aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--meta/classes/archiver.bbclass71
-rw-r--r--meta/classes/copyleft_filter.bbclass32
-rw-r--r--meta/classes/cpan-base.bbclass24
-rw-r--r--meta/classes/cross.bbclass8
-rw-r--r--meta/classes/goarch.bbclass7
-rw-r--r--meta/classes/image.bbclass23
-rw-r--r--meta/classes/image_types.bbclass6
-rw-r--r--meta/classes/image_types_uboot.bbclass29
-rw-r--r--meta/classes/image_types_wic.bbclass2
-rw-r--r--meta/classes/kernel-fitimage.bbclass9
-rw-r--r--meta/classes/kernel-uboot.bbclass8
-rw-r--r--meta/classes/kernel-uimage.bbclass26
-rw-r--r--meta/classes/mirrors.bbclass4
-rw-r--r--meta/classes/own-mirrors.bbclass2
-rw-r--r--meta/classes/package_rpm.bbclass4
-rw-r--r--meta/classes/perl-version.bbclass24
-rw-r--r--meta/classes/populate_sdk_ext.bbclass13
-rw-r--r--meta/classes/qemuboot.bbclass1
-rw-r--r--meta/classes/rootfs-postcommands.bbclass23
-rw-r--r--meta/classes/staging.bbclass2
-rw-r--r--meta/classes/useradd-staticids.bbclass10
-rw-r--r--meta/classes/useradd.bbclass7
-rw-r--r--meta/conf/bitbake.conf3
-rw-r--r--meta/conf/local.conf.sample2
-rw-r--r--meta/lib/oe/sstatesig.py6
-rw-r--r--meta/lib/oe/terminal.py2
-rw-r--r--meta/lib/oeqa/runtime/cases/buildlzip.py (renamed from meta/lib/oeqa/runtime/cases/buildiptables.py)6
-rw-r--r--meta/lib/oeqa/sdk/cases/buildlzip.py (renamed from meta/lib/oeqa/sdk/cases/buildiptables.py)8
-rw-r--r--meta/lib/oeqa/selftest/archiver.py78
-rw-r--r--meta/lib/oeqa/selftest/recipetool.py12
-rw-r--r--meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch36
-rw-r--r--meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch248
-rw-r--r--meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch38
-rw-r--r--meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch175
-rw-r--r--meta/recipes-bsp/grub/grub2.inc4
-rw-r--r--meta/recipes-bsp/v86d/v86d_0.1.10.bb6
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc1
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch34
-rw-r--r--meta/recipes-connectivity/openssh/openssh/init31
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys64
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service16
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.4p1.bb8
-rw-r--r--meta/recipes-connectivity/portmap/portmap_6.0.bb2
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch1025
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb1
-rw-r--r--meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch33
-rw-r--r--meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch122
-rw-r--r--meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch70
-rw-r--r--meta/recipes-core/busybox/busybox_1.24.1.bb3
-rw-r--r--meta/recipes-core/expat/expat.inc3
-rw-r--r--meta/recipes-core/expat/expat/no_getrandom.patch23
-rw-r--r--meta/recipes-core/glibc/cross-localedef-native_2.25.bb1
-rw-r--r--meta/recipes-core/glibc/glibc-locale.inc4
-rw-r--r--meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch29
-rw-r--r--meta/recipes-core/glibc/glibc/0028-Rework-fno-omit-frame-pointer-support-on-i386.patch268
-rw-r--r--meta/recipes-core/glibc/glibc_2.25.bb1
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-UefiHiiLib-Fix-incorrect-comparison-exp.patch39
-rw-r--r--meta/recipes-core/ovmf/ovmf_git.bb1
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.28.inc34
-rw-r--r--meta/recipes-devtools/binutils/binutils-cross-canadian.inc2
-rw-r--r--meta/recipes-devtools/binutils/binutils.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch52
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch103
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch205
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch118
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch72
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch102
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch147
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch52
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch61
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch57
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch45
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch46
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch35
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch91
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch43
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch46
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch77
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch247
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch3748
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch208
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch79
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch63
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch50
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch58
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch168
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch122
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch48
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch51
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch89
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch56
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch80
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch187
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch361
-rw-r--r--meta/recipes-devtools/diffstat/diffstat_1.61.bb2
-rw-r--r--meta/recipes-devtools/dpkg/dpkg.inc33
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.3.inc3
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.3/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch87
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch28
-rw-r--r--meta/recipes-devtools/gcc/gcc-6.3/0055-unwind_h-glibc26.patch139
-rw-r--r--meta/recipes-devtools/gdb/gdb-7.12.1.inc1
-rw-r--r--meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch45
-rw-r--r--meta/recipes-devtools/json-c/json-c/0001-Add-FALLTHRU-comment-to-handle-GCC7-warnings.patch77
-rw-r--r--meta/recipes-devtools/json-c/json-c_0.12.bb1
-rw-r--r--meta/recipes-devtools/perl/liburi-perl_1.71.bb2
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch353
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.4.0.bb1
-rw-r--r--meta/recipes-devtools/valgrind/valgrind_3.12.0.bb2
-rw-r--r--meta/recipes-graphics/waffle/waffle_1.5.2.bb10
-rw-r--r--meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch55
-rw-r--r--meta/recipes-graphics/wayland/weston_2.0.0.bb1
-rw-r--r--meta/recipes-kernel/linux-firmware/linux-firmware_git.bb12
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb4
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb4
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb4
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb4
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.1.bb18
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.10.bb18
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.4.bb20
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.9.bb20
-rw-r--r--meta/recipes-multimedia/alsa/alsa-utils_1.1.3.bb4
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10093.patch47
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10266.patch60
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10267.patch70
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10268.patch30
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10269.patch131
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10270.patch134
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch30
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7592.patch40
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch98
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch43
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch50
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch48
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7596.patch308
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7598.patch65
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7601.patch52
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch69
-rw-r--r--meta/recipes-multimedia/libtiff/tiff_4.0.7.bb18
-rw-r--r--meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch185
-rw-r--r--meta/recipes-sato/webkit/files/musl-fixes.patch48
-rw-r--r--meta/recipes-sato/webkit/files/ppc-musl-fix.patch26
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch (renamed from meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch77
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch (renamed from meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch)23
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch (renamed from meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch (renamed from meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch)25
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch126
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch (renamed from meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch)24
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/cross-compile.patch (renamed from meta/recipes-sato/webkit/files/cross-compile.patch)0
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch (renamed from meta/recipes-sato/webkit/files/detect_atomics.patch)28
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/x32_support.patch13
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.18.5.bb (renamed from meta/recipes-sato/webkit/webkitgtk_2.14.5.bb)37
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20161130.bb11
-rw-r--r--meta/recipes-support/curl/curl/CVE-2017-1000100.patch50
-rw-r--r--meta/recipes-support/curl/curl/CVE-2017-1000101.patch92
-rw-r--r--meta/recipes-support/curl/curl_7.53.1.bb12
-rw-r--r--meta/recipes-support/debianutils/debianutils_4.8.1.bb4
-rw-r--r--meta/recipes-support/libproxy/libproxy_0.4.14.bb7
-rw-r--r--meta/recipes-support/libunwind/libunwind.inc1
-rw-r--r--scripts/lib/wic/utils/misc.py2
-rwxr-xr-xscripts/oe-build-perf-report9
-rwxr-xr-xscripts/oe-pkgdata-util12
-rwxr-xr-xscripts/runqemu5
169 files changed, 12170 insertions, 707 deletions
diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index 2c04557..18c5b96 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -67,6 +67,12 @@ python () {
else:
bb.debug(1, 'archiver: %s is included: %s' % (pn, reason))
+
+ # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
+ # so avoid archiving source here.
+ if pn.startswith('glibc-locale'):
+ return
+
# We just archive gcc-source for all the gcc related recipes
if d.getVar('BPN') in ['gcc', 'libgcc'] \
and not pn.startswith('gcc-source'):
@@ -79,6 +85,11 @@ python () {
if ar_src == "original":
d.appendVarFlag('do_deploy_archives', 'depends', ' %s:do_ar_original' % pn)
+ # 'patched' and 'configured' invoke do_unpack_and_patch because
+ # do_ar_patched resp. do_ar_configured depend on it, but for 'original'
+ # we have to add it explicitly.
