++++ b/locale/programs/locarchive.c
+@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly)
+ /* If ah has a non-NULL fname open that otherwise open the default. */
+ if (archivefname == NULL)
+ {
+- archivefname = default_fname;
+- if (output_prefix)
+- memcpy (default_fname, output_prefix, prefix_len);
+- strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++ archivefname = getenv("LOCALEARCHIVE");
++ if (archivefname == NULL) {
++ archivefname = default_fname;
++ if (output_prefix)
++ memcpy (default_fname, output_prefix, prefix_len);
++ strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++ }
+ }
+
+ while (1)
+@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly)
+ the default locale archive we ignore the failure and
+ list an empty archive, otherwise we print an error
+ and exit. */
+- if (errno == ENOENT && archivefname == default_fname)
++ if (errno == ENOENT)
+ {
+ if (readonly)
+ {
diff --git a/meta/recipes-core/glibc/glibc/relocate-locales.patch b/meta/recipes-core/glibc/glibc/relocate-locales.patch
new file mode 100644
index 0000000..11f7df4
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/relocate-locales.patch
@@ -0,0 +1,33 @@
+The glibc locale path is hard-coded to the install prefix, but in SDKs we need
+to be able to relocate the binaries. Expand the strings to 4K and put them in a
+magic segment that we can relocate at install time.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Index: git/locale/localeinfo.h
+===================================================================
+--- git.orig/locale/localeinfo.h
++++ git/locale/localeinfo.h
+@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int categor
+ }
+
+ /* Default search path if no LOCPATH environment variable. */
+-extern char _nl_default_locale_path[] attribute_hidden;
++extern char _nl_default_locale_path[4096] attribute_hidden;
+
+ /* Load the locale data for CATEGORY from the file specified by *NAME.
+ If *NAME is "", use environment variables as specified by POSIX, and
+Index: git/locale/loadarchive.c
+===================================================================
+--- git.orig/locale/loadarchive.c
++++ git/locale/loadarchive.c
+@@ -42,7 +42,7 @@
+
+
+ /* Name of the locale archive file. */
+-static const char archfname[] = COMPLOCALEDIR "/locale-archive";
++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive";
+
+ /* Size of initial mapping window, optimal if large enough to
+ cover the header plus the initial locale. */
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index e723e03..94df4fc 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -45,12 +45,19 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0004-New-condvar-implementation-that-provides-stronger-or.patch \
file://0005-Remove-__ASSUME_REQUEUE_PI.patch \
file://0006-Fix-atomic_fetch_xor_release.patch \
+ file://0001-CVE-2015-5180-resolv-Fix-crash-with-internal-QTYPE-B.patch \
+ file://0001-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch \
+ file://0002-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch \
+ file://0003-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch \
+ file://0004-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch \
"
SRC_URI += "\
file://etc/ld.so.conf \
file://generate-supported.mk \
file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \
+ file://CVE-2017-8804.patch \
+ file://CVE-2017-15670.patch \
"
SRC_URI_append_class-nativesdk = "\
@@ -58,6 +65,7 @@ SRC_URI_append_class-nativesdk = "\
file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
+ file://relocate-locales.patch \
"
S = "${WORKDIR}/git"
@@ -137,12 +145,6 @@ do_compile () {
}
-# Use the host locale archive when built for nativesdk so that we don't need to
-# ship a complete (100MB) locale set.
-do_compile_prepend_class-nativesdk() {
- echo "complocaledir=/usr/lib/locale" >> ${S}/configparms
-}
-
require glibc-package.inc
BBCLASSEXTEND = "nativesdk"
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 7f29ff8..9e579a0 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "vmdk"
inherit core-image module-base
-SRCREV ?= "d555b59a988154d8ef0073109cf697f09e6e19af"
+SRCREV ?= "a3765887d3efa4c464ef7a00450f218ae2b15eb2"
SRC_URI = "git://git.yoctoproject.org/poky;branch=morty \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index 5808c95..049f34a 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -23,7 +23,6 @@ TOOLCHAIN_HOST_TASK ?= "\
nativesdk-wget \
nativesdk-ca-certificates \
nativesdk-texinfo \
- nativesdk-locale-base-en-us \
"
MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"
diff --git a/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch
new file mode 100644
index 0000000..d08a10f
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch
@@ -0,0 +1,670 @@
+From 222953e87f34545a3f9c6d3c18216e222bf6ea94 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner@archlinux.org>
+Date: Fri, 10 Jun 2016 09:50:16 -0400
+Subject: [PATCH] Ensure kdbus isn't used (#3501)
+
+Delete the dbus1 generator and some critical wiring. This prevents
+kdbus from being loaded or detected. As such, it will never be used,
+even if the user still has a useful kdbus module loaded on their system.
+
+Sort of fixes #3480. Not really, but it's better than the current state.
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ Makefile.am | 20 --
+ autogen.sh | 12 +-
+ configure.ac | 10 -
+ src/core/busname.c | 7 +-
+ src/core/kmod-setup.c | 3 -
+ src/core/manager.c | 23 ---
+ src/core/mount-setup.c | 2 -
+ src/core/service.c | 17 +-
+ src/dbus1-generator/dbus1-generator.c | 331 ----------------------------------
+ src/login/pam_systemd.c | 31 ++--
+ src/shared/bus-util.c | 34 ----
+ src/shared/bus-util.h | 3 -
+ 12 files changed, 23 insertions(+), 470 deletions(-)
+ delete mode 100644 src/dbus1-generator/dbus1-generator.c
+
+Index: git/autogen.sh
+===================================================================
+--- git.orig/autogen.sh
++++ git/autogen.sh
+@@ -55,19 +55,19 @@ fi
+ cd $oldpwd
+
+ if [ "x$1" = "xc" ]; then
+- $topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args
++ $topdir/configure CFLAGS='-g -O0 -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xg" ]; then
+- $topdir/configure CFLAGS='-g -Og -ftrapv' --enable-kdbus $args
++ $topdir/configure CFLAGS='-g -Og -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xa" ]; then
+- $topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' --enable-kdbus $args
++ $topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xl" ]; then
+- $topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args
++ $topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' $args
+ make clean
+ elif [ "x$1" = "xs" ]; then
+- scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' --enable-kdbus $args
++ scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' $args
+ scan-build make
+ else
+ echo
+@@ -75,6 +75,6 @@ else
+ echo "Initialized build system. For a common configuration please run:"
+ echo "----------------------------------------------------------------"
+ echo
+- echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args"
++ echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' $args"
+ echo
+ fi
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -1294,16 +1294,6 @@ AC_ARG_WITH(tpm-pcrindex,
+ AC_DEFINE_UNQUOTED(SD_TPM_PCR, [$SD_TPM_PCR], [TPM PCR register number to use])
+
+ # ------------------------------------------------------------------------------
+-have_kdbus=no
+-AC_ARG_ENABLE(kdbus, AS_HELP_STRING([--disable-kdbus], [do not connect to kdbus by default]))
+-if test "x$enable_kdbus" != "xno"; then
+- AC_DEFINE(ENABLE_KDBUS, 1, [Define if kdbus is to be connected to by default])
+- have_kdbus=yes
+- M4_DEFINES="$M4_DEFINES -DENABLE_KDBUS"
+-fi
+-AM_CONDITIONAL(ENABLE_KDBUS, [test "$have_kdbus" = "yes"])
+-
+-# ------------------------------------------------------------------------------
+ AC_ARG_WITH(rc-local-script-path-start,
+ AS_HELP_STRING([--with-rc-local-script-path-start=PATH],
+ [Path to /etc/rc.local]),
+Index: git/src/core/busname.c
+===================================================================
+--- git.orig/src/core/busname.c
++++ git/src/core/busname.c
+@@ -998,12 +998,7 @@ static int busname_get_timeout(Unit *u,
+ }
+
+ static bool busname_supported(void) {
+- static int supported = -1;
+-
+- if (supported < 0)
+- supported = is_kdbus_available();
+-
+- return supported;
++ return false;
+ }
+
+ static int busname_control_pid(Unit *u) {
+Index: git/src/core/kmod-setup.c
+===================================================================
+--- git.orig/src/core/kmod-setup.c
++++ git/src/core/kmod-setup.c
+@@ -64,9 +64,6 @@ int kmod_setup(void) {
+ /* this should never be a module */
+ { "unix", "/proc/net/unix", true, true, NULL },
+
+- /* IPC is needed before we bring up any other services */
+- { "kdbus", "/sys/fs/kdbus", false, false, is_kdbus_wanted },
+-
+ #ifdef HAVE_LIBIPTC
+ /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
+ { "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
+Index: git/src/core/manager.c
+===================================================================
+--- git.orig/src/core/manager.c
++++ git/src/core/manager.c
+@@ -809,28 +809,6 @@ static int manager_setup_cgroups_agent(M
+ return 0;
+ }
+
+-static int manager_setup_kdbus(Manager *m) {
+- _cleanup_free_ char *p = NULL;
+-
+- assert(m);
+-
+- if (m->test_run || m->kdbus_fd >= 0)
+- return 0;
+- if (!is_kdbus_available())
+- return -ESOCKTNOSUPPORT;
+-
+- m->kdbus_fd = bus_kernel_create_bus(
+- MANAGER_IS_SYSTEM(m) ? "system" : "user",
+- MANAGER_IS_SYSTEM(m), &p);
+-
+- if (m->kdbus_fd < 0)
+- return log_debug_errno(m->kdbus_fd, "Failed to set up kdbus: %m");
+-
+- log_debug("Successfully set up kdbus on %s", p);
+-
+- return 0;
+-}
+-
+ static int manager_connect_bus(Manager *m, bool reexecuting) {
+ bool try_bus_connect;
+
+@@ -1225,7 +1203,6 @@ int manager_startup(Manager *m, FILE *se
+
+ /* We might have deserialized the kdbus control fd, but if we
+ * didn't, then let's create the bus now. */
+- manager_setup_kdbus(m);
+ manager_connect_bus(m, !!serialization);
+ bus_track_coldplug(m, &m->subscribed, &m->deserialized_subscribed);
+
+Index: git/src/core/mount-setup.c
+===================================================================
+--- git.orig/src/core/mount-setup.c
++++ git/src/core/mount-setup.c
+@@ -108,8 +108,6 @@ static const MountPoint mount_table[] =
+ { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ is_efi_boot, MNT_NONE },
+ #endif
+- { "kdbusfs", "/sys/fs/kdbus", "kdbusfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+- is_kdbus_wanted, MNT_IN_CONTAINER },
+ };
+
+ /* These are API file systems that might be mounted by other software,
+Index: git/src/core/service.c
+===================================================================
+--- git.orig/src/core/service.c
++++ git/src/core/service.c
+@@ -574,20 +574,9 @@ static int service_setup_bus_name(Servic
+ if (!s->bus_name)
+ return 0;
+
+- if (is_kdbus_available()) {
+- const char *n;
+-
+- n = strjoina(s->bus_name, ".busname");
+- r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, n, NULL, true);
+- if (r < 0)
+- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency to .busname unit: %m");
+-
+- } else {
+- /* If kdbus is not available, we know the dbus socket is required, hence pull it in, and require it */
+- r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true);
+- if (r < 0)
+- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m");
+- }
++ r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true);
++ if (r < 0)
++ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m");
+
+ /* Regardless if kdbus is used or not, we always want to be ordered against dbus.socket if both are in the transaction. */
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, NULL, true);
+Index: git/src/dbus1-generator/dbus1-generator.c
+===================================================================
+--- git.orig/src/dbus1-generator/dbus1-generator.c
++++ /dev/null
+@@ -1,331 +0,0 @@
+-/***
+- This file is part of systemd.
+-
+- Copyright 2013 Lennart Poettering
+-
+- systemd is free software; you can redistribute it and/or modify it
+- under the terms of the GNU Lesser General Public License as published by
+- the Free Software Foundation; either version 2.1 of the License, or
+- (at your option) any later version.
+-
+- systemd is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- Lesser General Public License for more details.
+-
+- You should have received a copy of the GNU Lesser General Public License
+- along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-***/
+-
+-#include "alloc-util.h"
+-#include "bus-internal.h"
+-#include "bus-util.h"
+-#include "cgroup-util.h"
+-#include "conf-parser.h"
+-#include "dirent-util.h"
+-#include "fd-util.h"
+-#include "fileio.h"
+-#include "mkdir.h"
+-#include "special.h"
+-#include "unit-name.h"
+-#include "util.h"
+-
+-static const char *arg_dest_late = "/tmp", *arg_dest = "/tmp";
+-
+-static int create_dbus_files(
+- const char *path,
+- const char *name,
+- const char *service,
+- const char *exec,
+- const char *user,
+- const char *type) {
+-
+- _cleanup_free_ char *b = NULL, *s = NULL, *lnk = NULL;
+- _cleanup_fclose_ FILE *f = NULL;
+- int r;
+-
+- assert(path);
+- assert(name);
+- assert(service || exec);
+-
+- if (!service) {
+- _cleanup_free_ char *a = NULL;
+-
+- s = strjoin("dbus-", name, ".service", NULL);
+- if (!s)
+- return log_oom();
+-
+- a = strjoin(arg_dest_late, "/", s, NULL);
+- if (!a)
+- return log_oom();
+-
+- f = fopen(a, "wxe");
+- if (!f)
+- return log_error_errno(errno, "Failed to create %s: %m", a);
+-
+- fprintf(f,
+- "# Automatically generated by systemd-dbus1-generator\n\n"
+- "[Unit]\n"
+- "SourcePath=%s\n"
+- "Description=DBUS1: %s\n"
+- "Documentation=man:systemd-dbus1-generator(8)\n\n"
+- "[Service]\n"
+- "ExecStart=%s\n"
+- "Type=dbus\n"
+- "BusName=%s\n",
+- path,
+- name,
+- exec,
+- name);
+-
+- if (user)
+- fprintf(f, "User=%s\n", user);
+-
+-
+- if (type) {
+- fprintf(f, "Environment=DBUS_STARTER_BUS_TYPE=%s\n", type);
+-
+- if (streq(type, "system"))
+- fprintf(f, "Environment=DBUS_STARTER_ADDRESS=" DEFAULT_SYSTEM_BUS_ADDRESS "\n");
+- else if (streq(type, "session")) {
+- char *run;
+-
+- run = getenv("XDG_RUNTIME_DIR");
+- if (!run) {
+- log_error("XDG_RUNTIME_DIR not set.");
+- return -EINVAL;
+- }
+-
+- fprintf(f, "Environment=DBUS_STARTER_ADDRESS="KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT "\n",
+- getuid(), run);
+- }
+- }
+-
+- r = fflush_and_check(f);
+- if (r < 0)
+- return log_error_errno(r, "Failed to write %s: %m", a);
+-
+- f = safe_fclose(f);
+-
+- service = s;
+- }
+-
+- b = strjoin(arg_dest_late, "/", name, ".busname", NULL);
+- if (!b)
+- return log_oom();
+-
+- f = fopen(b, "wxe");
+- if (!f)
+- return log_error_errno(errno, "Failed to create %s: %m", b);
+-
+- fprintf(f,
+- "# Automatically generated by systemd-dbus1-generator\n\n"
+- "[Unit]\n"
+- "SourcePath=%s\n"
+- "Description=DBUS1: %s\n"
+- "Documentation=man:systemd-dbus1-generator(8)\n\n"
+- "[BusName]\n"
+- "Name=%s\n"
+- "Service=%s\n"
+- "AllowWorld=talk\n",
+- path,
+- name,
+- name,
+- service);
+-
+- r = fflush_and_check(f);
+- if (r < 0)
+- return log_error_errno(r, "Failed to write %s: %m", b);
+-
+- lnk = strjoin(arg_dest_late, "/" SPECIAL_BUSNAMES_TARGET ".wants/", name, ".busname", NULL);
+- if (!lnk)
+- return log_oom();
+-
+- mkdir_parents_label(lnk, 0755);
+- if (symlink(b, lnk))
+- return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
+-
+- return 0;
+-}
+-
+-static int add_dbus(const char *path, const char *fname, const char *type) {
+- _cleanup_free_ char *name = NULL, *exec = NULL, *user = NULL, *service = NULL;
+-
+- const ConfigTableItem table[] = {
+- { "D-BUS Service", "Name", config_parse_string, 0, &name },
+- { "D-BUS Service", "Exec", config_parse_string, 0, &exec },
+- { "D-BUS Service", "User", config_parse_string, 0, &user },
+- { "D-BUS Service", "SystemdService", config_parse_string, 0, &service },
+- { },
+- };
+-
+- char *p;
+- int r;
+-
+- assert(path);
+- assert(fname);
+-
+- p = strjoina(path, "/", fname);
+- r = config_parse(NULL, p, NULL,
+- "D-BUS Service\0",
+- config_item_table_lookup, table,
+- true, false, true, NULL);
+- if (r < 0)
+- return r;
+-
+- if (!name) {
+- log_warning("Activation file %s lacks name setting, ignoring.", p);
+- return 0;
+- }
+-
+- if (!service_name_is_valid(name)) {
+- log_warning("Bus service name %s is not valid, ignoring.", name);
+- return 0;
+- }
+-
+- if (streq(name, "org.freedesktop.systemd1")) {
+- log_debug("Skipping %s, identified as systemd.", p);
+- return 0;
+- }
+-
+- if (service) {
+- if (!unit_name_is_valid(service, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) {
+- log_warning("Unit name %s is not valid, ignoring.", service);
+- return 0;
+- }
+- if (!endswith(service, ".service")) {
+- log_warning("Bus names can only activate services, ignoring %s.", p);
+- return 0;
+- }
+- } else {
+- if (streq(exec, "/bin/false") || !exec) {
+- log_warning("Neither service name nor binary path specified, ignoring %s.", p);
+- return 0;
+- }
+-
+- if (exec[0] != '/') {
+- log_warning("Exec= in %s does not start with an absolute path, ignoring.", p);
+- return 0;
+- }
+- }
+-
+- return create_dbus_files(p, name, service, exec, user, type);
+-}
+-
+-static int parse_dbus_fragments(const char *path, const char *type) {
+- _cleanup_closedir_ DIR *d = NULL;
+- struct dirent *de;
+- int r;
+-
+- assert(path);
+- assert(type);
+-
+- d = opendir(path);
+- if (!d) {
+- if (errno == -ENOENT)
+- return 0;
+-
+- return log_error_errno(errno, "Failed to enumerate D-Bus activated services: %m");
+- }
+-
+- r = 0;
+- FOREACH_DIRENT(de, d, goto fail) {
+- int q;
+-
+- if (!endswith(de->d_name, ".service"))
+- continue;
+-
+- q = add_dbus(path, de->d_name, type);
+- if (q < 0)
+- r = q;
+- }
+-
+- return r;
+-
+-fail:
+- return log_error_errno(errno, "Failed to read D-Bus services directory: %m");
+-}
+-
+-static int link_busnames_target(const char *units) {
+- const char *f, *t;
+-
+- f = strjoina(units, "/" SPECIAL_BUSNAMES_TARGET);
+- t = strjoina(arg_dest, "/" SPECIAL_BASIC_TARGET ".wants/" SPECIAL_BUSNAMES_TARGET);
+-
+- mkdir_parents_label(t, 0755);
+- if (symlink(f, t) < 0)
+- return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+-
+- return 0;
+-}
+-
+-static int link_compatibility(const char *units) {
+- const char *f, *t;
+-
+- f = strjoina(units, "/systemd-bus-proxyd.socket");
+- t = strjoina(arg_dest, "/" SPECIAL_DBUS_SOCKET);
+- mkdir_parents_label(t, 0755);
+- if (symlink(f, t) < 0)
+- return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+-
+- f = strjoina(units, "/systemd-bus-proxyd.socket");
+- t = strjoina(arg_dest, "/" SPECIAL_SOCKETS_TARGET ".wants/systemd-bus-proxyd.socket");
+- mkdir_parents_label(t, 0755);
+- if (symlink(f, t) < 0)
+- return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+-
+- t = strjoina(arg_dest, "/" SPECIAL_DBUS_SERVICE);
+- if (symlink("/dev/null", t) < 0)
+- return log_error_errno(errno, "Failed to mask %s: %m", t);
+-
+- return 0;
+-}
+-
+-int main(int argc, char *argv[]) {
+- const char *path, *type, *units;
+- int r, q;
+-
+- if (argc > 1 && argc != 4) {
+- log_error("This program takes three or no arguments.");
+- return EXIT_FAILURE;
+- }
+-
+- if (argc > 1) {
+- arg_dest = argv[1];
+- arg_dest_late = argv[3];
+- }
+-
+- log_set_target(LOG_TARGET_SAFE);
+- log_parse_environment();
+- log_open();
+-
+- umask(0022);
+-
+- if (!is_kdbus_available())
+- return 0;
+-
+- r = cg_pid_get_owner_uid(0, NULL);
+- if (r >= 0) {
+- path = "/usr/share/dbus-1/services";
+- type = "session";
+- units = USER_DATA_UNIT_PATH;
+- } else if (r == -ENXIO) {
+- path = "/usr/share/dbus-1/system-services";
+- type = "system";
+- units = SYSTEM_DATA_UNIT_PATH;
+- } else
+- return log_error_errno(r, "Failed to determine whether we are running as user or system instance: %m");
+-
+- r = parse_dbus_fragments(path, type);
+-
+- /* FIXME: One day this should just be pulled in statically from basic.target */
+- q = link_busnames_target(units);
+- if (q < 0)
+- r = q;
+-
+- q = link_compatibility(units);
+- if (q < 0)
+- r = q;
+-
+- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+-}
+Index: git/src/login/pam_systemd.c
+===================================================================
+--- git.orig/src/login/pam_systemd.c
++++ git/src/login/pam_systemd.c
+@@ -182,25 +182,20 @@ static int export_legacy_dbus_address(
+ _cleanup_free_ char *s = NULL;
+ int r = PAM_BUF_ERR;
+
+- if (is_kdbus_available()) {
+- if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0)
+- goto error;
+- } else {
+- /* FIXME: We *really* should move the access() check into the
+- * daemons that spawn dbus-daemon, instead of forcing
+- * DBUS_SESSION_BUS_ADDRESS= here. */
++ /* FIXME: We *really* should move the access() check into the
++ * daemons that spawn dbus-daemon, instead of forcing
++ * DBUS_SESSION_BUS_ADDRESS= here. */
+
+- s = strjoin(runtime, "/bus", NULL);
+- if (!s)
+- goto error;
++ s = strjoin(runtime, "/bus", NULL);
++ if (!s)
++ goto error;
+
+- if (access(s, F_OK) < 0)
+- return PAM_SUCCESS;
++ if (access(s, F_OK) < 0)
++ return PAM_SUCCESS;
+
+- s = mfree(s);
+- if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
+- goto error;
+- }
++ s = mfree(s);
++ if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
++ goto error;
+
+ r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
+ if (r != PAM_SUCCESS)
+Index: git/src/shared/bus-util.c
+===================================================================
+--- git.orig/src/shared/bus-util.c
++++ git/src/shared/bus-util.c
+@@ -1492,40 +1492,6 @@ int bus_path_decode_unique(const char *p
+ return 1;
+ }
+
+-bool is_kdbus_wanted(void) {
+- _cleanup_free_ char *value = NULL;
+-#ifdef ENABLE_KDBUS
+- const bool configured = true;
+-#else
+- const bool configured = false;
+-#endif
+-
+- int r;
+-
+- if (get_proc_cmdline_key("kdbus", NULL) > 0)
+- return true;
+-
+- r = get_proc_cmdline_key("kdbus=", &value);
+- if (r <= 0)
+- return configured;
+-
+- return parse_boolean(value) == 1;
+-}
+-
+-bool is_kdbus_available(void) {
+- _cleanup_close_ int fd = -1;
+- struct kdbus_cmd cmd = { .size = sizeof(cmd), .flags = KDBUS_FLAG_NEGOTIATE };
+-
+- if (!is_kdbus_wanted())
+- return false;
+-
+- fd = open("/sys/fs/kdbus/control", O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
+- if (fd < 0)
+- return false;
+-
+- return ioctl(fd, KDBUS_CMD_BUS_MAKE, &cmd) >= 0;
+-}
+-
+ int bus_property_get_rlimit(
+ sd_bus *bus,
+ const char *path,
+Index: git/src/shared/bus-util.h
+===================================================================
+--- git.orig/src/shared/bus-util.h
++++ git/src/shared/bus-util.h
+@@ -157,7 +157,4 @@ int bus_log_create_error(int r);
+ int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path);
+ int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external);
+
+-bool is_kdbus_wanted(void);
+-bool is_kdbus_available(void);
+-
+ int bus_property_get_rlimit(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+Index: git/Makefile.am
+===================================================================
+--- git.orig/Makefile.am
++++ git/Makefile.am
+@@ -2895,29 +2895,9 @@ systemd_gpt_auto_generator_CFLAGS = \
+ endif
+
+ # ------------------------------------------------------------------------------
+-systemgenerator_PROGRAMS += \
+- systemd-dbus1-generator
+-
+-systemd_dbus1_generator_SOURCES = \
+- src/dbus1-generator/dbus1-generator.c
+-
+-systemd_dbus1_generator_LDADD = \
+- libshared.la
+-
+-dbus1-generator-install-hook:
+- $(AM_V_at)$(MKDIR_P) $(DESTDIR)$(usergeneratordir)
+- $(AM_V_RM)rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+- $(AM_V_LN)lnr $(DESTDIR)$(systemgeneratordir)/systemd-dbus1-generator $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+-
+-dbus1-generator-uninstall-hook:
+- rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+-
+ dist_xinitrc_SCRIPTS = \
+ xorg/50-systemd-user.sh
+
+-INSTALL_EXEC_HOOKS += dbus1-generator-install-hook
+-UNINSTALL_EXEC_HOOKS += dbus1-generator-uninstall-hook
+-
+ # ------------------------------------------------------------------------------
+ systemd_sysv_generator_SOURCES = \
+ src/sysv-generator/sysv-generator.c
diff --git a/meta/recipes-core/systemd/systemd_230.bb b/meta/recipes-core/systemd/systemd_230.bb
index 40f1428..f4ff860 100644
--- a/meta/recipes-core/systemd/systemd_230.bb
+++ b/meta/recipes-core/systemd/systemd_230.bb
@@ -37,6 +37,7 @@ SRC_URI += " \
file://udev-re-enable-mount-propagation-for-udevd.patch \
file://CVE-2016-7795.patch \
file://validate-user.patch \
+ file://Ensure-kdbus-isn-t-used-3501.patch \
"
SRC_URI_append_libc-uclibc = "\
file://0002-units-Prefer-getty-to-agetty-in-console-setup-system.patch \
@@ -61,7 +62,6 @@ PACKAGECONFIG ??= "xz \
timedated \
timesyncd \
localed \
- kdbus \
ima \
smack \
logind \
@@ -96,7 +96,6 @@ PACKAGECONFIG[timedated] = "--enable-timedated,--disable-timedated"
PACKAGECONFIG[timesyncd] = "--enable-timesyncd,--disable-timesyncd"
PACKAGECONFIG[localed] = "--enable-localed,--disable-localed"
PACKAGECONFIG[efi] = "--enable-efi,--disable-efi"
-PACKAGECONFIG[kdbus] = "--enable-kdbus,--disable-kdbus"
PACKAGECONFIG[ima] = "--enable-ima,--disable-ima"
PACKAGECONFIG[smack] = "--enable-smack,--disable-smack"
# libseccomp is found in meta-security
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 0936d97..1311b65 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -45,6 +45,64 @@ SRC_URI = "\
file://CVE-2017-6969_2.patch \
file://CVE-2017-7209.patch \
file://CVE-2017-7210.patch \
+ file://CVE-2017-7614.patch \
+ file://CVE-2017-9038.patch \
+ file://CVE-2017-9039.patch \
+ file://CVE-2017-9039_1.patch \
+ file://CVE-2017-9040_and_9042.patch \
+ file://CVE-2017-9041_1.patch \
+ file://CVE-2017-9041_2.patch \
+ file://CVE-2017-7226.patch \
+ file://CVE-2017-12448.patch \
+ file://CVE-2017-12449_12455_12457_1.patch \
+ file://CVE-2017-12449_12455_12457.patch \
+ file://CVE-2017-12451.patch \
+ file://CVE-2017-12450_12452_12453_12454_12456_1.patch \
+ file://CVE-2017-12450_12452_12453_12454_12456.patch \
+ file://CVE-2017-7223.patch \
+ file://CVE-2017-7224.patch \
+ file://CVE-2017-7225.patch \
+ file://CVE-2017-7227.patch \
+ file://CVE-2017-7301.patch \
+ file://CVE-2017-7302.patch \
+ file://CVE-2017-7303.patch \
+ file://CVE-2017-7304.patch \
+ file://CVE-2017-8393.patch \
+ file://CVE-2017-8395.patch \
+ file://CVE-2017-8397.patch \
+ file://CVE-2017-7300.patch \
+ file://CVE-2017-8396.patch \
+ file://CVE-2017-8421.patch \
+ file://CVE-2017-8394_1.patch \
+ file://CVE-2017-8394.patch \
+ file://CVE-2017-8398.patch \
+ file://CVE-2017-7299_1.patch \
+ file://CVE-2017-7299_2.patch \
+ file://CVE-2017-9751.patch \
+ file://CVE-2017-9749.patch \
+ file://CVE-2017-9746.patch \
+ file://CVE-2017-9748.patch \
+ file://CVE-2017-9747.patch \
+ file://CVE-2017-9750.patch \
+ file://CVE-2017-9752.patch \
+ file://CVE-2017-9753_9754.patch \
+ file://CVE-2017-9755_1.patch \
+ file://CVE-2017-9755_2.patch \
+ file://CVE-2017-9756.patch \
+ file://CVE-2017-9745.patch \
+ file://CVE-2017-9954.patch \
+ file://CVE-2017-9955_1.patch \
+ file://CVE-2017-9955_2.patch \
+ file://CVE-2017-9955_3.patch \
+ file://CVE-2017-9955_4.patch \
+ file://CVE-2017-9955_5.patch \
+ file://CVE-2017-9955_6.patch \
+ file://CVE-2017-9955_7.patch \
+ file://CVE-2017-9955_8.patch \
+ file://CVE-2017-9955_9.patch \
+ file://CVE-2017-14729.patch \
+ file://CVE-2017-15024.patch \
+ file://CVE-2017-15938.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
new file mode 100644
index 0000000..039166c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch
@@ -0,0 +1,49 @@
+commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jul 19 14:49:12 2017 +0100
+
+ Fix use-after-free error when parsing a corrupt nested archive.
+
+ PR 21787
+ * archive.c (bfd_generic_archive_p): If the bfd does not have the
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12448
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/archive.c
+===================================================================
+--- git.orig/bfd/archive.c 2017-08-30 16:44:10.848601412 +0530
++++ git/bfd/archive.c 2017-08-30 16:44:21.400855758 +0530
+@@ -834,7 +834,12 @@
+ if (strncmp (armag, ARMAG, SARMAG) != 0
+ && strncmp (armag, ARMAGB, SARMAG) != 0
+ && ! bfd_is_thin_archive (abfd))
+- return NULL;
++ {
++ bfd_set_error (bfd_error_wrong_format);
++ if (abfd->format == bfd_archive)
++ abfd->format = bfd_unknown;
++ return NULL;
++ }
+
+ tdata_hold = bfd_ardata (abfd);
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-30 16:44:21.340854320 +0530
++++ git/bfd/ChangeLog 2017-08-30 16:46:48.716143277 +0530
+@@ -1,3 +1,10 @@
++2017-07-19 Nick Clifton <nickc@redhat.com>
++
++ PR 21787
++ * archive.c (bfd_generic_archive_p): If the bfd does not have the
++ correct magic bytes at the start, set the error to wrong format
++ and clear the format selector before returning NULL.
++
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove error reporting from
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch
new file mode 100644
index 0000000..d7512b3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch
@@ -0,0 +1,240 @@
+commit 8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jul 27 12:04:50 2017 +0100
+
+ Fix address violation issues encountered when parsing corrupt binaries.
+
+ PR 21840
+ * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
+ size is -1.
+ * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
+ with error return.
+ * section.c (bfd_make_section_with_flags): Fail if the name or bfd
+ are NULL.
+ * vms-alpha.c (bfd_make_section_with_flags): Correct computation
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/mach-o.c
+===================================================================
+--- git.orig/bfd/mach-o.c 2017-08-30 17:21:59.684671218 +0530
++++ git/bfd/mach-o.c 2017-08-30 17:22:19.136813620 +0530
+@@ -3739,6 +3739,9 @@
+ }
+ else
+ {
++ /* See PR 21840 for a reproducer. */
++ if ((sym->strsize + 1) == 0)
++ return FALSE;
+ sym->strtab = bfd_alloc (abfd, sym->strsize + 1);
+ if (sym->strtab == NULL)
+ return FALSE;
+Index: git/bfd/nlmcode.h
+===================================================================
+--- git.orig/bfd/nlmcode.h 2017-08-30 17:21:59.688671247 +0530
++++ git/bfd/nlmcode.h 2017-08-30 17:22:19.140813649 +0530
+@@ -351,7 +351,9 @@
+ bfd_byte *contents;
+ bfd_byte *p, *pend;
+
+- BFD_ASSERT (hdrLength == 0 && hdr == NULL);
++ /* See PR 21840 for a reproducer. */
++ if (hdrLength != 0 || hdr != NULL)
++ return FALSE;
+
+ pos = bfd_tell (abfd);
+ if (bfd_seek (abfd, dataOffset, SEEK_SET) != 0)
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c 2017-08-30 17:21:59.708671392 +0530
++++ git/bfd/section.c 2017-08-30 17:22:19.140813649 +0530
+@@ -1240,7 +1240,7 @@
+ struct section_hash_entry *sh;
+ asection *newsect;
+
+- if (abfd->output_has_begun)
++ if (abfd == NULL || name == NULL || abfd->output_has_begun)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return NULL;
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-30 17:22:19.080813209 +0530
++++ git/bfd/vms-alpha.c 2017-08-30 17:22:19.140813649 +0530
+@@ -5562,8 +5562,9 @@
+ {
+ struct vms_emh_common *emh = (struct vms_emh_common *)rec;
+ unsigned int subtype;
++ int extra;
+
+- subtype = (unsigned)bfd_getl16 (emh->subtyp);
++ subtype = (unsigned) bfd_getl16 (emh->subtyp);
+
+ fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
+
+@@ -5573,58 +5574,82 @@
+ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
+ return;
+ }
+-
++ extra = rec_len - sizeof (struct vms_emh_common);
++
+ switch (subtype)
+ {
+ case EMH__C_MHD:
+ {
+- struct vms_emh_mhd *mhd = (struct vms_emh_mhd *)rec;
+- const char *name;
++ struct vms_emh_mhd *mhd = (struct vms_emh_mhd *) rec;
++ const char * name;
++ const char * nextname;
++ const char * maxname;
+
++ /* PR 21840: Check for invalid lengths. */
++ if (rec_len < sizeof (* mhd))
++ {
++ fprintf (file, _(" Error: The record length is less than the size of an EMH_MHD record\n"));
++ return;
++ }
+ fprintf (file, _("Module header\n"));
+ fprintf (file, _(" structure level: %u\n"), mhd->strlvl);
+ fprintf (file, _(" max record size: %u\n"),
+- (unsigned)bfd_getl32 (mhd->recsiz));
++ (unsigned) bfd_getl32 (mhd->recsiz));
+ name = (char *)(mhd + 1);
++ maxname = (char *) rec + rec_len;
++ if (name > maxname - 2)
++ {
++ fprintf (file, _(" Error: The module name is missing\n"));
++ return;
++ }
++ nextname = name + name[0] + 1;
++ if (nextname >= maxname)
++ {
++ fprintf (file, _(" Error: The module name is too long\n"));
++ return;
++ }
+ fprintf (file, _(" module name : %.*s\n"), name[0], name + 1);
+- name += name[0] + 1;
++ name = nextname;
++ if (name > maxname - 2)
++ {
++ fprintf (file, _(" Error: The module version is missing\n"));
++ return;
++ }
++ nextname = name + name[0] + 1;
++ if (nextname >= maxname)
++ {
++ fprintf (file, _(" Error: The module version is too long\n"));
++ return;
++ }
+ fprintf (file, _(" module version : %.*s\n"), name[0], name + 1);
+- name += name[0] + 1;
+- fprintf (file, _(" compile date : %.17s\n"), name);
++ name = nextname;
++ if ((maxname - name) < 17 && maxname[-1] != 0)
++ fprintf (file, _(" Error: The compile date is truncated\n"));
++ else
++ fprintf (file, _(" compile date : %.17s\n"), name);
+ }
+ break;
++
+ case EMH__C_LNM:
+- {
+- fprintf (file, _("Language Processor Name\n"));
+- fprintf (file, _(" language name: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Language Processor Name\n"));
++ fprintf (file, _(" language name: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ case EMH__C_SRC:
+- {
+- fprintf (file, _("Source Files Header\n"));
+- fprintf (file, _(" file: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Source Files Header\n"));
++ fprintf (file, _(" file: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ case EMH__C_TTL:
+- {
+- fprintf (file, _("Title Text Header\n"));
+- fprintf (file, _(" title: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Title Text Header\n"));
++ fprintf (file, _(" title: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ case EMH__C_CPR:
+- {
+- fprintf (file, _("Copyright Header\n"));
+- fprintf (file, _(" copyright: %.*s\n"),
+- (int)(rec_len - sizeof (struct vms_emh_common)),
+- (char *)rec + sizeof (struct vms_emh_common));
+- }
++ fprintf (file, _("Copyright Header\n"));
++ fprintf (file, _(" copyright: %.*s\n"), extra, (char *)(emh + 1));
+ break;
++
+ default:
+ fprintf (file, _("unhandled emh subtype %u\n"), subtype);
+ break;
+Index: git/bfd/vms-misc.c
+===================================================================
+--- git.orig/bfd/vms-misc.c 2017-08-30 17:21:59.716671451 +0530
++++ git/bfd/vms-misc.c 2017-08-30 17:22:19.140813649 +0530
+@@ -135,8 +135,8 @@
+ #endif
+
+
+-/* Copy sized string (string with fixed size) to new allocated area
+- size is string size (size of record) */
++/* Copy sized string (string with fixed size) to new allocated area.