+ if d.getVarFlag('ARCHIVER_MODE', 'diff') == '1':
+ d.appendVarFlag('do_deploy_archives', 'depends', ' %s:do_unpack_and_patch' % pn)
elif ar_src == "patched":
d.appendVarFlag('do_deploy_archives', 'depends', ' %s:do_ar_patched' % pn)
elif ar_src == "configured":
@@ -166,12 +177,18 @@ python do_ar_original() {
# to be set when using the git fetcher, otherwise SRCREV cannot
# be set separately for each URL.
params = bb.fetch2.decodeurl(url)[5]
+ type = bb.fetch2.decodeurl(url)[0]
+ location = bb.fetch2.decodeurl(url)[2]
name = params.get('name', '')
- if name in tarball_suffix:
- if not name:
- bb.fatal("Cannot determine archive names for original source because 'name' URL parameter is unset in more than one URL. Add it to at least one of these: %s %s" % (tarball_suffix[name], url))
- else:
- bb.fatal("Cannot determine archive names for original source because 'name=' URL parameter '%s' is used twice. Make it unique in: %s %s" % (tarball_suffix[name], url))
+ if type.lower() == 'file':
+ name_tmp = location.rstrip("*").rstrip("/")
+ name = os.path.basename(name_tmp)
+ else:
+ if name in tarball_suffix:
+ if not name:
+ bb.fatal("Cannot determine archive names for original source because 'name' URL parameter is unset in more than one URL. Add it to at least one of these: %s %s" % (tarball_suffix[name], url))
+ else:
+ bb.fatal("Cannot determine archive names for original source because 'name=' URL parameter '%s' is used twice. Make it unique in: %s %s" % (tarball_suffix[name], url))
tarball_suffix[name] = url
create_tarball(d, tmpdir + '/.', name, ar_outdir)
@@ -205,6 +222,10 @@ python do_ar_patched() {
python do_ar_configured() {
import shutil
+ # Forcibly expand the sysroot paths as we're about to change WORKDIR
+ d.setVar('RECIPE_SYSROOT', d.getVar('RECIPE_SYSROOT'))
+ d.setVar('RECIPE_SYSROOT_NATIVE', d.getVar('RECIPE_SYSROOT_NATIVE'))
+
ar_outdir = d.getVar('ARCHIVER_OUTDIR')
if d.getVarFlag('ARCHIVER_MODE', 'src') == 'configured':
bb.note('Archiving the configured source...')
@@ -285,11 +306,16 @@ def create_diff_gz(d, src_orig, src, ar_outdir):
dirname = os.path.dirname(src)
basename = os.path.basename(src)
- os.chdir(dirname)
- out_file = os.path.join(ar_outdir, '%s-diff.gz' % d.getVar('PF'))
- diff_cmd = 'diff -Naur %s.orig %s.patched | gzip -c > %s' % (basename, basename, out_file)
- subprocess.call(diff_cmd, shell=True)
- bb.utils.remove(src_patched, recurse=True)
+ bb.utils.mkdirhier(ar_outdir)
+ cwd = os.getcwd()
+ try:
+ os.chdir(dirname)
+ out_file = os.path.join(ar_outdir, '%s-diff.gz' % d.getVar('PF'))
+ diff_cmd = 'diff -Naur %s.orig %s.patched | gzip -c > %s' % (basename, basename, out_file)
+ subprocess.check_call(diff_cmd, shell=True)
+ bb.utils.remove(src_patched, recurse=True)
+ finally:
+ os.chdir(cwd)
# Run do_unpack and do_patch
python do_unpack_and_patch() {
@@ -299,12 +325,15 @@ python do_unpack_and_patch() {
return
ar_outdir = d.getVar('ARCHIVER_OUTDIR')
ar_workdir = d.getVar('ARCHIVER_WORKDIR')
+ ar_sysroot_native = d.getVar('STAGING_DIR_NATIVE')
pn = d.getVar('PN')
# The kernel class functions require it to be on work-shared, so we dont change WORKDIR
if not (bb.data.inherits_class('kernel-yocto', d) or pn.startswith('gcc-source')):
# Change the WORKDIR to make do_unpack do_patch run in another dir.
d.setVar('WORKDIR', ar_workdir)
+ # Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
+ d.setVar('STAGING_DIR_NATIVE', ar_sysroot_native)
# The changed 'WORKDIR' also caused 'B' changed, create dir 'B' for the
# possibly requiring of the following tasks (such as some recipes's
@@ -330,6 +359,19 @@ python do_unpack_and_patch() {
bb.utils.remove(src_orig, recurse=True)
}
+# BBINCLUDED is special (excluded from basehash signature
+# calculation). Using it in a task signature can cause "basehash
+# changed" errors.
+#
+# Depending on BBINCLUDED also causes do_ar_recipe to run again
+# for unrelated changes, like adding or removing buildhistory.bbclass.
+#
+# For these reasons we ignore the dependency completely. The versioning
+# of the output file ensures that we create it each time the recipe
+# gets rebuilt, at least as long as a PR server is used. We also rely
+# on that mechanism to catch changes in the file content, because the
+# file content is not part of of the task signature either.
+do_ar_recipe[vardepsexclude] += "BBINCLUDED"
python do_ar_recipe () {
"""
archive the recipe, including .bb and .inc.
@@ -349,8 +391,8 @@ python do_ar_recipe () {
bbappend_files = d.getVar('BBINCLUDED').split()
# If recipe name is aa, we need to match files like aa.bbappend and aa_1.1.bbappend
# Files like aa1.bbappend or aa1_1.1.bbappend must be excluded.
- bbappend_re = re.compile( r".*/%s_[^/]*\.bbappend$" %pn)
- bbappend_re1 = re.compile( r".*/%s\.bbappend$" %pn)
+ bbappend_re = re.compile( r".*/%s_[^/]*\.bbappend$" % re.escape(pn))
+ bbappend_re1 = re.compile( r".*/%s\.bbappend$" % re.escape(pn))
for file in bbappend_files:
if bbappend_re.match(file) or bbappend_re1.match(file):
shutil.copy(file, outdir)
@@ -419,7 +461,10 @@ do_deploy_all_archives() {
}
python () {
- # Add tasks in the correct order, specifically for linux-yocto to avoid race condition
+ # Add tasks in the correct order, specifically for linux-yocto to avoid race condition.
+ # sstatesig.py:sstate_rundepfilter has special support that excludes this dependency
+ # so that do_kernel_configme does not need to run again when do_unpack_and_patch
+ # gets added or removed (by adding or removing archiver.bbclass).
if bb.data.inherits_class('kernel-yocto', d):
bb.build.addtask('do_kernel_configme', 'do_configure', 'do_unpack_and_patch', d)
}
diff --git a/meta/classes/copyleft_filter.bbclass b/meta/classes/copyleft_filter.bbclass
index 5867bb9..c36bce4 100644
--- a/meta/classes/copyleft_filter.bbclass
+++ b/meta/classes/copyleft_filter.bbclass
@@ -47,27 +47,27 @@ def copyleft_should_include(d):
import oe.license
from fnmatch import fnmatchcase as fnmatch
- included, motive = False, 'recipe did not match anything'
-
recipe_type = d.getVar('COPYLEFT_RECIPE_TYPE')
if recipe_type not in oe.data.typed_value('COPYLEFT_RECIPE_TYPES', d):
- include, motive = False, 'recipe type "%s" is excluded' % recipe_type
+ included, motive = False, 'recipe type "%s" is excluded' % recipe_type
+ else:
+ included, motive = False, 'recipe did not match anything'
- include = oe.data.typed_value('COPYLEFT_LICENSE_INCLUDE', d)
- exclude = oe.data.typed_value('COPYLEFT_LICENSE_EXCLUDE', d)
+ include = oe.data.typed_value('COPYLEFT_LICENSE_INCLUDE', d)
+ exclude = oe.data.typed_value('COPYLEFT_LICENSE_EXCLUDE', d)
- try:
- is_included, reason = oe.license.is_included(d.getVar('LICENSE'), include, exclude)
- except oe.license.LicenseError as exc:
- bb.fatal('%s: %s' % (d.getVar('PF'), exc))
- else:
- if is_included:
- if reason:
- included, motive = True, 'recipe has included licenses: %s' % ', '.join(reason)
- else:
- included, motive = False, 'recipe does not include a copyleft license'
+ try:
+ is_included, reason = oe.license.is_included(d.getVar('LICENSE'), include, exclude)
+ except oe.license.LicenseError as exc:
+ bb.fatal('%s: %s' % (d.getVar('PF'), exc))
else:
- included, motive = False, 'recipe has excluded licenses: %s' % ', '.join(reason)
+ if is_included:
+ if reason:
+ included, motive = True, 'recipe has included licenses: %s' % ', '.join(reason)
+ else:
+ included, motive = False, 'recipe does not include a copyleft license'
+ else:
+ included, motive = False, 'recipe has excluded licenses: %s' % ', '.join(reason)
if any(fnmatch(d.getVar('PN'), name) \
for name in oe.data.typed_value('COPYLEFT_PN_INCLUDE', d)):
diff --git a/meta/classes/cpan-base.bbclass b/meta/classes/cpan-base.bbclass
index 55ac052..577fcd6 100644
--- a/meta/classes/cpan-base.bbclass
+++ b/meta/classes/cpan-base.bbclass
@@ -7,27 +7,7 @@ FILES_${PN} += "${libdir}/perl ${datadir}/perl"
DEPENDS += "${@["perl", "perl-native"][(bb.data.inherits_class('native', d))]}"
RDEPENDS_${PN} += "${@["perl", ""][(bb.data.inherits_class('native', d))]}"
-PERL_OWN_DIR = "${@["", "/perl-native"][(bb.data.inherits_class('native', d))]}"
-
-# Determine the staged version of perl from the perl configuration file
-# Assign vardepvalue, because otherwise signature is changed before and after
-# perl is built (from None to real version in config.sh).
-get_perl_version[vardepvalue] = "${PERL_OWN_DIR}"
-def get_perl_version(d):
- import re
- cfg = d.expand('${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/config.sh')
- try:
- f = open(cfg, 'r')
- except IOError:
- return None
- l = f.readlines();
- f.close();
- r = re.compile("^version='(\d*\.\d*\.\d*)'")
- for s in l:
- m = r.match(s)
- if m:
- return m.group(1)
- return None
+inherit perl-version
def is_target(d):
if not bb.data.inherits_class('native', d):
@@ -36,5 +16,3 @@ def is_target(d):
PERLLIBDIRS = "${libdir}/perl"
PERLLIBDIRS_class-native = "${libdir}/perl-native"
-PERLVERSION := "${@get_perl_version(d)}"
-PERLVERSION[vardepvalue] = ""
diff --git a/meta/classes/cross.bbclass b/meta/classes/cross.bbclass
index 8757303..4feb01e 100644
--- a/meta/classes/cross.bbclass
+++ b/meta/classes/cross.bbclass
@@ -28,10 +28,10 @@ MULTIMACH_TARGET_SYS = "${BUILD_ARCH}${BUILD_VENDOR}-${BUILD_OS}"
export PKG_CONFIG_DIR = "${exec_prefix}/lib/pkgconfig"
export PKG_CONFIG_SYSROOT_DIR = ""
-TARGET_CPPFLAGS = "${BUILD_CPPFLAGS}"
-TARGET_CFLAGS = "${BUILD_CFLAGS}"
-TARGET_CXXFLAGS = "${BUILD_CXXFLAGS}"
-TARGET_LDFLAGS = "${BUILD_LDFLAGS}"
+TARGET_CPPFLAGS = ""
+TARGET_CFLAGS = ""
+TARGET_CXXFLAGS = ""
+TARGET_LDFLAGS = ""
CPPFLAGS = "${BUILD_CPPFLAGS}"
CFLAGS = "${BUILD_CFLAGS}"
diff --git a/meta/classes/goarch.bbclass b/meta/classes/goarch.bbclass
index 4a5b2ec..12df88f 100644
--- a/meta/classes/goarch.bbclass
+++ b/meta/classes/goarch.bbclass
@@ -38,8 +38,11 @@ def go_map_arch(a, d):
def go_map_arm(a, f, d):
import re
- if re.match('arm.*', a) and re.match('arm.*7.*', f):
- return '7'
+ if re.match('arm.*', a):
+ if 'armv7' in f:
+ return '7'
+ elif 'armv6' in f:
+ return '6'
return ''
def go_map_os(o, d):
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index ef2b38a..d10d0a0 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -145,15 +145,6 @@ inherit ${IMAGE_TYPE_vm}
IMAGE_TYPE_container = '${@bb.utils.contains("IMAGE_FSTYPES", "container", "image-container", "", d)}'
inherit ${IMAGE_TYPE_container}
-def build_uboot(d):
- if 'u-boot' in (d.getVar('IMAGE_FSTYPES') or ''):
- return "image_types_uboot"
- else:
- return ""
-
-IMAGE_TYPE_uboot = "${@build_uboot(d)}"
-inherit ${IMAGE_TYPE_uboot}
-
IMAGE_TYPE_wic = "image_types_wic"
inherit ${IMAGE_TYPE_wic}
@@ -184,10 +175,6 @@ python () {
d.setVar('IMAGE_FEATURES', ' '.join(sorted(list(remain_features))))
check_image_features(d)
- initramfs_image = d.getVar('INITRAMFS_IMAGE') or ""
- if initramfs_image != "":
- d.appendVarFlag('do_build', 'depends', " %s:do_bundle_initramfs" % d.getVar('PN'))
- d.appendVarFlag('do_bundle_initramfs', 'depends', " %s:do_image_complete" % initramfs_image)
}
IMAGE_CLASSES += "image_types"
@@ -453,7 +440,7 @@ python () {
rm_tmp_images = set()
def gen_conversion_cmds(bt):
- for ctype in ctypes:
+ for ctype in sorted(ctypes):
if bt.endswith("." + ctype):
type = bt[0:-len(ctype) - 1]
if type.startswith("debugfs_"):
@@ -609,11 +596,3 @@ do_package_write_ipk[noexec] = "1"
do_package_write_deb[noexec] = "1"
do_package_write_rpm[noexec] = "1"
-# Allow the kernel to be repacked with the initramfs and boot image file as a single file
-do_bundle_initramfs[depends] += "virtual/kernel:do_bundle_initramfs"
-do_bundle_initramfs[nostamp] = "1"
-do_bundle_initramfs[noexec] = "1"
-do_bundle_initramfs () {
- :
-}
-addtask bundle_initramfs after do_image_complete
diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index 7749b00..8db18ac 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -197,7 +197,7 @@ IMAGE_CMD_ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME
EXTRA_IMAGECMD = ""
-inherit siteinfo
+inherit siteinfo kernel-arch
JFFS2_ENDIANNESS ?= "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-l', '-b', d)}"
JFFS2_ERASEBLOCK ?= "0x40000"
EXTRA_IMAGECMD_jffs2 ?= "--pad ${JFFS2_ENDIANNESS} --eraseblock=${JFFS2_ERASEBLOCK} --no-cleanmarkers"
@@ -254,7 +254,7 @@ IMAGE_TYPES = " \
# CONVERSION_CMD/DEPENDS.
COMPRESSIONTYPES ?= ""
-CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip sum md5sum sha1sum sha224sum sha256sum sha384sum sha512sum bmap ${COMPRESSIONTYPES}"
+CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip sum md5sum sha1sum sha224sum sha256sum sha384sum sha512sum bmap u-boot ${COMPRESSIONTYPES}"
CONVERSION_CMD_lzma = "lzma -k -f -7 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
CONVERSION_CMD_gz = "gzip -f -9 -c ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.gz"
CONVERSION_CMD_bz2 = "pbzip2 -f -k ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
@@ -271,6 +271,7 @@ CONVERSION_CMD_sha256sum = "sha256sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}
CONVERSION_CMD_sha384sum = "sha384sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha384sum"
CONVERSION_CMD_sha512sum = "sha512sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha512sum"
CONVERSION_CMD_bmap = "bmaptool create ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.bmap"
+CONVERSION_CMD_u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.u-boot"
CONVERSION_DEPENDS_lzma = "xz-native"
CONVERSION_DEPENDS_gz = "pigz-native"
CONVERSION_DEPENDS_bz2 = "pbzip2-native"
@@ -280,6 +281,7 @@ CONVERSION_DEPENDS_lzo = "lzop-native"
CONVERSION_DEPENDS_zip = "zip-native"
CONVERSION_DEPENDS_sum = "mtd-utils-native"
CONVERSION_DEPENDS_bmap = "bmap-tools-native"
+CONVERSION_DEPENDS_u-boot = "u-boot-mkimage-native"
RUNNABLE_IMAGE_TYPES ?= "ext2 ext3 ext4"
RUNNABLE_MACHINE_PATTERNS ?= "qemu"
diff --git a/meta/classes/image_types_uboot.bbclass b/meta/classes/image_types_uboot.bbclass
deleted file mode 100644
index 8db436e..0000000
--- a/meta/classes/image_types_uboot.bbclass
+++ /dev/null
@@ -1,29 +0,0 @@
-inherit image_types kernel-arch
-
-oe_mkimage () {
- mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C $2 -n ${IMAGE_NAME} \
- -d ${IMGDEPLOYDIR}/$1 ${IMGDEPLOYDIR}/$1.u-boot
-}
-
-CONVERSIONTYPES += "gz.u-boot bz2.u-boot lz4.u-boot lzma.u-boot lzo.u-boot u-boot"
-
-CONVERSION_DEPENDS_u-boot = "u-boot-mkimage-native"
-CONVERSION_CMD_u-boot = "oe_mkimage ${IMAGE_NAME}.rootfs.${type} none"
-
-CONVERSION_DEPENDS_gz.u-boot = "u-boot-mkimage-native"
-CONVERSION_CMD_gz.u-boot = "${CONVERSION_CMD_gz}; oe_mkimage ${IMAGE_NAME}.rootfs.${type}.gz gzip"
-
-CONVERSION_DEPENDS_bz2.u-boot = "u-boot-mkimage-native"
-CONVERSION_CMD_bz2.u-boot = "${CONVERSION_CMD_bz2}; oe_mkimage ${IMAGE_NAME}.rootfs.${type}.bz2 bzip2"
-
-CONVERSION_DEPENDS_lz4.u-boot = "u-boot-mkimage-native"
-CONVERSION_CMD_lz4.u-boot = "${CONVERSION_CMD_lz4_legacy}; oe_mkimage ${IMAGE_NAME}.rootfs.${type}.lz4 lz4"
-
-CONVERSION_DEPENDS_lzma.u-boot = "u-boot-mkimage-native"
-CONVERSION_CMD_lzma.u-boot = "${CONVERSION_CMD_lzma}; oe_mkimage ${IMAGE_NAME}.rootfs.${type}.lzma lzma"
-
-CONVERSION_DEPENDS_lzo.u-boot = "u-boot-mkimage-native"