++ Size is string size (size of record). */
+
+ char *
+ _bfd_vms_save_sized_string (unsigned char *str, int size)
+@@ -151,8 +151,8 @@
+ return newstr;
+ }
+
+-/* Copy counted string (string with size at first byte) to new allocated area
+- ptr points to size byte on entry */
++/* Copy counted string (string with size at first byte) to new allocated area.
++ PTR points to size byte on entry. */
+
+ char *
+ _bfd_vms_save_counted_string (unsigned char *ptr)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-30 17:22:19.080813209 +0530
++++ git/bfd/ChangeLog 2017-08-30 17:23:51.069502425 +0530
+@@ -1,3 +1,16 @@
++2017-07-27 Nick Clifton <nickc@redhat.com>
++
++ PR 21840
++ * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
++ size is -1.
++ * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
++ with error return.
++ * section.c (bfd_make_section_with_flags): Fail if the name or bfd
++ are NULL.
++ * vms-alpha.c (bfd_make_section_with_flags): Correct computation
++ of end pointer.
++ (evax_bfd_print_emh): Check for invalid string lengths.
++
+ 2017-07-19 Nick Clifton <nickc@redhat.com>
+
+ PR 21787
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
new file mode 100644
index 0000000..6dae0f6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
@@ -0,0 +1,97 @@
+commit bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 19 14:52:36 2017 +0100
+
+ Fix address violations when reading corrupt VMS records.
+
+ PR binutils/21618
+ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
+ length.
+ (evax_bfd_print_eeom): Likewise.
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-30 17:08:27.408159234 +0530
++++ git/bfd/vms-alpha.c 2017-08-30 17:12:07.289044702 +0530
+@@ -5567,6 +5567,13 @@
+
+ fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
+
++ /* PR 21618: Check for invalid lengths. */
++ if (rec_len < sizeof (* emh))
++ {
++ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
++ return;
++ }
++
+ switch (subtype)
+ {
+ case EMH__C_MHD:
+@@ -5630,6 +5637,14 @@
+ struct vms_eeom *eeom = (struct vms_eeom *)rec;
+
+ fprintf (file, _(" EEOM (len=%u):\n"), rec_len);
++
++ /* PR 21618: Check for invalid lengths. */
++ if (rec_len < sizeof (* eeom))
++ {
++ fprintf (file, _(" Error: The length is less than the length of an EEOM record\n"));
++ return;
++ }
++
+ fprintf (file, _(" number of cond linkage pairs: %u\n"),
+ (unsigned)bfd_getl32 (eeom->total_lps));
+ fprintf (file, _(" completion code: %u\n"),
+@@ -5718,6 +5733,12 @@
+ n, type, len);
+ n++;
+
++ if (off + len > rec_len || off + len < off)
++ {
++ fprintf (file, _(" Error: length larger than remaining space in record\n"));
++ return;
++ }
++
+ switch (type)
+ {
+ case EGSD__C_PSC:
+@@ -5958,6 +5979,12 @@
+ size = bfd_getl16 (etir->size);
+ buf = rec + off + sizeof (struct vms_etir);
+
++ if (off + size > rec_len || off + size < off)
++ {
++ fprintf (file, _(" Error: length larger than remaining space in record\n"));
++ return;
++ }
++
+ fprintf (file, _(" (type: %3u, size: 4+%3u): "), type, size - 4);
+ switch (type)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-30 17:08:43.612213596 +0530
++++ git/bfd/ChangeLog 2017-08-30 17:13:27.217438742 +0530
+@@ -5,6 +5,15 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
++ 2017-06-19 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21618
++ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
++ length.
++ (evax_bfd_print_eeom): Likewise.
++ (evax_bfd_print_egsd): Check for an overlarge record length.
++ (evax_bfd_print_etir): Likewise.
++
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove error reporting from
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch
new file mode 100644
index 0000000..503f655
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch
@@ -0,0 +1,375 @@
+commit ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jul 24 13:49:22 2017 +0100
+
+ Fix address violation errors parsing corrupt binary files.
+
+ PR 21813
+ binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
+ bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
+ of the relocs to the canonicalize_one_reloc routine.
+ * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
+ for the _bfd_mach_o_canonicalize_one_reloc field.
+ * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
+ res_base parameter. Use to check for corrupt pair relocs.
+ * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
+ Likewise.
+ * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
+ Likewise.
+ * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
+ Likewise.
+
+ * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
+ enough data in the record before attempting to parse it.
+ (_bfd_vms_slurp_eeom): Likewise.
+
+ (_bfd_vms_slurp_egsd): Check for an invalid section index.
+ (image_set_ptr): Likewise.
+ (alpha_vms_slurp_relocs): Likewise.
+
+ (alpha_vms_object_p): Check for a truncated record.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/mach-o-aarch64.c
+===================================================================
+--- git.orig/bfd/mach-o-aarch64.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-aarch64.c 2017-08-31 19:18:02.620442777 +0530
+@@ -147,9 +147,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_arm64_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_arm64_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base ATTRIBUTE_UNUSED)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+Index: git/bfd/mach-o-i386.c
+===================================================================
+--- git.orig/bfd/mach-o-i386.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-i386.c 2017-08-31 19:18:02.620442777 +0530
+@@ -112,9 +112,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_i386_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_i386_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+@@ -126,6 +128,9 @@
+ switch (reloc.r_type)
+ {
+ case BFD_MACH_O_GENERIC_RELOC_PAIR:
++ /* PR 21813: Check for a corrupt PAIR reloc at the start. */
++ if (res == res_base)
++ return FALSE;
+ if (reloc.r_length == 2)
+ {
+ res->howto = &i386_howto_table[7];
+@@ -391,9 +396,9 @@
+ { NULL, NULL }
+ };
+
+-#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc
+-#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out
+-#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread
++#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc
++#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out
++#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread
+
+ #define bfd_mach_o_tgt_seg_table mach_o_i386_segsec_names_xlat
+ #define bfd_mach_o_section_type_valid_for_tgt NULL
+Index: git/bfd/mach-o-x86-64.c
+===================================================================
+--- git.orig/bfd/mach-o-x86-64.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-x86-64.c 2017-08-31 19:18:02.620442777 +0530
+@@ -120,9 +120,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_x86_64_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_x86_64_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base ATTRIBUTE_UNUSED)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+Index: git/bfd/mach-o.c
+===================================================================
+--- git.orig/bfd/mach-o.c 2017-08-31 19:18:02.440441869 +0530
++++ git/bfd/mach-o.c 2017-08-31 19:18:02.620442777 +0530
+@@ -1496,7 +1496,7 @@
+ for (i = 0; i < count; i++)
+ {
+ if (!(*bed->_bfd_mach_o_canonicalize_one_reloc)(abfd, &native_relocs[i],
+- &res[i], syms))
++ &res[i], syms, res))
+ goto err;
+ }
+ free (native_relocs);
+Index: git/bfd/mach-o.h
+===================================================================
+--- git.orig/bfd/mach-o.h 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o.h 2017-08-31 19:18:02.620442777 +0530
+@@ -746,7 +746,7 @@
+ enum bfd_architecture arch;
+ bfd_vma page_size;
+ bfd_boolean (*_bfd_mach_o_canonicalize_one_reloc)
+- (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **);
++ (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **, arelent *);
+ bfd_boolean (*_bfd_mach_o_swap_reloc_out)(arelent *, bfd_mach_o_reloc_info *);
+ bfd_boolean (*_bfd_mach_o_print_thread)(bfd *, bfd_mach_o_thread_flavour *,
+ void *, char *);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-31 19:18:02.564442494 +0530
++++ git/bfd/ChangeLog 2017-08-31 19:18:02.620442777 +0530
+@@ -11,6 +11,30 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++ 2017-07-24 Nick Clifton <nickc@redhat.com>
++
++ PR 21813
++ * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
++ of the relocs to the canonicalize_one_reloc routine.
++ * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
++ for the _bfd_mach_o_canonicalize_one_reloc field.
++ * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
++ res_base parameter. Use to check for corrupt pair relocs.
++ * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
++ Likewise.
++ * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
++ Likewise.
++ * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
++ Likewise.
++
++ * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
++ enough data in the record before attempting to parse it.
++ (_bfd_vms_slurp_eeom): Likewise.
++
++ (_bfd_vms_slurp_egsd): Check for an invalid section index.
++ (image_set_ptr): Likewise.
++ (alpha_vms_slurp_relocs): Likewise.
++
+ 2017-07-19 Nick Clifton <nickc@redhat.com>
+
+ PR 21786
+Index: git/bfd/mach-o-arm.c
+===================================================================
+--- git.orig/bfd/mach-o-arm.c 2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-arm.c 2017-08-31 19:18:02.620442777 +0530
+@@ -30,7 +30,7 @@
+ #define bfd_mach_o_mkobject bfd_mach_o_arm_mkobject
+
+ #define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_arm_canonicalize_one_reloc
+-#define bfd_mach_o_swap_reloc_out NULL
++#define bfd_mach_o_swap_reloc_out NULL
+ #define bfd_mach_o_bfd_reloc_type_lookup bfd_mach_o_arm_bfd_reloc_type_lookup
+ #define bfd_mach_o_bfd_reloc_name_lookup bfd_mach_o_arm_bfd_reloc_name_lookup
+
+@@ -147,9 +147,11 @@
+ };
+
+ static bfd_boolean
+-bfd_mach_o_arm_canonicalize_one_reloc (bfd *abfd,
+- struct mach_o_reloc_info_external *raw,
+- arelent *res, asymbol **syms)
++bfd_mach_o_arm_canonicalize_one_reloc (bfd * abfd,
++ struct mach_o_reloc_info_external * raw,
++ arelent * res,
++ asymbol ** syms,
++ arelent * res_base)
+ {
+ bfd_mach_o_reloc_info reloc;
+
+@@ -161,6 +163,9 @@
+ switch (reloc.r_type)
+ {
+ case BFD_MACH_O_ARM_RELOC_PAIR:
++ /* PR 21813: Check for a corrupt PAIR reloc at the start. */
++ if (res == res_base)
++ return FALSE;
+ if (reloc.r_length == 2)
+ {
+ res->howto = &arm_howto_table[7];
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-31 19:18:02.556442454 +0530
++++ git/bfd/vms-alpha.c 2017-08-31 19:20:56.233322607 +0530
+@@ -473,6 +473,14 @@
+
+ vms_debug2 ((8, "_bfd_vms_slurp_eihd\n"));
+
++ /* PR 21813: Check for an undersized record. */
++ if (PRIV (recrd.buf_size) < sizeof (* eihd))
++ {
++ _bfd_error_handler (_("Corrupt EIHD record - size is too small"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ size = bfd_getl32 (eihd->size);
+ imgtype = bfd_getl32 (eihd->imgtype);
+
+@@ -1255,19 +1263,39 @@
+ if (old_flags & EGSY__V_DEF)
+ {
+ struct vms_esdf *esdf = (struct vms_esdf *)vms_rec;
++ long psindx;
+
+ entry->value = bfd_getl64 (esdf->value);
+ if (PRIV (sections) == NULL)
+ return FALSE;
+- entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)];
++
++ psindx = bfd_getl32 (esdf->psindx);
++ /* PR 21813: Check for an out of range index. */
++ if (psindx < 0 || psindx >= (int) PRIV (section_count))
++ {
++ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++ psindx);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ entry->section = PRIV (sections)[psindx];
+
+ if (old_flags & EGSY__V_NORM)
+ {
+ PRIV (norm_sym_count)++;
+
+ entry->code_value = bfd_getl64 (esdf->code_address);
+- entry->code_section =
+- PRIV (sections)[bfd_getl32 (esdf->ca_psindx)];
++ psindx = bfd_getl32 (esdf->ca_psindx);
++ /* PR 21813: Check for an out of range index. */
++ if (psindx < 0 || psindx >= (int) PRIV (section_count))
++ {
++ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++ psindx);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ entry->code_section = PRIV (sections)[psindx];
++
+ }
+ }
+ }
+@@ -1294,9 +1322,20 @@
+
+ if (old_flags & EGSY__V_REL)
+ {
++ long psindx;
++
+ if (PRIV (sections) == NULL)
+ return FALSE;
+- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++ psindx = bfd_getl32 (egst->psindx);
++ /* PR 21813: Check for an out of range index. */
++ if (psindx < 0 || psindx >= (int) PRIV (section_count))
++ {
++ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++ psindx);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ entry->section = PRIV (sections)[psindx];
+ }
+ else
+ entry->section = bfd_abs_section_ptr;
+@@ -1387,6 +1426,10 @@
+
+ if (PRIV (sections) == NULL)
+ return;
++
++ if (sect < 0 || sect >= (int) PRIV (section_count))
++ return;
++
+ sec = PRIV (sections)[sect];
+
+ if (info)
+@@ -2360,6 +2403,14 @@
+
+ vms_debug2 ((2, "EEOM\n"));
+
++ /* PR 21813: Check for an undersized record. */
++ if (PRIV (recrd.buf_size) < sizeof (* eeom))
++ {
++ _bfd_error_handler (_("Corrupt EEOM record - size is too small"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ PRIV (eom_data).eom_l_total_lps = bfd_getl32 (eeom->total_lps);
+ PRIV (eom_data).eom_w_comcod = bfd_getl16 (eeom->comcod);
+ if (PRIV (eom_data).eom_w_comcod > 1)
+@@ -2540,6 +2591,10 @@
+ PRIV (recrd.buf_size) = PRIV (recrd.rec_size);
+ }
+
++ /* PR 21813: Check for a truncated record. */
++ if (PRIV (recrd.rec_size < test_len))
++ goto error_ret;
++
+ /* Read the remaining record. */
+ remaining = PRIV (recrd.rec_size) - test_len;
+ to_read = MIN (VMS_BLOCK_SIZE - test_len, remaining);
+@@ -5074,7 +5129,7 @@
+ }
+ else if (cur_psidx >= 0)
+ {
+- if (PRIV (sections) == NULL)
++ if (PRIV (sections) == NULL || cur_psidx >= (int) PRIV (section_count))
+ return FALSE;
+ reloc->sym_ptr_ptr =
+ PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-08-31 19:18:01.816438718 +0530
++++ git/binutils/ChangeLog 2017-08-31 19:18:02.624442798 +0530
+@@ -1,3 +1,9 @@
++2017-07-24 Nick Clifton <nickc@redhat.com>
++
++ PR 21813
++ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
++ string whilst concatenating symbol names.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
+Index: git/binutils/rddbg.c
+===================================================================
+--- git.orig/binutils/rddbg.c 2017-08-31 19:17:51.596387126 +0530
++++ git/binutils/rddbg.c 2017-08-31 19:18:02.624442798 +0530
+@@ -300,7 +300,8 @@
+
+ s = i.name;
+ f = NULL;
+- while (s[strlen (s) - 1] == '\\'
++ while (strlen (s) > 0
++ && s[strlen (s) - 1] == '\\'
+ && ps + 1 < symend)
+ {
+ char *sc, *n;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch
new file mode 100644
index 0000000..208bbba
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch
@@ -0,0 +1,113 @@
+commit cb06d03ad92ffcfaa09c3f065837cb39e9e1486d
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 21 11:13:49 2017 +0100
+
+ Fix address violation parsing a corrupt IEEE Alpha binary.
+
+ PR binutils/21637
+ * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section
+ list.
+ (image_set_ptr): Likewise.
+ (alpha_vms_fix_sec_rel): Likewise.
+ (alpha_vms_slurp_relocs): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-08-31 18:01:00.742098130 +0530
++++ git/bfd/vms-alpha.c 2017-08-31 18:01:06.000000000 +0530
+@@ -1257,6 +1257,8 @@
+ struct vms_esdf *esdf = (struct vms_esdf *)vms_rec;
+
+ entry->value = bfd_getl64 (esdf->value);
++ if (PRIV (sections) == NULL)
++ return FALSE;
+ entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)];
+
+ if (old_flags & EGSY__V_NORM)
+@@ -1291,7 +1293,11 @@
+ entry->symbol_vector = bfd_getl32 (egst->value);
+
+ if (old_flags & EGSY__V_REL)
+- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++ {
++ if (PRIV (sections) == NULL)
++ return FALSE;
++ entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++ }
+ else
+ entry->section = bfd_abs_section_ptr;
+
+@@ -1379,6 +1385,8 @@
+
+ vms_debug2 ((4, "image_set_ptr (0x%08x, sect=%d)\n", (unsigned)vma, sect));
+
++ if (PRIV (sections) == NULL)
++ return;
+ sec = PRIV (sections)[sect];
+
+ if (info)
+@@ -1691,7 +1699,12 @@
+ alpha_vms_fix_sec_rel (bfd *abfd, struct bfd_link_info *info,
+ unsigned int rel, bfd_vma vma)
+ {
+- asection *sec = PRIV (sections)[rel & RELC_MASK];
++ asection *sec;
++
++ if (PRIV (sections) == NULL)
++ return 0;
++
++ sec = PRIV (sections)[rel & RELC_MASK];
+
+ if (info)
+ {
+@@ -5000,6 +5013,8 @@
+ return FALSE;
+ }
+
++ if (PRIV (sections) == NULL)
++ return FALSE;
+ sec = PRIV (sections)[cur_psect];
+ if (sec == bfd_abs_section_ptr)
+ {
+@@ -5058,8 +5073,12 @@
+ reloc->sym_ptr_ptr = sym;
+ }
+ else if (cur_psidx >= 0)
+- reloc->sym_ptr_ptr =
+- PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
++ {
++ if (PRIV (sections) == NULL)
++ return FALSE;
++ reloc->sym_ptr_ptr =
++ PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
++ }
+ else
+ reloc->sym_ptr_ptr = NULL;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-31 18:01:06.000000000 +0530
++++ git/bfd/ChangeLog 2017-08-31 18:01:49.114384620 +0530
+@@ -31,7 +31,16 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
+- 2017-06-19 Nick Clifton <nickc@redhat.com>
++ 2017-06-21 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21637
++ * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section
++ list.
++ (image_set_ptr): Likewise.
++ (alpha_vms_fix_sec_rel): Likewise.
++ (alpha_vms_slurp_relocs): Likewise.
++
++2017-06-19 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21618
+ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch
new file mode 100644
index 0000000..23ddfcf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch
@@ -0,0 +1,384 @@
+commit 29866fa186ee3ebda5242221607dba360b2e541e
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jul 19 11:07:43 2017 +0100
+
+ Fix address violation when attempting to read a corrupt field in a COFF archive header structure.
+
+ PR 21786
+ * coff-rs6000.c (_bfd_strntol): New function.
+ (_bfd_strntoll): New function.
+ (GET_VALUE_IN_FIELD): New macro.
+ (EQ_VALUE_IN_FIELD): new macro.
+ (_bfd_xcoff_slurp_armap): Use new macros.
+ (_bfd_xcoff_archive_p): Likewise.
+ (_bfd_xcoff_read_ar_hdr): Likewise.
+ (_bfd_xcoff_openr_next_archived_file): Likewise.
+ (_bfd_xcoff_stat_arch_elt): Likewise.
+
+commit 6c4e7b6bfbc4679f695106de2817ecf02b27c8be
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jul 19 16:14:02 2017 +0100
+
+ Extend previous fix to coff-rs6000.c to coff64-rs6000.c
+
+ PR 21786
+ * coff64-rs6000.c (_bfd_strntol): New function.
+ (_bfd_strntoll): New function.
+ (GET_VALUE_IN_FIELD): New macro.
+ (xcoff64_slurp_armap): Use new macros.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-12451
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-31 16:07:20.966269193 +0530
++++ git/bfd/ChangeLog 2017-08-31 16:25:04.423155789 +0530
+@@ -13,6 +13,19 @@
+
+ 2017-07-19 Nick Clifton <nickc@redhat.com>
+
++ PR 21786
++ * coff-rs6000.c (_bfd_strntol): New function.
++ (_bfd_strntoll): New function.
++ (GET_VALUE_IN_FIELD): New macro.
++ (EQ_VALUE_IN_FIELD): new macro.
++ (_bfd_xcoff_slurp_armap): Use new macros.
++ (_bfd_xcoff_archive_p): Likewise.
++ (_bfd_xcoff_read_ar_hdr): Likewise.
++ (_bfd_xcoff_openr_next_archived_file): Likewise.
++ (_bfd_xcoff_stat_arch_elt): Likewise.
++
++2017-07-19 Nick Clifton <nickc@redhat.com>
++
+ PR 21787
+ * archive.c (bfd_generic_archive_p): If the bfd does not have the
+ correct magic bytes at the start, set the error to wrong format
+Index: git/bfd/coff-rs6000.c
+===================================================================
+--- git.orig/bfd/coff-rs6000.c 2017-08-31 16:07:14.278208353 +0530
++++ git/bfd/coff-rs6000.c 2017-08-31 16:24:05.414696722 +0530
+@@ -203,7 +203,8 @@
+ };
+
+ /* Information about one member of an archive. */
+-struct member_layout {
++struct member_layout
++{
+ /* The archive member that this structure describes. */
+ bfd *member;
+
+@@ -237,7 +238,8 @@
+ };
+
+ /* A structure used for iterating over the members of an archive. */
+-struct archive_iterator {
++struct archive_iterator
++{
+ /* The archive itself. */
+ bfd *archive;
+
+@@ -654,8 +656,6 @@
+ end:
+ return bfd_coff_auxesz (abfd);
+ }
+-
+-
+
+ /* The XCOFF reloc table. Actually, XCOFF relocations specify the
+ bitsize and whether they are signed or not, along with a
+@@ -663,7 +663,6 @@
+ different algorithms for putting in the reloc. Many of these
+ relocs need special_function entries, which I have not written. */
+
+-
+ reloc_howto_type xcoff_howto_table[] =
+ {
+ /* 0x00: Standard 32 bit relocation. */
+@@ -1185,6 +1184,51 @@
+ /* bfd_xcoff_archive_set_magic (abfd, magic); */
+ }
+
++/* PR 21786: The PE/COFF standard does not require NUL termination for any of
++ the ASCII fields in the archive headers. So in order to be able to extract
++ numerical values we provide our own versions of strtol and strtoll which
++ take a maximum length as an additional parameter. Also - just to save space,
++ we omit the endptr return parameter, since we know that it is never used. */
++
++static long
++_bfd_strntol (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[24]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtol (buf, NULL, base);
++}
++
++static long long
++_bfd_strntoll (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[32]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtoll (buf, NULL, base);
++}
++
++/* Macro to read an ASCII value stored in an archive header field. */
++#define GET_VALUE_IN_FIELD(VAR, FIELD) \
++ do \
++ { \
++ (VAR) = sizeof (VAR) > sizeof (long) \
++ ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \
++ : _bfd_strntol (FIELD, 10, sizeof FIELD); \
++ } \
++ while (0)
++
++#define EQ_VALUE_IN_FIELD(VAR, FIELD) \
++ (sizeof (VAR) > sizeof (long) \
++ ? (VAR) ==_bfd_strntoll (FIELD, 10, sizeof FIELD) \
++ : (VAR) == _bfd_strntol (FIELD, 10, sizeof FIELD))
++
+ /* Read in the armap of an XCOFF archive. */
+
+ bfd_boolean
+@@ -1209,7 +1253,7 @@
+ /* This is for the old format. */
+ struct xcoff_ar_hdr hdr;
+
+- off = strtol (xcoff_ardata (abfd)->symoff, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (off, xcoff_ardata (abfd)->symoff);
+ if (off == 0)
+ {
+ bfd_has_map (abfd) = FALSE;
+@@ -1225,12 +1269,12 @@
+ return FALSE;
+
+ /* Skip the name (normally empty). */
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG;
+ if (bfd_seek (abfd, off, SEEK_CUR) != 0)
+ return FALSE;
+
+- sz = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (sz, hdr.size);
+
+ /* Read in the entire symbol table. */
+ contents = (bfd_byte *) bfd_alloc (abfd, sz);
+@@ -1264,7 +1308,7 @@
+ /* This is for the new format. */
+ struct xcoff_ar_hdr_big hdr;
+
+- off = strtol (xcoff_ardata_big (abfd)->symoff, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (off, xcoff_ardata_big (abfd)->symoff);
+ if (off == 0)
+ {
+ bfd_has_map (abfd) = FALSE;
+@@ -1280,15 +1324,12 @@
+ return FALSE;
+
+ /* Skip the name (normally empty). */
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG;
+ if (bfd_seek (abfd, off, SEEK_CUR) != 0)
+ return FALSE;
+
+- /* XXX This actually has to be a call to strtoll (at least on 32-bit
+- machines) since the field width is 20 and there numbers with more
+- than 32 bits can be represented. */
+- sz = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (sz, hdr.size);
+
+ /* Read in the entire symbol table. */
+ contents = (bfd_byte *) bfd_alloc (abfd, sz);
+@@ -1393,8 +1434,8 @@
+ goto error_ret;
+ }
+
+- bfd_ardata (abfd)->first_file_filepos = strtol (hdr.firstmemoff,
+- (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (bfd_ardata (abfd)->first_file_filepos,
++ hdr.firstmemoff);
+
+ amt = SIZEOF_AR_FILE_HDR;
+ bfd_ardata (abfd)->tdata = bfd_zalloc (abfd, amt);
+@@ -1469,7 +1510,7 @@
+ return NULL;
+ }
+
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ amt = SIZEOF_AR_HDR + namlen + 1;
+ hdrp = (struct xcoff_ar_hdr *) bfd_alloc (abfd, amt);
+ if (hdrp == NULL)
+@@ -1486,7 +1527,7 @@
+ ((char *) hdrp)[SIZEOF_AR_HDR + namlen] = '\0';
+
+ ret->arch_header = (char *) hdrp;
+- ret->parsed_size = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size);
+ ret->filename = (char *) hdrp + SIZEOF_AR_HDR;
+ }
+ else
+@@ -1501,7 +1542,7 @@
+ return NULL;
+ }
+
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ amt = SIZEOF_AR_HDR_BIG + namlen + 1;
+ hdrp = (struct xcoff_ar_hdr_big *) bfd_alloc (abfd, amt);
+ if (hdrp == NULL)
+@@ -1518,10 +1559,7 @@
+ ((char *) hdrp)[SIZEOF_AR_HDR_BIG + namlen] = '\0';
+
+ ret->arch_header = (char *) hdrp;
+- /* XXX This actually has to be a call to strtoll (at least on 32-bit
+- machines) since the field width is 20 and there numbers with more
+- than 32 bits can be represented. */
+- ret->parsed_size = strtol (hdr.size, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size);
+ ret->filename = (char *) hdrp + SIZEOF_AR_HDR_BIG;
+ }
+
+@@ -1550,14 +1588,11 @@
+ if (last_file == NULL)
+ filestart = bfd_ardata (archive)->first_file_filepos;
+ else
+- filestart = strtol (arch_xhdr (last_file)->nextoff, (char **) NULL,
+- 10);
++ GET_VALUE_IN_FIELD (filestart, arch_xhdr (last_file)->nextoff);
+
+ if (filestart == 0
+- || filestart == strtol (xcoff_ardata (archive)->memoff,
+- (char **) NULL, 10)
+- || filestart == strtol (xcoff_ardata (archive)->symoff,
+- (char **) NULL, 10))
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->memoff)
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->symoff))
+ {
+ bfd_set_error (bfd_error_no_more_archived_files);
+ return NULL;
+@@ -1568,20 +1603,11 @@
+ if (last_file == NULL)
+ filestart = bfd_ardata (archive)->first_file_filepos;
+ else
+- /* XXX These actually have to be a calls to strtoll (at least
+- on 32-bit machines) since the fields's width is 20 and
+- there numbers with more than 32 bits can be represented. */
+- filestart = strtol (arch_xhdr_big (last_file)->nextoff, (char **) NULL,
+- 10);
+-
+- /* XXX These actually have to be calls to strtoll (at least on 32-bit
+- machines) since the fields's width is 20 and there numbers with more
+- than 32 bits can be represented. */
++ GET_VALUE_IN_FIELD (filestart, arch_xhdr_big (last_file)->nextoff);
++
+ if (filestart == 0
+- || filestart == strtol (xcoff_ardata_big (archive)->memoff,
+- (char **) NULL, 10)
+- || filestart == strtol (xcoff_ardata_big (archive)->symoff,
+- (char **) NULL, 10))
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->memoff)
++ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->symoff))
+ {
+ bfd_set_error (bfd_error_no_more_archived_files);
+ return NULL;
+@@ -1606,20 +1632,20 @@
+ {
+ struct xcoff_ar_hdr *hdrp = arch_xhdr (abfd);
+
+- s->st_mtime = strtol (hdrp->date, (char **) NULL, 10);
+- s->st_uid = strtol (hdrp->uid, (char **) NULL, 10);
+- s->st_gid = strtol (hdrp->gid, (char **) NULL, 10);
+- s->st_mode = strtol (hdrp->mode, (char **) NULL, 8);
++ GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date);
++ GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid);
++ GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid);
++ GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode);
+ s->st_size = arch_eltdata (abfd)->parsed_size;
+ }
+ else
+ {
+ struct xcoff_ar_hdr_big *hdrp = arch_xhdr_big (abfd);
+
+- s->st_mtime = strtol (hdrp->date, (char **) NULL, 10);
+- s->st_uid = strtol (hdrp->uid, (char **) NULL, 10);
+- s->st_gid = strtol (hdrp->gid, (char **) NULL, 10);
+- s->st_mode = strtol (hdrp->mode, (char **) NULL, 8);
++ GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date);
++ GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid);
++ GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid);
++ GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode);
+ s->st_size = arch_eltdata (abfd)->parsed_size;
+ }
+
+Index: git/bfd/coff64-rs6000.c
+===================================================================
+--- git.orig/bfd/coff64-rs6000.c 2017-08-31 16:07:14.282208390 +0530
++++ git/bfd/coff64-rs6000.c 2017-08-31 16:28:43.228864485 +0530
+@@ -1852,6 +1852,46 @@
+ return NULL;
+ }
+
++/* PR 21786: The PE/COFF standard does not require NUL termination for any of
++ the ASCII fields in the archive headers. So in order to be able to extract
++ numerical values we provide our own versions of strtol and strtoll which
++ take a maximum length as an additional parameter. Also - just to save space,
++ we omit the endptr return parameter, since we know that it is never used. */
++
++static long
++_bfd_strntol (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[24]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtol (buf, NULL, base);
++}
++
++static long long
++_bfd_strntoll (const char * nptr, int base, unsigned int maxlen)
++{
++ char buf[32]; /* Should be enough. */
++
++ BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++ memcpy (buf, nptr, maxlen);
++ buf[maxlen] = 0;
++ return strtoll (buf, NULL, base);
++}
++
++/* Macro to read an ASCII value stored in an archive header field. */
++#define GET_VALUE_IN_FIELD(VAR, FIELD) \
++ do \
++ { \
++ (VAR) = sizeof (VAR) > sizeof (long) \
++ ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \
++ : _bfd_strntol (FIELD, 10, sizeof FIELD); \
++ } \
++ while (0)
++
+ /* Read in the armap of an XCOFF archive. */
+
+ static bfd_boolean
+@@ -1892,7 +1932,7 @@
+ return FALSE;
+
+ /* Skip the name (normally empty). */
+- namlen = strtol (hdr.namlen, (char **) NULL, 10);
++ GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+ pos = ((namlen + 1) & ~(size_t) 1) + SXCOFFARFMAG;
+ if (bfd_seek (abfd, pos, SEEK_CUR) != 0)
+ return FALSE;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
new file mode 100644
index 0000000..09d5143
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch
@@ -0,0 +1,45 @@
+commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Fri Sep 22 14:15:40 2017 -0700
+
+x86: Guard against corrupted PLT
+
+There should be only one entry in PLT for a given symbol. Set howto to
+NULL after processing a PLT entry to guard against corrupted PLT so that
+the duplicated PLT entries are skipped.
+
+PR binutils/22170
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-14729
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/elf-ifunc.c
+===================================================================
+--- git.orig/bfd/elf-ifunc.c 2017-11-08 12:34:22.063320490 +0530
++++ git/bfd/elf-ifunc.c 2017-11-08 12:34:29.995404891 +0530
+@@ -473,6 +473,10 @@
+ memcpy (names, "@plt", sizeof ("@plt"));
+ names += sizeof ("@plt");
+ ++s, ++n;
++ /* There should be only one entry in PLT for a given
++ symbol. Set howto to NULL after processing a PLT
++ entry to guard against corrupted PLT. */
++ p->howto = NULL;
+ }
+
+ free (plt_sym_val);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-08 12:34:29.939404297 +0530
++++ git/bfd/ChangeLog 2017-11-08 12:35:55.660271599 +0530
+@@ -1,3 +1,9 @@
++2017-09-22 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/22170
++ * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
++ corrupted PLT.
++
+ 2017-07-27 Nick Clifton <nickc@redhat.com>
+
+ PR 21840
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch
new file mode 100644
index 0000000..ef42b13
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch
@@ -0,0 +1,241 @@
+commit 52a93b95ec0771c97e26f0bb28630a271a667bd2
+Author: Alan Modra <amodra@gmail.com>
+Date: Sun Sep 24 14:37:16 2017 +0930
+
+ PR22187, infinite loop in find_abstract_instance_name
+
+ This patch prevents the simple case of infinite recursion in
+ find_abstract_instance_name by ensuring that the attributes being
+ processed are not the same as the previous call.
+
+ The patch also does a little cleanup, and leaves in place some changes
+ to the nested_funcs array that I made when I wrongly thought looping
+ might occur in scan_unit_for_symbols.
+
+ PR 22187
+ * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
+ pname param. Return status. Make name const. Don't abort,
+ return an error. Formatting. Exit if current info_ptr matches
+ orig_info_ptr. Update callers.