-CONVERSION_CMD_lzo.u-boot = "${CONVERSION_CMD_lzo}; oe_mkimage ${IMAGE_NAME}.rootfs.${type}.lzo lzo"
-
-IMAGE_TYPES += "ext2.u-boot ext2.gz.u-boot ext2.bz2.u-boot ext2.lzma.u-boot ext3.gz.u-boot ext4.gz.u-boot cpio.gz.u-boot"
-
diff --git a/meta/classes/image_types_wic.bbclass b/meta/classes/image_types_wic.bbclass
index 4711c24..68f251c 100644
--- a/meta/classes/image_types_wic.bbclass
+++ b/meta/classes/image_types_wic.bbclass
@@ -33,7 +33,7 @@ IMAGE_CMD_wic () {
mv "$out/$(basename "${wks%.wks}")"*.direct "$out${IMAGE_NAME_SUFFIX}.wic"
rm -rf "$out/"
}
-IMAGE_CMD_wic[vardepsexclude] = "WKS_FULL_PATH WKS_FILES"
+IMAGE_CMD_wic[vardepsexclude] = "WKS_FULL_PATH WKS_FILES TOPDIR"
# Rebuild when the wks file or vars in WICVARS change
USING_WIC = "${@bb.utils.contains_any('IMAGE_FSTYPES', 'wic ' + ' '.join('wic.%s' % c for c in '${CONVERSIONTYPES}'.split()), '1', '', d)}"
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 2630b47..179185b 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -7,7 +7,9 @@ python __anonymous () {
depends = "%s u-boot-mkimage-native dtc-native" % depends
d.setVar("DEPENDS", depends)
- if d.getVar("UBOOT_ARCH") == "x86":
+ if d.getVar("UBOOT_ARCH") == "mips":
+ replacementtype = "vmlinuz.bin"
+ elif d.getVar("UBOOT_ARCH") == "x86":
replacementtype = "bzImage"
else:
replacementtype = "zImage"
@@ -97,8 +99,8 @@ fitimage_emit_section_kernel() {
ENTRYPOINT=${UBOOT_ENTRYPOINT}
if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
- ENTRYPOINT=`${HOST_PREFIX}nm ${S}/vmlinux | \
- awk '$4=="${UBOOT_ENTRYSYMBOL}" {print $2}'`
+ ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
+ awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
fi
cat << EOF >> ${1}
@@ -351,6 +353,7 @@ fitimage_assemble() {
DTB_PATH="arch/${ARCH}/boot/${DTB}"
fi
+ DTB=$(echo "${DTB}" | tr '/' '_')
DTBS="${DTBS} ${DTB}"
fitimage_emit_section_dtb ${1} ${DTB} ${DTB_PATH}
done
diff --git a/meta/classes/kernel-uboot.bbclass b/meta/classes/kernel-uboot.bbclass
index 868e97d..87f0265 100644
--- a/meta/classes/kernel-uboot.bbclass
+++ b/meta/classes/kernel-uboot.bbclass
@@ -3,13 +3,19 @@ uboot_prep_kimage() {
vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux"
linux_suffix=""
linux_comp="none"
+ elif [ -e arch/${ARCH}/boot/vmlinuz.bin ]; then
+ rm -f linux.bin
+ cp -l arch/${ARCH}/boot/vmlinuz.bin linux.bin
+ vmlinux_path=""
+ linux_suffix=""
+ linux_comp="none"
else
vmlinux_path="vmlinux"
linux_suffix=".gz"
linux_comp="gzip"
fi
- ${OBJCOPY} -O binary -R .note -R .comment -S "${vmlinux_path}" linux.bin
+ [ -n "${vmlinux_path}" ] && ${OBJCOPY} -O binary -R .note -R .comment -S "${vmlinux_path}" linux.bin
if [ "${linux_comp}" != "none" ] ; then
gzip -9 linux.bin
diff --git a/meta/classes/kernel-uimage.bbclass b/meta/classes/kernel-uimage.bbclass
index 19c6ade..1d8656e 100644
--- a/meta/classes/kernel-uimage.bbclass
+++ b/meta/classes/kernel-uimage.bbclass
@@ -15,23 +15,21 @@ python __anonymous () {
typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
if "uImage" in typeformake.split():
d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('uImage', 'vmlinux'))
+
+ # Enable building of uImage with mkimage
+ bb.build.addtask('do_uboot_mkimage', 'do_install', 'do_kernel_link_images', d)
}
+do_uboot_mkimage[dirs] += "${B}"
do_uboot_mkimage() {
- if echo "${KERNEL_IMAGETYPES}" | grep -wq "uImage"; then
- if test "x${KEEPUIMAGE}" != "xyes" ; then
- uboot_prep_kimage
-
- ENTRYPOINT=${UBOOT_ENTRYPOINT}
- if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
- ENTRYPOINT=`${HOST_PREFIX}nm ${S}/vmlinux | \
- awk '$3=="${UBOOT_ENTRYSYMBOL}" {print $1}'`
- fi
+ uboot_prep_kimage
- uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
- rm -f linux.bin
- fi
+ ENTRYPOINT=${UBOOT_ENTRYPOINT}
+ if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
+ ENTRYPOINT=`${HOST_PREFIX}nm ${B}/vmlinux | \
+ awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
fi
-}
-addtask uboot_mkimage before do_install after do_compile
+ uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
+ rm -f linux.bin
+}
diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass
index d5812d8..4ad814f 100644
--- a/meta/classes/mirrors.bbclass
+++ b/meta/classes/mirrors.bbclass
@@ -54,7 +54,7 @@ p4://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
osc://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
https?$://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
ftp://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
-npm://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
+npm://.*/?.* http://downloads.yoctoproject.org/mirror/sources/ \n \
cvs://.*/.* http://sources.openembedded.org/ \n \
svn://.*/.* http://sources.openembedded.org/ \n \
git://.*/.* http://sources.openembedded.org/ \n \
@@ -64,7 +64,7 @@ p4://.*/.* http://sources.openembedded.org/ \n \
osc://.*/.* http://sources.openembedded.org/ \n \
https?$://.*/.* http://sources.openembedded.org/ \n \
ftp://.*/.* http://sources.openembedded.org/ \n \
-npm://.*/.* http://sources.openembedded.org/ \n \
+npm://.*/?.* http://sources.openembedded.org/ \n \
${CPAN_MIRROR} http://cpan.metacpan.org/ \n \
${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \
"
diff --git a/meta/classes/own-mirrors.bbclass b/meta/classes/own-mirrors.bbclass
index 12b4267..0296d54 100644
--- a/meta/classes/own-mirrors.bbclass
+++ b/meta/classes/own-mirrors.bbclass
@@ -9,5 +9,5 @@ p4://.*/.* ${SOURCE_MIRROR_URL}
osc://.*/.* ${SOURCE_MIRROR_URL}
https?$://.*/.* ${SOURCE_MIRROR_URL}
ftp://.*/.* ${SOURCE_MIRROR_URL}
-npm://.*/.* ${SOURCE_MIRROR_URL}
+npm://.*/?.* ${SOURCE_MIRROR_URL}
}
diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index 62324b3..1deaf83 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -664,6 +664,10 @@ python do_package_rpm () {
cmd = cmd + " --define '_builddir " + d.getVar('S') + "'"
cmd = cmd + " --define '_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'"
cmd = cmd + " --define '_use_internal_dependency_generator 0'"
+ cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
+ cmd = cmd + " --define '_build_id_links none'"
+ cmd = cmd + " --define '_binary_payload w6T.xzdio'"
+ cmd = cmd + " --define '_source_payload w6T.xzdio'"
if perfiledeps:
cmd = cmd + " --define '__find_requires " + outdepends + "'"
cmd = cmd + " --define '__find_provides " + outprovides + "'"
diff --git a/meta/classes/perl-version.bbclass b/meta/classes/perl-version.bbclass
new file mode 100644
index 0000000..fafe68a
--- /dev/null
+++ b/meta/classes/perl-version.bbclass
@@ -0,0 +1,24 @@
+PERL_OWN_DIR = "${@["", "/perl-native"][(bb.data.inherits_class('native', d))]}"
+
+# Determine the staged version of perl from the perl configuration file
+# Assign vardepvalue, because otherwise signature is changed before and after
+# perl is built (from None to real version in config.sh).