+ (scan_unit_for_symbols): Start at nesting_level of zero. Make
+ nested_funcs an array of structs for extensibility. Formatting.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15024
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c 2017-11-08 12:44:59.198052588 +0530
++++ git/bfd/dwarf2.c 2017-11-08 12:45:10.670155730 +0530
+@@ -2273,9 +2273,11 @@
+ return FALSE;
+ }
+
+-static char *
++static bfd_boolean
+ find_abstract_instance_name (struct comp_unit *unit,
++ bfd_byte *orig_info_ptr,
+ struct attribute *attr_ptr,
++ const char **pname,
+ bfd_boolean *is_linkage)
+ {
+ bfd *abfd = unit->abfd;
+@@ -2285,7 +2287,7 @@
+ struct abbrev_info *abbrev;
+ bfd_uint64_t die_ref = attr_ptr->u.val;
+ struct attribute attr;
+- char *name = NULL;
++ const char *name = NULL;
+
+ /* DW_FORM_ref_addr can reference an entry in a different CU. It
+ is an offset from the .debug_info section, not the current CU. */
+@@ -2294,7 +2296,12 @@
+ /* We only support DW_FORM_ref_addr within the same file, so
+ any relocations should be resolved already. */
+ if (!die_ref)
+- abort ();
++ {
++ _bfd_error_handler
++ (_("Dwarf Error: Abstract instance DIE ref zero."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
+
+ info_ptr = unit->sec_info_ptr + die_ref;
+ info_ptr_end = unit->end_ptr;
+@@ -2329,9 +2336,10 @@
+ (*_bfd_error_handler)
+ (_("Dwarf Error: Unable to read alt ref %u."), die_ref);
+ bfd_set_error (bfd_error_bad_value);
+- return NULL;
++ return FALSE;
+ }
+- info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size;
++ info_ptr_end = (unit->stash->alt_dwarf_info_buffer
++ + unit->stash->alt_dwarf_info_size);
+
+ /* FIXME: Do we need to locate the correct CU, in a similar
+ fashion to the code in the DW_FORM_ref_addr case above ? */
+@@ -2353,6 +2361,7 @@
+ (*_bfd_error_handler)
+ (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number);
+ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
+ }
+ else
+ {
+@@ -2362,6 +2371,15 @@
+ info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+ break;
++ /* It doesn't ever make sense for DW_AT_specification to
++ refer to the same DIE. Stop simple recursion. */
++ if (info_ptr == orig_info_ptr)
++ {
++ _bfd_error_handler
++ (_("Dwarf Error: Abstract instance recursion detected."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
+ switch (attr.name)
+ {
+ case DW_AT_name:
+@@ -2375,7 +2393,9 @@
+ }
+ break;
+ case DW_AT_specification:
+- name = find_abstract_instance_name (unit, &attr, is_linkage);
++ if (!find_abstract_instance_name (unit, info_ptr, &attr,
++ pname, is_linkage))
++ return FALSE;
+ break;
+ case DW_AT_linkage_name:
+ case DW_AT_MIPS_linkage_name:
+@@ -2393,7 +2413,8 @@
+ }
+ }
+ }
+- return name;
++ *pname = name;
++ return TRUE;
+ }
+
+ static bfd_boolean
+@@ -2454,20 +2475,22 @@
+ bfd *abfd = unit->abfd;
+ bfd_byte *info_ptr = unit->first_child_die_ptr;
+ bfd_byte *info_ptr_end = unit->stash->info_ptr_end;
+- int nesting_level = 1;
+- struct funcinfo **nested_funcs;
++ int nesting_level = 0;
++ struct nest_funcinfo {
++ struct funcinfo *func;
++ } *nested_funcs;
+ int nested_funcs_size;
+
+ /* Maintain a stack of in-scope functions and inlined functions, which we
+ can use to set the caller_func field. */
+ nested_funcs_size = 32;
+- nested_funcs = (struct funcinfo **)
+- bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *));
++ nested_funcs = (struct nest_funcinfo *)
++ bfd_malloc (nested_funcs_size * sizeof (*nested_funcs));
+ if (nested_funcs == NULL)
+ return FALSE;
+- nested_funcs[nesting_level] = 0;
++ nested_funcs[nesting_level].func = 0;
+
+- while (nesting_level)
++ while (nesting_level >= 0)
+ {
+ unsigned int abbrev_number, bytes_read, i;
+ struct abbrev_info *abbrev;
+@@ -2516,13 +2539,13 @@
+ BFD_ASSERT (!unit->cached);
+
+ if (func->tag == DW_TAG_inlined_subroutine)
+- for (i = nesting_level - 1; i >= 1; i--)
+- if (nested_funcs[i])
++ for (i = nesting_level; i-- != 0; )
++ if (nested_funcs[i].func)
+ {
+- func->caller_func = nested_funcs[i];
++ func->caller_func = nested_funcs[i].func;
+ break;
+ }
+- nested_funcs[nesting_level] = func;
++ nested_funcs[nesting_level].func = func;
+ }
+ else
+ {
+@@ -2541,12 +2564,13 @@
+ }
+
+ /* No inline function in scope at this nesting level. */
+- nested_funcs[nesting_level] = 0;
++ nested_funcs[nesting_level].func = 0;
+ }
+
+ for (i = 0; i < abbrev->num_attrs; ++i)
+ {
+- info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end);
++ info_ptr = read_attribute (&attr, &abbrev->attrs[i],
++ unit, info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+ goto fail;
+
+@@ -2565,8 +2589,10 @@
+
+ case DW_AT_abstract_origin:
+ case DW_AT_specification:
+- func->name = find_abstract_instance_name (unit, &attr,
+- &func->is_linkage);
++ if (!find_abstract_instance_name (unit, info_ptr, &attr,
++ &func->name,
++ &func->is_linkage))
++ goto fail;
+ break;
+
+ case DW_AT_name:
+@@ -2691,17 +2717,17 @@
+
+ if (nesting_level >= nested_funcs_size)
+ {
+- struct funcinfo **tmp;
++ struct nest_funcinfo *tmp;
+
+ nested_funcs_size *= 2;
+- tmp = (struct funcinfo **)
++ tmp = (struct nest_funcinfo *)
+ bfd_realloc (nested_funcs,
+- nested_funcs_size * sizeof (struct funcinfo *));
++ nested_funcs_size * sizeof (*nested_funcs));
+ if (tmp == NULL)
+ goto fail;
+ nested_funcs = tmp;
+ }
+- nested_funcs[nesting_level] = 0;
++ nested_funcs[nesting_level].func = 0;
+ }
+ }
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-08 12:45:10.614155229 +0530
++++ git/bfd/ChangeLog 2017-11-08 12:46:55.791054918 +0530
+@@ -1,3 +1,13 @@
++2017-09-24 Alan Modra <amodra@gmail.com>
++
++ PR 22187
++ * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
++ pname param. Return status. Make name const. Don't abort,
++ return an error. Formatting. Exit if current info_ptr matches
++ orig_info_ptr. Update callers.
++ (scan_unit_for_symbols): Start at nesting_level of zero. Make
++ nested_funcs an array of structs for extensibility. Formatting.
++
+ 2017-09-22 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/22170
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch
new file mode 100644
index 0000000..25d6f3a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch
@@ -0,0 +1,153 @@
+commit 1b86808a86077722ee4f42ff97f836b12420bb2a
+Author: Alan Modra <amodra@gmail.com>
+Date: Tue Sep 26 21:47:24 2017 +0930
+
+ PR22209, invalid memory read in find_abstract_instance_name
+
+ This patch adds bounds checking for DW_FORM_ref_addr die refs, and
+ calculates them relative to the first .debug_info section. See the
+ big comment for why calculating relative to the current .debug_info
+ section was wrong for relocatable object files.
+
+ PR 22209
+ * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
+ (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
+ to stash->info_ptr_memory, and check die_ref is within that memory.
+ Set info_ptr_end correctly when another CU is refd. Check die_ref
+ for DW_FORM_ref4 etc. is within CU.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15938
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c 2017-11-07 18:52:19.896253364 +0530
++++ git/bfd/dwarf2.c 2017-11-07 18:52:19.952253802 +0530
+@@ -119,8 +119,7 @@
+
+ /* A pointer to the memory block allocated for info_ptr. Neither
+ info_ptr nor sec_info_ptr are guaranteed to stay pointing to the
+- beginning of the malloc block. This is used only to free the
+- memory later. */
++ beginning of the malloc block. */
+ bfd_byte *info_ptr_memory;
+
+ /* Pointer to the symbol table. */
+@@ -238,9 +237,6 @@
+ by its reference. */
+ bfd_byte *info_ptr_unit;
+
+- /* Pointer to the start of the debug section, for DW_FORM_ref_addr. */
+- bfd_byte *sec_info_ptr;
+-
+ /* The offset into .debug_line of the line number table. */
+ unsigned long line_offset;
+
+@@ -2294,21 +2290,37 @@
+ if (attr_ptr->form == DW_FORM_ref_addr)
+ {
+ /* We only support DW_FORM_ref_addr within the same file, so
+- any relocations should be resolved already. */
+- if (!die_ref)
++ any relocations should be resolved already. Check this by
++ testing for a zero die_ref; There can't be a valid reference
++ to the header of a .debug_info section.
++ DW_FORM_ref_addr is an offset relative to .debug_info.
++ Normally when using the GNU linker this is accomplished by
++ emitting a symbolic reference to a label, because .debug_info
++ sections are linked at zero. When there are multiple section
++ groups containing .debug_info, as there might be in a
++ relocatable object file, it would be reasonable to assume that
++ a symbolic reference to a label in any .debug_info section
++ might be used. Since we lay out multiple .debug_info
++ sections at non-zero VMAs (see place_sections), and read
++ them contiguously into stash->info_ptr_memory, that means
++ the reference is relative to stash->info_ptr_memory. */
++ size_t total;
++
++ info_ptr = unit->stash->info_ptr_memory;
++ info_ptr_end = unit->stash->info_ptr_end;
++ total = info_ptr_end - info_ptr;
++ if (!die_ref || die_ref >= total)
+ {
+ _bfd_error_handler
+- (_("Dwarf Error: Abstract instance DIE ref zero."));
++ (_("Dwarf Error: Invalid abstract instance DIE ref."));
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+-
+- info_ptr = unit->sec_info_ptr + die_ref;
+- info_ptr_end = unit->end_ptr;
++ info_ptr += die_ref;
+
+ /* Now find the CU containing this pointer. */
+ if (info_ptr >= unit->info_ptr_unit && info_ptr < unit->end_ptr)
+- ;
++ info_ptr_end = unit->end_ptr;
+ else
+ {
+ /* Check other CUs to see if they contain the abbrev. */
+@@ -2324,7 +2336,10 @@
+ break;
+
+ if (u)
+- unit = u;
++ {
++ unit = u;
++ info_ptr_end = unit->end_ptr;
++ }
+ /* else FIXME: What do we do now ? */
+ }
+ }
+@@ -2346,8 +2361,22 @@
+ }
+ else
+ {
+- info_ptr = unit->info_ptr_unit + die_ref;
++ /* DW_FORM_ref1, DW_FORM_ref2, DW_FORM_ref4, DW_FORM_ref8 or
++ DW_FORM_ref_udata. These are all references relative to the
++ start of the current CU. */
++ size_t total;
++
++ info_ptr = unit->info_ptr_unit;
+ info_ptr_end = unit->end_ptr;
++ total = info_ptr_end - info_ptr;
++ if (!die_ref || die_ref >= total)
++ {
++ _bfd_error_handler
++ (_("Dwarf Error: Invalid abstract instance DIE ref."));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ info_ptr += die_ref;
+ }
+
+ abbrev_number = safe_read_leb128 (abfd, info_ptr, &bytes_read, FALSE, info_ptr_end);
+@@ -2846,7 +2875,6 @@
+ unit->end_ptr = end_ptr;
+ unit->stash = stash;
+ unit->info_ptr_unit = info_ptr_unit;
+- unit->sec_info_ptr = stash->sec_info_ptr;
+
+ for (i = 0; i < abbrev->num_attrs; ++i)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-11-07 18:52:19.900253395 +0530
++++ git/bfd/ChangeLog 2017-11-07 18:53:29.668799630 +0530
+@@ -1,3 +1,12 @@
++2017-09-26 Alan Modra <amodra@gmail.com>
++
++ PR 22209
++ * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
++ (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
++ to stash->info_ptr_memory, and check die_ref is within that memory.
++ Set info_ptr_end correctly when another CU is refd. Check die_ref
++ for DW_FORM_ref4 etc. is within CU.
++
+ 2017-09-24 Alan Modra <amodra@gmail.com>
+
+ PR 22187
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
new file mode 100644
index 0000000..eb9fc6f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
@@ -0,0 +1,40 @@
+commit 69ace2200106348a1b00d509a6a234337c104c17
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Dec 1 15:20:19 2016 +0000
+
+ Fix seg fault attempting to unget an EOF character.
+
+ PR gas/20898
+ * app.c (do_scrub_chars): Do not attempt to unget EOF.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7223
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog 2017-09-04 12:42:08.941602299 +0530
++++ git/gas/ChangeLog 2017-09-04 12:48:28.863820763 +0530
+@@ -1,3 +1,8 @@
++2016-12-01 Nick Clifton <nickc@redhat.com>
++
++ PR gas/20898
++ * app.c (do_scrub_chars): Do not attempt to unget EOF.
++
+ 2016-08-05 Nick Clifton <nickc@redhat.com>
+
+ PR gas/20364
+Index: git/gas/app.c
+===================================================================
+--- git.orig/gas/app.c 2017-09-04 12:42:05.261580103 +0530
++++ git/gas/app.c 2017-09-04 12:47:19.923428673 +0530
+@@ -1187,7 +1187,7 @@
+ state = -2;
+ break;
+ }
+- else
++ else if (ch2 != EOF)
+ {
+ UNGET (ch2);
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
new file mode 100644
index 0000000..fb9ce90
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
@@ -0,0 +1,48 @@
+commit e82ab856bb4689330c29fb9f1c57a8555b26380e
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Dec 1 10:49:39 2016 +0000
+
+ Fix a seg-fault disassembling a corrupt binary.
+
+ PR binutils/20892
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7224
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530
++++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530
+@@ -120,6 +120,10 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++ PR binutils/20892
++ * aoutx.h (find_nearest_line): Handle the case where the function
++ name is empty.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530
++++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530
+@@ -2819,6 +2819,13 @@
+ const char *function = func->name;
+ char *colon;
+
++ if (buf == NULL)
++ {
++ /* PR binutils/20892: In a corrupt input file func can be empty. */
++ * functionname_ptr = NULL;
++ return TRUE;
++ }
++
+ /* The caller expects a symbol name. We actually have a
+ function name, without the leading underscore. Put the
+ underscore back in, so that the caller gets a symbol name. */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
new file mode 100644
index 0000000..699905a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
@@ -0,0 +1,66 @@
+commit 50455f1ab2935f7321215dfa681745c9b1cb5b19
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Dec 1 10:15:07 2016 +0000
+
+ Fix seg-fault running addr2line on a corrupt binary.
+
+ PR binutils/20891
+ * aoutx.h (find_nearest_line): Handle the case where the main file
+ name and the directory name are both empty.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7225
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530
++++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530
+@@ -120,6 +120,12 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++2016-12-01 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/20891
++ * aoutx.h (find_nearest_line): Handle the case where the main file
++ name and the directory name are both empty.
++
+ PR binutils/20892
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530
++++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530
+@@ -2663,7 +2663,7 @@
+ char *buf;
+
+ *filename_ptr = abfd->filename;
+- *functionname_ptr = 0;
++ *functionname_ptr = NULL;
+ *line_ptr = 0;
+ if (disriminator_ptr)
+ *disriminator_ptr = 0;
+@@ -2808,9 +2808,17 @@
+ *filename_ptr = main_file_name;
+ else
+ {
+- sprintf (buf, "%s%s", directory_name, main_file_name);
+- *filename_ptr = buf;
+- buf += filelen + 1;
++ if (buf == NULL)
++ /* PR binutils/20891: In a corrupt input file both
++ main_file_name and directory_name can be empty... */
++ * filename_ptr = NULL;
++ else
++ {
++ snprintf (buf, filelen + 1, "%s%s", directory_name,
++ main_file_name);
++ *filename_ptr = buf;
++ buf += filelen + 1;
++ }
+ }
+ }
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch
new file mode 100644
index 0000000..7525f34
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch
@@ -0,0 +1,42 @@
+Fix seg-fault in the binutils utilities when reading a corrupt input file.
+
+PR binutils/20905
+* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+the end of the string buffer.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7226
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-08-23 13:59:16.868424171 +0530
++++ git/bfd/ChangeLog 2017-08-23 14:03:22.683013823 +0530
+@@ -39,6 +39,12 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++2016-12-05 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/20905
++ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
++ the end of the string buffer.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h 2017-08-23 13:59:06.948319100 +0530
++++ git/bfd/peicode.h 2017-08-23 13:59:16.920424722 +0530
+@@ -1264,7 +1264,8 @@
+ }
+
+ symbol_name = (char *) ptr;
+- source_dll = symbol_name + strlen (symbol_name) + 1;
++ /* See PR 20905 for an example of where the strnlen is necessary. */
++ source_dll = symbol_name + strnlen (symbol_name, size - 1) + 1;
+
+ /* Verify that the strings are null terminated. */
+ if (ptr[size - 1] != 0
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
new file mode 100644
index 0000000..1fa98e1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
@@ -0,0 +1,49 @@
+commit 406bd128dba2a59d0736839fc87a59bce319076c
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 16:00:43 2016 +0000
+
+ Fix seg-fault in linker when passed a bogus input script.
+
+ PR ld/20906
+ * ldlex.l: Check for bogus strings in linker scripts.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7227
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog 2017-09-04 13:18:09.660584245 +0530
++++ git/ld/ChangeLog 2017-09-04 13:20:34.286155911 +0530
+@@ -1,3 +1,8 @@
++2016-12-05 Nick Clifton <nickc@redhat.com>
++
++ PR ld/20906
++ * ldlex.l: Check for bogus strings in linker scripts.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+Index: git/ld/ldlex.l
+===================================================================
+--- git.orig/ld/ldlex.l 2017-09-04 13:18:09.692584605 +0530
++++ git/ld/ldlex.l 2017-09-04 13:22:54.483583368 +0530
+@@ -416,9 +416,15 @@
+
+ <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
+ /* No matter the state, quotes
+- give what's inside */
++ give what's inside. */
++ bfd_size_type len;
+ yylval.name = xstrdup (yytext + 1);
+- yylval.name[yyleng - 2] = 0;
++ /* PR ld/20906. A corrupt input file
++ can contain bogus strings. */
++ len = strlen (yylval.name);
++ if (len > yyleng - 2)
++ len = yyleng - 2;
++ yylval.name[len] = 0;
+ return NAME;
+ }
+ <BOTH,SCRIPT,EXPRESSION>"\n" { lineno++;}
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch
new file mode 100644
index 0000000..50a48bc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch
@@ -0,0 +1,47 @@
+commit d7f399a8de4c55eb841db6493597a587fac002de
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Dec 2 17:46:26 2016 +0000
+
+ Fix seg-fault in linker when passed a corrupt binary input file.
+
+ PR lf/20908
+ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
+ when following indirect links.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:26.337333504 +0530
++++ git/bfd/elflink.c 2017-09-20 14:20:19.000000000 +0530
+@@ -11201,6 +11201,12 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
++ /* See PR 20908 for a reproducer. */
++ if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
++ {
++ _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
++ goto error_return;
++ }
+ esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:20:19.000000000 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:23:48.743556932 +0530
+@@ -192,6 +192,10 @@
+
+ 2016-12-02 Nick Clifton <nickc@redhat.com>
+
++ PR lf/20908
++ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
++ when following indirect links.
++
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch
new file mode 100644
index 0000000..7691b12
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch
@@ -0,0 +1,120 @@
+commit a961cdd5f139d3c3e09170db52bd8df7dafae13f
+Author: Alan Modra <amodra@gmail.com>
+Date: Thu Dec 15 21:29:44 2016 +1030
+
+ Linking non-ELF file broken by PR20908 fix
+
+ PR ld/20968
+ PR ld/20908
+ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
+ reloc counting code later after ELF flavour test.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:28.133343092 +0530
++++ git/bfd/elflink.c 2017-09-20 14:15:28.189343391 +0530
+@@ -11201,13 +11201,6 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
+- /* See PR 20908 for a reproducer. */
+- if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
+- {
+- _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
+- goto error_return;
+- }
+- esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+ link. This will normally be every section. We need
+@@ -11218,37 +11211,18 @@
+ if (sec->flags & SEC_MERGE)
+ merged = TRUE;
+
+- if (esdo->this_hdr.sh_type == SHT_REL
+- || esdo->this_hdr.sh_type == SHT_RELA)
+- /* Some backends use reloc_count in relocation sections
+- to count particular types of relocs. Of course,
+- reloc sections themselves can't have relocations. */
+- reloc_count = 0;
+- else if (emit_relocs)
+- {
+- reloc_count = sec->reloc_count;
+- if (bed->elf_backend_count_additional_relocs)
+- {
+- int c;
+- c = (*bed->elf_backend_count_additional_relocs) (sec);
+- additional_reloc_count += c;
+- }
+- }
+- else if (bed->elf_backend_count_relocs)
+- reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
+-
+ if (sec->rawsize > max_contents_size)
+ max_contents_size = sec->rawsize;
+ if (sec->size > max_contents_size)
+ max_contents_size = sec->size;
+
+- /* We are interested in just local symbols, not all
+- symbols. */
+ if (bfd_get_flavour (sec->owner) == bfd_target_elf_flavour
+ && (sec->owner->flags & DYNAMIC) == 0)
+ {
+ size_t sym_count;
+
++ /* We are interested in just local symbols, not all
++ symbols. */
+ if (elf_bad_symtab (sec->owner))
+ sym_count = (elf_tdata (sec->owner)->symtab_hdr.sh_size
+ / bed->s->sizeof_sym);
+@@ -11262,6 +11236,27 @@
+ && elf_symtab_shndx_list (sec->owner) != NULL)
+ max_sym_shndx_count = sym_count;
+
++ if (esdo->this_hdr.sh_type == SHT_REL
++ || esdo->this_hdr.sh_type == SHT_RELA)
++ /* Some backends use reloc_count in relocation sections
++ to count particular types of relocs. Of course,
++ reloc sections themselves can't have relocations. */
++ ;
++ else if (emit_relocs)
++ {
++ reloc_count = sec->reloc_count;
++ if (bed->elf_backend_count_additional_relocs)
++ {
++ int c;
++ c = (*bed->elf_backend_count_additional_relocs) (sec);
++ additional_reloc_count += c;
++ }
++ }
++ else if (bed->elf_backend_count_relocs)
++ reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
++
++ esdi = elf_section_data (sec);
++
+ if ((sec->flags & SEC_RELOC) != 0)
+ {
+ size_t ext_size = 0;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:15:28.013342453 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:19:06.990419395 +0530
+@@ -156,6 +156,13 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++2016-12-15 Alan Modra <amodra@gmail.com>
++
++ PR ld/20968
++ PR ld/20908
++ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
++ reloc counting code later after ELF flavour test.
++
+ 2016-12-06 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20931
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
new file mode 100644
index 0000000..c4432e7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch
@@ -0,0 +1,55 @@
+From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 2 Dec 2016 16:41:14 +0000
+Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
+
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7300
+VER: < 2.27-r0.9.1
+Signed-off-by: Manjunath Matti <mmatti@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/aoutx.h | 3 +--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index d061e66..c8085e7 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -175,6 +175,12 @@
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
++2016-12-02 Nick Clifton <nickc@redhat.com>
++
++ PR ld/20909
++ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
++ for an illegal string offset.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
+diff --git a/bfd/aoutx.h b/bfd/aoutx.h
+index 4308679..b9ac2b7 100644
+--- a/bfd/aoutx.h
++++ b/bfd/aoutx.h
+@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+ continue;
+
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ name = strings + GET_WORD (abfd, p->e_strx);
+-
+ value = GET_WORD (abfd, p->e_value);
+ flags = BSF_GLOBAL;
+ string = NULL;
+--
+2.9.3
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
new file mode 100644
index 0000000..36b4259
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch
@@ -0,0 +1,52 @@
+commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 12:25:34 2016 +0000
+
+ Fix seg-fault in linker parsing a corrupt input file.
+
+ PR ld/20924
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7301
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/ChangeLog 2017-09-04 15:51:36.573466525 +0530
+@@ -120,6 +120,10 @@
+ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+ the end of the string buffer.
+
++ PR ld/20924
++ (aout_link_add_symbols): Fix off by one error checking for
++ overflow of string offset.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/aoutx.h 2017-09-04 15:49:36.500479341 +0530
+@@ -3091,7 +3091,7 @@
+ BFD_ASSERT (p + 1 < pend);
+ ++p;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ string = strings + GET_WORD (abfd, p->e_strx);
+ section = bfd_ind_section_ptr;
+@@ -3127,7 +3127,7 @@
+ ++p;
+ string = name;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ return FALSE;
+ name = strings + GET_WORD (abfd, p->e_strx);
+ section = bfd_und_section_ptr;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch
new file mode 100644
index 0000000..a45de0e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch
@@ -0,0 +1,81 @@
+commit e2996cc315d6ea242e1a954dc20246485ccc8512
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 14:32:30 2016 +0000
+
+ Fix seg-fault running strip on a corrupt binary.
+
+ PR binutils/20921
+ * aoutx.h (squirt_out_relocs): Check for and report any relocs
+ that could not be recognised.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7302
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 15:57:38.564419146 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:02:31.994883900 +0530
+@@ -124,6 +124,10 @@
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
++ PR binutils/20921
++ * aoutx.h (squirt_out_relocs): Check for and report any relocs
++ that could not be recognised.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h 2017-09-04 15:57:38.564419146 +0530
++++ git/bfd/aoutx.h 2017-09-04 16:01:08.830188291 +0530
+@@ -1952,6 +1952,7 @@
+
+ PUT_WORD (abfd, g->address, natptr->r_address);
+
++ BFD_ASSERT (g->howto != NULL);
+ r_length = g->howto->size ; /* Size as a power of two. */
+ r_pcrel = (int) g->howto->pc_relative; /* Relative to PC? */
+ /* XXX This relies on relocs coming from a.out files. */
+@@ -2390,16 +2391,34 @@
+ for (natptr = native;
+ count != 0;
+ --count, natptr += each_size, ++generic)
+- MY_swap_ext_reloc_out (abfd, *generic,
+- (struct reloc_ext_external *) natptr);
++ {
++ if ((*generic)->howto == NULL)
++ {
++ bfd_set_error (bfd_error_invalid_operation);
++ _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd);
++ return FALSE;
++ }
++ MY_swap_ext_reloc_out (abfd, *generic,
++ (struct reloc_ext_external *) natptr);
++ }
+ }
+ else
+ {
+ for (natptr = native;
+ count != 0;
+ --count, natptr += each_size, ++generic)
+- MY_swap_std_reloc_out (abfd, *generic,
+- (struct reloc_std_external *) natptr);
++ {
++ /* PR 20921: If the howto field has not been initialised then skip
++ this reloc. */
++ if ((*generic)->howto == NULL)
++ {
++ bfd_set_error (bfd_error_invalid_operation);
++ _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd);
++ return FALSE;
++ }
++ MY_swap_std_reloc_out (abfd, *generic,
++ (struct reloc_std_external *) natptr);
++ }
+ }
+
+ if (bfd_bwrite ((void *) native, natsize, abfd) != natsize)
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
new file mode 100644
index 0000000..59a3b17
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
@@ -0,0 +1,55 @@
+commit a55c9876bb111fd301b4762cf501de0040b8f9db
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Dec 5 13:35:50 2016 +0000
+
+ Fix seg-fault attempting to strip a corrupt binary.
+
+ PR binutils/20922
+ * elf.c (find_link): Check for null headers before attempting to
+ match them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7303
+Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 16:06:08.996688391 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:09:26.810320541 +0530
+@@ -124,6 +124,10 @@
+ (aout_link_add_symbols): Fix off by one error checking for
+ overflow of string offset.
+
++ PR binutils/20922
++ * elf.c (find_link): Check for null headers before attempting to
++ match them.
++
+ PR binutils/20921
+ * aoutx.h (squirt_out_relocs): Check for and report any relocs
+ that could not be recognised.
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 16:05:55.612577527 +0530
++++ git/bfd/elf.c 2017-09-04 16:08:35.709900050 +0530
+@@ -1249,13 +1249,19 @@
+ Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
+ unsigned int i;
+
+- if (section_match (oheaders[hint], iheader))
++ BFD_ASSERT (iheader != NULL);
++
++ /* See PR 20922 for a reproducer of the NULL test. */
++ if (oheaders[hint] != NULL
++ && section_match (oheaders[hint], iheader))
+ return hint;
+
+ for (i = 1; i < elf_numsections (obfd); i++)
+ {
+ Elf_Internal_Shdr * oheader = oheaders[i];
+
++ if (oheader == NULL)
++ continue;
+ if (section_match (oheader, iheader))
+ /* FIXME: Do we care if there is a potential for
+ multiple matches ? */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
new file mode 100644
index 0000000..817a3f0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch
@@ -0,0 +1,53 @@
+commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
+Author: Nick Clifton <nickc@redhat.com>
+Date: Tue Dec 6 16:53:57 2016 +0000
+
+ Fix seg-fault in strip when copying a corrupt binary.
+
+ PR binutils/20931
+ * elf.c (copy_special_section_fields): Check for an invalid
+ sh_link field before attempting to follow it.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7304
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/ChangeLog 2017-09-04 16:16:25.173745111 +0530
+@@ -114,6 +114,12 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++ 2016-12-06 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/20931
++ * elf.c (copy_special_section_fields): Check for an invalid
++ sh_link field before attempting to follow it.
++
+ 2016-12-05 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20905
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/elf.c 2017-09-04 16:15:38.257359045 +0530
+@@ -1324,6 +1324,16 @@
+ in the input bfd. */
+ if (iheader->sh_link != SHN_UNDEF)
+ {
++ /* See PR 20931 for a reproducer. */
++ if (iheader->sh_link >= elf_numsections (ibfd))
++ {
++ (* _bfd_error_handler)
++ /* xgettext:c-format */
++ (_("%B: Invalid sh_link field (%d) in section number %d"),
++ ibfd, iheader->sh_link, secnum);
++ return FALSE;
++ }
++
+ sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
+ if (sh_link != SHN_UNDEF)
+ {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
new file mode 100644
index 0000000..0fb32b3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
@@ -0,0 +1,105 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+ PR binutils/21342
+ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+ dereference.
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
+
+CVE: CVE-2017-7614
+
+Singed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c
++++ git/bfd/elflink.c
+@@ -118,15 +118,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+ defined in shared libraries can't be overridden, because we
+ lose the link to the bfd which is via the symbol section. */
+ h->root.type = bfd_link_hash_new;
++ bh = &h->root;
+ }
++ else
++ bh = NULL;
+
+- bh = &h->root;
+ bed = get_elf_backend_data (abfd);
+ if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+ sec, 0, NULL, FALSE, bed->collect,
+ &bh))
+ return NULL;
+ h = (struct elf_link_hash_entry *) bh;
++ BFD_ASSERT (h != NULL);
+ h->def_regular = 1;
+ h->non_elf = 0;
+ h->root.linker_def = 1;
+@@ -11789,24 +11792,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
+ {
+ /* Finish up and write out the symbol string table (.strtab)
+ section. */
+- Elf_Internal_Shdr *symstrtab_hdr;
++ Elf_Internal_Shdr *symstrtab_hdr = NULL;
+ file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+
+- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ if (elf_symtab_shndx_list (abfd))
+ {
+- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_size = amt;
++ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+
+- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+- off, TRUE);
++ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ {
++ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_size = amt;
+
+- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+- || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+- return FALSE;
++ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++ off, TRUE);
++
++ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++ || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++ return FALSE;
++ }
+ }
+
+ symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-04-04 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21342
++ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
++ dereference.
++ (bfd_elf_final_link): Only initialize the extended symbol index
++ section if there are extended symbol tables to list.
++
+ 2016-08-02 Nick Clifton <nickc@redhat.com>
+
+ PR ld/17739
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
new file mode 100644
index 0000000..96fe9e3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
@@ -0,0 +1,201 @@
+commit bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
+Author: Alan Modra <amodra@gmail.com>
+Date: Sun Apr 23 11:03:34 2017 +0930
+
+ PR 21412, get_reloc_section assumes .rel/.rela name for SHT_REL/RELA.
+
+ This patch fixes an assumption made by code that runs for objcopy and
+ strip, that SHT_REL/SHR_RELA sections are always named starting with a
+ .rel/.rela prefix. I'm also modifying the interface for
+ elf_backend_get_reloc_section, so any backend function just needs to
+ handle name mapping.
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+ parameters and comment.
+ (_bfd_elf_get_reloc_section): Delete.
+ (_bfd_elf_plt_get_reloc_section): Declare.
+ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
+ New functions. Don't blindly skip over assumed .rel/.rela prefix.
+ Extracted from..
+ (_bfd_elf_get_reloc_section): ..here. Delete.
+ (assign_section_numbers): Call elf_get_reloc_section.
+ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
+ * elfxx-target.h (elf_backend_get_reloc_section): Update.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8393
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elf-bfd.h
+===================================================================
+--- git.orig/bfd/elf-bfd.h 2017-09-04 17:43:22.156623008 +0530
++++ git/bfd/elf-bfd.h 2017-09-04 17:43:33.836716941 +0530
+@@ -1298,8 +1298,10 @@
+ bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec,
+ bfd_vma *code_off);
+
+- /* Return the section which RELOC_SEC applies to. */
+- asection *(*get_reloc_section) (asection *reloc_sec);
++ /* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
++ asection *(*get_reloc_section) (bfd *abfd, const char *name);
+
+ /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
+ has a type >= SHT_LOOS. Returns TRUE if the fields were initialised,
+@@ -2358,7 +2360,7 @@
+ extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *,
+ bfd_vma *);
+
+-extern asection *_bfd_elf_get_reloc_section (asection *);
++extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *);
+
+ extern int bfd_elf_get_default_section_type (flagword);
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-04 17:43:33.780716491 +0530
++++ git/bfd/elf.c 2017-09-04 17:43:33.836716941 +0530
+@@ -3493,17 +3493,39 @@
+ H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+
+-/* Return the section which RELOC_SEC applies to. */
++/* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
+
+ asection *
+-_bfd_elf_get_reloc_section (asection *reloc_sec)
++_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name)
++{
++ /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
++ section likely apply to .got.plt or .got section. */
++ if (get_elf_backend_data (abfd)->want_got_plt
++ && strcmp (name, ".plt") == 0)
++ {
++ asection *sec;
++
++ name = ".got.plt";
++ sec = bfd_get_section_by_name (abfd, name);
++ if (sec != NULL)
++ return sec;
++ name = ".got";
++ }
++
++ return bfd_get_section_by_name (abfd, name);
++}
++
++/* Return the section to which RELOC_SEC applies. */
++
++static asection *
++elf_get_reloc_section (asection *reloc_sec)
+ {
+ const char *name;
+ unsigned int type;
+ bfd *abfd;
+-
+- if (reloc_sec == NULL)
+- return NULL;
++ const struct elf_backend_data *bed;
+
+ type = elf_section_data (reloc_sec)->this_hdr.sh_type;
+ if (type != SHT_REL && type != SHT_RELA)
+@@ -3511,28 +3533,15 @@
+
+ /* We look up the section the relocs apply to by name. */
+ name = reloc_sec->name;
+- if (type == SHT_REL)
+- name += 4;
+- else
+- name += 5;
++ if (strncmp (name, ".rel", 4) != 0)
++ return NULL;
++ name += 4;
++ if (type == SHT_RELA && *name++ != 'a')
++ return NULL;
+
+- /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
+- section apply to .got.plt section. */
+ abfd = reloc_sec->owner;
+- if (get_elf_backend_data (abfd)->want_got_plt
+- && strcmp (name, ".plt") == 0)
+- {
+- /* .got.plt is a linker created input section. It may be mapped
+- to some other output section. Try two likely sections. */
+- name = ".got.plt";
+- reloc_sec = bfd_get_section_by_name (abfd, name);
+- if (reloc_sec != NULL)
+- return reloc_sec;
+- name = ".got";
+- }
+-
+- reloc_sec = bfd_get_section_by_name (abfd, name);
+- return reloc_sec;
++ bed = get_elf_backend_data (abfd);
++ return bed->get_reloc_section (abfd, name);
+ }
+
+ /* Assign all ELF section numbers. The dummy first section is handled here
+@@ -3790,7 +3799,7 @@
+ if (s != NULL)
+ d->this_hdr.sh_link = elf_section_data (s)->this_idx;
+
+- s = get_elf_backend_data (abfd)->get_reloc_section (sec);
++ s = elf_get_reloc_section (sec);
+ if (s != NULL)
+ {
+ d->this_hdr.sh_info = elf_section_data (s)->this_idx;
+Index: git/bfd/elfxx-target.h
+===================================================================
+--- git.orig/bfd/elfxx-target.h 2017-09-04 17:43:22.216623490 +0530
++++ git/bfd/elfxx-target.h 2017-09-04 17:43:33.836716941 +0530
+@@ -686,7 +686,7 @@
+ #endif
+
+ #ifndef elf_backend_get_reloc_section
+-#define elf_backend_get_reloc_section _bfd_elf_get_reloc_section
++#define elf_backend_get_reloc_section _bfd_elf_plt_get_reloc_section
+ #endif
+
+ #ifndef elf_backend_copy_special_section_fields
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 17:43:33.780716491 +0530
++++ git/bfd/ChangeLog 2017-09-04 17:45:58.349944078 +0530
+@@ -82,6 +82,21 @@
+
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
++2017-04-23 Alan Modra <amodra@gmail.com>
++
++ PR 21412
++ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
++ parameters and comment.
++ (_bfd_elf_get_reloc_section): Delete.
++ (_bfd_elf_plt_get_reloc_section): Declare.
++ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
++ New functions. Don't blindly skip over assumed .rel/.rela prefix.
++ Extracted from..
++ (_bfd_elf_get_reloc_section): ..here. Delete.
++ (assign_section_numbers): Call elf_get_reloc_section.
++ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
++ * elfxx-target.h (elf_backend_get_reloc_section): Update.
++
+ 2017-04-13 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21379
+Index: git/bfd/elf64-ppc.c
+===================================================================
+--- git.orig/bfd/elf64-ppc.c 2017-09-04 17:43:22.200623362 +0530
++++ git/bfd/elf64-ppc.c 2017-09-04 17:47:04.458511122 +0530
+@@ -117,6 +117,7 @@
+ #define elf_backend_link_output_symbol_hook ppc64_elf_output_symbol_hook
+ #define elf_backend_special_sections ppc64_elf_special_sections
+ #define elf_backend_merge_symbol_attribute ppc64_elf_merge_symbol_attribute
++#define elf_backend_get_reloc_section bfd_get_section_by_name
+
+ /* The name of the dynamic interpreter. This is put in the .interp
+ section. */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
new file mode 100644
index 0000000..14ee191
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,114 @@
+commit 7eacd66b086cabb1daab20890d5481894d4f56b2
+Author: Alan Modra <amodra@gmail.com>
+Date: Sun Apr 23 15:21:11 2017 +0930
+
+ PR 21414, null pointer deref of _bfd_elf_large_com_section sym
+
+ PR 21414
+ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+ * elf.c (lcomm_sym): New.
+ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+ * bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8394
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h 2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/bfd-in2.h 2017-09-20 12:54:44.903476171 +0530
+@@ -1805,6 +1805,18 @@
+ { NULL }, { NULL } \
+ }
+
++/* We use a macro to initialize the static asymbol structures because
++ traditional C does not permit us to initialize a union member while
++ gcc warns if we don't initialize it.
++ the_bfd, name, value, attr, section [, udata] */
++#ifdef __STDC__
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++#else
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++#endif
++
+ void bfd_section_list_clear (bfd *);
+
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c 2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/section.c 2017-09-20 12:54:44.903476171 +0530
+@@ -738,20 +738,20 @@
+ . { NULL }, { NULL } \
+ . }
+ .
++.{* We use a macro to initialize the static asymbol structures because
++. traditional C does not permit us to initialize a union member while
++. gcc warns if we don't initialize it.
++. the_bfd, name, value, attr, section [, udata] *}
++.#ifdef __STDC__
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++.#else
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++.#endif
++.
+ */
+
+-/* We use a macro to initialize the static asymbol structures because
+- traditional C does not permit us to initialize a union member while
+- gcc warns if we don't initialize it. */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD. Therefore, anything
+ that tries to change them is broken, and should be repaired. */
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 12:54:44.735475444 +0530
++++ git/bfd/ChangeLog 2017-09-20 12:54:44.903476171 +0530
+@@ -102,6 +102,14 @@
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
+ 2017-04-23 Alan Modra <amodra@gmail.com>
++
++ PR 21414
++ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
++ * elf.c (lcomm_sym): New.
++ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
++ * bfd-in2.h: Regenerate.
++
++2017-04-23 Alan Modra <amodra@gmail.com>
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/elf.c 2017-09-20 13:00:22.636091768 +0530
+@@ -10986,9 +10986,11 @@
+
+ /* It is only used by x86-64 so far.
+ ??? This repeats *COM* id of zero. sec->id is supposed to be unique,
+- but current usage would allow all of _bfd_std_section to be zero. t*/
++ but current usage would allow all of _bfd_std_section to be zero. */
++static const asymbol lcomm_sym
++ = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+- = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
+ "LARGE_COMMON", 0, SEC_IS_COMMON);
+
+ void
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch
new file mode 100644
index 0000000..e1dfd8b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch
@@ -0,0 +1,80 @@
+commit 821e6ff6299aa39e841ca50e1ae8a98e3554fd5f
+Author: Alan Modra <amodra@gmail.com>
+Date: Wed Oct 12 09:41:33 2016 +1030
+
+ BFD_FAKE_SECTION macro params
+
+ Order NAME, IDX, FLAGS as per STD_SECTION macro.
+
+ * section.c (BFD_FAKE_SECTION): Reorder parameters. Formatting.
+ (STD_SECTION): Adjust to suit.
+ * elf.c (_bfd_elf_large_com_section): Likewise.
+ * bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8394
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h 2017-09-20 12:54:42.423465338 +0530
++++ git/bfd/bfd-in2.h 2017-09-20 13:02:48.000000000 +0530
+@@ -1767,9 +1767,9 @@
+ #define bfd_section_removed_from_list(ABFD, S) \
+ ((S)->next == NULL ? (ABFD)->section_last != (S) : (S)->next->prev != (S))
+
+-#define BFD_FAKE_SECTION(SEC, FLAGS, SYM, NAME, IDX) \
++#define BFD_FAKE_SECTION(SEC, SYM, NAME, IDX, FLAGS) \
+ /* name, id, index, next, prev, flags, user_set_vma, */ \
+- { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
++ { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
+ \
+ /* linker_mark, linker_has_input, gc_mark, decompress_status, */ \
+ 0, 0, 1, 0, \
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c 2017-09-20 12:54:44.503474440 +0530
++++ git/bfd/elf.c 2017-09-20 13:02:48.000000000 +0530
+@@ -10984,10 +10984,12 @@
+ return n;
+ }
+
+-/* It is only used by x86-64 so far. */
++/* It is only used by x86-64 so far.
++ ??? This repeats *COM* id of zero. sec->id is supposed to be unique,
++ but current usage would allow all of _bfd_std_section to be zero. t*/
+ asection _bfd_elf_large_com_section
+- = BFD_FAKE_SECTION (_bfd_elf_large_com_section,
+- SEC_IS_COMMON, NULL, "LARGE_COMMON", 0);
++ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++ "LARGE_COMMON", 0, SEC_IS_COMMON);
+
+ void
+ _bfd_elf_post_process_headers (bfd * abfd,
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c 2017-09-20 12:54:43.815471454 +0530
++++ git/bfd/section.c 2017-09-20 13:02:48.000000000 +0530
+@@ -700,9 +700,9 @@
+ .#define bfd_section_removed_from_list(ABFD, S) \
+ . ((S)->next == NULL ? (ABFD)->section_last != (S) : (S)->next->prev != (S))
+ .
+-.#define BFD_FAKE_SECTION(SEC, FLAGS, SYM, NAME, IDX) \
++.#define BFD_FAKE_SECTION(SEC, SYM, NAME, IDX, FLAGS) \
+ . {* name, id, index, next, prev, flags, user_set_vma, *} \
+-. { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
++. { NAME, IDX, 0, NULL, NULL, FLAGS, 0, \
+ . \
+ . {* linker_mark, linker_has_input, gc_mark, decompress_status, *} \
+ . 0, 0, 1, 0, \
+@@ -764,7 +764,7 @@
+ };
+
+ #define STD_SECTION(NAME, IDX, FLAGS) \
+- BFD_FAKE_SECTION(_bfd_std_section[IDX], FLAGS, &global_syms[IDX], NAME, IDX)
++ BFD_FAKE_SECTION(_bfd_std_section[IDX], &global_syms[IDX], NAME, IDX, FLAGS)
+
+ asection _bfd_std_section[] = {
+ STD_SECTION (BFD_COM_SECTION_NAME, 0, SEC_IS_COMMON),
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
new file mode 100644
index 0000000..42793e1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
+commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Apr 26 13:07:49 2017 +0100
+
+ Fix seg-fault attempting to compress a debug section in a corrupt binary.
+
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8395
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530
++++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530
+@@ -534,7 +534,6 @@
+ {
+ bfd_size_type uncompressed_size;
+ bfd_byte *uncompressed_buffer;
+- bfd_boolean ret;
+
+ /* Error if not opened for read. */
+ if (abfd->direction != read_direction
+@@ -550,18 +549,18 @@
+ /* Read in the full section contents and compress it. */
+ uncompressed_size = sec->size;
+ uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
++ /* PR 21431 */
++ if (uncompressed_buffer == NULL)
++ return FALSE;
++
+ if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+ 0, uncompressed_size))
+- ret = FALSE;
+- else
+- {
+- uncompressed_size = bfd_compress_section_contents (abfd, sec,
+- uncompressed_buffer,
+- uncompressed_size);
+- ret = uncompressed_size != 0;
+- }
++ return FALSE;
+
+- return ret;
++ uncompressed_size = bfd_compress_section_contents (abfd, sec,
++ uncompressed_buffer,
++ uncompressed_size);
++ return uncompressed_size != 0;
+ }
+
+ /*
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530
++++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530
+@@ -73,6 +73,12 @@
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
++2017-04-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21431
++ * compress.c (bfd_init_section_compress_status): Check the return
++ value from bfd_malloc.
++
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove error reporting from
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch
new file mode 100644
index 0000000..b1bf92f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch
@@ -0,0 +1,102 @@
+commit a941291cab71b9ac356e1c03968c177c03e602ab
+Author: Alan Modra <amodra@gmail.com>
+Date: Sat Apr 29 14:48:16 2017 +0930
+
+ PR21432, buffer overflow in perform_relocation
+
+ The existing reloc offset range tests didn't catch small negative
+ offsets less than the size of the reloc field.
+
+ PR 21432
+ * reloc.c (reloc_offset_in_range): New function.
+ (bfd_perform_relocation, bfd_install_relocation): Use it.
+ (_bfd_final_link_relocate): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8396
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c 2017-09-05 18:12:07.448886623 +0530
++++ git/bfd/reloc.c 2017-09-05 18:12:07.564887511 +0530
+@@ -538,6 +538,22 @@
+ return flag;
+ }
+
++/* HOWTO describes a relocation, at offset OCTET. Return whether the
++ relocation field is within SECTION of ABFD. */
++
++static bfd_boolean
++reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
++ asection *section, bfd_size_type octet)
++{
++ bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
++ bfd_size_type reloc_size = bfd_get_reloc_size (howto);
++
++ /* The reloc field must be contained entirely within the section.
++ Allow zero length fields (marker relocs or NONE relocs where no
++ relocation will be performed) at the end of the section. */
++ return octet <= octet_end && octet + reloc_size <= octet_end;
++}
++
+ /*
+ FUNCTION
+ bfd_perform_relocation
+@@ -618,15 +634,9 @@
+ return cont;
+ }
+
+- /* Is the address of the relocation really within the section?
+- Include the size of the reloc in the test for out of range addresses.
+- PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
++ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section)
+- /* Check for an overly large offset which
+- masquerades as a negative value too. */
+- || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1010,8 +1020,7 @@
+
+ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1349,8 +1358,7 @@
+ bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+
+ /* Sanity check the address. */
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (input_bfd, input_section))
++ if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-05 18:12:07.448886623 +0530
++++ git/bfd/ChangeLog 2017-09-05 18:13:46.745645897 +0530
+@@ -73,6 +73,13 @@
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
++2017-04-29 Alan Modra <amodra@gmail.com>
++
++ PR 21432
++ * reloc.c (reloc_offset_in_range): New function.
++ (bfd_perform_relocation, bfd_install_relocation): Use it.
++ (_bfd_final_link_relocate): Likewise.
++
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21434
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch
new file mode 100644
index 0000000..f966c80
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch
@@ -0,0 +1,50 @@
+commit 04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Apr 26 16:30:22 2017 +0100
+
+ Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative addresses.
+
+ PR binutils/21434
+ * reloc.c (bfd_perform_relocation): Check for a negative address
+ in the reloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8397
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c 2017-09-04 18:06:00.651987605 +0530
++++ git/bfd/reloc.c 2017-09-04 18:06:10.740066291 +0530
+@@ -623,7 +623,10 @@
+ PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+ if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ > bfd_get_section_limit_octets (abfd, input_section)
++ /* Check for an overly large offset which
++ masquerades as a negative value too. */
++ || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-04 18:06:10.684065855 +0530
++++ git/bfd/ChangeLog 2017-09-04 18:08:33.845183050 +0530
+@@ -75,6 +75,12 @@
+
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21434
++ * reloc.c (bfd_perform_relocation): Check for a negative address
++ in the reloc.
++
++2017-04-26 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
new file mode 100644
index 0000000..23d5085
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
@@ -0,0 +1,147 @@
+commit d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Apr 28 10:28:04 2017 +0100
+
+ Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.
+
+ PR binutils/21438
+ * dwarf.c (process_extended_line_op): Do not assume that the
+ string extracted from the section is NUL terminated.
+ (fetch_indirect_string): If the string retrieved from the section
+ is not NUL terminated, return an error message.
+ (fetch_indirect_line_string): Likewise.
+ (fetch_indexed_string): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8398
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c 2017-09-20 13:40:17.148898512 +0530
++++ git/binutils/dwarf.c 2017-09-20 13:45:17.564730907 +0530
+@@ -472,15 +472,20 @@
+ printf (_(" Entry\tDir\tTime\tSize\tName\n"));
+ printf (" %d\t", ++state_machine_regs.last_file_entry);
+
+- name = data;
+- data += strnlen ((char *) data, end - data) + 1;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\n\n", name);
++ {
++ size_t l;
++
++ name = data;
++ l = strnlen ((char *) data, end - data);
++ data += len + 1;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%.*s\n\n", (int) l, name);
++ }
+
+ if (((unsigned int) (data - orig_data) != len) || data == end)
+ warn (_("DW_LNE_define_file: Bad opcode length\n"));
+@@ -597,18 +602,28 @@
+ fetch_indirect_string (dwarf_vma offset)
+ {
+ struct dwarf_section *section = &debug_displays [str].section;
++ const unsigned char * ret;
+
+ if (section->start == NULL)
+ return (const unsigned char *) _("<no .debug_str section>");
+
+- if (offset > section->size)
++ if (offset >= section->size)
+ {
+ warn (_("DW_FORM_strp offset too big: %s\n"),
+ dwarf_vmatoa ("x", offset));
+ return (const unsigned char *) _("<offset is too big>");
+ }
+
+- return (const unsigned char *) section->start + offset;
++ ret = section->start + offset;
++ /* Unfortunately we cannot rely upon the .debug_str section ending with a
++ NUL byte. Since our caller is expecting to receive a well formed C
++ string we test for the lack of a terminating byte here. */
++ if (strnlen ((const char *) ret, section->size - offset)
++ == section->size - offset)
++ ret = (const unsigned char *)
++ _("<no NUL byte at end of .debug_str section>");
++
++ return ret;
+ }
+
+ static const char *
+@@ -621,6 +636,7 @@
+ struct dwarf_section *str_section = &debug_displays [str_sec_idx].section;
+ dwarf_vma index_offset = idx * offset_size;
+ dwarf_vma str_offset;
++ const char * ret;
+
+ if (index_section->start == NULL)
+ return (dwo ? _("<no .debug_str_offsets.dwo section>")
+@@ -628,7 +644,7 @@
+
+ if (this_set != NULL)
+ index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS];
+- if (index_offset > index_section->size)
++ if (index_offset >= index_section->size)
+ {
+ warn (_("DW_FORM_GNU_str_index offset too big: %s\n"),
+ dwarf_vmatoa ("x", index_offset));
+@@ -641,14 +657,22 @@
+
+ str_offset = byte_get (index_section->start + index_offset, offset_size);
+ str_offset -= str_section->address;
+- if (str_offset > str_section->size)
++ if (str_offset >= str_section->size)
+ {
+ warn (_("DW_FORM_GNU_str_index indirect offset too big: %s\n"),
+ dwarf_vmatoa ("x", str_offset));
+ return _("<indirect index offset is too big>");
+ }
+
+- return (const char *) str_section->start + str_offset;
++ ret = (const char *) str_section->start + str_offset;
++ /* Unfortunately we cannot rely upon str_section ending with a NUL byte.
++ Since our caller is expecting to receive a well formed C string we test
++ for the lack of a terminating byte here. */
++ if (strnlen (ret, str_section->size - str_offset)
++ == str_section->size - str_offset)
++ ret = (const char *) _("<no NUL byte at end of section>");
++
++ return ret;
+ }
+
+ static const char *
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-20 13:40:18.900898599 +0530
++++ git/binutils/ChangeLog 2017-09-20 13:48:02.976503560 +0530
+@@ -10,6 +10,16 @@
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
++2017-04-28 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21438
++ * dwarf.c (process_extended_line_op): Do not assume that the
++ string extracted from the section is NUL terminated.
++ (fetch_indirect_string): If the string retrieved from the section
++ is not NUL terminated, return an error message.
++ (fetch_indirect_line_string): Likewise.
++ (fetch_indexed_string): Likewise.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
new file mode 100644
index 0000000..da6e475
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@@ -0,0 +1,51 @@
+commit 39ff1b79f687b65f4144ddb379f22587003443fb
+Author: Nick Clifton <nickc@redhat.com>
+Date: Tue May 2 11:54:53 2017 +0100
+
+ Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
+
+ PR 21440
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8421
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-05 11:34:23.140802515 +0530
++++ git/binutils/objdump.c 2017-09-05 11:34:28.716824776 +0530
+@@ -3238,6 +3238,14 @@
+ return;
+ }
+
++ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
++ && relsize > get_file_size (bfd_get_filename (abfd)))
++ {
++ printf (" (too many: 0x%x)\n", section->reloc_count);
++ bfd_set_error (bfd_error_file_truncated);
++ bfd_fatal (bfd_get_filename (abfd));
++ }
++
+ relpp = (arelent **) xmalloc (relsize);
+ relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-05 11:34:28.040822070 +0530
++++ git/binutils/ChangeLog 2017-09-05 11:36:02.413217129 +0530
+@@ -4,6 +4,12 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-05-02 Nick Clifton <nickc@redhat.com>
++
++ PR 21440
++ * objdump.c (dump_relocs_in_section): Check for an excessive
++ number of relocs before attempting to dump them.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch
new file mode 100644
index 0000000..afc14d1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch
@@ -0,0 +1,51 @@
+From f32ba72991d2406b21ab17edc234a2f3fa7fb23d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:01:45 +0100
+Subject: [PATCH] readelf: Update check for invalid word offsets in ARM unwind
+ information.
+
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+Affects: binutils <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -7745,9 +7745,9 @@ get_unwind_section_word (struct arm_unw_
+ return FALSE;
+
+ /* If the offset is invalid then fail. */
+- if (word_offset > (sec->sh_size - 4)
+- /* PR 18879 */
+- || (sec->sh_size < 5 && word_offset >= sec->sh_size)
++ if (/* PR 21343 *//* PR 18879 */
++ sec->sh_size < 4
++ || word_offset > (sec->sh_size - 4)
+ || ((bfd_signed_vma) word_offset) < 0)
+ return FALSE;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-04-03 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21343
++ * readelf.c (get_unwind_section_word): Fix snafu checking for
++ invalid word offsets in ARM unwind information.
++
+ 2017-04-04 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21342
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
new file mode 100644
index 0000000..41f2b6e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
@@ -0,0 +1,72 @@
+From 75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:13:21 +0100
+Subject: [PATCH] Fix runtime seg-fault in readelf when parsing a corrupt MIPS
+ binary.
+
+ PR binutils/21344
+ * readelf.c (process_mips_specific): Check for an out of range GOT
+ entry before reading the module pointer.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039 supporting patch
+VER: <= 2.28
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 26 ++++++++++++++++++--------
+ 2 files changed, 24 insertions(+), 8 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -14987,14 +14987,24 @@ process_mips_specific (FILE * file)
+ printf (_(" Lazy resolver\n"));
+ if (ent == (bfd_vma) -1)
+ goto got_print_fail;
+- if (data
+- && (byte_get (data + ent - pltgot, addr_size)
+- >> (addr_size * 8 - 1)) != 0)
++
++ if (data)
+ {
+- ent = print_mips_got_entry (data, pltgot, ent, data_end);
+- printf (_(" Module pointer (GNU extension)\n"));
+- if (ent == (bfd_vma) -1)
+- goto got_print_fail;
++ /* PR 21344 */
++ if (data + ent - pltgot > data_end - addr_size)
++ {
++ error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
++ goto got_print_fail;
++ }
++
++ if (byte_get (data + ent - pltgot, addr_size)
++ >> (addr_size * 8 - 1) != 0)
++ {
++ ent = print_mips_got_entry (data, pltgot, ent, data_end);
++ printf (_(" Module pointer (GNU extension)\n"));
++ if (ent == (bfd_vma) -1)
++ goto got_print_fail;
++ }
+ }
+ printf ("\n");
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-04-03 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21344
++ * readelf.c (process_mips_specific): Check for an out of range GOT
++ entry before reading the module pointer.
++
++2017-04-03 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch
new file mode 100644
index 0000000..ee827ee
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch
@@ -0,0 +1,56 @@
+From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 12:14:06 +0100
+Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a
+ binary with an excessive number of program headers.
+
+ PR binutils/21345
+ * readelf.c (get_program_headers): Check for there being too many
+ program headers before attempting to allocate space for them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 17 ++++++++++++++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -4705,9 +4705,19 @@ get_program_headers (FILE * file)
+ if (program_headers != NULL)
+ return 1;
+
+- phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
+- sizeof (Elf_Internal_Phdr));
++ /* Be kind to memory checkers by looking for
++ e_phnum values which we know must be invalid. */
++ if (elf_header.e_phnum
++ * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr))
++ >= current_file_size)
++ {
++ error (_("Too many program headers - %#x - the file is not that big\n"),
++ elf_header.e_phnum);
++ return FALSE;
++ }
+
++ phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
++ sizeof (Elf_Internal_Phdr));
+ if (phdrs == NULL)
+ {
+ error (_("Out of memory reading %u program headers\n"),
+@@ -14993,7 +15003,8 @@ process_mips_specific (FILE * file)
+ /* PR 21344 */
+ if (data + ent - pltgot > data_end - addr_size)
+ {
+- error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
++ error (_("Invalid got entry - %#lx - overflows GOT table\n"),
++ (long) ent);
+ goto got_print_fail;
+ }
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch
new file mode 100644
index 0000000..d508903
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_and_9042.patch
@@ -0,0 +1,83 @@
+From 7296a62a2a237f6b1ad8db8c38b090e9f592c8cf Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 13 Apr 2017 16:06:30 +0100
+Subject: [PATCH] readelf: fix out of range subtraction, seg fault from a NULL
+ pointer and memory exhaustion, all from parsing corrupt binaries.
+
+ PR binutils/21379
+ * readelf.c (process_dynamic_section): Detect over large section
+ offsets in the DT_SYMTAB entry.
+
+ PR binutils/21345
+ * readelf.c (process_mips_specific): Catch an unfeasible memory
+ allocation before it happens and print a suitable error message.
+
+Upstream-Status: Backport
+
+did not include all the commit as affect code does not exists. it does contain the two
+fixes above.
+both cve's fixed by same comit.
+
+CVE: CVE-2017-9040
+CVE: CVE-2017-9042
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 12 ++++++++++++
+ binutils/readelf.c | 26 +++++++++++++++++++++-----
+ 2 files changed, 33 insertions(+), 5 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -9079,6 +9079,12 @@ process_dynamic_section (FILE * file)
+ processing that. This is overkill, I know, but it
+ should work. */
+ section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0);
++ if ((bfd_size_type) section.sh_offset > current_file_size)
++ {
++ /* See PR 21379 for a reproducer. */
++ error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset);
++ return FALSE;
++ }
+
+ if (archive_file_offset != 0)
+ section.sh_size = archive_file_size - section.sh_offset;
+@@ -14882,6 +14888,15 @@ process_mips_specific (FILE * file)
+ return 0;
+ }
+
++ /* PR 21345 - print a slightly more helpful error message
++ if we are sure that the cmalloc will fail. */
++ if (conflictsno * sizeof (* iconf) > current_file_size)
++ {
++ error (_("Overlarge number of conflicts detected: %lx\n"),
++ (long) conflictsno);
++ return FALSE;
++ }
++
+ iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf));
+ if (iconf == NULL)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,15 @@
++2017-04-13 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21379
++ * readelf.c (process_dynamic_section): Detect over large section
++ offsets in the DT_SYMTAB entry.
++
++2017-04-13 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21345
++ * readelf.c (process_mips_specific): Catch an unfeasible memory
++ allocation before it happens and print a suitable error message.
++
+ 2017-04-03 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21345
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch
new file mode 100644
index 0000000..857cd4a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_1.patch
@@ -0,0 +1,51 @@
+From 919383ac718c2a3187ee2a9ad659daa22da26258 Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@imgtec.com>
+Date: Wed, 12 Apr 2017 00:02:13 +0100
+Subject: [PATCH] MIPS/readelf: Remove extraneous null GOT data check
+
+Null data is handled gracefully throughout in MIPS GOT processing, with
+addresses printed normally and unavailable data shown as `<unknown>' by
+`print_mips_got_entry', and special processing code for GOT[1] doing an
+explicit check. Remove an unwanted null GOT data check then, introduced
+with commit 592458412fb2 in the course of addressing PR binutils/12855.
+
+ binutils/
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9041 patch #1
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 4 ++++
+ binutils/readelf.c | 3 +--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -14995,8 +14995,8 @@ process_mips_specific (FILE * file)
+ data = (unsigned char *) get_data (NULL, file, offset,
+ global_end - pltgot, 1,
+ _("Global Offset Table data"));
+- if (data == NULL)
+- return 0;
++
++ /* PR 12855: Null data is handled gracefully throughout. */
+ data_end = data + (global_end - pltgot);
+
+ printf (_("\nPrimary GOT:\n"));
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,7 @@
++2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
++
++ * readelf.c (process_mips_specific): Remove null GOT data check.
++
+ 2017-04-13 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21379
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch
new file mode 100644
index 0000000..9c3cb8c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9041_2.patch
@@ -0,0 +1,84 @@
+From c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@imgtec.com>
+Date: Wed, 12 Apr 2017 00:03:41 +0100
+Subject: [PATCH] MIPS/readelf: Simplify GOT[1] data availability check
+
+Unavailable data is handled gracefully in MIPS GOT processing done by
+`print_mips_got_entry', so all that is needed in special GOT[1] handling
+is to verify whether data can be retrieved for the purpose of the GNU
+marker check done with `byte_get'. Remove the extra error reporting
+code then, introduced with commit 75ec1fdbb797 ("Fix runtime seg-fault
+in readelf when parsing a corrupt MIPS binary.") in the course of
+addressing PR binutils/21344, and defer the error case to regular local
+GOT entry processing.
+
+ binutils/
+ * readelf.c (process_mips_specific): Remove error reporting from
+ GOT[1] processing.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9041
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 5 +++++
+ binutils/readelf.c | 32 ++++++++++++++------------------
+ 2 files changed, 19 insertions(+), 18 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -15013,24 +15013,20 @@ process_mips_specific (FILE * file)
+ if (ent == (bfd_vma) -1)
+ goto got_print_fail;
+
+- if (data)
++ /* Check for the MSB of GOT[1] being set, denoting a GNU object.
++ This entry will be used by some runtime loaders, to store the
++ module pointer. Otherwise this is an ordinary local entry.
++ PR 21344: Check for the entry being fully available before
++ fetching it. */
++ if (data
++ && data + ent - pltgot + addr_size <= data_end
++ && (byte_get (data + ent - pltgot, addr_size)
++ >> (addr_size * 8 - 1)) != 0)
+ {
+- /* PR 21344 */
+- if (data + ent - pltgot > data_end - addr_size)
+- {
+- error (_("Invalid got entry - %#lx - overflows GOT table\n"),
+- (long) ent);
+- goto got_print_fail;
+- }
+-
+- if (byte_get (data + ent - pltgot, addr_size)
+- >> (addr_size * 8 - 1) != 0)
+- {
+- ent = print_mips_got_entry (data, pltgot, ent, data_end);
+- printf (_(" Module pointer (GNU extension)\n"));
+- if (ent == (bfd_vma) -1)
+- goto got_print_fail;
+- }
++ ent = print_mips_got_entry (data, pltgot, ent, data_end);
++ printf (_(" Module pointer (GNU extension)\n"));
++ if (ent == (bfd_vma) -1)
++ goto got_print_fail;
+ }
+ printf ("\n");
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
++
++ * readelf.c (process_mips_specific): Remove error reporting from
++ GOT[1] processing.
++
++2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
+
+ * readelf.c (process_mips_specific): Remove null GOT data check.
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000..b80226f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,62 @@
+commit 76800cba595efc3fe95a446c2d664e42ae4ee869
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:08:57 2017 +0100
+
+ Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: CVE-2017-9745
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-09-21 16:08:57.863375204 +0530
++++ git/bfd/vms-alpha.c 2017-09-21 16:08:58.211377888 +0530
+@@ -1801,14 +1801,8 @@
+
+ ptr += 4;
+
+-#if VMS_DEBUG
+- _bfd_vms_debug (4, "etir: %s(%d)\n",
+- _bfd_vms_etir_name (cmd), cmd);
+- _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+-#endif
+-
+- /* PR 21589: Check for a corrupt ETIR record. */
+- if (cmd_length < 4)
++ /* PR 21589 and 21579: Check for a corrupt ETIR record. */
++ if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4))
+ {
+ corrupt_etir:
+ _bfd_error_handler (_("Corrupt ETIR record encountered"));
+@@ -1816,6 +1810,12 @@
+ return FALSE;
+ }
+
++#if VMS_DEBUG
++ _bfd_vms_debug (4, "etir: %s(%d)\n",
++ _bfd_vms_etir_name (cmd), cmd);
++ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+ switch (cmd)
+ {
+ /* Stack global
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:08:57.927375697 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:11:35.192613756 +0530
+@@ -81,6 +81,11 @@
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21579
++ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
++
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21589
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
new file mode 100644
index 0000000..e9efb7b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
@@ -0,0 +1,88 @@
+commit ae87f7e73eba29bd38b3a9684a10b948ed715612
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 16:50:03 2017 +0100
+
+ Fix address violation when disassembling a corrupt binary.
+
+ PR binutils/21580
+ binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
+ printing out rae insns.
+
+ ld * testsuite/ld-nds32/diff.d: Adjust expected output.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9746
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 13:54:00.187228032 +0530
++++ git/binutils/objdump.c 2017-09-21 13:54:00.659231783 +0530
+@@ -1780,20 +1780,23 @@
+
+ for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
+ {
+- int k;
+-
+- if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
+- {
+- for (k = bpc - 1; k >= 0; k--)
+- printf ("%02x", (unsigned) data[j + k]);
+- putchar (' ');
+- }
+- else
++ /* PR 21580: Check for a buffer ending early. */
++ if (j + bpc <= stop_offset * opb)
+ {
+- for (k = 0; k < bpc; k++)
+- printf ("%02x", (unsigned) data[j + k]);
+- putchar (' ');
++ int k;
++
++ if (inf->display_endian == BFD_ENDIAN_LITTLE)
++ {
++ for (k = bpc - 1; k >= 0; k--)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
++ else
++ {
++ for (k = 0; k < bpc; k++)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
+ }
++ putchar (' ');
+ }
+
+ for (; pb < octets_per_line; pb += bpc)
+Index: git/ld/testsuite/ld-nds32/diff.d
+===================================================================
+--- git.orig/ld/testsuite/ld-nds32/diff.d 2017-09-21 13:53:52.395166097 +0530
++++ git/ld/testsuite/ld-nds32/diff.d 2017-09-21 13:54:00.659231783 +0530
+@@ -7,9 +7,9 @@
+
+ Disassembly of section .data:
+ 00008000 <WORD> (7e 00 00 00|00 00 00 7e).*
+-00008004 <HALF> (7e 00 7e fe|00 7e 7e fe).*
+-00008006 <BYTE> 7e fe 00 fe.*
+-00008007 <ULEB128> fe 00.*
++00008004 <HALF> (7e 00|00 7e).*
++00008006 <BYTE> 7e.*
++00008007 <ULEB128> fe.*
+ ...
+ 00008009 <ULEB128_2> fe 00.*
+ .*
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog 2017-09-21 13:53:59.611223454 +0530
++++ git/ld/ChangeLog 2017-09-21 14:01:12.294643335 +0530
+@@ -1,3 +1,8 @@
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21580
++ * testsuite/ld-nds32/diff.d: Adjust expected output.
++
+ 2016-12-05 Nick Clifton <nickc@redhat.com>
+
+ PR ld/20906
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
new file mode 100644
index 0000000..ee663b8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
@@ -0,0 +1,40 @@
+commit 62b76e4b6e0b4cb5b3e0053d1de4097b32577049
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 13:08:47 2017 +0100
+
+ Fix address violation parsing a corrupt ieee binary.
+
+ PR binutils/21581
+ (ieee_archive_p): Use a static buffer to avoid compiler bugs.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9747
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ieee.c
+===================================================================
+--- git.orig/bfd/ieee.c 2017-09-21 14:37:12.152903139 +0530
++++ git/bfd/ieee.c 2017-09-21 14:37:12.208903477 +0530
+@@ -1353,7 +1353,7 @@
+ {
+ char *library;
+ unsigned int i;
+- unsigned char buffer[512];
++ static unsigned char buffer[512];
+ file_ptr buffer_offset = 0;
+ ieee_ar_data_type *save = abfd->tdata.ieee_ar_data;
+ ieee_ar_data_type *ieee;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 14:37:12.152903139 +0530
++++ git/bfd/ChangeLog 2017-09-21 14:45:57.020150977 +0530
+@@ -78,6 +78,8 @@
+ PR binutils/21582
+ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
+ bugs.
++ PR binutils/21581
++ (ieee_archive_p): Likewise.
+
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
new file mode 100644
index 0000000..ea1f0dd
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
@@ -0,0 +1,45 @@
+commit 63634bb4a107877dd08b6282e28e11cfd1a1649e
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:44:23 2017 +0100
+
+ Avoid a possible compiler bug by using a static buffer instead of a stack local buffer.
+
+ PR binutils/21582
+ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
+ bugs.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9748
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ieee.c
+===================================================================
+--- git.orig/bfd/ieee.c 2017-09-21 13:53:50.891154141 +0530
++++ git/bfd/ieee.c 2017-09-21 13:54:00.715232229 +0530
+@@ -1871,7 +1871,7 @@
+ char *processor;
+ unsigned int part;
+ ieee_data_type *ieee;
+- unsigned char buffer[300];
++ static unsigned char buffer[300];
+ ieee_data_type *save = IEEE_DATA (abfd);
+ bfd_size_type amt;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 13:54:00.483230385 +0530
++++ git/bfd/ChangeLog 2017-09-21 13:57:44.885008549 +0530
+@@ -73,6 +73,12 @@
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21582
++ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
++ bugs.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch
new file mode 100644
index 0000000..a033d3d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch
@@ -0,0 +1,75 @@
+commit 08c7881b814c546efc3996fd1decdf0877f7a779
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 11:52:02 2017 +0100
+
+ Prevent invalid array accesses when disassembling a corrupt bfin binary.
+
+ PR binutils/21586
+ * bfin-dis.c (gregs): Clip index to prevent overflow.
+ (regs): Likewise.
+ (regs_lo): Likewise.
+ (regs_hi): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9749
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/bfin-dis.c
+===================================================================
+--- git.orig/opcodes/bfin-dis.c 2017-09-21 13:53:52.667168259 +0530
++++ git/opcodes/bfin-dis.c 2017-09-21 13:54:00.603231339 +0530
+@@ -350,7 +350,7 @@
+ REG_P0, REG_P1, REG_P2, REG_P3, REG_P4, REG_P5, REG_SP, REG_FP,
+ };
+
+-#define gregs(x, i) REGNAME (decode_gregs[((i) << 3) | (x)])
++#define gregs(x, i) REGNAME (decode_gregs[(((i) << 3) | (x)) & 15])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs)]. */
+ static const enum machine_registers decode_regs[] =
+@@ -361,7 +361,7 @@
+ REG_B0, REG_B1, REG_B2, REG_B3, REG_L0, REG_L1, REG_L2, REG_L3,
+ };
+
+-#define regs(x, i) REGNAME (decode_regs[((i) << 3) | (x)])
++#define regs(x, i) REGNAME (decode_regs[(((i) << 3) | (x)) & 31])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs) Low Half]. */
+ static const enum machine_registers decode_regs_lo[] =
+@@ -372,7 +372,7 @@
+ REG_BL0, REG_BL1, REG_BL2, REG_BL3, REG_LL0, REG_LL1, REG_LL2, REG_LL3,
+ };
+
+-#define regs_lo(x, i) REGNAME (decode_regs_lo[((i) << 3) | (x)])
++#define regs_lo(x, i) REGNAME (decode_regs_lo[(((i) << 3) | (x)) & 31])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs) High Half]. */
+ static const enum machine_registers decode_regs_hi[] =
+@@ -383,7 +383,7 @@
+ REG_BH0, REG_BH1, REG_BH2, REG_BH3, REG_LH0, REG_LH1, REG_LH2, REG_LH3,
+ };
+
+-#define regs_hi(x, i) REGNAME (decode_regs_hi[((i) << 3) | (x)])
++#define regs_hi(x, i) REGNAME (decode_regs_hi[(((i) << 3) | (x)) & 31])
+
+ static const enum machine_registers decode_statbits[] =
+ {
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 13:54:00.543230862 +0530
++++ git/opcodes/ChangeLog 2017-09-21 14:06:03.772928105 +0530
+@@ -1,5 +1,13 @@
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21586
++ * bfin-dis.c (gregs): Clip index to prevent overflow.