+get_perl_version[vardepvalue] = "${PERL_OWN_DIR}"
+def get_perl_version(d):
+ import re
+ cfg = d.expand('${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/config.sh')
+ try:
+ f = open(cfg, 'r')
+ except IOError:
+ return None
+ l = f.readlines();
+ f.close();
+ r = re.compile("^version='(\d*\.\d*\.\d*)'")
+ for s in l:
+ m = r.match(s)
+ if m:
+ return m.group(1)
+ return None
+
+PERLVERSION := "${@get_perl_version(d)}"
+PERLVERSION[vardepvalue] = ""
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index 4dfb94c..3043a1b 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -243,11 +243,12 @@ python copy_buildsystem () {
# Copy uninative tarball
# For now this is where uninative.bbclass expects the tarball
- uninative_file = d.expand('${SDK_DEPLOY}/${BUILD_ARCH}-nativesdk-libc.tar.bz2')
- uninative_checksum = bb.utils.sha256_file(uninative_file)
- uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
- bb.utils.mkdirhier(uninative_outdir)
- shutil.copy(uninative_file, uninative_outdir)
+ if bb.data.inherits_class('uninative', d):
+ uninative_file = d.expand('${UNINATIVE_DLDIR}/' + d.getVarFlag("UNINATIVE_CHECKSUM", d.getVar("BUILD_ARCH")) + '/${UNINATIVE_TARBALL}')
+ uninative_checksum = bb.utils.sha256_file(uninative_file)
+ uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
+ bb.utils.mkdirhier(uninative_outdir)
+ shutil.copy(uninative_file, uninative_outdir)
env_whitelist = (d.getVar('BB_ENV_EXTRAWHITE') or '').split()
env_whitelist_values = {}
@@ -656,7 +657,7 @@ def get_sdk_ext_rdepends(d):
do_populate_sdk_ext[dirs] = "${@d.getVarFlag('do_populate_sdk', 'dirs', False)}"
do_populate_sdk_ext[depends] = "${@d.getVarFlag('do_populate_sdk', 'depends', False)} \
- buildtools-tarball:do_populate_sdk uninative-tarball:do_populate_sdk \
+ buildtools-tarball:do_populate_sdk \
${@'meta-world-pkgdata:do_collect_packagedata' if d.getVar('SDK_INCLUDE_PKGDATA') == '1' else ''} \
${@'meta-extsdk-toolchain:do_locked_sigs' if d.getVar('SDK_INCLUDE_TOOLCHAIN') == '1' else ''}"
diff --git a/meta/classes/qemuboot.bbclass b/meta/classes/qemuboot.bbclass
index 86b3060..3468d1c 100644
--- a/meta/classes/qemuboot.bbclass
+++ b/meta/classes/qemuboot.bbclass
@@ -79,6 +79,7 @@ def qemuboot_vars(d):
return build_vars + [k for k in d.keys() if k.startswith('QB_')]
do_write_qemuboot_conf[vardeps] += "${@' '.join(qemuboot_vars(d))}"
+do_write_qemuboot_conf[vardepsexclude] += "TOPDIR"
python do_write_qemuboot_conf() {
import configparser
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index c194b26..c19ff87 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -91,10 +91,10 @@ read_only_rootfs_hook () {
# and the keys under /var/run/ssh.
if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then
- echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
+ echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh
echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh
else
- echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
+ echo "SYSCONFDIR=\${SYSCONFDIR:-/var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh
echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh
fi
fi
@@ -156,7 +156,10 @@ ssh_allow_empty_password () {
fi
if [ -d ${IMAGE_ROOTFS}${sysconfdir}/pam.d ] ; then
- sed -i 's/nullok_secure/nullok/' ${IMAGE_ROOTFS}${sysconfdir}/pam.d/*
+ for f in `find ${IMAGE_ROOTFS}${sysconfdir}/pam.d/* -type f -exec test -e {} \; -print`
+ do
+ sed -i 's/nullok_secure/nullok/' $f
+ done
fi
}
@@ -286,7 +289,6 @@ rootfs_sysroot_relativelinks () {
sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT}
}
-
# Generated test data json file
python write_image_test_data() {
from oe.data import export2json
@@ -303,3 +305,16 @@ python write_image_test_data() {
os.remove(testdata_link)
os.symlink(os.path.basename(testdata), testdata_link)
}
+write_image_test_data[vardepsexclude] += "TOPDIR"
+
+# Check for unsatisfied recommendations (RRECOMMENDS)
+python rootfs_log_check_recommends() {
+ log_path = d.expand("${T}/log.do_rootfs")
+ with open(log_path, 'r') as log:
+ for line in log:
+ if 'log_check' in line:
+ continue
+
+ if 'unsatisfied recommendation for' in line:
+ bb.warn('[log_check] %s: %s' % (d.getVar('PN', True), line))
+}
diff --git a/meta/classes/staging.bbclass b/meta/classes/staging.bbclass
index a90cf43..984051d 100644
--- a/meta/classes/staging.bbclass
+++ b/meta/classes/staging.bbclass
@@ -249,7 +249,7 @@ def staging_processfixme(fixme, target, recipesysroot, recipesysrootnative, d):
if not fixme:
return
cmd = "sed -e 's:^[^/]*/:%s/:g' %s | xargs sed -i -e 's:FIXMESTAGINGDIRTARGET:%s:g; s:FIXMESTAGINGDIRHOST:%s:g'" % (target, " ".join(fixme), recipesysroot, recipesysrootnative)
- for fixmevar in ['COMPONENTS_DIR', 'HOSTTOOLS_DIR', 'PKGDATA_DIR']:
+ for fixmevar in ['COMPONENTS_DIR', 'HOSTTOOLS_DIR', 'PKGDATA_DIR', 'PSEUDO_LOCALSTATEDIR', 'LOGFIFO']:
fixme_path = d.getVar(fixmevar)
cmd += " -e 's:FIXME_%s:%s:g'" % (fixmevar, fixme_path)
bb.debug(2, cmd)
diff --git a/meta/classes/useradd-staticids.bbclass b/meta/classes/useradd-staticids.bbclass
index 2d282c0..6ebf760 100644
--- a/meta/classes/useradd-staticids.bbclass
+++ b/meta/classes/useradd-staticids.bbclass
@@ -141,9 +141,13 @@ def update_useradd_static_config(d):
# So if the implicit username-group creation is on, then the implicit groupname (LOGIN)
# is used, and we disable the user_group option.
#
- user_group = uaargs.user_group is None or uaargs.user_group is True
- uaargs.groupname = uaargs.LOGIN if user_group else uaargs.gid
- uaargs.groupid = field[3] or uaargs.gid or uaargs.groupname
+ if uaargs.gid:
+ uaargs.groupname = uaargs.gid
+ elif uaargs.user_group is not False:
+ uaargs.groupname = uaargs.LOGIN
+ else:
+ uaargs.groupname = 'users'
+ uaargs.groupid = field[3] or uaargs.groupname
if uaargs.groupid and uaargs.gid != uaargs.groupid:
newgroup = None
diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass
index 6017ded..0f551b5 100644
--- a/meta/classes/useradd.bbclass
+++ b/meta/classes/useradd.bbclass
@@ -100,7 +100,7 @@ useradd_sysroot () {
# Pseudo may (do_prepare_recipe_sysroot) or may not (do_populate_sysroot_setscene) be running
# at this point so we're explicit about the environment so pseudo can load if
# not already present.
- export PSEUDO="${FAKEROOTENV} PSEUDO_LOCALSTATEDIR=${STAGING_DIR_TARGET}${localstatedir}/pseudo ${PSEUDO_SYSROOT}${bindir_native}/pseudo"
+ export PSEUDO="${FAKEROOTENV} ${PSEUDO_SYSROOT}${bindir_native}/pseudo"
# Explicitly set $D since it isn't set to anything
# before do_prepare_recipe_sysroot
@@ -133,9 +133,10 @@ useradd_sysroot () {
}
# The export of PSEUDO in useradd_sysroot() above contains references to
-# ${COMPONENTS_DIR}. These need to be handled when restoring
+# ${COMPONENTS_DIR} and ${PSEUDO_LOCALSTATEDIR}. Additionally, the logging
+# shell functions use ${LOGFIFO}. These need to be handled when restoring
# postinst-useradd-${PN} from the sstate cache.
-EXTRA_STAGING_FIXMES += "COMPONENTS_DIR"
+EXTRA_STAGING_FIXMES += "COMPONENTS_DIR PSEUDO_LOCALSTATEDIR LOGFIFO"
python useradd_sysroot_sstate () {
task = d.getVar("BB_CURRENTTASK")
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 8e4f4bb..2dac3a1 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -477,6 +477,9 @@ HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat sudo"
# Temporary add few more detected in bitbake world
HOSTTOOLS_NONFATAL += "join nl size yes zcat"
+# Used by bzr fetcher
+HOSTTOOLS_NONFATAL += "bzr"
+
CCACHE ??= ""
# Disable ccache explicitly if CCACHE is null since gcc may be a symlink
# of ccache some distributions (e.g., Fedora 17).
diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample
index 85c5e21..e74e1f3 100644
--- a/meta/conf/local.conf.sample
+++ b/meta/conf/local.conf.sample
@@ -169,7 +169,7 @@ PATCHRESOLVE = "noop"
# files and damages the build in ways which may not be easily recoverable.
# It's necesary to monitor /tmp, if there is no space left the build will fail
# with very exotic errors.
-BB_DISKMON_DIRS = "\
+BB_DISKMON_DIRS ??= "\
STOPTASKS,${TMPDIR},1G,100K \
STOPTASKS,${DL_DIR},1G,100K \
STOPTASKS,${SSTATE_DIR},1G,100K \
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index f087a01..b8dd4c8 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -20,8 +20,12 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache):
def isImage(fn):
return "/image.bbclass" in " ".join(dataCache.inherits[fn])
- # Always include our own inter-task dependencies
+ # (Almost) always include our own inter-task dependencies.