++ (regs): Likewise.
++ (regs_lo): Likewise.
++ (regs_hi): Likewise.
++
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
new file mode 100644
index 0000000..3ea1725
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
@@ -0,0 +1,262 @@
+commit db5fa770268baf8cc82cf9b141d69799fd485fe2
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 13:35:06 2017 +0100
+
+ Fix address violation problems when disassembling a corrupt RX binary.
+
+ PR binutils/21587
+ * rx-decode.opc: Include libiberty.h
+ (GET_SCALE): New macro - validates access to SCALE array.
+ (GET_PSCALE): New macro - validates access to PSCALE array.
+ (DIs, SIs, S2Is, rx_disp): Use new macros.
+ * rx-decode.c: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9750
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/rx-decode.c
+===================================================================
+--- git.orig/opcodes/rx-decode.c 2017-09-21 14:41:57.478649861 +0530
++++ git/opcodes/rx-decode.c 2017-09-21 14:41:57.458649736 +0530
+@@ -27,6 +27,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -45,7 +46,7 @@
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -53,7 +54,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -61,7 +62,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -69,7 +70,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -89,6 +90,9 @@
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -107,7 +111,7 @@
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -115,7 +119,7 @@
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -124,7 +128,7 @@
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -211,7 +215,7 @@
+ }
+
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
++rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+ int disp;
+
+@@ -228,7 +232,7 @@
+ case 1:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+ disp = GETBYTE ();
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ case 2:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -238,7 +242,7 @@
+ #else
+ disp = disp + GETBYTE () * 256;
+ #endif
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ default:
+ abort ();
+Index: git/opcodes/rx-decode.opc
+===================================================================
+--- git.orig/opcodes/rx-decode.opc 2017-09-21 14:41:57.478649861 +0530
++++ git/opcodes/rx-decode.opc 2017-09-21 14:41:57.458649736 +0530
+@@ -26,6 +26,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -44,7 +45,7 @@
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -52,7 +53,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -60,7 +61,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -68,7 +69,7 @@
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -88,6 +89,9 @@
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -106,7 +110,7 @@
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -114,7 +118,7 @@
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -123,7 +127,7 @@
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -210,7 +214,7 @@
+ }
+
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
++rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+ int disp;
+
+@@ -227,7 +231,7 @@
+ case 1:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+ disp = GETBYTE ();
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ case 2:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -237,7 +241,7 @@
+ #else
+ disp = disp + GETBYTE () * 256;
+ #endif
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ default:
+ abort ();
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 14:40:17.000000000 +0530
++++ git/opcodes/ChangeLog 2017-09-21 14:44:07.503461009 +0530
+@@ -15,6 +15,15 @@
+ array.
+ * rl78-decode.c: Regenerate.
+
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21587
++ * rx-decode.opc: Include libiberty.h
++ (GET_SCALE): New macro - validates access to SCALE array.
++ (GET_PSCALE): New macro - validates access to PSCALE array.
++ (DIs, SIs, S2Is, rx_disp): Use new macros.
++ * rx-decode.c: Regenerate.
++
+ 2016-08-03 Tristan Gingold <gingold@adacore.com>
+
+ * configure: Regenerate.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
new file mode 100644
index 0000000..0d525e8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
@@ -0,0 +1,3738 @@
+commit 63323b5b23bd83fa7b04ea00dff593c933e9b0e3
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 12:37:01 2017 +0100
+
+ Fix address violation when disassembling a corrupt RL78 binary.
+
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
+ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
+ array.
+ * rl78-decode.c: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9751
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/rl78-decode.c
+===================================================================
+--- git.orig/opcodes/rl78-decode.c 2017-09-21 13:14:42.256835775 +0530
++++ git/opcodes/rl78-decode.c 2017-09-21 13:14:49.444888350 +0530
+@@ -51,7 +51,9 @@
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -169,7 +171,7 @@
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld = &lds;
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+@@ -201,7 +203,7 @@
+ op[0]);
+ }
+ SYNTAX("nop");
+-#line 911 "rl78-decode.opc"
++#line 913 "rl78-decode.opc"
+ ID(nop);
+
+ /*----------------------------------------------------------------------*/
+@@ -214,7 +216,7 @@
+ case 0x07:
+ {
+ /** 0000 0rw1 addw %0, %1 */
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -224,7 +226,7 @@
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("addw %0, %1");
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -239,7 +241,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, %e!1");
+-#line 265 "rl78-decode.opc"
++#line 267 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -254,7 +256,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, #%1");
+-#line 271 "rl78-decode.opc"
++#line 273 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -269,7 +271,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, %1");
+-#line 277 "rl78-decode.opc"
++#line 279 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ }
+@@ -284,7 +286,7 @@
+ op[0]);
+ }
+ SYNTAX("xch a, x");
+-#line 1234 "rl78-decode.opc"
++#line 1236 "rl78-decode.opc"
+ ID(xch); DR(A); SR(X);
+
+ /*----------------------------------------------------------------------*/
+@@ -301,7 +303,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 678 "rl78-decode.opc"
++#line 680 "rl78-decode.opc"
+ ID(mov); DR(A); SM(B, IMMU(2));
+
+ }
+@@ -316,7 +318,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, #%1");
+-#line 228 "rl78-decode.opc"
++#line 230 "rl78-decode.opc"
+ ID(add); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -333,7 +335,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %1");
+-#line 222 "rl78-decode.opc"
++#line 224 "rl78-decode.opc"
+ ID(add); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -348,7 +350,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, #%1");
+-#line 216 "rl78-decode.opc"
++#line 218 "rl78-decode.opc"
+ ID(add); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -363,7 +365,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 204 "rl78-decode.opc"
++#line 206 "rl78-decode.opc"
+ ID(add); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -378,7 +380,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %ea1");
+-#line 210 "rl78-decode.opc"
++#line 212 "rl78-decode.opc"
+ ID(add); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -393,7 +395,7 @@
+ op[0]);
+ }
+ SYNTAX("add %0, %e!1");
+-#line 201 "rl78-decode.opc"
++#line 203 "rl78-decode.opc"
+ ID(add); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -408,7 +410,7 @@
+ op[0]);
+ }
+ SYNTAX("addw %0, #%1");
+-#line 280 "rl78-decode.opc"
++#line 282 "rl78-decode.opc"
+ ID(add); W(); DR(SP); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -425,7 +427,7 @@
+ op[0]);
+ }
+ SYNTAX("es:");
+-#line 193 "rl78-decode.opc"
++#line 195 "rl78-decode.opc"
+ DE(); SE();
+ op ++;
+ pc ++;
+@@ -440,7 +442,7 @@
+ case 0x16:
+ {
+ /** 0001 0ra0 movw %0, %1 */
+-#line 859 "rl78-decode.opc"
++#line 861 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -450,7 +452,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 859 "rl78-decode.opc"
++#line 861 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SR(AX);
+
+ }
+@@ -460,7 +462,7 @@
+ case 0x17:
+ {
+ /** 0001 0ra1 movw %0, %1 */
+-#line 856 "rl78-decode.opc"
++#line 858 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -470,7 +472,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 856 "rl78-decode.opc"
++#line 858 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SRW(ra);
+
+ }
+@@ -485,7 +487,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 729 "rl78-decode.opc"
++#line 731 "rl78-decode.opc"
+ ID(mov); DM(B, IMMU(2)); SR(A);
+
+ }
+@@ -500,7 +502,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 726 "rl78-decode.opc"
++#line 728 "rl78-decode.opc"
+ ID(mov); DM(B, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -515,7 +517,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, #%1");
+-#line 260 "rl78-decode.opc"
++#line 262 "rl78-decode.opc"
+ ID(addc); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -532,7 +534,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %1");
+-#line 257 "rl78-decode.opc"
++#line 259 "rl78-decode.opc"
+ ID(addc); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -547,7 +549,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, #%1");
+-#line 248 "rl78-decode.opc"
++#line 250 "rl78-decode.opc"
+ ID(addc); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -562,7 +564,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 236 "rl78-decode.opc"
++#line 238 "rl78-decode.opc"
+ ID(addc); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -577,7 +579,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %ea1");
+-#line 245 "rl78-decode.opc"
++#line 247 "rl78-decode.opc"
+ ID(addc); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -592,7 +594,7 @@
+ op[0]);
+ }
+ SYNTAX("addc %0, %e!1");
+-#line 233 "rl78-decode.opc"
++#line 235 "rl78-decode.opc"
+ ID(addc); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -607,7 +609,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, #%1");
+-#line 1198 "rl78-decode.opc"
++#line 1200 "rl78-decode.opc"
+ ID(sub); W(); DR(SP); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -620,7 +622,7 @@
+ case 0x27:
+ {
+ /** 0010 0rw1 subw %0, %1 */
+-#line 1192 "rl78-decode.opc"
++#line 1194 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -630,7 +632,7 @@
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("subw %0, %1");
+-#line 1192 "rl78-decode.opc"
++#line 1194 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -645,7 +647,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, %e!1");
+-#line 1183 "rl78-decode.opc"
++#line 1185 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -660,7 +662,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, #%1");
+-#line 1189 "rl78-decode.opc"
++#line 1191 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -675,7 +677,7 @@
+ op[0]);
+ }
+ SYNTAX("subw %0, %1");
+-#line 1195 "rl78-decode.opc"
++#line 1197 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ }
+@@ -690,7 +692,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 741 "rl78-decode.opc"
++#line 743 "rl78-decode.opc"
+ ID(mov); DM(C, IMMU(2)); SR(A);
+
+ }
+@@ -705,7 +707,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 684 "rl78-decode.opc"
++#line 686 "rl78-decode.opc"
+ ID(mov); DR(A); SM(C, IMMU(2));
+
+ }
+@@ -720,7 +722,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, #%1");
+-#line 1146 "rl78-decode.opc"
++#line 1148 "rl78-decode.opc"
+ ID(sub); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -737,7 +739,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1140 "rl78-decode.opc"
++#line 1142 "rl78-decode.opc"
+ ID(sub); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -752,7 +754,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, #%1");
+-#line 1134 "rl78-decode.opc"
++#line 1136 "rl78-decode.opc"
+ ID(sub); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -767,7 +769,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1122 "rl78-decode.opc"
++#line 1124 "rl78-decode.opc"
+ ID(sub); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -782,7 +784,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %ea1");
+-#line 1128 "rl78-decode.opc"
++#line 1130 "rl78-decode.opc"
+ ID(sub); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -797,7 +799,7 @@
+ op[0]);
+ }
+ SYNTAX("sub %0, %e!1");
+-#line 1119 "rl78-decode.opc"
++#line 1121 "rl78-decode.opc"
+ ID(sub); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -808,7 +810,7 @@
+ case 0x36:
+ {
+ /** 0011 0rg0 movw %0, #%1 */
+-#line 853 "rl78-decode.opc"
++#line 855 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -818,7 +820,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("movw %0, #%1");
+-#line 853 "rl78-decode.opc"
++#line 855 "rl78-decode.opc"
+ ID(mov); W(); DRW(rg); SC(IMMU(2));
+
+ }
+@@ -830,7 +832,7 @@
+ case 0x00:
+ {
+ /** 0011 0001 0bit 0000 btclr %s1, $%a0 */
+-#line 416 "rl78-decode.opc"
++#line 418 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -840,7 +842,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %s1, $%a0");
+-#line 416 "rl78-decode.opc"
++#line 418 "rl78-decode.opc"
+ ID(branch_cond_clear); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ /*----------------------------------------------------------------------*/
+@@ -850,7 +852,7 @@
+ case 0x01:
+ {
+ /** 0011 0001 0bit 0001 btclr %1, $%a0 */
+-#line 410 "rl78-decode.opc"
++#line 412 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -860,7 +862,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %1, $%a0");
+-#line 410 "rl78-decode.opc"
++#line 412 "rl78-decode.opc"
+ ID(branch_cond_clear); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(T);
+
+ }
+@@ -868,7 +870,7 @@
+ case 0x02:
+ {
+ /** 0011 0001 0bit 0010 bt %s1, $%a0 */
+-#line 402 "rl78-decode.opc"
++#line 404 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -878,7 +880,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %s1, $%a0");
+-#line 402 "rl78-decode.opc"
++#line 404 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ /*----------------------------------------------------------------------*/
+@@ -888,7 +890,7 @@
+ case 0x03:
+ {
+ /** 0011 0001 0bit 0011 bt %1, $%a0 */
+-#line 396 "rl78-decode.opc"
++#line 398 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -898,7 +900,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %1, $%a0");
+-#line 396 "rl78-decode.opc"
++#line 398 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(T);
+
+ }
+@@ -906,7 +908,7 @@
+ case 0x04:
+ {
+ /** 0011 0001 0bit 0100 bf %s1, $%a0 */
+-#line 363 "rl78-decode.opc"
++#line 365 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -916,7 +918,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %s1, $%a0");
+-#line 363 "rl78-decode.opc"
++#line 365 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(F);
+
+ /*----------------------------------------------------------------------*/
+@@ -926,7 +928,7 @@
+ case 0x05:
+ {
+ /** 0011 0001 0bit 0101 bf %1, $%a0 */
+-#line 357 "rl78-decode.opc"
++#line 359 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -936,7 +938,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %1, $%a0");
+-#line 357 "rl78-decode.opc"
++#line 359 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(F);
+
+ }
+@@ -944,7 +946,7 @@
+ case 0x07:
+ {
+ /** 0011 0001 0cnt 0111 shl %0, %1 */
+-#line 1075 "rl78-decode.opc"
++#line 1077 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -954,7 +956,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1075 "rl78-decode.opc"
++#line 1077 "rl78-decode.opc"
+ ID(shl); DR(C); SC(cnt);
+
+ }
+@@ -962,7 +964,7 @@
+ case 0x08:
+ {
+ /** 0011 0001 0cnt 1000 shl %0, %1 */
+-#line 1072 "rl78-decode.opc"
++#line 1074 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -972,7 +974,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1072 "rl78-decode.opc"
++#line 1074 "rl78-decode.opc"
+ ID(shl); DR(B); SC(cnt);
+
+ }
+@@ -980,7 +982,7 @@
+ case 0x09:
+ {
+ /** 0011 0001 0cnt 1001 shl %0, %1 */
+-#line 1069 "rl78-decode.opc"
++#line 1071 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -990,7 +992,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1069 "rl78-decode.opc"
++#line 1071 "rl78-decode.opc"
+ ID(shl); DR(A); SC(cnt);
+
+ }
+@@ -998,7 +1000,7 @@
+ case 0x0a:
+ {
+ /** 0011 0001 0cnt 1010 shr %0, %1 */
+-#line 1086 "rl78-decode.opc"
++#line 1088 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1008,7 +1010,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shr %0, %1");
+-#line 1086 "rl78-decode.opc"
++#line 1088 "rl78-decode.opc"
+ ID(shr); DR(A); SC(cnt);
+
+ }
+@@ -1016,7 +1018,7 @@
+ case 0x0b:
+ {
+ /** 0011 0001 0cnt 1011 sar %0, %1 */
+-#line 1033 "rl78-decode.opc"
++#line 1035 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1026,7 +1028,7 @@
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("sar %0, %1");
+-#line 1033 "rl78-decode.opc"
++#line 1035 "rl78-decode.opc"
+ ID(sar); DR(A); SC(cnt);
+
+ }
+@@ -1035,7 +1037,7 @@
+ case 0x8c:
+ {
+ /** 0011 0001 wcnt 1100 shlw %0, %1 */
+-#line 1081 "rl78-decode.opc"
++#line 1083 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1045,7 +1047,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shlw %0, %1");
+-#line 1081 "rl78-decode.opc"
++#line 1083 "rl78-decode.opc"
+ ID(shl); W(); DR(BC); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1056,7 +1058,7 @@
+ case 0x8d:
+ {
+ /** 0011 0001 wcnt 1101 shlw %0, %1 */
+-#line 1078 "rl78-decode.opc"
++#line 1080 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1066,7 +1068,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shlw %0, %1");
+-#line 1078 "rl78-decode.opc"
++#line 1080 "rl78-decode.opc"
+ ID(shl); W(); DR(AX); SC(wcnt);
+
+ }
+@@ -1075,7 +1077,7 @@
+ case 0x8e:
+ {
+ /** 0011 0001 wcnt 1110 shrw %0, %1 */
+-#line 1089 "rl78-decode.opc"
++#line 1091 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1085,7 +1087,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shrw %0, %1");
+-#line 1089 "rl78-decode.opc"
++#line 1091 "rl78-decode.opc"
+ ID(shr); W(); DR(AX); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1096,7 +1098,7 @@
+ case 0x8f:
+ {
+ /** 0011 0001 wcnt 1111 sarw %0, %1 */
+-#line 1036 "rl78-decode.opc"
++#line 1038 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1106,7 +1108,7 @@
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("sarw %0, %1");
+-#line 1036 "rl78-decode.opc"
++#line 1038 "rl78-decode.opc"
+ ID(sar); W(); DR(AX); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1116,7 +1118,7 @@
+ case 0x80:
+ {
+ /** 0011 0001 1bit 0000 btclr %s1, $%a0 */
+-#line 413 "rl78-decode.opc"
++#line 415 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1126,7 +1128,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %s1, $%a0");
+-#line 413 "rl78-decode.opc"
++#line 415 "rl78-decode.opc"
+ ID(branch_cond_clear); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ }
+@@ -1134,7 +1136,7 @@
+ case 0x81:
+ {
+ /** 0011 0001 1bit 0001 btclr %e1, $%a0 */
+-#line 407 "rl78-decode.opc"
++#line 409 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1144,7 +1146,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %e1, $%a0");
+-#line 407 "rl78-decode.opc"
++#line 409 "rl78-decode.opc"
+ ID(branch_cond_clear); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(T);
+
+ }
+@@ -1152,7 +1154,7 @@
+ case 0x82:
+ {
+ /** 0011 0001 1bit 0010 bt %s1, $%a0 */
+-#line 399 "rl78-decode.opc"
++#line 401 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1162,7 +1164,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %s1, $%a0");
+-#line 399 "rl78-decode.opc"
++#line 401 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ }
+@@ -1170,7 +1172,7 @@
+ case 0x83:
+ {
+ /** 0011 0001 1bit 0011 bt %e1, $%a0 */
+-#line 393 "rl78-decode.opc"
++#line 395 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1180,7 +1182,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %e1, $%a0");
+-#line 393 "rl78-decode.opc"
++#line 395 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(T);
+
+ }
+@@ -1188,7 +1190,7 @@
+ case 0x84:
+ {
+ /** 0011 0001 1bit 0100 bf %s1, $%a0 */
+-#line 360 "rl78-decode.opc"
++#line 362 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1198,7 +1200,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %s1, $%a0");
+-#line 360 "rl78-decode.opc"
++#line 362 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(F);
+
+ }
+@@ -1206,7 +1208,7 @@
+ case 0x85:
+ {
+ /** 0011 0001 1bit 0101 bf %e1, $%a0 */
+-#line 354 "rl78-decode.opc"
++#line 356 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1216,7 +1218,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %e1, $%a0");
+-#line 354 "rl78-decode.opc"
++#line 356 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(F);
+
+ }
+@@ -1229,7 +1231,7 @@
+ case 0x37:
+ {
+ /** 0011 0ra1 xchw %0, %1 */
+-#line 1239 "rl78-decode.opc"
++#line 1241 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -1239,7 +1241,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("xchw %0, %1");
+-#line 1239 "rl78-decode.opc"
++#line 1241 "rl78-decode.opc"
+ ID(xch); W(); DR(AX); SRW(ra);
+
+ /*----------------------------------------------------------------------*/
+@@ -1256,7 +1258,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 738 "rl78-decode.opc"
++#line 740 "rl78-decode.opc"
+ ID(mov); DM(C, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -1271,7 +1273,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 732 "rl78-decode.opc"
++#line 734 "rl78-decode.opc"
+ ID(mov); DM(BC, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -1286,7 +1288,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, #%1");
+-#line 1178 "rl78-decode.opc"
++#line 1180 "rl78-decode.opc"
+ ID(subc); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1303,7 +1305,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1175 "rl78-decode.opc"
++#line 1177 "rl78-decode.opc"
+ ID(subc); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -1318,7 +1320,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, #%1");
+-#line 1166 "rl78-decode.opc"
++#line 1168 "rl78-decode.opc"
+ ID(subc); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1333,7 +1335,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1154 "rl78-decode.opc"
++#line 1156 "rl78-decode.opc"
+ ID(subc); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -1348,7 +1350,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %ea1");
+-#line 1163 "rl78-decode.opc"
++#line 1165 "rl78-decode.opc"
+ ID(subc); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1363,7 +1365,7 @@
+ op[0]);
+ }
+ SYNTAX("subc %0, %e!1");
+-#line 1151 "rl78-decode.opc"
++#line 1153 "rl78-decode.opc"
+ ID(subc); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1378,7 +1380,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %e!0, #%1");
+-#line 480 "rl78-decode.opc"
++#line 482 "rl78-decode.opc"
+ ID(cmp); DM(None, IMMU(2)); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1393,7 +1395,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 717 "rl78-decode.opc"
++#line 719 "rl78-decode.opc"
+ ID(mov); DR(ES); SC(IMMU(1));
+
+ }
+@@ -1408,7 +1410,7 @@
+ op[0]);
+ }
+ SYNTAX("cmpw %0, %e!1");
+-#line 531 "rl78-decode.opc"
++#line 533 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1418,7 +1420,7 @@
+ case 0x47:
+ {
+ /** 0100 0ra1 cmpw %0, %1 */
+-#line 540 "rl78-decode.opc"
++#line 542 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -1428,7 +1430,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("cmpw %0, %1");
+-#line 540 "rl78-decode.opc"
++#line 542 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SRW(ra); Fzac;
+
+ }
+@@ -1443,7 +1445,7 @@
+ op[0]);
+ }
+ SYNTAX("cmpw %0, #%1");
+-#line 537 "rl78-decode.opc"
++#line 539 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -1458,7 +1460,7 @@
+ op[0]);
+ }
+ SYNTAX("cmpw %0, %1");
+-#line 543 "rl78-decode.opc"
++#line 545 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1475,7 +1477,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 735 "rl78-decode.opc"
++#line 737 "rl78-decode.opc"
+ ID(mov); DM(BC, IMMU(2)); SR(A);
+
+ }
+@@ -1490,7 +1492,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 681 "rl78-decode.opc"
++#line 683 "rl78-decode.opc"
+ ID(mov); DR(A); SM(BC, IMMU(2));
+
+ }
+@@ -1505,7 +1507,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, #%1");
+-#line 483 "rl78-decode.opc"
++#line 485 "rl78-decode.opc"
+ ID(cmp); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1520,7 +1522,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 510 "rl78-decode.opc"
++#line 512 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(None, SADDR); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1537,7 +1539,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, #%1");
+-#line 501 "rl78-decode.opc"
++#line 503 "rl78-decode.opc"
+ ID(cmp); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1552,7 +1554,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 489 "rl78-decode.opc"
++#line 491 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -1567,7 +1569,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %ea1");
+-#line 498 "rl78-decode.opc"
++#line 500 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1582,7 +1584,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp %0, %e!1");
+-#line 486 "rl78-decode.opc"
++#line 488 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1597,7 +1599,7 @@
+ case 0x57:
+ {
+ /** 0101 0reg mov %0, #%1 */
+-#line 669 "rl78-decode.opc"
++#line 671 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -1607,7 +1609,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 669 "rl78-decode.opc"
++#line 671 "rl78-decode.opc"
+ ID(mov); DRB(reg); SC(IMMU(1));
+
+ }
+@@ -1622,7 +1624,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 871 "rl78-decode.opc"
++#line 873 "rl78-decode.opc"
+ ID(mov); W(); DM(B, IMMU(2)); SR(AX);
+
+ }
+@@ -1637,7 +1639,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 862 "rl78-decode.opc"
++#line 864 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(B, IMMU(2));
+
+ }
+@@ -1652,7 +1654,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, #%1");
+-#line 312 "rl78-decode.opc"
++#line 314 "rl78-decode.opc"
+ ID(and); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -1669,7 +1671,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %1");
+-#line 309 "rl78-decode.opc"
++#line 311 "rl78-decode.opc"
+ ID(and); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -1684,7 +1686,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, #%1");
+-#line 300 "rl78-decode.opc"
++#line 302 "rl78-decode.opc"
+ ID(and); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -1699,7 +1701,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 288 "rl78-decode.opc"
++#line 290 "rl78-decode.opc"
+ ID(and); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -1714,7 +1716,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %ea1");
+-#line 294 "rl78-decode.opc"
++#line 296 "rl78-decode.opc"
+ ID(and); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -1729,7 +1731,7 @@
+ op[0]);
+ }
+ SYNTAX("and %0, %e!1");
+-#line 285 "rl78-decode.opc"
++#line 287 "rl78-decode.opc"
+ ID(and); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -1743,7 +1745,7 @@
+ case 0x67:
+ {
+ /** 0110 0rba mov %0, %1 */
+-#line 672 "rl78-decode.opc"
++#line 674 "rl78-decode.opc"
+ int rba AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -1753,7 +1755,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("mov %0, %1");
+-#line 672 "rl78-decode.opc"
++#line 674 "rl78-decode.opc"
+ ID(mov); DR(A); SRB(rba);
+
+ }
+@@ -1772,7 +1774,7 @@
+ case 0x07:
+ {
+ /** 0110 0001 0000 0reg add %0, %1 */
+-#line 225 "rl78-decode.opc"
++#line 227 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1782,7 +1784,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("add %0, %1");
+-#line 225 "rl78-decode.opc"
++#line 227 "rl78-decode.opc"
+ ID(add); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1796,7 +1798,7 @@
+ case 0x0f:
+ {
+ /** 0110 0001 0000 1rba add %0, %1 */
+-#line 219 "rl78-decode.opc"
++#line 221 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1806,7 +1808,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("add %0, %1");
+-#line 219 "rl78-decode.opc"
++#line 221 "rl78-decode.opc"
+ ID(add); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1821,7 +1823,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("addw %0, %ea1");
+-#line 268 "rl78-decode.opc"
++#line 270 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1836,7 +1838,7 @@
+ case 0x17:
+ {
+ /** 0110 0001 0001 0reg addc %0, %1 */
+-#line 254 "rl78-decode.opc"
++#line 256 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1846,7 +1848,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("addc %0, %1");
+-#line 254 "rl78-decode.opc"
++#line 256 "rl78-decode.opc"
+ ID(addc); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1860,7 +1862,7 @@
+ case 0x1f:
+ {
+ /** 0110 0001 0001 1rba addc %0, %1 */
+-#line 251 "rl78-decode.opc"
++#line 253 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1870,7 +1872,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("addc %0, %1");
+-#line 251 "rl78-decode.opc"
++#line 253 "rl78-decode.opc"
+ ID(addc); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1885,7 +1887,7 @@
+ case 0x27:
+ {
+ /** 0110 0001 0010 0reg sub %0, %1 */
+-#line 1143 "rl78-decode.opc"
++#line 1145 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1895,7 +1897,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1143 "rl78-decode.opc"
++#line 1145 "rl78-decode.opc"
+ ID(sub); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1909,7 +1911,7 @@
+ case 0x2f:
+ {
+ /** 0110 0001 0010 1rba sub %0, %1 */
+-#line 1137 "rl78-decode.opc"
++#line 1139 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1919,7 +1921,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1137 "rl78-decode.opc"
++#line 1139 "rl78-decode.opc"
+ ID(sub); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1934,7 +1936,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("subw %0, %ea1");
+-#line 1186 "rl78-decode.opc"
++#line 1188 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1949,7 +1951,7 @@
+ case 0x37:
+ {
+ /** 0110 0001 0011 0reg subc %0, %1 */
+-#line 1172 "rl78-decode.opc"
++#line 1174 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1959,7 +1961,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1172 "rl78-decode.opc"
++#line 1174 "rl78-decode.opc"
+ ID(subc); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1973,7 +1975,7 @@
+ case 0x3f:
+ {
+ /** 0110 0001 0011 1rba subc %0, %1 */
+-#line 1169 "rl78-decode.opc"
++#line 1171 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1983,7 +1985,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1169 "rl78-decode.opc"
++#line 1171 "rl78-decode.opc"
+ ID(subc); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1998,7 +2000,7 @@
+ case 0x47:
+ {
+ /** 0110 0001 0100 0reg cmp %0, %1 */
+-#line 507 "rl78-decode.opc"
++#line 509 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2008,7 +2010,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 507 "rl78-decode.opc"
++#line 509 "rl78-decode.opc"
+ ID(cmp); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -2022,7 +2024,7 @@
+ case 0x4f:
+ {
+ /** 0110 0001 0100 1rba cmp %0, %1 */
+-#line 504 "rl78-decode.opc"
++#line 506 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2032,7 +2034,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 504 "rl78-decode.opc"
++#line 506 "rl78-decode.opc"
+ ID(cmp); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -2047,7 +2049,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmpw %0, %ea1");
+-#line 534 "rl78-decode.opc"
++#line 536 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -2062,7 +2064,7 @@
+ case 0x57:
+ {
+ /** 0110 0001 0101 0reg and %0, %1 */
+-#line 306 "rl78-decode.opc"
++#line 308 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2072,7 +2074,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("and %0, %1");
+-#line 306 "rl78-decode.opc"
++#line 308 "rl78-decode.opc"
+ ID(and); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2086,7 +2088,7 @@
+ case 0x5f:
+ {
+ /** 0110 0001 0101 1rba and %0, %1 */
+-#line 303 "rl78-decode.opc"
++#line 305 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2096,7 +2098,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("and %0, %1");
+-#line 303 "rl78-decode.opc"
++#line 305 "rl78-decode.opc"
+ ID(and); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2111,7 +2113,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("inc %ea0");
+-#line 584 "rl78-decode.opc"
++#line 586 "rl78-decode.opc"
+ ID(add); DM(HL, IMMU(1)); SC(1); Fza;
+
+ }
+@@ -2126,7 +2128,7 @@
+ case 0x67:
+ {
+ /** 0110 0001 0110 0reg or %0, %1 */
+-#line 961 "rl78-decode.opc"
++#line 963 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2136,7 +2138,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("or %0, %1");
+-#line 961 "rl78-decode.opc"
++#line 963 "rl78-decode.opc"
+ ID(or); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2150,7 +2152,7 @@
+ case 0x6f:
+ {
+ /** 0110 0001 0110 1rba or %0, %1 */
+-#line 958 "rl78-decode.opc"
++#line 960 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2160,7 +2162,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("or %0, %1");
+-#line 958 "rl78-decode.opc"
++#line 960 "rl78-decode.opc"
+ ID(or); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2175,7 +2177,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("dec %ea0");
+-#line 551 "rl78-decode.opc"
++#line 553 "rl78-decode.opc"
+ ID(sub); DM(HL, IMMU(1)); SC(1); Fza;
+
+ }
+@@ -2190,7 +2192,7 @@
+ case 0x77:
+ {
+ /** 0110 0001 0111 0reg xor %0, %1 */
+-#line 1265 "rl78-decode.opc"
++#line 1267 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2200,7 +2202,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1265 "rl78-decode.opc"
++#line 1267 "rl78-decode.opc"
+ ID(xor); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2214,7 +2216,7 @@
+ case 0x7f:
+ {
+ /** 0110 0001 0111 1rba xor %0, %1 */
+-#line 1262 "rl78-decode.opc"
++#line 1264 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2224,7 +2226,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1262 "rl78-decode.opc"
++#line 1264 "rl78-decode.opc"
+ ID(xor); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2239,7 +2241,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("incw %ea0");
+-#line 598 "rl78-decode.opc"
++#line 600 "rl78-decode.opc"
+ ID(add); W(); DM(HL, IMMU(1)); SC(1);
+
+ }
+@@ -2255,7 +2257,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 207 "rl78-decode.opc"
++#line 209 "rl78-decode.opc"
+ ID(add); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2270,7 +2272,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 213 "rl78-decode.opc"
++#line 215 "rl78-decode.opc"
+ ID(add); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2309,9 +2311,9 @@
+ case 0xf7:
+ {
+ /** 0110 0001 1nnn 01mm callt [%x0] */
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ int nnn AU = (op[1] >> 4) & 0x07;
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ int mm AU = op[1] & 0x03;
+ if (trace)
+ {
+@@ -2322,7 +2324,7 @@
+ printf (" mm = 0x%x\n", mm);
+ }
+ SYNTAX("callt [%x0]");
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ ID(call); DM(None, 0x80 + mm*16 + nnn*2);
+
+ /*----------------------------------------------------------------------*/
+@@ -2338,7 +2340,7 @@
+ case 0x8f:
+ {
+ /** 0110 0001 1000 1reg xch %0, %1 */
+-#line 1224 "rl78-decode.opc"
++#line 1226 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2348,7 +2350,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("xch %0, %1");
+-#line 1224 "rl78-decode.opc"
++#line 1226 "rl78-decode.opc"
+ /* Note: DECW uses reg == X, so this must follow DECW */
+ ID(xch); DR(A); SRB(reg);
+
+@@ -2364,7 +2366,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("decw %ea0");
+-#line 565 "rl78-decode.opc"
++#line 567 "rl78-decode.opc"
+ ID(sub); W(); DM(HL, IMMU(1)); SC(1);
+
+ }
+@@ -2379,7 +2381,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 239 "rl78-decode.opc"
++#line 241 "rl78-decode.opc"
+ ID(addc); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2394,7 +2396,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 242 "rl78-decode.opc"
++#line 244 "rl78-decode.opc"
+ ID(addc); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2410,7 +2412,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1125 "rl78-decode.opc"
++#line 1127 "rl78-decode.opc"
+ ID(sub); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2425,7 +2427,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1131 "rl78-decode.opc"
++#line 1133 "rl78-decode.opc"
+ ID(sub); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2440,7 +2442,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %1");
+-#line 1228 "rl78-decode.opc"
++#line 1230 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, SADDR);
+
+ }
+@@ -2455,7 +2457,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1221 "rl78-decode.opc"
++#line 1223 "rl78-decode.opc"
+ ID(xch); DR(A); SM2(HL, C, 0);
+
+ }
+@@ -2470,7 +2472,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e!1");
+-#line 1203 "rl78-decode.opc"
++#line 1205 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, IMMU(2));
+
+ }
+@@ -2485,7 +2487,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %s1");
+-#line 1231 "rl78-decode.opc"
++#line 1233 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, SFR);
+
+ }
+@@ -2500,7 +2502,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1212 "rl78-decode.opc"
++#line 1214 "rl78-decode.opc"
+ ID(xch); DR(A); SM(HL, 0);
+
+ }
+@@ -2515,7 +2517,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %ea1");
+-#line 1218 "rl78-decode.opc"
++#line 1220 "rl78-decode.opc"
+ ID(xch); DR(A); SM(HL, IMMU(1));
+
+ }
+@@ -2530,7 +2532,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1206 "rl78-decode.opc"
++#line 1208 "rl78-decode.opc"
+ ID(xch); DR(A); SM(DE, 0);
+
+ }
+@@ -2545,7 +2547,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %ea1");
+-#line 1209 "rl78-decode.opc"
++#line 1211 "rl78-decode.opc"
+ ID(xch); DR(A); SM(DE, IMMU(1));
+
+ }
+@@ -2560,7 +2562,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1157 "rl78-decode.opc"
++#line 1159 "rl78-decode.opc"
+ ID(subc); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2575,7 +2577,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1160 "rl78-decode.opc"
++#line 1162 "rl78-decode.opc"
+ ID(subc); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2590,7 +2592,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 723 "rl78-decode.opc"
++#line 725 "rl78-decode.opc"
+ ID(mov); DR(ES); SM(None, SADDR);
+
+ }
+@@ -2605,7 +2607,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1215 "rl78-decode.opc"
++#line 1217 "rl78-decode.opc"
+ ID(xch); DR(A); SM2(HL, B, 0);
+
+ }
+@@ -2620,7 +2622,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 492 "rl78-decode.opc"
++#line 494 "rl78-decode.opc"
+ ID(cmp); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2635,7 +2637,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 495 "rl78-decode.opc"
++#line 497 "rl78-decode.opc"
+ ID(cmp); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2650,7 +2652,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("bh $%a0");
+-#line 340 "rl78-decode.opc"
++#line 342 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(None); COND(H);
+
+ }
+@@ -2665,7 +2667,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1094 "rl78-decode.opc"
++#line 1096 "rl78-decode.opc"
+ ID(skip); COND(C);
+
+ }
+@@ -2680,7 +2682,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 660 "rl78-decode.opc"
++#line 662 "rl78-decode.opc"
+ ID(mov); DR(A); SM2(HL, B, 0);
+
+ }
+@@ -2691,7 +2693,7 @@
+ case 0xfa:
+ {
+ /** 0110 0001 11rg 1010 call %0 */
+-#line 430 "rl78-decode.opc"
++#line 432 "rl78-decode.opc"
+ int rg AU = (op[1] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -2701,7 +2703,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("call %0");
+-#line 430 "rl78-decode.opc"
++#line 432 "rl78-decode.opc"
+ ID(call); DRW(rg);
+
+ }
+@@ -2716,7 +2718,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("br ax");
+-#line 380 "rl78-decode.opc"
++#line 382 "rl78-decode.opc"
+ ID(branch); DR(AX);
+
+ /*----------------------------------------------------------------------*/
+@@ -2733,7 +2735,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("brk");
+-#line 388 "rl78-decode.opc"
++#line 390 "rl78-decode.opc"
+ ID(break);
+
+ /*----------------------------------------------------------------------*/
+@@ -2750,7 +2752,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("pop %s0");
+-#line 989 "rl78-decode.opc"
++#line 991 "rl78-decode.opc"
+ ID(mov); W(); DR(PSW); SPOP();
+
+ /*----------------------------------------------------------------------*/
+@@ -2767,7 +2769,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("movs %ea0, %1");
+-#line 811 "rl78-decode.opc"
++#line 813 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SR(X); Fzc;
+
+ /*----------------------------------------------------------------------*/
+@@ -2780,7 +2782,7 @@
+ case 0xff:
+ {
+ /** 0110 0001 11rb 1111 sel rb%1 */
+-#line 1041 "rl78-decode.opc"
++#line 1043 "rl78-decode.opc"
+ int rb AU = (op[1] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -2790,7 +2792,7 @@
+ printf (" rb = 0x%x\n", rb);
+ }
+ SYNTAX("sel rb%1");
+-#line 1041 "rl78-decode.opc"
++#line 1043 "rl78-decode.opc"
+ ID(sel); SC(rb);
+
+ /*----------------------------------------------------------------------*/
+@@ -2807,7 +2809,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 291 "rl78-decode.opc"
++#line 293 "rl78-decode.opc"
+ ID(and); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -2822,7 +2824,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 297 "rl78-decode.opc"
++#line 299 "rl78-decode.opc"
+ ID(and); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -2837,7 +2839,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("bnh $%a0");
+-#line 343 "rl78-decode.opc"
++#line 345 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(None); COND(NH);
+
+ }
+@@ -2852,7 +2854,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1100 "rl78-decode.opc"
++#line 1102 "rl78-decode.opc"
+ ID(skip); COND(NC);
+
+ }
+@@ -2867,7 +2869,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 627 "rl78-decode.opc"
++#line 629 "rl78-decode.opc"
+ ID(mov); DM2(HL, B, 0); SR(A);
+
+ }
+@@ -2882,7 +2884,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("ror %0, %1");
+-#line 1022 "rl78-decode.opc"
++#line 1024 "rl78-decode.opc"
+ ID(ror); DR(A); SC(1);
+
+ }
+@@ -2897,7 +2899,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("rolc %0, %1");
+-#line 1016 "rl78-decode.opc"
++#line 1018 "rl78-decode.opc"
+ ID(rolc); DR(A); SC(1);
+
+ }
+@@ -2912,7 +2914,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("push %s1");
+-#line 997 "rl78-decode.opc"
++#line 999 "rl78-decode.opc"
+ ID(mov); W(); DPUSH(); SR(PSW);
+
+ /*----------------------------------------------------------------------*/
+@@ -2929,7 +2931,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("cmps %0, %ea1");
+-#line 526 "rl78-decode.opc"
++#line 528 "rl78-decode.opc"
+ ID(cmp); DR(X); SM(HL, IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -2946,7 +2948,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 946 "rl78-decode.opc"
++#line 948 "rl78-decode.opc"
+ ID(or); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -2961,7 +2963,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 952 "rl78-decode.opc"
++#line 954 "rl78-decode.opc"
+ ID(or); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -2976,7 +2978,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1097 "rl78-decode.opc"
++#line 1099 "rl78-decode.opc"
+ ID(skip); COND(H);
+
+ }
+@@ -2991,7 +2993,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1109 "rl78-decode.opc"
++#line 1111 "rl78-decode.opc"
+ ID(skip); COND(Z);
+
+ /*----------------------------------------------------------------------*/
+@@ -3008,7 +3010,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 663 "rl78-decode.opc"
++#line 665 "rl78-decode.opc"
+ ID(mov); DR(A); SM2(HL, C, 0);
+
+ }
+@@ -3023,7 +3025,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("rol %0, %1");
+-#line 1013 "rl78-decode.opc"
++#line 1015 "rl78-decode.opc"
+ ID(rol); DR(A); SC(1);
+
+ }
+@@ -3038,7 +3040,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("retb");
+-#line 1008 "rl78-decode.opc"
++#line 1010 "rl78-decode.opc"
+ ID(reti);
+
+ /*----------------------------------------------------------------------*/
+@@ -3055,7 +3057,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("halt");
+-#line 576 "rl78-decode.opc"
++#line 578 "rl78-decode.opc"
+ ID(halt);
+
+ /*----------------------------------------------------------------------*/
+@@ -3066,7 +3068,7 @@
+ case 0xfe:
+ {
+ /** 0110 0001 111r 1110 rolwc %0, %1 */
+-#line 1019 "rl78-decode.opc"
++#line 1021 "rl78-decode.opc"
+ int r AU = (op[1] >> 4) & 0x01;
+ if (trace)
+ {
+@@ -3076,7 +3078,7 @@
+ printf (" r = 0x%x\n", r);
+ }
+ SYNTAX("rolwc %0, %1");
+-#line 1019 "rl78-decode.opc"
++#line 1021 "rl78-decode.opc"
+ ID(rolc); W(); DRW(r); SC(1);
+
+ }
+@@ -3091,7 +3093,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1250 "rl78-decode.opc"
++#line 1252 "rl78-decode.opc"
+ ID(xor); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -3106,7 +3108,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1256 "rl78-decode.opc"
++#line 1258 "rl78-decode.opc"
+ ID(xor); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -3121,7 +3123,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1103 "rl78-decode.opc"
++#line 1105 "rl78-decode.opc"
+ ID(skip); COND(NH);
+
+ }
+@@ -3136,7 +3138,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1106 "rl78-decode.opc"
++#line 1108 "rl78-decode.opc"
+ ID(skip); COND(NZ);
+
+ }
+@@ -3151,7 +3153,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 636 "rl78-decode.opc"
++#line 638 "rl78-decode.opc"
+ ID(mov); DM2(HL, C, 0); SR(A);
+
+ }
+@@ -3166,7 +3168,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("rorc %0, %1");
+-#line 1025 "rl78-decode.opc"
++#line 1027 "rl78-decode.opc"
+ ID(rorc); DR(A); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -3186,7 +3188,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("reti");
+-#line 1005 "rl78-decode.opc"
++#line 1007 "rl78-decode.opc"
+ ID(reti);
+
+ }
+@@ -3201,7 +3203,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("stop");
+-#line 1114 "rl78-decode.opc"
++#line 1116 "rl78-decode.opc"
+ ID(stop);
+
+ /*----------------------------------------------------------------------*/
+@@ -3221,7 +3223,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 874 "rl78-decode.opc"
++#line 876 "rl78-decode.opc"
+ ID(mov); W(); DM(C, IMMU(2)); SR(AX);
+
+ }
+@@ -3236,7 +3238,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 865 "rl78-decode.opc"
++#line 867 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(C, IMMU(2));
+
+ }
+@@ -3251,7 +3253,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, #%1");
+-#line 967 "rl78-decode.opc"
++#line 969 "rl78-decode.opc"
+ ID(or); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -3268,7 +3270,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %1");
+-#line 964 "rl78-decode.opc"
++#line 966 "rl78-decode.opc"
+ ID(or); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -3283,7 +3285,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, #%1");
+-#line 955 "rl78-decode.opc"
++#line 957 "rl78-decode.opc"
+ ID(or); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -3298,7 +3300,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 943 "rl78-decode.opc"
++#line 945 "rl78-decode.opc"
+ ID(or); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -3313,7 +3315,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %ea1");
+-#line 949 "rl78-decode.opc"
++#line 951 "rl78-decode.opc"
+ ID(or); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -3328,7 +3330,7 @@
+ op[0]);
+ }
+ SYNTAX("or %0, %e!1");
+-#line 940 "rl78-decode.opc"
++#line 942 "rl78-decode.opc"
+ ID(or); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -3342,7 +3344,7 @@
+ case 0x77:
+ {
+ /** 0111 0rba mov %0, %1 */
+-#line 696 "rl78-decode.opc"
++#line 698 "rl78-decode.opc"
+ int rba AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -3352,7 +3354,7 @@
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("mov %0, %1");
+-#line 696 "rl78-decode.opc"
++#line 698 "rl78-decode.opc"
+ ID(mov); DRB(rba); SR(A);
+
+ }
+@@ -3371,7 +3373,7 @@
+ case 0x70:
+ {
+ /** 0111 0001 0bit 0000 set1 %e!0 */
+-#line 1046 "rl78-decode.opc"
++#line 1048 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3381,7 +3383,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %e!0");
+-#line 1046 "rl78-decode.opc"
++#line 1048 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); DB(bit); SC(1);
+
+ }
+@@ -3396,7 +3398,7 @@
+ case 0x71:
+ {
+ /** 0111 0001 0bit 0001 mov1 %0, cy */
+-#line 803 "rl78-decode.opc"
++#line 805 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3406,7 +3408,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %0, cy");
+-#line 803 "rl78-decode.opc"
++#line 805 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SCY();
+
+ }
+@@ -3421,7 +3423,7 @@
+ case 0x72:
+ {
+ /** 0111 0001 0bit 0010 set1 %0 */
+-#line 1064 "rl78-decode.opc"
++#line 1066 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3431,7 +3433,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %0");
+-#line 1064 "rl78-decode.opc"
++#line 1066 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -3448,7 +3450,7 @@
+ case 0x73:
+ {
+ /** 0111 0001 0bit 0011 clr1 %0 */
+-#line 456 "rl78-decode.opc"
++#line 458 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3458,7 +3460,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %0");
+-#line 456 "rl78-decode.opc"
++#line 458 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -3475,7 +3477,7 @@
+ case 0x74:
+ {
+ /** 0111 0001 0bit 0100 mov1 cy, %1 */
+-#line 797 "rl78-decode.opc"
++#line 799 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3485,7 +3487,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %1");
+-#line 797 "rl78-decode.opc"
++#line 799 "rl78-decode.opc"
+ ID(mov); DCY(); SM(None, SADDR); SB(bit);
+
+ }
+@@ -3500,7 +3502,7 @@
+ case 0x75:
+ {
+ /** 0111 0001 0bit 0101 and1 cy, %s1 */
+-#line 326 "rl78-decode.opc"
++#line 328 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3510,7 +3512,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %s1");
+-#line 326 "rl78-decode.opc"
++#line 328 "rl78-decode.opc"
+ ID(and); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3530,7 +3532,7 @@
+ case 0x76:
+ {
+ /** 0111 0001 0bit 0110 or1 cy, %s1 */
+-#line 981 "rl78-decode.opc"
++#line 983 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3540,7 +3542,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %s1");
+-#line 981 "rl78-decode.opc"
++#line 983 "rl78-decode.opc"
+ ID(or); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3557,7 +3559,7 @@
+ case 0x77:
+ {
+ /** 0111 0001 0bit 0111 xor1 cy, %s1 */
+-#line 1285 "rl78-decode.opc"
++#line 1287 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3567,7 +3569,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %s1");
+-#line 1285 "rl78-decode.opc"
++#line 1287 "rl78-decode.opc"
+ ID(xor); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3584,7 +3586,7 @@
+ case 0x78:
+ {
+ /** 0111 0001 0bit 1000 clr1 %e!0 */
+-#line 438 "rl78-decode.opc"
++#line 440 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3594,7 +3596,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %e!0");
+-#line 438 "rl78-decode.opc"
++#line 440 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); DB(bit); SC(0);
+
+ }
+@@ -3609,7 +3611,7 @@
+ case 0x79:
+ {
+ /** 0111 0001 0bit 1001 mov1 %s0, cy */
+-#line 806 "rl78-decode.opc"
++#line 808 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3619,7 +3621,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %s0, cy");
+-#line 806 "rl78-decode.opc"
++#line 808 "rl78-decode.opc"
+ ID(mov); DM(None, SFR); DB(bit); SCY();
+
+ /*----------------------------------------------------------------------*/
+@@ -3636,7 +3638,7 @@
+ case 0x7a:
+ {
+ /** 0111 0001 0bit 1010 set1 %s0 */
+-#line 1058 "rl78-decode.opc"
++#line 1060 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3646,7 +3648,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %s0");
+-#line 1058 "rl78-decode.opc"
++#line 1060 "rl78-decode.opc"
+ op0 = SFR;
+ ID(mov); DM(None, op0); DB(bit); SC(1);
+ if (op0 == RL78_SFR_PSW && bit == 7)
+@@ -3664,7 +3666,7 @@
+ case 0x7b:
+ {
+ /** 0111 0001 0bit 1011 clr1 %s0 */
+-#line 450 "rl78-decode.opc"
++#line 452 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3674,7 +3676,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %s0");
+-#line 450 "rl78-decode.opc"
++#line 452 "rl78-decode.opc"
+ op0 = SFR;
+ ID(mov); DM(None, op0); DB(bit); SC(0);
+ if (op0 == RL78_SFR_PSW && bit == 7)
+@@ -3692,7 +3694,7 @@
+ case 0x7c:
+ {
+ /** 0111 0001 0bit 1100 mov1 cy, %s1 */
+-#line 800 "rl78-decode.opc"
++#line 802 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3702,7 +3704,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %s1");
+-#line 800 "rl78-decode.opc"
++#line 802 "rl78-decode.opc"
+ ID(mov); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3717,7 +3719,7 @@
+ case 0x7d:
+ {
+ /** 0111 0001 0bit 1101 and1 cy, %s1 */
+-#line 323 "rl78-decode.opc"
++#line 325 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3727,7 +3729,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %s1");
+-#line 323 "rl78-decode.opc"
++#line 325 "rl78-decode.opc"
+ ID(and); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3742,7 +3744,7 @@
+ case 0x7e:
+ {
+ /** 0111 0001 0bit 1110 or1 cy, %s1 */
+-#line 978 "rl78-decode.opc"
++#line 980 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3752,7 +3754,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %s1");
+-#line 978 "rl78-decode.opc"
++#line 980 "rl78-decode.opc"
+ ID(or); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3767,7 +3769,7 @@
+ case 0x7f:
+ {
+ /** 0111 0001 0bit 1111 xor1 cy, %s1 */
+-#line 1282 "rl78-decode.opc"
++#line 1284 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3777,7 +3779,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %s1");
+-#line 1282 "rl78-decode.opc"
++#line 1284 "rl78-decode.opc"
+ ID(xor); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3792,7 +3794,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("set1 cy");
+-#line 1055 "rl78-decode.opc"
++#line 1057 "rl78-decode.opc"
+ ID(mov); DCY(); SC(1);
+
+ }
+@@ -3807,7 +3809,7 @@
+ case 0xf1:
+ {
+ /** 0111 0001 1bit 0001 mov1 %e0, cy */
+-#line 785 "rl78-decode.opc"
++#line 787 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3817,7 +3819,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %e0, cy");
+-#line 785 "rl78-decode.opc"
++#line 787 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SCY();
+
+ }
+@@ -3832,7 +3834,7 @@
+ case 0xf2:
+ {
+ /** 0111 0001 1bit 0010 set1 %e0 */
+-#line 1049 "rl78-decode.opc"
++#line 1051 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3842,7 +3844,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %e0");
+-#line 1049 "rl78-decode.opc"
++#line 1051 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SC(1);
+
+ }
+@@ -3857,7 +3859,7 @@
+ case 0xf3:
+ {
+ /** 0111 0001 1bit 0011 clr1 %e0 */
+-#line 441 "rl78-decode.opc"
++#line 443 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3867,7 +3869,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %e0");
+-#line 441 "rl78-decode.opc"
++#line 443 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SC(0);
+
+ }
+@@ -3882,7 +3884,7 @@
+ case 0xf4:
+ {
+ /** 0111 0001 1bit 0100 mov1 cy, %e1 */
+-#line 791 "rl78-decode.opc"
++#line 793 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3892,7 +3894,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %e1");
+-#line 791 "rl78-decode.opc"
++#line 793 "rl78-decode.opc"
+ ID(mov); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3907,7 +3909,7 @@
+ case 0xf5:
+ {
+ /** 0111 0001 1bit 0101 and1 cy, %e1 */
+-#line 317 "rl78-decode.opc"
++#line 319 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3917,7 +3919,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %e1");
+-#line 317 "rl78-decode.opc"
++#line 319 "rl78-decode.opc"
+ ID(and); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3932,7 +3934,7 @@
+ case 0xf6:
+ {
+ /** 0111 0001 1bit 0110 or1 cy, %e1 */
+-#line 972 "rl78-decode.opc"
++#line 974 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3942,7 +3944,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %e1");
+-#line 972 "rl78-decode.opc"
++#line 974 "rl78-decode.opc"
+ ID(or); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3957,7 +3959,7 @@
+ case 0xf7:
+ {
+ /** 0111 0001 1bit 0111 xor1 cy, %e1 */
+-#line 1276 "rl78-decode.opc"
++#line 1278 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3967,7 +3969,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %e1");
+-#line 1276 "rl78-decode.opc"
++#line 1278 "rl78-decode.opc"
+ ID(xor); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3982,7 +3984,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("clr1 cy");
+-#line 447 "rl78-decode.opc"
++#line 449 "rl78-decode.opc"
+ ID(mov); DCY(); SC(0);
+
+ }
+@@ -3997,7 +3999,7 @@
+ case 0xf9:
+ {
+ /** 0111 0001 1bit 1001 mov1 %e0, cy */
+-#line 788 "rl78-decode.opc"
++#line 790 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4007,7 +4009,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %e0, cy");
+-#line 788 "rl78-decode.opc"
++#line 790 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SCY();
+
+ }
+@@ -4022,7 +4024,7 @@
+ case 0xfa:
+ {
+ /** 0111 0001 1bit 1010 set1 %0 */
+-#line 1052 "rl78-decode.opc"
++#line 1054 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4032,7 +4034,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %0");
+-#line 1052 "rl78-decode.opc"
++#line 1054 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SC(1);
+
+ }
+@@ -4047,7 +4049,7 @@
+ case 0xfb:
+ {
+ /** 0111 0001 1bit 1011 clr1 %0 */
+-#line 444 "rl78-decode.opc"
++#line 446 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4057,7 +4059,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %0");
+-#line 444 "rl78-decode.opc"
++#line 446 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SC(0);
+
+ }
+@@ -4072,7 +4074,7 @@
+ case 0xfc:
+ {
+ /** 0111 0001 1bit 1100 mov1 cy, %e1 */
+-#line 794 "rl78-decode.opc"
++#line 796 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4082,7 +4084,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %e1");
+-#line 794 "rl78-decode.opc"
++#line 796 "rl78-decode.opc"
+ ID(mov); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4097,7 +4099,7 @@
+ case 0xfd:
+ {
+ /** 0111 0001 1bit 1101 and1 cy, %1 */
+-#line 320 "rl78-decode.opc"
++#line 322 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4107,7 +4109,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %1");
+-#line 320 "rl78-decode.opc"
++#line 322 "rl78-decode.opc"
+ ID(and); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4122,7 +4124,7 @@
+ case 0xfe:
+ {
+ /** 0111 0001 1bit 1110 or1 cy, %1 */
+-#line 975 "rl78-decode.opc"
++#line 977 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4132,7 +4134,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %1");
+-#line 975 "rl78-decode.opc"
++#line 977 "rl78-decode.opc"
+ ID(or); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4147,7 +4149,7 @@
+ case 0xff:
+ {
+ /** 0111 0001 1bit 1111 xor1 cy, %1 */
+-#line 1279 "rl78-decode.opc"
++#line 1281 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4157,7 +4159,7 @@
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %1");
+-#line 1279 "rl78-decode.opc"
++#line 1281 "rl78-decode.opc"
+ ID(xor); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4172,7 +4174,7 @@
+ op[0], op[1]);
+ }
+ SYNTAX("not1 cy");
+-#line 916 "rl78-decode.opc"
++#line 918 "rl78-decode.opc"
+ ID(xor); DCY(); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4192,7 +4194,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 877 "rl78-decode.opc"
++#line 879 "rl78-decode.opc"
+ ID(mov); W(); DM(BC, IMMU(2)); SR(AX);
+
+ }
+@@ -4207,7 +4209,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 868 "rl78-decode.opc"
++#line 870 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(BC, IMMU(2));
+
+ }
+@@ -4222,7 +4224,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, #%1");
+-#line 1271 "rl78-decode.opc"
++#line 1273 "rl78-decode.opc"
+ ID(xor); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -4239,7 +4241,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1268 "rl78-decode.opc"
++#line 1270 "rl78-decode.opc"
+ ID(xor); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -4254,7 +4256,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, #%1");
+-#line 1259 "rl78-decode.opc"
++#line 1261 "rl78-decode.opc"
+ ID(xor); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -4269,7 +4271,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1247 "rl78-decode.opc"
++#line 1249 "rl78-decode.opc"
+ ID(xor); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -4284,7 +4286,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %ea1");
+-#line 1253 "rl78-decode.opc"
++#line 1255 "rl78-decode.opc"
+ ID(xor); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -4299,7 +4301,7 @@
+ op[0]);
+ }
+ SYNTAX("xor %0, %e!1");
+-#line 1244 "rl78-decode.opc"
++#line 1246 "rl78-decode.opc"
+ ID(xor); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -4314,7 +4316,7 @@
+ case 0x87:
+ {
+ /** 1000 0reg inc %0 */
+-#line 587 "rl78-decode.opc"
++#line 589 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -4324,7 +4326,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("inc %0");
+-#line 587 "rl78-decode.opc"
++#line 589 "rl78-decode.opc"
+ ID(add); DRB(reg); SC(1); Fza;
+
+ }
+@@ -4339,7 +4341,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 666 "rl78-decode.opc"
++#line 668 "rl78-decode.opc"
+ ID(mov); DR(A); SM(SP, IMMU(1));
+
+ }
+@@ -4354,7 +4356,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 648 "rl78-decode.opc"
++#line 650 "rl78-decode.opc"
+ ID(mov); DR(A); SM(DE, 0);
+
+ }
+@@ -4369,7 +4371,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 651 "rl78-decode.opc"
++#line 653 "rl78-decode.opc"
+ ID(mov); DR(A); SM(DE, IMMU(1));
+
+ }
+@@ -4384,7 +4386,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 654 "rl78-decode.opc"
++#line 656 "rl78-decode.opc"
+ ID(mov); DR(A); SM(HL, 0);
+
+ }
+@@ -4399,7 +4401,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 657 "rl78-decode.opc"
++#line 659 "rl78-decode.opc"
+ ID(mov); DR(A); SM(HL, IMMU(1));
+
+ }
+@@ -4414,7 +4416,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 690 "rl78-decode.opc"
++#line 692 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, SADDR);
+
+ }
+@@ -4429,7 +4431,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %s1");
+-#line 687 "rl78-decode.opc"
++#line 689 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, SFR);
+
+ }
+@@ -4444,7 +4446,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 645 "rl78-decode.opc"
++#line 647 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, IMMU(2));
+
+ }
+@@ -4459,7 +4461,7 @@
+ case 0x97:
+ {
+ /** 1001 0reg dec %0 */
+-#line 554 "rl78-decode.opc"
++#line 556 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -4469,7 +4471,7 @@
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("dec %0");
+-#line 554 "rl78-decode.opc"
++#line 556 "rl78-decode.opc"
+ ID(sub); DRB(reg); SC(1); Fza;
+
+ }
+@@ -4484,7 +4486,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %a0, %1");
+-#line 642 "rl78-decode.opc"
++#line 644 "rl78-decode.opc"
+ ID(mov); DM(SP, IMMU(1)); SR(A);
+
+ }
+@@ -4499,7 +4501,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 615 "rl78-decode.opc"
++#line 617 "rl78-decode.opc"
+ ID(mov); DM(DE, 0); SR(A);
+
+ }
+@@ -4514,7 +4516,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, %1");
+-#line 621 "rl78-decode.opc"
++#line 623 "rl78-decode.opc"
+ ID(mov); DM(DE, IMMU(1)); SR(A);
+
+ }
+@@ -4529,7 +4531,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 624 "rl78-decode.opc"
++#line 626 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); SR(A);
+
+ }
+@@ -4544,7 +4546,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, %1");
+-#line 633 "rl78-decode.opc"
++#line 635 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SR(A);
+
+ }
+@@ -4559,7 +4561,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 747 "rl78-decode.opc"
++#line 749 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SR(A);
+
+ }
+@@ -4574,7 +4576,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %s0, %1");
+-#line 780 "rl78-decode.opc"
++#line 782 "rl78-decode.opc"
+ ID(mov); DM(None, SFR); SR(A);
+
+ /*----------------------------------------------------------------------*/
+@@ -4591,7 +4593,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e!0, %1");
+-#line 612 "rl78-decode.opc"
++#line 614 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SR(A);
+
+ }
+@@ -4606,7 +4608,7 @@
+ op[0]);
+ }
+ SYNTAX("inc %e!0");
+-#line 581 "rl78-decode.opc"
++#line 583 "rl78-decode.opc"
+ ID(add); DM(None, IMMU(2)); SC(1); Fza;
+
+ }
+@@ -4617,7 +4619,7 @@
+ case 0xa7:
+ {
+ /** 1010 0rg1 incw %0 */
+-#line 601 "rl78-decode.opc"
++#line 603 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -4627,7 +4629,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("incw %0");
+-#line 601 "rl78-decode.opc"
++#line 603 "rl78-decode.opc"
+ ID(add); W(); DRW(rg); SC(1);
+
+ }
+@@ -4642,7 +4644,7 @@
+ op[0]);
+ }
+ SYNTAX("incw %e!0");
+-#line 595 "rl78-decode.opc"
++#line 597 "rl78-decode.opc"
+ ID(add); W(); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -4657,7 +4659,7 @@
+ op[0]);
+ }
+ SYNTAX("inc %0");
+-#line 590 "rl78-decode.opc"
++#line 592 "rl78-decode.opc"
+ ID(add); DM(None, SADDR); SC(1); Fza;
+
+ /*----------------------------------------------------------------------*/
+@@ -4674,7 +4676,7 @@
+ op[0]);
+ }
+ SYNTAX("incw %0");
+-#line 604 "rl78-decode.opc"
++#line 606 "rl78-decode.opc"
+ ID(add); W(); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4691,7 +4693,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %a1");
+-#line 850 "rl78-decode.opc"
++#line 852 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(SP, IMMU(1));
+
+ }
+@@ -4706,7 +4708,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 838 "rl78-decode.opc"
++#line 840 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(DE, 0);
+
+ }
+@@ -4721,7 +4723,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %ea1");
+-#line 841 "rl78-decode.opc"
++#line 843 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(DE, IMMU(1));
+
+ }
+@@ -4736,7 +4738,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 844 "rl78-decode.opc"
++#line 846 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(HL, 0);
+
+ }
+@@ -4751,7 +4753,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %ea1");
+-#line 847 "rl78-decode.opc"
++#line 849 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(HL, IMMU(1));
+
+ }
+@@ -4766,7 +4768,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %1");
+-#line 880 "rl78-decode.opc"
++#line 882 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, SADDR);
+
+ }
+@@ -4781,7 +4783,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %s1");
+-#line 883 "rl78-decode.opc"
++#line 885 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, SFR);
+
+ }
+@@ -4796,7 +4798,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %e!1");
+-#line 834 "rl78-decode.opc"
++#line 836 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, IMMU(2));
+
+
+@@ -4812,7 +4814,7 @@
+ op[0]);
+ }
+ SYNTAX("dec %e!0");
+-#line 548 "rl78-decode.opc"
++#line 550 "rl78-decode.opc"
+ ID(sub); DM(None, IMMU(2)); SC(1); Fza;
+
+ }
+@@ -4823,7 +4825,7 @@
+ case 0xb7:
+ {
+ /** 1011 0rg1 decw %0 */
+-#line 568 "rl78-decode.opc"
++#line 570 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -4833,7 +4835,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("decw %0");
+-#line 568 "rl78-decode.opc"
++#line 570 "rl78-decode.opc"
+ ID(sub); W(); DRW(rg); SC(1);
+
+ }
+@@ -4848,7 +4850,7 @@
+ op[0]);
+ }
+ SYNTAX("decw %e!0");
+-#line 562 "rl78-decode.opc"
++#line 564 "rl78-decode.opc"
+ ID(sub); W(); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -4863,7 +4865,7 @@
+ op[0]);
+ }
+ SYNTAX("dec %0");
+-#line 557 "rl78-decode.opc"
++#line 559 "rl78-decode.opc"
+ ID(sub); DM(None, SADDR); SC(1); Fza;
+
+ /*----------------------------------------------------------------------*/
+@@ -4880,7 +4882,7 @@
+ op[0]);
+ }
+ SYNTAX("decw %0");
+-#line 571 "rl78-decode.opc"
++#line 573 "rl78-decode.opc"
+ ID(sub); W(); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4897,7 +4899,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %a0, %1");
+-#line 831 "rl78-decode.opc"
++#line 833 "rl78-decode.opc"
+ ID(mov); W(); DM(SP, IMMU(1)); SR(AX);
+
+ }
+@@ -4912,7 +4914,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 819 "rl78-decode.opc"
++#line 821 "rl78-decode.opc"
+ ID(mov); W(); DM(DE, 0); SR(AX);
+
+ }
+@@ -4927,7 +4929,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %ea0, %1");
+-#line 822 "rl78-decode.opc"
++#line 824 "rl78-decode.opc"
+ ID(mov); W(); DM(DE, IMMU(1)); SR(AX);
+
+ }
+@@ -4942,7 +4944,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 825 "rl78-decode.opc"
++#line 827 "rl78-decode.opc"
+ ID(mov); W(); DM(HL, 0); SR(AX);
+
+ }
+@@ -4957,7 +4959,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %ea0, %1");
+-#line 828 "rl78-decode.opc"
++#line 830 "rl78-decode.opc"
+ ID(mov); W(); DM(HL, IMMU(1)); SR(AX);
+
+ }
+@@ -4972,7 +4974,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, %1");
+-#line 895 "rl78-decode.opc"
++#line 897 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SADDR); SR(AX);
+
+ }
+@@ -4987,7 +4989,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %s0, %1");
+-#line 901 "rl78-decode.opc"
++#line 903 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SFR); SR(AX);
+
+ /*----------------------------------------------------------------------*/
+@@ -5004,7 +5006,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %e!0, %1");
+-#line 816 "rl78-decode.opc"
++#line 818 "rl78-decode.opc"
+ ID(mov); W(); DM(None, IMMU(2)); SR(AX);
+
+ }
+@@ -5015,7 +5017,7 @@
+ case 0xc6:
+ {
+ /** 1100 0rg0 pop %0 */
+-#line 986 "rl78-decode.opc"
++#line 988 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -5025,7 +5027,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("pop %0");
+-#line 986 "rl78-decode.opc"
++#line 988 "rl78-decode.opc"
+ ID(mov); W(); DRW(rg); SPOP();
+
+ }
+@@ -5036,7 +5038,7 @@
+ case 0xc7:
+ {
+ /** 1100 0rg1 push %1 */
+-#line 994 "rl78-decode.opc"
++#line 996 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -5046,7 +5048,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("push %1");
+-#line 994 "rl78-decode.opc"
++#line 996 "rl78-decode.opc"
+ ID(mov); W(); DPUSH(); SRW(rg);
+
+ }
+@@ -5061,7 +5063,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %a0, #%1");
+-#line 639 "rl78-decode.opc"
++#line 641 "rl78-decode.opc"
+ ID(mov); DM(SP, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5076,7 +5078,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %0, #%1");
+-#line 892 "rl78-decode.opc"
++#line 894 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SADDR); SC(IMMU(2));
+
+ }
+@@ -5091,7 +5093,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, #%1");
+-#line 618 "rl78-decode.opc"
++#line 620 "rl78-decode.opc"
+ ID(mov); DM(DE, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5106,7 +5108,7 @@
+ op[0]);
+ }
+ SYNTAX("movw %s0, #%1");
+-#line 898 "rl78-decode.opc"
++#line 900 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SFR); SC(IMMU(2));
+
+ }
+@@ -5121,7 +5123,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %ea0, #%1");
+-#line 630 "rl78-decode.opc"
++#line 632 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5136,7 +5138,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 744 "rl78-decode.opc"
++#line 746 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(IMMU(1));
+
+ }
+@@ -5151,7 +5153,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %s0, #%1");
+-#line 750 "rl78-decode.opc"
++#line 752 "rl78-decode.opc"
+ op0 = SFR;
+ op1 = IMMU(1);
+ ID(mov); DM(None, op0); SC(op1);
+@@ -5193,7 +5195,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %e!0, #%1");
+-#line 609 "rl78-decode.opc"
++#line 611 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -5204,7 +5206,7 @@
+ case 0xd3:
+ {
+ /** 1101 00rg cmp0 %0 */
+-#line 518 "rl78-decode.opc"
++#line 520 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5214,7 +5216,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("cmp0 %0");
+-#line 518 "rl78-decode.opc"
++#line 520 "rl78-decode.opc"
+ ID(cmp); DRB(rg); SC(0); Fzac;
+
+ }
+@@ -5229,7 +5231,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp0 %0");
+-#line 521 "rl78-decode.opc"
++#line 523 "rl78-decode.opc"
+ ID(cmp); DM(None, SADDR); SC(0); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -5246,7 +5248,7 @@
+ op[0]);
+ }
+ SYNTAX("cmp0 %e!0");
+-#line 515 "rl78-decode.opc"
++#line 517 "rl78-decode.opc"
+ ID(cmp); DM(None, IMMU(2)); SC(0); Fzac;
+
+ }
+@@ -5261,7 +5263,7 @@
+ op[0]);
+ }
+ SYNTAX("mulu x");
+-#line 906 "rl78-decode.opc"
++#line 908 "rl78-decode.opc"
+ ID(mulu);
+
+ /*----------------------------------------------------------------------*/
+@@ -5278,7 +5280,7 @@
+ op[0]);
+ }
+ SYNTAX("ret");
+-#line 1002 "rl78-decode.opc"
++#line 1004 "rl78-decode.opc"
+ ID(ret);
+
+ }
+@@ -5293,7 +5295,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 711 "rl78-decode.opc"
++#line 713 "rl78-decode.opc"
+ ID(mov); DR(X); SM(None, SADDR);
+
+ }
+@@ -5308,7 +5310,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 708 "rl78-decode.opc"
++#line 710 "rl78-decode.opc"
+ ID(mov); DR(X); SM(None, IMMU(2));
+
+ }
+@@ -5318,7 +5320,7 @@
+ case 0xfa:
+ {
+ /** 11ra 1010 movw %0, %1 */
+-#line 889 "rl78-decode.opc"
++#line 891 "rl78-decode.opc"
+ int ra AU = (op[0] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -5328,7 +5330,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 889 "rl78-decode.opc"
++#line 891 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SM(None, SADDR);
+
+ }
+@@ -5338,7 +5340,7 @@
+ case 0xfb:
+ {
+ /** 11ra 1011 movw %0, %es!1 */
+-#line 886 "rl78-decode.opc"
++#line 888 "rl78-decode.opc"
+ int ra AU = (op[0] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -5348,7 +5350,7 @@
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %es!1");
+-#line 886 "rl78-decode.opc"
++#line 888 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SM(None, IMMU(2));
+
+ }
+@@ -5363,7 +5365,7 @@
+ op[0]);
+ }
+ SYNTAX("bc $%a0");
+-#line 334 "rl78-decode.opc"
++#line 336 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(C);
+
+ }
+@@ -5378,7 +5380,7 @@
+ op[0]);
+ }
+ SYNTAX("bz $%a0");
+-#line 346 "rl78-decode.opc"
++#line 348 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(Z);
+
+ }
+@@ -5393,7 +5395,7 @@
+ op[0]);
+ }
+ SYNTAX("bnc $%a0");
+-#line 337 "rl78-decode.opc"
++#line 339 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(NC);
+
+ }
+@@ -5408,7 +5410,7 @@
+ op[0]);
+ }
+ SYNTAX("bnz $%a0");
+-#line 349 "rl78-decode.opc"
++#line 351 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(NZ);
+
+ /*----------------------------------------------------------------------*/
+@@ -5421,7 +5423,7 @@
+ case 0xe3:
+ {
+ /** 1110 00rg oneb %0 */
+-#line 924 "rl78-decode.opc"
++#line 926 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5431,7 +5433,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("oneb %0");
+-#line 924 "rl78-decode.opc"
++#line 926 "rl78-decode.opc"
+ ID(mov); DRB(rg); SC(1);
+
+ }
+@@ -5446,7 +5448,7 @@
+ op[0]);
+ }
+ SYNTAX("oneb %0");
+-#line 927 "rl78-decode.opc"
++#line 929 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -5463,7 +5465,7 @@
+ op[0]);
+ }
+ SYNTAX("oneb %e!0");
+-#line 921 "rl78-decode.opc"
++#line 923 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -5478,7 +5480,7 @@
+ op[0]);
+ }
+ SYNTAX("onew %0");
+-#line 932 "rl78-decode.opc"
++#line 934 "rl78-decode.opc"
+ ID(mov); DR(AX); SC(1);
+
+ }
+@@ -5493,7 +5495,7 @@
+ op[0]);
+ }
+ SYNTAX("onew %0");
+-#line 935 "rl78-decode.opc"
++#line 937 "rl78-decode.opc"
+ ID(mov); DR(BC); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -5510,7 +5512,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 699 "rl78-decode.opc"
++#line 701 "rl78-decode.opc"
+ ID(mov); DR(B); SM(None, SADDR);
+
+ }
+@@ -5525,7 +5527,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 693 "rl78-decode.opc"
++#line 695 "rl78-decode.opc"
+ ID(mov); DR(B); SM(None, IMMU(2));
+
+ }
+@@ -5540,7 +5542,7 @@
+ op[0]);
+ }
+ SYNTAX("br !%!a0");
+-#line 368 "rl78-decode.opc"
++#line 370 "rl78-decode.opc"
+ ID(branch); DC(IMMU(3));
+
+ }
+@@ -5555,7 +5557,7 @@
+ op[0]);
+ }
+ SYNTAX("br %!a0");
+-#line 371 "rl78-decode.opc"
++#line 373 "rl78-decode.opc"
+ ID(branch); DC(IMMU(2));
+
+ }
+@@ -5570,7 +5572,7 @@
+ op[0]);
+ }
+ SYNTAX("br $%!a0");
+-#line 374 "rl78-decode.opc"
++#line 376 "rl78-decode.opc"
+ ID(branch); DC(pc+IMMS(2)+3);
+
+ }
+@@ -5585,7 +5587,7 @@
+ op[0]);
+ }
+ SYNTAX("br $%a0");
+-#line 377 "rl78-decode.opc"
++#line 379 "rl78-decode.opc"
+ ID(branch); DC(pc+IMMS(1)+2);
+
+ }
+@@ -5596,7 +5598,7 @@
+ case 0xf3:
+ {
+ /** 1111 00rg clrb %0 */
+-#line 464 "rl78-decode.opc"
++#line 466 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5606,7 +5608,7 @@
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("clrb %0");
+-#line 464 "rl78-decode.opc"
++#line 466 "rl78-decode.opc"
+ ID(mov); DRB(rg); SC(0);
+
+ }
+@@ -5621,7 +5623,7 @@
+ op[0]);
+ }
+ SYNTAX("clrb %0");
+-#line 467 "rl78-decode.opc"
++#line 469 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -5638,7 +5640,7 @@
+ op[0]);
+ }
+ SYNTAX("clrb %e!0");
+-#line 461 "rl78-decode.opc"
++#line 463 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(0);
+
+ }
+@@ -5653,7 +5655,7 @@
+ op[0]);
+ }
+ SYNTAX("clrw %0");
+-#line 472 "rl78-decode.opc"
++#line 474 "rl78-decode.opc"
+ ID(mov); DR(AX); SC(0);
+
+ }
+@@ -5668,7 +5670,7 @@
+ op[0]);
+ }
+ SYNTAX("clrw %0");
+-#line 475 "rl78-decode.opc"
++#line 477 "rl78-decode.opc"
+ ID(mov); DR(BC); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -5685,7 +5687,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 705 "rl78-decode.opc"
++#line 707 "rl78-decode.opc"
+ ID(mov); DR(C); SM(None, SADDR);
+
+ }
+@@ -5700,7 +5702,7 @@
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 702 "rl78-decode.opc"
++#line 704 "rl78-decode.opc"
+ ID(mov); DR(C); SM(None, IMMU(2));
+
+ }
+@@ -5715,7 +5717,7 @@
+ op[0]);
+ }
+ SYNTAX("call !%!a0");
+-#line 421 "rl78-decode.opc"
++#line 423 "rl78-decode.opc"
+ ID(call); DC(IMMU(3));
+
+ }
+@@ -5730,7 +5732,7 @@
+ op[0]);
+ }
+ SYNTAX("call %!a0");
+-#line 424 "rl78-decode.opc"
++#line 426 "rl78-decode.opc"
+ ID(call); DC(IMMU(2));
+
+ }
+@@ -5745,7 +5747,7 @@
+ op[0]);
+ }
+ SYNTAX("call $%!a0");
+-#line 427 "rl78-decode.opc"
++#line 429 "rl78-decode.opc"
+ ID(call); DC(pc+IMMS(2)+3);
+
+ }
+@@ -5760,13 +5762,13 @@
+ op[0]);
+ }
+ SYNTAX("brk1");
+-#line 385 "rl78-decode.opc"
++#line 387 "rl78-decode.opc"
+ ID(break);
+
+ }
+ break;
+ }
+-#line 1290 "rl78-decode.opc"
++#line 1292 "rl78-decode.opc"
+
+ return rl78->n_bytes;
+ }
+Index: git/opcodes/rl78-decode.opc
+===================================================================
+--- git.orig/opcodes/rl78-decode.opc 2017-09-21 13:14:42.256835775 +0530
++++ git/opcodes/rl78-decode.opc 2017-09-21 13:14:49.444888350 +0530
+@@ -50,7 +50,9 @@
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -168,7 +170,7 @@
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld = &lds;
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 13:14:41.676831533 +0530
++++ git/opcodes/ChangeLog 2017-09-21 13:16:51.065779064 +0530
+@@ -1,3 +1,12 @@
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21588
++ * rl78-decode.opc (OP_BUF_LEN): Define.
++ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
++ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
++ array.
++ * rl78-decode.c: Regenerate.
++
+ 2016-08-03 Tristan Gingold <gingold@adacore.com>
+
+ * configure: Regenerate.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
new file mode 100644
index 0000000..fce5b14
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
@@ -0,0 +1,204 @@
+commit c53d2e6d744da000aaafe0237bced090aab62818
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 11:27:15 2017 +0100
+
+ Fix potential address violations when processing a corrupt Alpha VMA binary.
+
+ PR binutils/21589
+ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
+ maximum value for the ascic pointer. Check that name processing
+ does not read beyond this value.
+ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
+ end of etir record.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9752
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c 2017-09-21 15:00:19.117805347 +0530
++++ git/bfd/vms-alpha.c 2017-09-21 15:00:20.673815960 +0530
+@@ -1507,7 +1507,7 @@
+ /* Write multiple bytes to section image. */
+
+ static bfd_boolean
+-image_write (bfd *abfd, unsigned char *ptr, int size)
++image_write (bfd *abfd, unsigned char *ptr, unsigned int size)
+ {
+ #if VMS_DEBUG
+ _bfd_vms_debug (8, "image_write from (%p, %d) to (%ld)\n", ptr, size,
+@@ -1654,14 +1654,16 @@
+ #define HIGHBIT(op) ((op & 0x80000000L) == 0x80000000L)
+
+ static void
+-_bfd_vms_get_value (bfd *abfd, const unsigned char *ascic,
++_bfd_vms_get_value (bfd *abfd,
++ const unsigned char *ascic,
++ const unsigned char *max_ascic,
+ struct bfd_link_info *info,
+ bfd_vma *vma,
+ struct alpha_vms_link_hash_entry **hp)
+ {
+ char name[257];
+- int len;
+- int i;
++ unsigned int len;
++ unsigned int i;
+ struct alpha_vms_link_hash_entry *h;
+
+ /* Not linking. Do not try to resolve the symbol. */
+@@ -1673,6 +1675,14 @@
+ }
+
+ len = *ascic;
++ if (ascic + len >= max_ascic)
++ {
++ _bfd_error_handler (_("Corrupt vms value"));
++ *vma = 0;
++ *hp = NULL;
++ return;
++ }
++
+ for (i = 0; i < len; i++)
+ name[i] = ascic[i + 1];
+ name[i] = 0;
+@@ -1797,6 +1807,15 @@
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+
++ /* PR 21589: Check for a corrupt ETIR record. */
++ if (cmd_length < 4)
++ {
++ corrupt_etir:
++ _bfd_error_handler (_("Corrupt ETIR record encountered"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ switch (cmd)
+ {
+ /* Stack global
+@@ -1804,7 +1823,7 @@
+
+ stack 32 bit value of symbol (high bits set to 0). */
+ case ETIR__C_STA_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ _bfd_vms_push (abfd, op1, alpha_vms_sym_to_ctxt (h));
+ break;
+
+@@ -1813,6 +1832,8 @@
+
+ stack 32 bit value, sign extend to 64 bit. */
+ case ETIR__C_STA_LW:
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ _bfd_vms_push (abfd, bfd_getl32 (ptr), RELC_NONE);
+ break;
+
+@@ -1821,6 +1842,8 @@
+
+ stack 64 bit value of symbol. */
+ case ETIR__C_STA_QW:
++ if (ptr + 8 >= maxptr)
++ goto corrupt_etir;
+ _bfd_vms_push (abfd, bfd_getl64 (ptr), RELC_NONE);
+ break;
+
+@@ -1834,6 +1857,8 @@
+ {
+ int psect;
+
++ if (ptr + 12 >= maxptr)
++ goto corrupt_etir;
+ psect = bfd_getl32 (ptr);
+ if ((unsigned int) psect >= PRIV (section_count))
+ {
+@@ -1923,6 +1948,8 @@
+ {
+ int size;
+
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ size = bfd_getl32 (ptr);
+ _bfd_vms_pop (abfd, &op1, &rel1);
+ if (rel1 != RELC_NONE)
+@@ -1935,7 +1962,7 @@
+ /* Store global: write symbol value
+ arg: cs global symbol name. */
+ case ETIR__C_STO_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->typ == EGSD__C_SYMG)
+@@ -1957,7 +1984,7 @@
+ /* Store code address: write address of entry point
+ arg: cs global symbol name (procedure). */
+ case ETIR__C_STO_CA:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->flags & EGSY__V_NORM)
+@@ -2002,8 +2029,10 @@
+ da data. */
+ case ETIR__C_STO_IMM:
+ {
+- int size;
++ unsigned int size;
+
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ size = bfd_getl32 (ptr);
+ image_write (abfd, ptr + 4, size);
+ }
+@@ -2016,7 +2045,7 @@
+ store global longword: store 32bit value of symbol
+ arg: cs symbol name. */
+ case ETIR__C_STO_GBL_LW:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ #if 0
+ abort ();
+ #endif
+@@ -2069,7 +2098,7 @@
+ da signature. */
+
+ case ETIR__C_STC_LP_PSB:
+- _bfd_vms_get_value (abfd, ptr + 4, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr + 4, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->typ == EGSD__C_SYMG)
+@@ -2165,6 +2194,8 @@
+ /* Augment relocation base: increment image location counter by offset
+ arg: lw offset value. */
+ case ETIR__C_CTL_AUGRB:
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ op1 = bfd_getl32 (ptr);
+ image_inc_ptr (abfd, op1);
+ break;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 15:04:44.000000000 +0530
++++ git/bfd/ChangeLog 2017-09-21 15:07:58.268949291 +0530
+@@ -81,6 +81,15 @@
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21589
++ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
++ maximum value for the ascic pointer. Check that name processing
++ does not read beyond this value.
++ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
++ end of etir record.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch
new file mode 100644
index 0000000..fe1f9a1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753_9754.patch
@@ -0,0 +1,76 @@
+commit 04f963fd489cae724a60140e13984415c205f4ac
+Author: Nick Clifton <nickc@redhat.com>
+Date: Wed Jun 14 10:35:16 2017 +0100
+
+ Fix seg-faults in objdump when disassembling a corrupt versados binary.
+
+ PR binutils/21591
+ * versados.c (versados_mkobject): Zero the allocated tdata structure.
+ (process_otr): Check for an invalid offset in the otr structure.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9753 and CVE-2017-9754
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/versados.c
+===================================================================
+--- git.orig/bfd/versados.c 2017-09-21 15:08:34.445197987 +0530
++++ git/bfd/versados.c 2017-09-21 15:08:34.429197878 +0530
+@@ -149,7 +149,7 @@
+ if (abfd->tdata.versados_data == NULL)
+ {
+ bfd_size_type amt = sizeof (tdata_type);
+- tdata_type *tdata = bfd_alloc (abfd, amt);
++ tdata_type *tdata = bfd_zalloc (abfd, amt);
+
+ if (tdata == NULL)
+ return FALSE;
+@@ -344,13 +344,13 @@
+ };
+
+ static int
+-get_offset (int len, unsigned char *ptr)
++get_offset (unsigned int len, unsigned char *ptr)
+ {
+ int val = 0;
+
+ if (len)
+ {
+- int i;
++ unsigned int i;
+
+ val = *ptr++;
+ if (val & 0x80)
+@@ -393,9 +393,13 @@
+ int flag = *srcp++;
+ int esdids = (flag >> 5) & 0x7;
+ int sizeinwords = ((flag >> 3) & 1) ? 2 : 1;
+- int offsetlen = flag & 0x7;
++ unsigned int offsetlen = flag & 0x7;
+ int j;
+
++ /* PR 21591: Check for invalid lengths. */
++ if (srcp + esdids + offsetlen >= endp)
++ return;
++
+ if (esdids == 0)
+ {
+ /* A zero esdid means the new pc is the offset given. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 15:08:34.445197987 +0530
++++ git/bfd/ChangeLog 2017-09-21 15:08:34.429197878 +0530
+@@ -90,6 +90,12 @@
+ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
+ end of etir record.
+
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21591
++ * versados.c (versados_mkobject): Zero the allocated tdata structure.
++ (process_otr): Check for an invalid offset in the otr structure.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
new file mode 100644
index 0000000..3ad3218
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch
@@ -0,0 +1,60 @@
+commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Thu Jun 15 06:40:17 2017 -0700
+
+ i386-dis: Check valid bnd register
+
+ Since there are only 4 bnd registers, return "(bad)" for register
+ number > 3.
+
+ PR binutils/21594
+ * i386-dis.c (OP_E_register): Check valid bnd register.
+ (OP_G): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530
++++ git/opcodes/i386-dis.c 2017-09-21 15:38:54.703174976 +0530
+@@ -15211,6 +15211,11 @@
+ names = address_mode == mode_64bit ? names64 : names32;
+ break;
+ case bnd_mode:
++ if (reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ names = names_bnd;
+ break;
+ case indir_v_mode:
+@@ -15751,6 +15756,11 @@
+ oappend (names64[modrm.reg + add]);
+ break;
+ case bnd_mode:
++ if (modrm.reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ oappend (names_bnd[modrm.reg]);
+ break;
+ case v_mode:
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 15:38:54.531175122 +0530
++++ git/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
+@@ -1,3 +1,9 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * i386-dis.c (OP_E_register): Check valid bnd register.
++ (OP_G): Likewise.
++
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21586
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
new file mode 100644
index 0000000..69e1607
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch
@@ -0,0 +1,101 @@
+commit 8cac017d35ef374e65acc98818a17cf8a652cbd0
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Thu Jun 15 08:21:48 2017 -0700
+
+ i386-dis: Add 2 tests with invalid bnd register
+
+ PR binutils/21594
+ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
+ register.
+ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
+ * testsuite/gas/i386/mpx.d: Updated.
+ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9755
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/gas/testsuite/gas/i386/mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -130,4 +130,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd ret
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%eax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -157,3 +157,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.d
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.616640460 +0530
+@@ -182,4 +182,8 @@
+
+ [a-f0-9]+ <foo>:
+ [ ]*[a-f0-9]+: f2 c3 bnd retq
++
++[a-f0-9]+ <bad>:
++[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%rax\),\(bad\)
++[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0
+ #pass
+Index: git/gas/testsuite/gas/i386/x86-64-mpx.s
+===================================================================
+--- git.orig/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.640640603 +0530
++++ git/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.616640460 +0530
+@@ -209,3 +209,15 @@
+ bnd ret
+
+ foo: bnd ret
++
++bad:
++ # bndldx (%eax),(bad)
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0x30
++
++ # bndmov (bad),%bnd0
++ .byte 0x66
++ .byte 0x0f
++ .byte 0x1a
++ .byte 0xc4
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog 2017-09-21 15:38:53.143176323 +0530
++++ git/gas/ChangeLog 2017-09-21 15:48:07.134368927 +0530
+@@ -1,3 +1,12 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
++ register.
++ * testsuite/gas/i386/x86-64-mpx.s: Likewise.
++ * testsuite/gas/i386/mpx.d: Updated.
++ * testsuite/gas/i386/x86-64-mpx.d: Likewise.
++
+ 2016-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR gas/20898
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
new file mode 100644
index 0000000..e40a26e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
@@ -0,0 +1,43 @@
+commit cd3ea7c69acc5045eb28f9bf80d923116e15e4f5
+Author: Nick Clifton <nickc@redhat.com>
+Date: Thu Jun 15 13:26:54 2017 +0100
+
+ Prevent address violation problem when disassembling corrupt aarch64 binary.
+
+ PR binutils/21595
+ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
+ range value.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9756
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/opcodes/aarch64-dis.c
+===================================================================
+--- git.orig/opcodes/aarch64-dis.c 2017-09-21 15:48:27.154646380 +0530
++++ git/opcodes/aarch64-dis.c 2017-09-21 15:48:27.134646104 +0530
+@@ -381,6 +381,9 @@
+ info->reglist.first_regno = extract_field (FLD_Rt, code, 0);
+ /* opcode */
+ value = extract_field (FLD_opcode, code, 0);
++ /* PR 21595: Check for a bogus value. */
++ if (value >= ARRAY_SIZE (data))
++ return 0;
+ if (expected_num != data[value].num_elements || data[value].is_reserved)
+ return 0;
+ info->reglist.num_regs = data[value].num_regs;
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530
++++ git/opcodes/ChangeLog 2017-09-21 15:49:53.751803571 +0530
+@@ -1,3 +1,9 @@
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21595
++ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
++ range value.
++
+ 2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21594
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
new file mode 100644
index 0000000..2651572
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
+commit 04e15b4a9462cb1ae819e878a6009829aab8020b
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 26 15:46:34 2017 +0100
+
+ Fix address violation parsing a corrupt texhex format file.
+
+ PR binutils/21670
+ * tekhex.c (getvalue): Check for the source pointer exceeding the
+ end pointer before the first byte is read.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9954
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/tekhex.c
+===================================================================
+--- git.orig/bfd/tekhex.c 2017-09-21 16:19:42.570877476 +0530
++++ git/bfd/tekhex.c 2017-09-21 16:20:06.878964516 +0530
+@@ -273,6 +273,9 @@
+ bfd_vma value = 0;
+ unsigned int len;
+
++ if (src >= endp)
++ return FALSE;
++
+ if (!ISHEX (*src))
+ return FALSE;
+
+@@ -514,9 +517,10 @@
+ /* To the front of the file. */
+ if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
+ return FALSE;
++
+ while (! is_eof)
+ {
+- char src[MAXCHUNK];
++ static char src[MAXCHUNK];
+ char type;
+
+ /* Find first '%'. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 16:20:06.822964309 +0530
++++ git/bfd/ChangeLog 2017-09-21 16:22:29.383577439 +0530
+@@ -55,6 +55,12 @@
+ correct magic bytes at the start, set the error to wrong format
+ and clear the format selector before returning NULL.
+
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21670
++ * tekhex.c (getvalue): Check for the source pointer exceeding the
++ end pointer before the first byte is read.
++
+ 2017-06-21 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21637
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
new file mode 100644
index 0000000..6cd86c2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
@@ -0,0 +1,93 @@
+commit cfd14a500e0485374596234de4db10e88ebc7618
+Author: Nick Clifton <nickc@redhat.com>
+Date: Mon Jun 26 15:25:08 2017 +0100
+
+ Fix address violations when atempting to parse fuzzed binaries.
+
+ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Check for and reject
+ a section whoes size is greater than the size of the entire file.
+ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
+ contain a notes section.
+
+ binutils* objdump.c (disassemble_section): Skip any section that is bigger
+ than the entire file.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c 2017-09-21 17:32:51.645611404 +0530
++++ git/bfd/compress.c 2017-09-21 17:32:52.965622987 +0530
+@@ -239,6 +239,12 @@
+ *ptr = NULL;
+ return TRUE;
+ }
++ else if (bfd_get_file_size (abfd) > 0
++ && sz > (bfd_size_type) bfd_get_file_size (abfd))
++ {
++ *ptr = NULL;
++ return FALSE;
++ }
+
+ switch (sec->compress_status)
+ {
+Index: git/bfd/elf32-v850.c
+===================================================================
+--- git.orig/bfd/elf32-v850.c 2017-09-21 17:32:35.053465773 +0530
++++ git/bfd/elf32-v850.c 2017-09-21 17:32:52.965622987 +0530
+@@ -2448,7 +2448,9 @@
+ BFD_ASSERT (bfd_malloc_and_get_section (ibfd, inotes, & icont));
+
+ if ((ocont = elf_section_data (onotes)->this_hdr.contents) == NULL)
+- BFD_ASSERT (bfd_malloc_and_get_section (obfd, onotes, & ocont));
++ /* If the output is being stripped then it is possible for
++ the notes section to disappear. In this case do nothing. */
++ return;
+
+ /* Copy/overwrite notes from the input to the output. */
+ memcpy (ocont, icont, bfd_section_size (obfd, onotes));
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 17:32:52.337617476 +0530
++++ git/binutils/objdump.c 2017-09-21 17:32:52.965622987 +0530
+@@ -1973,7 +1973,7 @@
+ return;
+
+ datasize = bfd_get_section_size (section);
+- if (datasize == 0)
++ if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+ return;
+
+ if (start_address == (bfd_vma) -1
+@@ -2839,7 +2839,7 @@
+ static void
+ dump_section (bfd *abfd, asection *section, void *dummy ATTRIBUTE_UNUSED)
+ {
+- bfd_byte *data = 0;
++ bfd_byte *data = NULL;
+ bfd_size_type datasize;
+ bfd_vma addr_offset;
+ bfd_vma start_offset;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 17:32:52.909622495 +0530
++++ git/bfd/ChangeLog 2017-09-21 17:35:57.863164167 +0530
+@@ -11,6 +11,14 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * compress.c (bfd_get_full_section_contents): Check for and reject
++ a section whoes size is greater than the size of the entire file.
++ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
++ contain a notes section.
++
+ 2017-07-24 Nick Clifton <nickc@redhat.com>
+
+ PR 21813
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
new file mode 100644
index 0000000..6e1824b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
@@ -0,0 +1,112 @@
+commit 0630b49c470ca2e3c3f74da4c7e4ff63440dd71f
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Mon Jun 26 09:24:49 2017 -0700
+
+ Check file size before getting section contents
+
+ Don't check the section size in bfd_get_full_section_contents since
+ the size of a decompressed section may be larger than the file size.
+ Instead, check file size in _bfd_generic_get_section_contents.
+
+ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Don't check the
+ file size here.
+ * libbfd.c (_bfd_generic_get_section_contents): Check for and
+ reject a section whoes size + offset is greater than the size
+ of the entire file.
+ (_bfd_generic_get_section_contents_in_window): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 17:41:59.457841691 +0530
++++ git/bfd/libbfd.c 2017-09-21 17:42:18.269987768 +0530
+@@ -780,6 +780,7 @@
+ bfd_size_type count)
+ {
+ bfd_size_type sz;
++ file_ptr filesz;
+ if (count == 0)
+ return TRUE;
+
+@@ -801,8 +802,15 @@
+ sz = section->rawsize;
+ else
+ sz = section->size;
++ filesz = bfd_get_file_size (abfd);
++ if (filesz < 0)
++ {
++ /* This should never happen. */
++ abort ();
++ }
+ if (offset + count < count
+- || offset + count > sz)
++ || offset + count > sz
++ || (section->filepos + offset + sz) > (bfd_size_type) filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -825,6 +833,7 @@
+ {
+ #ifdef USE_MMAP
+ bfd_size_type sz;
++ file_ptr filesz;
+
+ if (count == 0)
+ return TRUE;
+@@ -857,7 +866,13 @@
+ sz = section->rawsize;
+ else
+ sz = section->size;
++ filesz = bfd_get_file_size (abfd);
++ {
++ /* This should never happen. */
++ abort ();
++ }
+ if (offset + count > sz
++ || (section->filepos + offset + sz) > (bfd_size_type) filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c 2017-09-21 17:42:18.213987332 +0530
++++ git/bfd/compress.c 2017-09-21 17:45:17.107399434 +0530
+@@ -239,12 +239,6 @@
+ *ptr = NULL;
+ return TRUE;
+ }
+- else if (bfd_get_file_size (abfd) > 0
+- && sz > (bfd_size_type) bfd_get_file_size (abfd))
+- {
+- *ptr = NULL;
+- return FALSE;
+- }
+
+ switch (sec->compress_status)
+ {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 17:42:18.213987332 +0530
++++ git/bfd/ChangeLog 2017-09-21 17:47:03.668256850 +0530
+@@ -11,6 +11,16 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21665
++ * compress.c (bfd_get_full_section_contents): Don't check the
++ file size here.
++ * libbfd.c (_bfd_generic_get_section_contents): Check for and
++ reject a section whoes size + offset is greater than the size
++ of the entire file.
++ (_bfd_generic_get_section_contents_in_window): Likewise.
++
+ 2017-06-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
new file mode 100644
index 0000000..c8741b1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
@@ -0,0 +1,44 @@
+commit 1f473e3d0ad285195934e6a077c7ed32afe66437
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Mon Jun 26 15:47:16 2017 -0700
+
+ Add a missing line to _bfd_generic_get_section_contents_in_window
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Add
+ a missing line.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 17:57:11.424955516 +0530
++++ git/bfd/libbfd.c 2017-09-21 17:58:57.000000000 +0530
+@@ -867,6 +867,7 @@
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
++ if (filesz < 0)
+ {
+ /* This should never happen. */
+ abort ();
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 17:57:11.424955516 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:01:32.258884464 +0530
+@@ -14,6 +14,12 @@
+ 2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Add
++ a missing line.
++
++2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Don't check the
+ file size here.
+ * libbfd.c (_bfd_generic_get_section_contents): Check for and
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
new file mode 100644
index 0000000..d6b6a14
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
@@ -0,0 +1,50 @@
+commit ab27f80c5dceaa23c4ba7f62c0d5d22a5d5dd7a1
+Author: Pedro Alves <palves@redhat.com>
+Date: Tue Jun 27 00:21:25 2017 +0100
+
+ Fix GDB regressions caused by previous bfd_get_section_contents changes
+
+ Ref: https://sourceware.org/ml/binutils/2017-06/msg00343.html
+
+ bfd/ChangeLog:
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
+ "sz".
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 18:01:58.079078554 +0530
++++ git/bfd/libbfd.c 2017-09-21 18:01:58.063078433 +0530
+@@ -810,7 +810,7 @@
+ }
+ if (offset + count < count
+ || offset + count > sz
+- || (section->filepos + offset + sz) > (bfd_size_type) filesz)
++ || (section->filepos + offset + count) > (bfd_size_type) filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 18:01:32.258884464 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530
+@@ -11,6 +11,12 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-26 Pedro Alves <palves@redhat.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
++ "sz".
++
+ 2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
new file mode 100644
index 0000000..3634421
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
@@ -0,0 +1,89 @@
+commit 7211ae501eb0de1044983f2dfb00091a58fbd66c
+Author: Alan Modra <amodra@gmail.com>
+Date: Tue Jun 27 09:45:04 2017 +0930
+
+ More fixes for bfd_get_section_contents change
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+ Use unsigned file pointer type, and remove cast.
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+ Add "count", not "sz".
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 18:04:47.316362760 +0530
++++ git/bfd/libbfd.c 2017-09-21 18:04:47.300362638 +0530
+@@ -780,7 +780,7 @@
+ bfd_size_type count)
+ {
+ bfd_size_type sz;
+- file_ptr filesz;
++ ufile_ptr filesz;
+ if (count == 0)
+ return TRUE;
+
+@@ -803,14 +803,9 @@
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+- if (filesz < 0)
+- {
+- /* This should never happen. */
+- abort ();
+- }
+ if (offset + count < count
+ || offset + count > sz
+- || (section->filepos + offset + count) > (bfd_size_type) filesz)
++ || section->filepos + offset + count > filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -833,7 +828,7 @@
+ {
+ #ifdef USE_MMAP
+ bfd_size_type sz;
+- file_ptr filesz;
++ ufile_ptr filesz;
+
+ if (count == 0)
+ return TRUE;
+@@ -867,13 +862,8 @@
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+- if (filesz < 0)
+- {
+- /* This should never happen. */
+- abort ();
+- }
+ if (offset + count > sz
+- || (section->filepos + offset + sz) > (bfd_size_type) filesz
++ || section->filepos + offset + count > filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:06:39.973228125 +0530
+@@ -11,6 +11,14 @@
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
++2017-06-27 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
++ Use unsigned file pointer type, and remove cast.
++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
++ Add "count", not "sz".
++
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
new file mode 100644
index 0000000..55feb79
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
@@ -0,0 +1,55 @@
+commit ea9aafc41a764e4e2dbb88a7b031e886b481b99a
+Author: Alan Modra <amodra@gmail.com>
+Date: Tue Jun 27 14:43:49 2017 +0930
+
+ Warning fix
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Warning fix.
+ (_bfd_generic_get_section_contents_in_window): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c 2017-09-21 18:07:34.777651818 +0530
++++ git/bfd/libbfd.c 2017-09-21 18:07:34.761651695 +0530
+@@ -805,7 +805,7 @@
+ filesz = bfd_get_file_size (abfd);
+ if (offset + count < count
+ || offset + count > sz
+- || section->filepos + offset + count > filesz)
++ || (ufile_ptr) section->filepos + offset + count > filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -863,7 +863,7 @@
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+ if (offset + count > sz
+- || section->filepos + offset + count > filesz
++ || (ufile_ptr) section->filepos + offset + count > filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 18:06:39.973228125 +0530
++++ git/bfd/ChangeLog 2017-09-21 18:09:41.798640031 +0530
+@@ -19,6 +19,12 @@
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+ Add "count", not "sz".
+
++2017-06-27 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Warning fix.
++ (_bfd_generic_get_section_contents_in_window): Likewise.
++
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
new file mode 100644
index 0000000..0950561
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
@@ -0,0 +1,79 @@
+commit 60a02042bacf8d25814430080adda61ed086bca6
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Jun 30 11:03:37 2017 +0100
+
+ Fix failures in MMIX linker tests introduced by fix for PR 21665.
+
+ PR binutils/21665
+ * objdump.c (disassemble_section): Move check for an overlarge
+ section to just before the allocation of memory. Do not check
+ section size against file size, but instead use an arbitrary 2Gb
+ limit. Issue a warning message if the section is too big.
+
+Upstream-Status: CVE-2017-9955
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 18:10:55.499217078 +0530
++++ git/binutils/objdump.c 2017-09-21 18:10:55.483216953 +0530
+@@ -1973,7 +1973,7 @@
+ return;
+
+ datasize = bfd_get_section_size (section);
+- if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
++ if (datasize == 0)
+ return;
+
+ if (start_address == (bfd_vma) -1
+@@ -2037,6 +2037,29 @@
+ }
+ rel_ppend = rel_pp + rel_count;
+
++ /* PR 21665: Check for overlarge datasizes.
++ Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
++ this fails when using compressed sections or compressed file formats
++ (eg MMO, tekhex).
++
++ The call to xmalloc below will fail if too much memory is requested,
++ which will catch the problem in the normal use case. But if a memory
++ checker is in use, eg valgrind or sanitize, then an exception will
++ be still generated, so we try to catch the problem first.
++
++ Unfortunately there is no simple way to determine how much memory can
++ be allocated by calling xmalloc. So instead we use a simple, arbitrary
++ limit of 2Gb. Hopefully this should be enough for most users. If
++ someone does start trying to disassemble sections larger then 2Gb in
++ size they will doubtless complain and we can increase the limit. */
++#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
++ if (datasize > MAX_XMALLOC)
++ {
++ non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
++ section->name, (unsigned long) datasize);
++ return;
++ }
++
+ data = (bfd_byte *) xmalloc (datasize);
+
+ bfd_get_section_contents (abfd, section, data, 0, datasize);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 17:57:10.448948416 +0530
++++ git/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530
+@@ -4,6 +4,14 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-06-30 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * objdump.c (disassemble_section): Move check for an overlarge
++ section to just before the allocation of memory. Do not check
++ section size against file size, but instead use an arbitrary 2Gb
++ limit. Issue a warning message if the section is too big.
++
+ 2017-05-02 Nick Clifton <nickc@redhat.com>
+
+ PR 21440
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
new file mode 100644
index 0000000..8035ab3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
@@ -0,0 +1,170 @@
+commit bae7501e87ab614115d9d3213b4dd18d96e604db
+Author: Alan Modra <amodra@gmail.com>
+Date: Sat Jul 1 21:58:10 2017 +0930
+
+ Use bfd_malloc_and_get_section
+
+ It's nicer than xmalloc followed by bfd_get_section_contents, since
+ xmalloc exits on failure and needs a check that its size_t arg doesn't
+ lose high bits when converted from bfd_size_type.
+
+ PR binutils/21665
+ * objdump.c (strtab): Make var a bfd_byte*.
+ (disassemble_section): Don't limit malloc size. Instead, use
+ bfd_malloc_and_get_section.
+ (read_section_stabs): Use bfd_malloc_and_get_section. Return
+ bfd_byte*.
+ (find_stabs_section): Remove now unnecessary cast.
+ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
+ contents on error return.
+ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/nlmconv.c
+===================================================================
+--- git.orig/binutils/nlmconv.c 2017-09-21 18:14:15.792797232 +0530
++++ git/binutils/nlmconv.c 2017-09-21 18:14:15.776797105 +0530
+@@ -1224,7 +1224,7 @@
+ const char *inname;
+ asection *outsec;
+ bfd_size_type size;
+- void *contents;
++ bfd_byte *contents;
+ long reloc_size;
+ bfd_byte buf[4];
+ bfd_size_type add;
+@@ -1240,9 +1240,7 @@
+ contents = NULL;
+ else
+ {
+- contents = xmalloc (size);
+- if (! bfd_get_section_contents (inbfd, insec, contents,
+- (file_ptr) 0, size))
++ if (!bfd_malloc_and_get_section (inbfd, insec, &contents))
+ bfd_fatal (bfd_get_filename (inbfd));
+ }
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 18:14:15.792797232 +0530
++++ git/binutils/objdump.c 2017-09-21 18:23:30.420895459 +0530
+@@ -180,7 +180,7 @@
+ static bfd_byte *stabs;
+ static bfd_size_type stab_size;
+
+-static char *strtab;
++static bfd_byte *strtab;
+ static bfd_size_type stabstr_size;
+
+ static bfd_boolean is_relocatable = FALSE;
+@@ -2037,33 +2037,13 @@
+ }
+ rel_ppend = rel_pp + rel_count;
+
+- /* PR 21665: Check for overlarge datasizes.
+- Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
+- this fails when using compressed sections or compressed file formats
+- (eg MMO, tekhex).
+-
+- The call to xmalloc below will fail if too much memory is requested,
+- which will catch the problem in the normal use case. But if a memory
+- checker is in use, eg valgrind or sanitize, then an exception will
+- be still generated, so we try to catch the problem first.