+ # The exception is the special do_kernel_configme->do_unpack_and_patch
+ # dependency from archiver.bbclass.
if recipename == depname:
+ if task == "do_kernel_configme" and dep.endswith(".do_unpack_and_patch"):
+ return False
return True
# Quilt (patch application) changing isn't likely to affect anything
diff --git a/meta/lib/oe/terminal.py b/meta/lib/oe/terminal.py
index 89ddb46..2f18ec0 100644
--- a/meta/lib/oe/terminal.py
+++ b/meta/lib/oe/terminal.py
@@ -224,7 +224,7 @@ def spawn(name, sh_cmd, title=None, env=None, d=None):
import time
pidfile = tempfile.NamedTemporaryFile(delete = False).name
try:
- sh_cmd = "oe-gnome-terminal-phonehome " + pidfile + " " + sh_cmd
+ sh_cmd = bb.utils.which(os.getenv('PATH'), "oe-gnome-terminal-phonehome") + " " + pidfile + " " + sh_cmd
pipe = terminal(sh_cmd, title, env, d)
output = pipe.communicate()[0]
if output:
diff --git a/meta/lib/oeqa/runtime/cases/buildiptables.py b/meta/lib/oeqa/runtime/cases/buildlzip.py
index 002b16c..ca3fead 100644
--- a/meta/lib/oeqa/runtime/cases/buildiptables.py
+++ b/meta/lib/oeqa/runtime/cases/buildlzip.py
@@ -5,12 +5,12 @@ from oeqa.core.decorator.data import skipIfNotFeature
from oeqa.runtime.utils.targetbuildproject import TargetBuildProject
-class BuildIptablesTest(OERuntimeTestCase):
+class BuildLzipTest(OERuntimeTestCase):
@classmethod
def setUpClass(cls):
uri = 'http://downloads.yoctoproject.org/mirror/sources'
- uri = '%s/iptables-1.4.13.tar.bz2' % uri
+ uri = '%s/lzip-1.19.tar.gz' % uri
cls.project = TargetBuildProject(cls.tc.target,
uri,
dl_dir = cls.tc.td['DL_DIR'])
@@ -24,7 +24,7 @@ class BuildIptablesTest(OERuntimeTestCase):
@skipIfNotFeature('tools-sdk',
'Test requires tools-sdk to be in IMAGE_FEATURES')
@OETestDepends(['ssh.SSHTest.test_ssh'])
- def test_iptables(self):
+ def test_lzip(self):
self.project.run_configure()
self.project.run_make()
self.project.run_install()
diff --git a/meta/lib/oeqa/sdk/cases/buildiptables.py b/meta/lib/oeqa/sdk/cases/buildlzip.py
index 0bd00d1..2a53b78 100644
--- a/meta/lib/oeqa/sdk/cases/buildiptables.py
+++ b/meta/lib/oeqa/sdk/cases/buildlzip.py
@@ -3,15 +3,15 @@ from oeqa.sdk.case import OESDKTestCase
from oeqa.sdk.utils.sdkbuildproject import SDKBuildProject
-class BuildIptablesTest(OESDKTestCase):
+class BuildLzipTest(OESDKTestCase):
td_vars = ['DATETIME']
@classmethod
def setUpClass(self):
dl_dir = self.td.get('DL_DIR', None)
- self.project = SDKBuildProject(self.tc.sdk_dir + "/iptables/", self.tc.sdk_env,
- "http://downloads.yoctoproject.org/mirror/sources/iptables-1.4.13.tar.bz2",
+ self.project = SDKBuildProject(self.tc.sdk_dir + "/lzip/", self.tc.sdk_env,
+ "http://downloads.yoctoproject.org/mirror/sources/lzip-1.19.tar.gz",
self.tc.sdk_dir, self.td['DATETIME'], dl_dir=dl_dir)
self.project.download_archive()
@@ -20,7 +20,7 @@ class BuildIptablesTest(OESDKTestCase):
if not self.tc.hasHostPackage("packagegroup-cross-canadian-%s" % machine):
raise unittest.SkipTest("SDK doesn't contain a cross-canadian toolchain")
- def test_iptables(self):
+ def test_lzip(self):
self.assertEqual(self.project.run_configure(), 0,
msg="Running configure failed")
diff --git a/meta/lib/oeqa/selftest/archiver.py b/meta/lib/oeqa/selftest/archiver.py
index d7f215c..7f01c36 100644
--- a/meta/lib/oeqa/selftest/archiver.py
+++ b/meta/lib/oeqa/selftest/archiver.py
@@ -29,7 +29,7 @@ class Archiver(oeSelfTest):
self.write_config(features)
bitbake('-c clean %s %s' % (include_recipe, exclude_recipe))
- bitbake("%s %s" % (include_recipe, exclude_recipe))
+ bitbake("-c deploy_archives %s %s" % (include_recipe, exclude_recipe))
bb_vars = get_bb_vars(['DEPLOY_DIR_SRC', 'TARGET_SYS'])
src_path = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
@@ -41,3 +41,79 @@ class Archiver(oeSelfTest):
# Check that exclude_recipe was excluded
excluded_present = len(glob.glob(src_path + '/%s-*' % exclude_recipe))
self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % exclude_recipe)
+
+
+ def test_archiver_filters_by_type(self):
+ """
+ Summary: The archiver is documented to filter on the recipe type.
+ Expected: 1. included recipe type (target) should be included
+ 2. other types should be excluded
+ Product: oe-core
+ Author: André Draszik <adraszik@tycoint.com>
+ """
+
+ target_recipe = 'initscripts'
+ native_recipe = 'zlib-native'
+
+ features = 'INHERIT += "archiver"\n'
+ features += 'ARCHIVER_MODE[src] = "original"\n'
+ features += 'COPYLEFT_RECIPE_TYPES = "target"\n'
+ self.write_config(features)
+
+ bitbake('-c clean %s %s' % (target_recipe, native_recipe))
+ bitbake("%s -c deploy_archives %s" % (target_recipe, native_recipe))
+
+ bb_vars = get_bb_vars(['DEPLOY_DIR_SRC', 'TARGET_SYS', 'BUILD_SYS'])
+ src_path_target = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
+ src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS'])
+
+ # Check that target_recipe was included
+ included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipe))
+ self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipe)
+
+ # Check that native_recipe was excluded
+ excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipe))
+ self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipe)
+
+ def test_archiver_filters_by_type_and_name(self):
+ """
+ Summary: Test that the archiver archives by recipe type, taking the
+ recipe name into account.
+ Expected: 1. included recipe type (target) should be included
+ 2. other types should be excluded
+ 3. recipe by name should be included / excluded,
+ overriding previous decision by type
+ Product: oe-core
+ Author: André Draszik <adraszik@tycoint.com>
+ """
+
+ target_recipes = [ 'initscripts', 'zlib' ]
+ native_recipes = [ 'update-rc.d-native', 'zlib-native' ]
+
+ features = 'INHERIT += "archiver"\n'
+ features += 'ARCHIVER_MODE[src] = "original"\n'
+ features += 'COPYLEFT_RECIPE_TYPES = "target"\n'
+ features += 'COPYLEFT_PN_INCLUDE = "%s"\n' % native_recipes[1]
+ features += 'COPYLEFT_PN_EXCLUDE = "%s"\n' % target_recipes[1]
+ self.write_config(features)
+
+ bitbake('-c clean %s %s' % (' '.join(target_recipes), ' '.join(native_recipes)))
+ bitbake('-c deploy_archives %s %s' % (' '.join(target_recipes), ' '.join(native_recipes)))
+
+ bb_vars = get_bb_vars(['DEPLOY_DIR_SRC', 'TARGET_SYS', 'BUILD_SYS'])
+ src_path_target = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
+ src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS'])
+
+ # Check that target_recipe[0] and native_recipes[1] were included
+ included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[0]))
+ self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipes[0])
+
+ included_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[1]))
+ self.assertTrue(included_present, 'Recipe %s was not included.' % native_recipes[1])
+
+ # Check that native_recipes[0] and target_recipes[1] were excluded
+ excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[0]))
+ self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipes[0])
+
+ excluded_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[1]))
+ self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % target_recipes[1])
diff --git a/meta/lib/oeqa/selftest/recipetool.py b/meta/lib/oeqa/selftest/recipetool.py
index 4344f9f..dc55a5e 100644
--- a/meta/lib/oeqa/selftest/recipetool.py
+++ b/meta/lib/oeqa/selftest/recipetool.py
@@ -368,16 +368,16 @@ class RecipetoolTests(RecipetoolBase):
# Try adding a recipe
tempsrc = os.path.join(self.tempdir, 'srctree')
os.makedirs(tempsrc)
- recipefile = os.path.join(self.tempdir, 'logrotate_3.8.7.bb')
- srcuri = 'https://github.com/logrotate/logrotate/archive/r3-8-7.tar.gz'
+ recipefile = os.path.join(self.tempdir, 'logrotate_3.12.3.bb')
+ srcuri = 'https://github.com/logrotate/logrotate/releases/download/3.12.3/logrotate-3.12.3.tar.xz'
result = runCmd('recipetool create -o %s %s -x %s' % (recipefile, srcuri, tempsrc))
self.assertTrue(os.path.isfile(recipefile))
checkvars = {}
checkvars['LICENSE'] = 'GPLv2'
- checkvars['LIC_FILES_CHKSUM'] = 'file://COPYING;md5=18810669f13b87348459e611d31ab760'
- checkvars['SRC_URI'] = 'https://github.com/logrotate/logrotate/archive/r3-8-7.tar.gz'
- checkvars['SRC_URI[md5sum]'] = '6b1aa0e0d07eda3c9a2526520850397a'
- checkvars['SRC_URI[sha256sum]'] = 'dece4bfeb9d8374a0ecafa34be139b5a697db5c926dcc69a9b8715431a22e733'
+ checkvars['LIC_FILES_CHKSUM'] = 'file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263'
+ checkvars['SRC_URI'] = 'https://github.com/logrotate/logrotate/releases/download/${PV}/logrotate-${PV}.tar.xz'
+ checkvars['SRC_URI[md5sum]'] = 'a560c57fac87c45b2fc17406cdf79288'
+ checkvars['SRC_URI[sha256sum]'] = '2e6a401cac9024db2288297e3be1a8ab60e7401ba8e91225218aaf4a27e82a07'
self._test_recipe_contents(recipefile, checkvars, [])
@testcase(1194)
diff --git a/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch b/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch
new file mode 100644
index 0000000..217a775
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch
@@ -0,0 +1,36 @@
+From 6cef7f6079550af3bf91dbff824398eaef08c3c5 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:22:32 +0300
+Subject: [PATCH 1/4] btrfs: avoid "used uninitialized" error with GCC7
+
+sblock was local and so considered new variable on every loop
+iteration.
+
+Closes: 50597
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/fs/btrfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 9cffa91..4849c1c 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -227,11 +227,11 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data,
+ static grub_err_t
+ read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb)
+ {
++ struct grub_btrfs_superblock sblock;
+ unsigned i;
+ grub_err_t err = GRUB_ERR_NONE;
+ for (i = 0; i < ARRAY_SIZE (superblock_sectors); i++)
+ {
+- struct grub_btrfs_superblock sblock;
+ /* Don't try additional superblocks beyond device size. */
+ if (i && (grub_le_to_cpu64 (sblock.this_device.size)
+ >> GRUB_DISK_SECTOR_BITS) <= superblock_sectors[i])
+--
+1.9.1
+
diff --git a/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch b/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch
new file mode 100644
index 0000000..94f048c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch
@@ -0,0 +1,248 @@
+From 4bd4a88725604471fdbd86316c91967a7f4dba5a Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:23:55 +0300
+Subject: [PATCH 2/4] i386, x86_64, ppc: fix switch fallthrough cases with GCC7
+
+In util/getroot and efidisk slightly modify exitsing comment to mostly
+retain it but still make GCC7 compliant with respect to fall through
+annotation.
+
+In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
+upstream.
+
+In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
+suppress GCC7 warning.
+
+In grub-core/gnulib/regexec.c use new __attribute__, because existing
+annotation is not recognized by GCC7 parser (which requires that comment
+immediately precedes case statement).
+
+Otherwise add FALLTHROUGH comment.
+
+Closes: 50598
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/commands/hdparm.c | 1 +
+ grub-core/commands/nativedisk.c | 1 +
+ grub-core/disk/cryptodisk.c | 1 +
+ grub-core/disk/efi/efidisk.c | 2 +-
+ grub-core/efiemu/mm.c | 1 +
+ grub-core/gdb/cstub.c | 1 +
+ grub-core/gnulib/regexec.c | 3 +++
+ grub-core/lib/xzembed/xz_dec_lzma2.c | 4 ++++
+ grub-core/lib/xzembed/xz_dec_stream.c | 6 ++++++
+ grub-core/loader/i386/linux.c | 3 +++
+ grub-core/tests/setjmp_test.c | 5 ++++-
+ grub-core/video/ieee1275.c | 1 +
+ grub-core/video/readers/jpeg.c | 1 +
+ util/getroot.c | 2 +-
+ util/grub-install.c | 1 +
+ util/grub-mkimagexx.c | 1 +
+ util/grub-mount.c | 1 +
+ 17 files changed, 32 insertions(+), 3 deletions(-)
+
+Index: grub-2.00/grub-core/commands/hdparm.c
+===================================================================
+--- grub-2.00.orig/grub-core/commands/hdparm.c
++++ grub-2.00/grub-core/commands/hdparm.c
+@@ -328,6 +328,7 @@ grub_cmd_hdparm (grub_extcmd_context_t c
+ ata = ((struct grub_scsi *) disk->data)->data;
+ break;
+ }
++ /* FALLTHROUGH */
+ default:
+ return grub_error (GRUB_ERR_IO, "not an ATA device");
+ }
+Index: grub-2.00/grub-core/disk/cryptodisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/cryptodisk.c
++++ grub-2.00/grub-core/disk/cryptodisk.c
+@@ -268,6 +268,7 @@ grub_cryptodisk_endecrypt (struct grub_c
+ break;
+ case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
+ iv[1] = grub_cpu_to_le32 (sector >> 32);
++ /* FALLTHROUGH */
+ case GRUB_CRYPTODISK_MODE_IV_PLAIN:
+ iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
+ break;
+Index: grub-2.00/grub-core/disk/efi/efidisk.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/efi/efidisk.c
++++ grub-2.00/grub-core/disk/efi/efidisk.c
+@@ -262,7 +262,7 @@ name_devices (struct grub_efidisk_data *
+ {
+ case GRUB_EFI_HARD_DRIVE_DEVICE_PATH_SUBTYPE:
+ is_hard_drive = 1;
+- /* Fall through by intention. */
++ /* Intentionally fall through. */
+ case GRUB_EFI_CDROM_DEVICE_PATH_SUBTYPE:
+ {
+ struct grub_efidisk_data *parent, *parent2;
+Index: grub-2.00/grub-core/efiemu/mm.c
+===================================================================
+--- grub-2.00.orig/grub-core/efiemu/mm.c
++++ grub-2.00/grub-core/efiemu/mm.c
+@@ -410,6 +410,7 @@ grub_efiemu_mmap_fill (void)
+ default:
+ grub_dprintf ("efiemu",
+ "Unknown memory type %d. Assuming unusable\n", type);
++ /* FALLTHROUGH */
+ case GRUB_MEMORY_RESERVED:
+ return grub_efiemu_add_to_mmap (addr, size,
+ GRUB_EFI_UNUSABLE_MEMORY);
+Index: grub-2.00/grub-core/gdb/cstub.c
+===================================================================
+--- grub-2.00.orig/grub-core/gdb/cstub.c
++++ grub-2.00/grub-core/gdb/cstub.c
+@@ -336,6 +336,7 @@ grub_gdb_trap (int trap_no)
+ /* sAA..AA: Step one instruction from AA..AA(optional). */
+ case 's':
+ stepping = 1;
++ /* FALLTHROUGH */
+
+ /* cAA..AA: Continue at address AA..AA(optional). */
+ case 'c':
+Index: grub-2.00/grub-core/gnulib/regexec.c
+===================================================================
+--- grub-2.00.orig/grub-core/gnulib/regexec.c
++++ grub-2.00/grub-core/gnulib/regexec.c
+@@ -4104,6 +4104,9 @@ check_node_accept (const re_match_contex
+ case OP_UTF8_PERIOD:
+ if (ch >= ASCII_CHARS)
+ return false;
++#if defined __GNUC__ && __GNUC__ >= 7
++ __attribute__ ((fallthrough));
++#endif
+ /* FALLTHROUGH */
+ #endif
+ case OP_PERIOD:
+Index: grub-2.00/grub-core/lib/xzembed/xz_dec_lzma2.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/xzembed/xz_dec_lzma2.c
++++ grub-2.00/grub-core/lib/xzembed/xz_dec_lzma2.c
+@@ -1042,6 +1042,8 @@ enum xz_ret xz_dec_lzma2_run(
+
+ s->lzma2.sequence = SEQ_LZMA_PREPARE;
+
++ /* Fall through */
++
+ case SEQ_LZMA_PREPARE:
+ if (s->lzma2.compressed < RC_INIT_BYTES)
+ return XZ_DATA_ERROR;
+@@ -1052,6 +1054,8 @@ enum xz_ret xz_dec_lzma2_run(
+ s->lzma2.compressed -= RC_INIT_BYTES;
+ s->lzma2.sequence = SEQ_LZMA_RUN;
+
++ /* Fall through */
++
+ case SEQ_LZMA_RUN:
+ /*
+ * Set dictionary limit to indicate how much we want
+Index: grub-2.00/grub-core/lib/xzembed/xz_dec_stream.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/xzembed/xz_dec_stream.c
++++ grub-2.00/grub-core/lib/xzembed/xz_dec_stream.c
+@@ -749,6 +749,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_START;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_START:
+ /* We need one byte of input to continue. */
+ if (b->in_pos == b->in_size)
+@@ -772,6 +773,7 @@ static enum xz_ret dec_main(struct xz_de
+ s->temp.pos = 0;
+ s->sequence = SEQ_BLOCK_HEADER;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_HEADER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+@@ -782,6 +784,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_UNCOMPRESS;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_UNCOMPRESS:
+ ret = dec_block(s, b);
+ if (ret != XZ_STREAM_END)
+@@ -809,6 +812,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_BLOCK_CHECK;
+
++ /* FALLTHROUGH */
+ case SEQ_BLOCK_CHECK:
+ ret = hash_validate(s, b, 0);
+ if (ret != XZ_STREAM_END)
+@@ -863,6 +867,7 @@ static enum xz_ret dec_main(struct xz_de
+
+ s->sequence = SEQ_INDEX_CRC32;
+
++ /* FALLTHROUGH */
+ case SEQ_INDEX_CRC32:
+ ret = hash_validate(s, b, 1);
+ if (ret != XZ_STREAM_END)
+@@ -871,6 +876,7 @@ static enum xz_ret dec_main(struct xz_de
+ s->temp.size = STREAM_HEADER_SIZE;
+ s->sequence = SEQ_STREAM_FOOTER;
+
++ /* FALLTHROUGH */
+ case SEQ_STREAM_FOOTER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+Index: grub-2.00/grub-core/loader/i386/linux.c
+===================================================================
+--- grub-2.00.orig/grub-core/loader/i386/linux.c
++++ grub-2.00/grub-core/loader/i386/linux.c
+@@ -977,10 +977,13 @@ grub_cmd_linux (grub_command_t cmd __att
+ {
+ case 'g':
+ shift += 10;
++ /* FALLTHROUGH */
+ case 'm':