+-
+- Unfortunately there is no simple way to determine how much memory can
+- be allocated by calling xmalloc. So instead we use a simple, arbitrary
+- limit of 2Gb. Hopefully this should be enough for most users. If
+- someone does start trying to disassemble sections larger then 2Gb in
+- size they will doubtless complain and we can increase the limit. */
+-#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
+- if (datasize > MAX_XMALLOC)
++ if (!bfd_malloc_and_get_section (abfd, section, &data))
+ {
+- non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
+- section->name, (unsigned long) datasize);
++ non_fatal (_("Reading section %s failed because: %s"),
++ section->name, bfd_errmsg (bfd_get_error ()));
+ return;
+ }
+
+- data = (bfd_byte *) xmalloc (datasize);
+-
+- bfd_get_section_contents (abfd, section, data, 0, datasize);
+-
+ paux->sec = section;
+ pinfo->buffer = data;
+ pinfo->buffer_vma = section->vma;
+@@ -2579,12 +2559,11 @@
+ /* Read ABFD's stabs section STABSECT_NAME, and return a pointer to
+ it. Return NULL on failure. */
+
+-static char *
++static bfd_byte *
+ read_section_stabs (bfd *abfd, const char *sect_name, bfd_size_type *size_ptr)
+ {
+ asection *stabsect;
+- bfd_size_type size;
+- char *contents;
++ bfd_byte *contents;
+
+ stabsect = bfd_get_section_by_name (abfd, sect_name);
+ if (stabsect == NULL)
+@@ -2593,10 +2572,7 @@
+ return FALSE;
+ }
+
+- size = bfd_section_size (abfd, stabsect);
+- contents = (char *) xmalloc (size);
+-
+- if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size))
++ if (!bfd_malloc_and_get_section (abfd, stabsect, &contents))
+ {
+ non_fatal (_("reading %s section of %s failed: %s"),
+ sect_name, bfd_get_filename (abfd),
+@@ -2606,7 +2582,7 @@
+ return NULL;
+ }
+
+- *size_ptr = size;
++ *size_ptr = bfd_section_size (abfd, stabsect);
+
+ return contents;
+ }
+@@ -2733,8 +2709,7 @@
+
+ if (strtab)
+ {
+- stabs = (bfd_byte *) read_section_stabs (abfd, section->name,
+- &stab_size);
++ stabs = read_section_stabs (abfd, section->name, &stab_size);
+ if (stabs)
+ print_section_stabs (abfd, section->name, &sought->string_offset);
+ }
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530
++++ git/binutils/ChangeLog 2017-09-21 18:25:00.195937741 +0530
+@@ -4,6 +4,19 @@
+ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+ string whilst concatenating symbol names.
+
++2017-07-01 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * objdump.c (strtab): Make var a bfd_byte*.
++ (disassemble_section): Don't limit malloc size. Instead, use
++ bfd_malloc_and_get_section.
++ (read_section_stabs): Use bfd_malloc_and_get_section. Return
++ bfd_byte*.
++ (find_stabs_section): Remove now unnecessary cast.
++ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
++ contents on error return.
++ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
++
+ 2017-06-30 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
new file mode 100644
index 0000000..2f50337
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
@@ -0,0 +1,360 @@
+commit 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Tue May 30 06:34:05 2017 -0700
+
+ Add bfd_get_file_size to get archive element size
+
+ We can't use stat() to get archive element size. Add bfd_get_file_size
+ to get size for both normal files and archive elements.
+
+ bfd/
+
+ PR binutils/21519
+ * bfdio.c (bfd_get_file_size): New function.
+ * bfd-in2.h: Regenerated.
+
+ binutils/
+
+ PR binutils/21519
+ * objdump.c (dump_relocs_in_section): Replace get_file_size
+ with bfd_get_file_size to get archive element size.
+ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
+ proc.
+ (test_objdump_h): Likewise.
+ (test_objdump_t): Likewise.
+ (test_objdump_r): Likewise.
+ (test_objdump_s): Likewise.
+ Add objdump tests on archive.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h 2017-09-21 20:09:13.475032861 +0530
++++ git/bfd/bfd-in2.h 2017-09-21 20:09:16.375051269 +0530
+@@ -1208,6 +1208,8 @@
+
+ file_ptr bfd_get_size (bfd *abfd);
+
++file_ptr bfd_get_file_size (bfd *abfd);
++
+ void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len,
+ int prot, int flags, file_ptr offset,
+ void **map_addr, bfd_size_type *map_len);
+Index: git/bfd/bfdio.c
+===================================================================
+--- git.orig/bfd/bfdio.c 2017-09-21 20:08:55.774919453 +0530
++++ git/bfd/bfdio.c 2017-09-21 20:09:16.375051269 +0530
+@@ -434,6 +434,29 @@
+ return buf.st_size;
+ }
+
++/*
++FUNCTION
++ bfd_get_file_size
++
++SYNOPSIS
++ file_ptr bfd_get_file_size (bfd *abfd);
++
++DESCRIPTION
++ Return the file size (as read from file system) for the file
++ associated with BFD @var{abfd}. It supports both normal files
++ and archive elements.
++
++*/
++
++file_ptr
++bfd_get_file_size (bfd *abfd)
++{
++ if (abfd->my_archive != NULL
++ && !bfd_is_thin_archive (abfd->my_archive))
++ return arelt_size (abfd);
++
++ return bfd_get_size (abfd);
++}
+
+ /*
+ FUNCTION
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 20:09:16.319050914 +0530
++++ git/binutils/objdump.c 2017-09-21 20:09:16.375051269 +0530
+@@ -3240,7 +3240,7 @@
+ }
+
+ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+- && relsize > get_file_size (bfd_get_filename (abfd)))
++ && relsize > bfd_get_file_size (abfd))
+ {
+ printf (" (too many: 0x%x)\n", section->reloc_count);
+ bfd_set_error (bfd_error_file_truncated);
+Index: git/binutils/testsuite/binutils-all/objdump.exp
+===================================================================
+--- git.orig/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:08:55.982920797 +0530
++++ git/binutils/testsuite/binutils-all/objdump.exp 2017-09-21 20:09:16.375051269 +0530
+@@ -64,96 +64,168 @@
+ if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest.o]} then {
+ return
+ }
++if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest2.o]} then {
++ return
++}
+ if [is_remote host] {
+ set testfile [remote_download host tmpdir/bintest.o]
++ set testfile2 [remote_download host tmpdir/bintest2.o]
+ } else {
+ set testfile tmpdir/bintest.o
++ set testfile2 tmpdir/bintest2.o
++}
++
++if { ![istarget "alpha-*-*"] || [is_elf_format] } then {
++ remote_file host file delete tmpdir/bintest.a
++ set got [binutils_run $AR "rc tmpdir/bintest.a $testfile2"]
++ if ![string match "" $got] then {
++ fail "bintest.a"
++ remote_file host delete tmpdir/bintest.a
++ } else {
++ if [is_remote host] {
++ set testarchive [remote_download host tmpdir/bintest.a]
++ } else {
++ set testarchive tmpdir/bintest.a
++ }
++ }
++ remote_file host delete tmpdir/bintest2.o
+ }
+
+ # Test objdump -f
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
++proc test_objdump_f { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
++ global cpus_regex
+
+-set want "$testfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
+
+-if ![regexp $want $got] then {
+- fail "objdump -f"
+-} else {
+- pass "objdump -f"
++ set want "$dumpfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
++
++ if ![regexp $want $got] then {
++ fail "objdump -f ($testfile, $dumpfile)"
++ } else {
++ pass "objdump -f ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_f $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_f $testarchive bintest2.o
+ }
+
+ # Test objdump -h
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
++proc test_objdump_h { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
+
+-if ![regexp $want $got all text_name text_size data_name data_size] then {
+- fail "objdump -h"
+-} else {
+- verbose "text name is $text_name size is $text_size"
+- verbose "data name is $data_name size is $data_size"
+- set ets 8
+- set eds 4
+- # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
+- if [istarget *c4x*-*-*] then {
+- set ets 2
+- set eds 1
+- }
+- # c54x section sizes are in bytes, not octets; adjust accordingly
+- if [istarget *c54x*-*-*] then {
+- set ets 4
+- set eds 2
+- }
+- if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
+- send_log "sizes too small\n"
+- fail "objdump -h"
++ set want "$dumpfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
++
++ if ![regexp $want $got all text_name text_size data_name data_size] then {
++ fail "objdump -h ($testfile, $dumpfile)"
+ } else {
+- pass "objdump -h"
++ verbose "text name is $text_name size is $text_size"
++ verbose "data name is $data_name size is $data_size"
++ set ets 8
++ set eds 4
++ # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
++ if [istarget *c4x*-*-*] then {
++ set ets 2
++ set eds 1
++ }
++ # c54x section sizes are in bytes, not octets; adjust accordingly
++ if [istarget *c54x*-*-*] then {
++ set ets 4
++ set eds 2
++ }
++ if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
++ send_log "sizes too small\n"
++ fail "objdump -h ($testfile, $dumpfile)"
++ } else {
++ pass "objdump -h ($testfile, $dumpfile)"
++ }
+ }
+ }
+
++test_objdump_h $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_h $testarchive bintest2.o
++}
++
+ # Test objdump -t
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
++proc test_objdump_t { testfile} {
++ global OBJDUMP
++ global OBJDUMPFLAGS
++
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
++
++ if [info exists vars] then { unset vars }
++ while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
++ set vars($symbol) 1
++ set got $rest
++ }
+
+-if [info exists vars] then { unset vars }
+-while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
+- set vars($symbol) 1
+- set got $rest
++ if {![info exists vars(text_symbol)] \
++ || ![info exists vars(data_symbol)] \
++ || ![info exists vars(common_symbol)] \
++ || ![info exists vars(external_symbol)]} then {
++ fail "objdump -t ($testfile)"
++ } else {
++ pass "objdump -t ($testfile)"
++ }
+ }
+
+-if {![info exists vars(text_symbol)] \
+- || ![info exists vars(data_symbol)] \
+- || ![info exists vars(common_symbol)] \
+- || ![info exists vars(external_symbol)]} then {
+- fail "objdump -t"
+-} else {
+- pass "objdump -t"
++test_objdump_t $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_t $testarchive
+ }
+
+ # Test objdump -r
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
++proc test_objdump_r { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
+
+-if [regexp $want $got] then {
+- pass "objdump -r"
+-} else {
+- fail "objdump -r"
++ set want "$dumpfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
++
++ if [regexp $want $got] then {
++ pass "objdump -r ($testfile, $dumpfile)"
++ } else {
++ fail "objdump -r ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_r $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_r $testarchive bintest2.o
+ }
+
+ # Test objdump -s
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
++proc test_objdump_s { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
+
+-if [regexp $want $got] then {
+- pass "objdump -s"
+-} else {
+- fail "objdump -s"
++ set want "$dumpfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
++
++ if [regexp $want $got] then {
++ pass "objdump -s ($testfile, $dumpfile)"
++ } else {
++ fail "objdump -s ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_s $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_s $testarchive bintest2.o
+ }
+
+ # Test objdump -s on a file that contains a compressed .debug section
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-21 20:09:16.207050204 +0530
++++ git/bfd/ChangeLog 2017-09-21 20:13:41.504562787 +0530
+@@ -158,6 +158,12 @@
+ (bfd_perform_relocation, bfd_install_relocation): Use it.
+ (_bfd_final_link_relocate): Likewise.
+
++2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21519
++ * bfdio.c (bfd_get_file_size): New function.
++ * bfd-in2.h: Regenerated.
++
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21434
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 20:09:16.319050914 +0530
++++ git/binutils/ChangeLog 2017-09-21 20:12:42.624252645 +0530
+@@ -25,6 +25,19 @@
+ section size against file size, but instead use an arbitrary 2Gb
+ limit. Issue a warning message if the section is too big.
+
++2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21519
++ * objdump.c (dump_relocs_in_section): Replace get_file_size
++ with bfd_get_file_size to get archive element size.
++ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
++ proc.
++ (test_objdump_h): Likewise.
++ (test_objdump_t): Likewise.
++ (test_objdump_r): Likewise.
++ (test_objdump_s): Likewise.
++ Add objdump tests on archive.
++
+ 2017-05-02 Nick Clifton <nickc@redhat.com>
+
+ PR 21440
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 4fcb0b1..821bb81 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -14,6 +14,7 @@ CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV', True).split('.')[0:2])}"
SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
file://support-oe-qt4-tools-names.patch \
file://qt4-fail-silent.patch \
+ file://avoid-gcc-warnings-with-Wstrict-prototypes.patch \
"
SRC_URI[md5sum] = "d6dd661380adacdb12f41b926ec99545"
diff --git a/meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch b/meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch
new file mode 100644
index 0000000..8b8d480
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/avoid-gcc-warnings-with-Wstrict-prototypes.patch
@@ -0,0 +1,42 @@
+From 4bc17345c01ea467099e28c7df30c23ace9e7811 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Fri, 14 Oct 2016 16:26:58 -0700
+Subject: [PATCH] CheckFunctionExists.c: avoid gcc warnings with
+ -Wstrict-prototypes
+
+Avoid warnings (and therefore build failures etc) if a user happens
+to add -Wstrict-prototypes to CFLAGS.
+
+ | $ gcc --version
+ | gcc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4
+ |
+ | $ gcc -Wstrict-prototypes -Werror -DCHECK_FUNCTION_EXISTS=pthread_create -o foo.o -c Modules/CheckFunctionExists.c
+ | Modules/CheckFunctionExists.c:7:3: error: function declaration isn't a prototype [-Werror=strict-prototypes]
+ | CHECK_FUNCTION_EXISTS();
+ | ^
+ | cc1: all warnings being treated as errors
+ |
+
+Upstream-Status: Pending
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ Modules/CheckFunctionExists.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Modules/CheckFunctionExists.c b/Modules/CheckFunctionExists.c
+index 2304000..224e340 100644
+--- a/Modules/CheckFunctionExists.c
++++ b/Modules/CheckFunctionExists.c
+@@ -4,7 +4,7 @@
+ extern "C"
+ #endif
+ char
+- CHECK_FUNCTION_EXISTS();
++ CHECK_FUNCTION_EXISTS(void);
+ #ifdef __CLASSIC_C__
+ int main()
+ {
+--
+1.9.1
+
diff --git a/meta/recipes-devtools/distcc/distcc_3.2.bb b/meta/recipes-devtools/distcc/distcc_3.2.bb
index c084ad2..f891fab 100644
--- a/meta/recipes-devtools/distcc/distcc_3.2.bb
+++ b/meta/recipes-devtools/distcc/distcc_3.2.bb
@@ -14,7 +14,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt"
RRECOMMENDS_${PN} = "avahi-daemon"
-SRC_URI = "git://github.com/distcc/distcc.git;branch=${PV} \
+SRC_URI = "git://github.com/akuster/distcc.git;branch=${PV} \
file://separatebuilddir.patch \
file://0001-zeroconf-Include-fcntl.h.patch \
file://default \
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch
new file mode 100644
index 0000000..276432c
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch
@@ -0,0 +1,62 @@
+From 10e2247f7b4692e80d185bb65ea641585bdc6b4d Mon Sep 17 00:00:00 2001
+From: Palmer Dabbelt <palmer@dabbelt.com>
+Date: Fri, 29 Dec 2017 10:19:51 -0800
+Subject: [PATCH] misc: rename copy_file_range to copy_file_chunk
+
+As of 2.27, glibc will have a copy_file_range library call to wrap the
+new copy_file_range system call. This conflicts with the function in
+misc/create_inode.c, which this patch renames _copy_file_range.
+
+Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport
+
+Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
+---
+ misc/create_inode.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index c879a3ec..6acf0e20 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -392,7 +392,7 @@ static ssize_t my_pread(int fd, void *buf, size_t count, off_t offset)
+ }
+ #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */
+
+-static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
++static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file,
+ off_t start, off_t end, char *buf,
+ char *zerobuf)
+ {
+@@ -466,7 +466,7 @@ static errcode_t try_lseek_copy(ext2_filsys fs, int fd, struct stat *statbuf,
+
+ data_blk = data & ~(fs->blocksize - 1);
+ hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1);
+- err = copy_file_range(fs, fd, e2_file, data_blk, hole_blk, buf,
++ err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf,
+ zerobuf);
+ if (err)
+ return err;
+@@ -518,7 +518,7 @@ static errcode_t try_fiemap_copy(ext2_filsys fs, int fd, ext2_file_t e2_file,
+ }
+ for (i = 0, ext = ext_buf; i < fiemap_buf->fm_mapped_extents;
+ i++, ext++) {
+- err = copy_file_range(fs, fd, e2_file, ext->fe_logical,
++ err = copy_file_chunk(fs, fd, e2_file, ext->fe_logical,
+ ext->fe_logical + ext->fe_length,
+ buf, zerobuf);
+ if (err)
+@@ -569,7 +569,7 @@ static errcode_t copy_file(ext2_filsys fs, int fd, struct stat *statbuf,
+ if (err != EXT2_ET_UNIMPLEMENTED)
+ goto out;
+
+- err = copy_file_range(fs, fd, e2_file, 0, statbuf->st_size, buf,
++ err = copy_file_chunk(fs, fd, e2_file, 0, statbuf->st_size, buf,
+ zerobuf);
+ out:
+ ext2fs_free_mem(&zerobuf);
+--
+2.16.2
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.bb
index dcfb564..4eadc3e 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.bb
@@ -11,6 +11,7 @@ SRC_URI += "file://acinclude.m4 \
file://Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch \
file://mkdir_p.patch \
file://0001-e2fsck-exit-with-exit-status-0-if-no-errors-were-fix.patch \
+ file://0001-misc-rename-copy_file_range-to-copy_file_chunk.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch"
diff --git a/meta/recipes-devtools/gcc/gcc-5.4.inc b/meta/recipes-devtools/gcc/gcc-5.4.inc
index 338530f..b769675 100644
--- a/meta/recipes-devtools/gcc/gcc-5.4.inc
+++ b/meta/recipes-devtools/gcc/gcc-5.4.inc
@@ -89,6 +89,7 @@ SRC_URI = "\
file://0057-unwind-fix-for-musl.patch \
file://0058-fdebug-prefix-map-support-to-remap-relative-path.patch \
file://0059-libgcc-use-ldflags.patch \
+ file://CVE-2016-6131.patch \
"
BACKPORTS = ""
diff --git a/meta/recipes-devtools/gcc/gcc-5.4/CVE-2016-6131.patch b/meta/recipes-devtools/gcc/gcc-5.4/CVE-2016-6131.patch
new file mode 100644
index 0000000..88524c3
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-5.4/CVE-2016-6131.patch
@@ -0,0 +1,251 @@
+From b3f6b32165d3f437bd0ac6269c3c499b68ecf036 Mon Sep 17 00:00:00 2001
+From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 4 Aug 2016 16:53:18 +0000
+Subject: [PATCH] Fix for PR71696 in Libiberty Demangler
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[BZ #71696] -- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
+
+2016-08-04 Marcel Böhme <boehme.marcel@gmail.com>
+
+ PR c++/71696
+ * cplus-dem.c: Prevent infinite recursion when there is a cycle
+ in the referencing of remembered mangled types.
+ (work_stuff): New stack to keep track of the remembered mangled
+ types that are currently being processed.
+ (push_processed_type): New method to push currently processed
+ remembered type onto the stack.
+ (pop_processed_type): New method to pop currently processed
+ remembered type from the stack.
+ (work_stuff_copy_to_from): Copy values of new variables.
+ (delete_non_B_K_work_stuff): Free stack memory.
+ (demangle_args): Push/Pop currently processed remembered type.
+ (do_type): Do not demangle a cyclic reference and push/pop
+ referenced remembered type.
+
+cherry-picked from commit of
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Backport [master]
+CVE: CVE-2016-6131
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ libiberty/ChangeLog | 17 ++++++++
+ libiberty/cplus-dem.c | 78 ++++++++++++++++++++++++++++++++---
+ libiberty/testsuite/demangle-expected | 18 ++++++++
+ 3 files changed, 108 insertions(+), 5 deletions(-)
+
+diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
+index 9859ad3..7939480 100644
+--- a/libiberty/ChangeLog
++++ b/libiberty/ChangeLog
+@@ -1,3 +1,20 @@
++2016-08-04 Marcel Böhme <boehme.marcel@gmail.com>
++
++ PR c++/71696
++ * cplus-dem.c: Prevent infinite recursion when there is a cycle
++ in the referencing of remembered mangled types.
++ (work_stuff): New stack to keep track of the remembered mangled
++ types that are currently being processed.
++ (push_processed_type): New method to push currently processed
++ remembered type onto the stack.
++ (pop_processed_type): New method to pop currently processed
++ remembered type from the stack.
++ (work_stuff_copy_to_from): Copy values of new variables.
++ (delete_non_B_K_work_stuff): Free stack memory.
++ (demangle_args): Push/Pop currently processed remembered type.
++ (do_type): Do not demangle a cyclic reference and push/pop
++ referenced remembered type.
++
+ 2016-06-03 Release Manager
+
+ * GCC 5.4.0 released.
+diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
+index 7514e57..f21e630 100644
+--- a/libiberty/cplus-dem.c
++++ b/libiberty/cplus-dem.c
+@@ -144,6 +144,9 @@ struct work_stuff
+ string* previous_argument; /* The last function argument demangled. */
+ int nrepeats; /* The number of times to repeat the previous
+ argument. */
++ int *proctypevec; /* Indices of currently processed remembered typevecs. */
++ int proctypevec_size;
++ int nproctypes;
+ };
+
+ #define PRINT_ANSI_QUALIFIERS (work -> options & DMGL_ANSI)
+@@ -435,6 +438,10 @@ iterate_demangle_function (struct work_stuff *,
+
+ static void remember_type (struct work_stuff *, const char *, int);
+
++static void push_processed_type (struct work_stuff *, int);
++
++static void pop_processed_type (struct work_stuff *);
++
+ static void remember_Btype (struct work_stuff *, const char *, int, int);
+
+ static int register_Btype (struct work_stuff *);
+@@ -1301,6 +1308,10 @@ work_stuff_copy_to_from (struct work_stuff *to, struct work_stuff *from)
+ memcpy (to->btypevec[i], from->btypevec[i], len);
+ }
+
++ if (from->proctypevec)
++ to->proctypevec =
++ XDUPVEC (int, from->proctypevec, from->proctypevec_size);
++
+ if (from->ntmpl_args)
+ to->tmpl_argvec = XNEWVEC (char *, from->ntmpl_args);
+
+@@ -1329,11 +1340,17 @@ delete_non_B_K_work_stuff (struct work_stuff *work)
+ /* Discard the remembered types, if any. */
+
+ forget_types (work);
+- if (work -> typevec != NULL)
++ if (work->typevec != NULL)
+ {
+- free ((char *) work -> typevec);
+- work -> typevec = NULL;
+- work -> typevec_size = 0;
++ free ((char *) work->typevec);
++ work->typevec = NULL;
++ work->typevec_size = 0;
++ }
++ if (work->proctypevec != NULL)
++ {
++ free (work->proctypevec);
++ work->proctypevec = NULL;
++ work->proctypevec_size = 0;
+ }
+ if (work->tmpl_argvec)
+ {
+@@ -3552,6 +3569,8 @@ static int
+ do_type (struct work_stuff *work, const char **mangled, string *result)
+ {
+ int n;
++ int i;
++ int is_proctypevec;
+ int done;
+ int success;
+ string decl;
+@@ -3564,6 +3583,7 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
+
+ done = 0;
+ success = 1;
++ is_proctypevec = 0;
+ while (success && !done)
+ {
+ int member;
+@@ -3616,8 +3636,15 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
+ success = 0;
+ }
+ else
++ for (i = 0; i < work->nproctypes; i++)
++ if (work -> proctypevec [i] == n)
++ success = 0;
++
++ if (success)
+ {
+- remembered_type = work -> typevec[n];
++ is_proctypevec = 1;
++ push_processed_type (work, n);
++ remembered_type = work->typevec[n];
+ mangled = &remembered_type;
+ }
+ break;
+@@ -3840,6 +3867,9 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
+ string_delete (result);
+ string_delete (&decl);
+
++ if (is_proctypevec)
++ pop_processed_type (work);
++
+ if (success)
+ /* Assume an integral type, if we're not sure. */
+ return (int) ((tk == tk_none) ? tk_integral : tk);
+@@ -4252,6 +4282,41 @@ do_arg (struct work_stuff *work, const char **mangled, string *result)
+ }
+
+ static void
++push_processed_type (struct work_stuff *work, int typevec_index)
++{
++ if (work->nproctypes >= work->proctypevec_size)
++ {
++ if (!work->proctypevec_size)
++ {
++ work->proctypevec_size = 4;
++ work->proctypevec = XNEWVEC (int, work->proctypevec_size);
++ }
++ else
++ {
++ if (work->proctypevec_size < 16)
++ /* Double when small. */
++ work->proctypevec_size *= 2;
++ else
++ {
++ /* Grow slower when large. */
++ if (work->proctypevec_size > (INT_MAX / 3) * 2)
++ xmalloc_failed (INT_MAX);
++ work->proctypevec_size = (work->proctypevec_size * 3 / 2);
++ }
++ work->proctypevec
++ = XRESIZEVEC (int, work->proctypevec, work->proctypevec_size);
++ }
++ }
++ work->proctypevec [work->nproctypes++] = typevec_index;
++}
++
++static void
++pop_processed_type (struct work_stuff *work)
++{
++ work->nproctypes--;
++}
++
++static void
+ remember_type (struct work_stuff *work, const char *start, int len)
+ {
+ char *tem;
+@@ -4515,10 +4580,13 @@ demangle_args (struct work_stuff *work, const char **mangled,
+ {
+ string_append (declp, ", ");
+ }
++ push_processed_type (work, t);
+ if (!do_arg (work, &tem, &arg))
+ {
++ pop_processed_type (work);
+ return (0);
+ }
++ pop_processed_type (work);
+ if (PRINT_ARG_TYPES)
+ {
+ string_appends (declp, &arg);
+diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected
+index 1d8b771..d690b23 100644
+--- a/libiberty/testsuite/demangle-expected
++++ b/libiberty/testsuite/demangle-expected
+@@ -4429,3 +4429,21 @@ __vt_90000000000cafebabe
+
+ _Z80800000000000000000000
+ _Z80800000000000000000000
++#
++# Tests write access violation PR70926
++
++0__Ot2m02R5T0000500000
++0__Ot2m02R5T0000500000
++#
++
++0__GT50000000000_
++0__GT50000000000_
++#
++
++__t2m05B500000000000000000_
++__t2m05B500000000000000000_
++#
++# Tests stack overflow PR71696
++
++__10%0__S4_0T0T0
++%0<>::%0(%0<>)
+--
+2.9.3
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.2/0041-ssp_nonshared.patch b/meta/recipes-devtools/gcc/gcc-6.2/0041-ssp_nonshared.patch
deleted file mode 100644
index 0744529..0000000
--- a/meta/recipes-devtools/gcc/gcc-6.2/0041-ssp_nonshared.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 551a5db7acb56e085a101f1c222d51b2c1b039a4 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy <nsz@port70.net>
-Date: Sat, 7 Nov 2015 14:58:40 +0000
-Subject: [PATCH 41/46] ssp_nonshared
-
----
-Upstream-Status: Inappropriate [OE Configuration]
-
- gcc/gcc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/gcc/gcc.c b/gcc/gcc.c
-index 2812819..9de96ee 100644
---- a/gcc/gcc.c
-+++ b/gcc/gcc.c
-@@ -863,7 +863,8 @@ proper position among the other output files. */
- #ifndef LINK_SSP_SPEC
- #ifdef TARGET_LIBC_PROVIDES_SSP
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
-- "|fstack-protector-strong|fstack-protector-explicit:}"
-+ "|fstack-protector-strong|fstack-protector-explicit" \
-+ ":-lssp_nonshared}"
- #else
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
- "|fstack-protector-strong|fstack-protector-explicit" \
---
-2.8.2
-
diff --git a/meta/recipes-devtools/gcc/gcc-6.2/0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch b/meta/recipes-devtools/gcc/gcc-6.2/0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch
deleted file mode 100644
index 9c39c7f..0000000
--- a/meta/recipes-devtools/gcc/gcc-6.2/0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 84d2a5509892b65ed60d39e6e2f9719e3762e40e Mon Sep 17 00:00:00 2001
-From: ktkachov <ktkachov@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Tue, 31 May 2016 08:29:39 +0000
-Subject: [PATCH] [ARM] PR target/71056: Don't use vectorized builtins when
- NEON is not available
-
- PR target/71056
- * config/arm/arm-builtins.c (arm_builtin_vectorized_function): Return
- NULL_TREE early if NEON is not available. Remove now redundant check
- in ARM_CHECK_BUILTIN_MODE.
-
- * gcc.target/arm/pr71056.c: New test.
-
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@236910 138bc75d-0d04-0410-961f-82ee72b054a4
----
-Upstream-Status: Backport
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
- gcc/ChangeLog | 7 +++++++
- gcc/config/arm/arm-builtins.c | 6 +++++-
- gcc/testsuite/ChangeLog | 5 +++++
- gcc/testsuite/gcc.target/arm/pr71056.c | 32 ++++++++++++++++++++++++++++++++
- 4 files changed, 49 insertions(+), 1 deletion(-)
- create mode 100644 gcc/testsuite/gcc.target/arm/pr71056.c
-
-diff --git a/gcc/config/arm/arm-builtins.c b/gcc/config/arm/arm-builtins.c
-index 90fb40f..68b2839 100644
---- a/gcc/config/arm/arm-builtins.c
-+++ b/gcc/config/arm/arm-builtins.c
-@@ -2861,6 +2861,10 @@ arm_builtin_vectorized_function (unsigned int fn, tree type_out, tree type_in)
- int in_n, out_n;
- bool out_unsigned_p = TYPE_UNSIGNED (type_out);
-
-+ /* Can't provide any vectorized builtins when we can't use NEON. */
-+ if (!TARGET_NEON)
-+ return NULL_TREE;
-+
- if (TREE_CODE (type_out) != VECTOR_TYPE
- || TREE_CODE (type_in) != VECTOR_TYPE)
- return NULL_TREE;
-@@ -2875,7 +2879,7 @@ arm_builtin_vectorized_function (unsigned int fn, tree type_out, tree type_in)
- NULL_TREE is returned if no such builtin is available. */
- #undef ARM_CHECK_BUILTIN_MODE
- #define ARM_CHECK_BUILTIN_MODE(C) \
-- (TARGET_NEON && TARGET_FPU_ARMV8 \
-+ (TARGET_FPU_ARMV8 \
- && flag_unsafe_math_optimizations \
- && ARM_CHECK_BUILTIN_MODE_1 (C))
-
-diff --git a/gcc/testsuite/gcc.target/arm/pr71056.c b/gcc/testsuite/gcc.target/arm/pr71056.c
-new file mode 100644
-index 0000000..136754e
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/arm/pr71056.c
-@@ -0,0 +1,32 @@
-+/* PR target/71056. */
-+/* { dg-do compile } */
-+/* { dg-require-effective-target arm_vfp3_ok } */
-+/* { dg-options "-O3 -mfpu=vfpv3" } */
-+
-+/* Check that compiling for a non-NEON target doesn't try to introduce
-+ a NEON vectorized builtin. */
-+
-+extern char *buff;
-+int f2 ();
-+struct T1
-+{
-+ int reserved[2];
-+ unsigned int ip;
-+ unsigned short cs;
-+ unsigned short rsrv2;
-+};
-+void
-+f3 (const char *p)
-+{
-+ struct T1 x;
-+ __builtin_memcpy (&x, p, sizeof (struct T1));
-+ x.reserved[0] = __builtin_bswap32 (x.reserved[0]);
-+ x.reserved[1] = __builtin_bswap32 (x.reserved[1]);
-+ x.ip = __builtin_bswap32 (x.ip);
-+ x.cs = x.cs << 8 | x.cs >> 8;
-+ x.rsrv2 = x.rsrv2 << 8 | x.rsrv2 >> 8;
-+ if (f2 ())
-+ {
-+ __builtin_memcpy (buff, "\n", 1);
-+ }
-+}
---
-2.9.0
-
diff --git a/meta/recipes-devtools/gcc/gcc-6.2/CVE-2016-4490.patch b/meta/recipes-devtools/gcc/gcc-6.2/CVE-2016-4490.patch
deleted file mode 100644
index f32e91d..0000000
--- a/meta/recipes-devtools/gcc/gcc-6.2/CVE-2016-4490.patch
+++ /dev/null
@@ -1,290 +0,0 @@
-From 7d235b1b5ea35352c54957ef5530d9a02c46962f Mon Sep 17 00:00:00 2001
-From: bernds <bernds@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Mon, 2 May 2016 17:06:40 +0000
-Subject: [PATCH] =?UTF-8?q?Demangler=20integer=20overflow=20fixes=20from?=
- =?UTF-8?q?=20Marcel=20B=C3=B6hme.?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
- PR c++/70498
- * cp-demangle.c: Parse numbers as integer instead of long to avoid
- overflow after sanity checks. Include <limits.h> if available.
- (INT_MAX): Define if necessary.
- (d_make_template_param): Takes integer argument instead of long.
- (d_make_function_param): Likewise.
- (d_append_num): Likewise.
- (d_identifier): Likewise.
- (d_number): Parse as and return integer.
- (d_compact_number): Handle overflow.
- (d_source_name): Change variable type to integer for parsed number.
- (d_java_resource): Likewise.
- (d_special_name): Likewise.
- (d_discriminator): Likewise.
- (d_unnamed_type): Likewise.
- * testsuite/demangle-expected: Add regression test cases.
-
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@235767 138bc75d-0d04-0410-961f-82ee72b054a4
-
-Upstream-Status: Backport
-CVE: CVE-2016-4490
-[Yocto #9632]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- libiberty/ChangeLog | 19 +++++++++++++
- libiberty/cp-demangle.c | 52 ++++++++++++++++++++---------------
- libiberty/testsuite/demangle-expected | 14 ++++++++--
- 3 files changed, 61 insertions(+), 24 deletions(-)
-
-Index: git/libiberty/ChangeLog
-===================================================================
---- git.orig/libiberty/ChangeLog
-+++ git/libiberty/ChangeLog
-@@ -1,3 +1,22 @@
-+2016-05-02 Marcel Böhme <boehme.marcel@gmail.com>
-+
-+ PR c++/70498
-+ * cp-demangle.c: Parse numbers as integer instead of long to avoid
-+ overflow after sanity checks. Include <limits.h> if available.
-+ (INT_MAX): Define if necessary.
-+ (d_make_template_param): Takes integer argument instead of long.
-+ (d_make_function_param): Likewise.
-+ (d_append_num): Likewise.
-+ (d_identifier): Likewise.
-+ (d_number): Parse as and return integer.
-+ (d_compact_number): Handle overflow.
-+ (d_source_name): Change variable type to integer for parsed number.
-+ (d_java_resource): Likewise.
-+ (d_special_name): Likewise.
-+ (d_discriminator): Likewise.
-+ (d_unnamed_type): Likewise.
-+ * testsuite/demangle-expected: Add regression test cases.
-+
- 2016-04-27 Release Manager
-
- * GCC 6.1.0 released.
-Index: git/libiberty/cp-demangle.c
-===================================================================
---- git.orig/libiberty/cp-demangle.c
-+++ git/libiberty/cp-demangle.c
-@@ -128,6 +128,13 @@ extern char *alloca ();
- # endif /* alloca */
- #endif /* HAVE_ALLOCA_H */
-
-+#ifdef HAVE_LIMITS_H
-+#include <limits.h>
-+#endif
-+#ifndef INT_MAX
-+# define INT_MAX (int)(((unsigned int) ~0) >> 1) /* 0x7FFFFFFF */
-+#endif
-+
- #include "ansidecl.h"
- #include "libiberty.h"
- #include "demangle.h"
-@@ -398,7 +405,7 @@ d_make_dtor (struct d_info *, enum gnu_v
- struct demangle_component *);
-
- static struct demangle_component *
--d_make_template_param (struct d_info *, long);
-+d_make_template_param (struct d_info *, int);
-
- static struct demangle_component *
- d_make_sub (struct d_info *, const char *, int);
-@@ -421,9 +428,9 @@ static struct demangle_component *d_unqu
-
- static struct demangle_component *d_source_name (struct d_info *);
-
--static long d_number (struct d_info *);
-+static int d_number (struct d_info *);
-
--static struct demangle_component *d_identifier (struct d_info *, long);
-+static struct demangle_component *d_identifier (struct d_info *, int);
-
- static struct demangle_component *d_operator_name (struct d_info *);
-
-@@ -1119,7 +1126,7 @@ d_make_dtor (struct d_info *di, enum gnu
- /* Add a new template parameter. */
-
- static struct demangle_component *
--d_make_template_param (struct d_info *di, long i)
-+d_make_template_param (struct d_info *di, int i)
- {
- struct demangle_component *p;
-
-@@ -1135,7 +1142,7 @@ d_make_template_param (struct d_info *di
- /* Add a new function parameter. */
-
- static struct demangle_com