+ shift += 10;
++ /* FALLTHROUGH */
+ case 'k':
+ shift += 10;
++ /* FALLTHROUGH */
+ default:
+ break;
+ }
+Index: grub-2.00/grub-core/video/readers/jpeg.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/readers/jpeg.c
++++ grub-2.00/grub-core/video/readers/jpeg.c
+@@ -701,6 +701,7 @@ grub_jpeg_decode_jpeg (struct grub_jpeg_
+ case JPEG_MARKER_SOS: /* Start Of Scan. */
+ if (grub_jpeg_decode_sos (data))
+ break;
++ /* FALLTHROUGH */
+ case JPEG_MARKER_RST0: /* Restart. */
+ case JPEG_MARKER_RST1:
+ case JPEG_MARKER_RST2:
+Index: grub-2.00/util/grub-mkimagexx.c
+===================================================================
+--- grub-2.00.orig/util/grub-mkimagexx.c
++++ grub-2.00/util/grub-mkimagexx.c
+@@ -485,6 +485,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e
+ + sym->st_value
+ - image_target->vaddr_offset));
+ }
++ /* FALLTHROUGH */
+ case R_IA64_LTOFF_FPTR22:
+ *gpptr = grub_host_to_target64 (addend + sym_addr);
+ add_value_to_slot_21 ((grub_addr_t) target,
+Index: grub-2.00/util/grub-mount.c
+===================================================================
+--- grub-2.00.orig/util/grub-mount.c
++++ grub-2.00/util/grub-mount.c
+@@ -487,6 +487,7 @@ argp_parser (int key, char *arg, struct
+ if (arg[0] != '-')
+ break;
+
++ /* FALLTHROUGH */
+ default:
+ if (!arg)
+ return 0;
diff --git a/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch b/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch
new file mode 100644
index 0000000..fcfbf5c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch
@@ -0,0 +1,38 @@
+From 007f0b407f72314ec832d77e15b83ea40b160037 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Tue, 4 Apr 2017 19:37:47 +0300
+Subject: [PATCH 3/4] Add gnulib-fix-gcc7-fallthrough.diff
+
+As long as the code is not upstream, add it as explicit patch for the
+case of gnulib refresh.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/gnulib-fix-gcc7-fallthrough.diff | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644 grub-core/gnulib-fix-gcc7-fallthrough.diff
+
+diff --git a/grub-core/gnulib-fix-gcc7-fallthrough.diff b/grub-core/gnulib-fix-gcc7-fallthrough.diff
+new file mode 100644
+index 0000000..9802e2d
+--- /dev/null
++++ b/grub-core/gnulib-fix-gcc7-fallthrough.diff
+@@ -0,0 +1,14 @@
++diff --git grub-core/gnulib/regexec.c grub-core/gnulib/regexec.c
++index f632cd4..a7776f0 100644
++--- grub-core/gnulib/regexec.c
+++++ grub-core/gnulib/regexec.c
++@@ -4099,6 +4099,9 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node,
++ case OP_UTF8_PERIOD:
++ if (ch >= ASCII_CHARS)
++ return false;
+++#if defined __GNUC__ && __GNUC__ >= 7
+++ __attribute__ ((fallthrough));
+++#endif
++ /* FALLTHROUGH */
++ #endif
++ case OP_PERIOD:
+--
+1.9.1
+
diff --git a/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch b/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch
new file mode 100644
index 0000000..78a70a2
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch
@@ -0,0 +1,175 @@
+From d454509bb866d4eaefbb558d94dd0ef0228830eb Mon Sep 17 00:00:00 2001
+From: Vladimir Serbinenko <phcoder@gmail.com>
+Date: Wed, 12 Apr 2017 01:42:38 +0000
+Subject: [PATCH 4/4] Fix remaining cases of gcc 7 fallthrough warning.
+
+They are all intended, so just add the relevant comment.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ grub-core/kern/ia64/dl.c | 1 +
+ grub-core/kern/mips/dl.c | 1 +
+ grub-core/kern/sparc64/dl.c | 1 +
+ grub-core/loader/i386/coreboot/chainloader.c | 1 +
+ 4 files changed, 4 insertions(+)
+
+Index: grub-2.00/grub-core/kern/ia64/dl.c
+===================================================================
+--- grub-2.00.orig/grub-core/kern/ia64/dl.c
++++ grub-2.00/grub-core/kern/ia64/dl.c
+@@ -257,6 +257,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t
+ case R_IA64_LTOFF22:
+ if (ELF_ST_TYPE (sym->st_info) == STT_FUNC)
+ value = *(grub_uint64_t *) sym->st_value + rel->r_addend;
++ /* Fallthrough. */
+ case R_IA64_LTOFF_FPTR22:
+ *gpptr = value;
+ add_value_to_slot_21 (addr, (grub_addr_t) gpptr - (grub_addr_t) gp);
+Index: grub-2.00/grub-core/disk/diskfilter.c
+===================================================================
+--- grub-2.00.orig/grub-core/disk/diskfilter.c
++++ grub-2.00/grub-core/disk/diskfilter.c
+@@ -71,10 +71,12 @@ is_lv_readable (struct grub_diskfilter_l
+ case GRUB_DISKFILTER_RAID6:
+ if (!easily)
+ need--;
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_RAID4:
+ case GRUB_DISKFILTER_RAID5:
+ if (!easily)
+ need--;
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_STRIPED:
+ break;
+
+@@ -507,6 +509,7 @@ read_segment (struct grub_diskfilter_seg
+ if (seg->node_count == 1)
+ return grub_diskfilter_read_node (&seg->nodes[0],
+ sector, size, buf);
++ /* Fallthrough. */
+ case GRUB_DISKFILTER_MIRROR:
+ case GRUB_DISKFILTER_RAID10:
+ {
+Index: grub-2.00/grub-core/font/font.c
+===================================================================
+--- grub-2.00.orig/grub-core/font/font.c
++++ grub-2.00/grub-core/font/font.c
+@@ -1297,6 +1297,7 @@ blit_comb (const struct grub_unicode_gly
+ - grub_font_get_xheight (combining_glyphs[i]->font) - 1;
+ if (space <= 0)
+ space = 1 + (grub_font_get_xheight (main_glyph->font)) / 8;
++ /* Fallthrough. */
+
+ case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
+ do_blit (combining_glyphs[i], targetx,
+@@ -1338,6 +1339,7 @@ blit_comb (const struct grub_unicode_gly
+ + combining_glyphs[i]->height);
+ if (space <= 0)
+ space = 1 + (grub_font_get_xheight (main_glyph->font)) / 8;
++ /* Fallthrough. */
+
+ case GRUB_UNICODE_STACK_ATTACHED_BELOW:
+ do_blit (combining_glyphs[i], targetx, -(bounds.y - space));
+Index: grub-2.00/grub-core/fs/udf.c
+===================================================================
+--- grub-2.00.orig/grub-core/fs/udf.c
++++ grub-2.00/grub-core/fs/udf.c
+@@ -970,6 +970,7 @@ grub_udf_read_symlink (grub_fshelp_node_
+ case 1:
+ if (ptr[1])
+ goto fail;
++ break;
+ case 2:
+ /* in 4 bytes. out: 1 byte. */
+ optr = out;
+Index: grub-2.00/grub-core/lib/legacy_parse.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/legacy_parse.c
++++ grub-2.00/grub-core/lib/legacy_parse.c
+@@ -626,6 +626,7 @@ grub_legacy_parse (const char *buf, char
+ {
+ case TYPE_FILE_NO_CONSUME:
+ hold_arg = 1;
++ /* Fallthrough. */
+ case TYPE_PARTITION:
+ case TYPE_FILE:
+ args[i] = adjust_file (curarg, curarglen);
+Index: grub-2.00/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
++++ grub-2.00/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
+@@ -96,7 +96,8 @@ do_setkey (RIJNDAEL_context *ctx, const
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ int ROUNDS;
+- int i,j, r, t, rconpointer = 0;
++ unsigned int i, t, rconpointer = 0;
++ int j, r;
+ int KC;
+ union
+ {
+Index: grub-2.00/grub-core/mmap/efi/mmap.c
+===================================================================
+--- grub-2.00.orig/grub-core/mmap/efi/mmap.c
++++ grub-2.00/grub-core/mmap/efi/mmap.c
+@@ -72,6 +72,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ GRUB_MEMORY_AVAILABLE);
+ break;
+ }
++ /* Fallthrough. */
+ case GRUB_EFI_RUNTIME_SERVICES_CODE:
+ hook (desc->physical_start, desc->num_pages * 4096,
+ GRUB_MEMORY_CODE);
+@@ -86,6 +87,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ grub_printf ("Unknown memory type %d, considering reserved\n",
+ desc->type);
+
++ /* Fallthrough. */
+ case GRUB_EFI_BOOT_SERVICES_DATA:
+ if (!avoid_efi_boot_services)
+ {
+@@ -93,6 +95,7 @@ grub_efi_mmap_iterate (grub_memory_hook_
+ GRUB_MEMORY_AVAILABLE);
+ break;
+ }
++ /* Fallthrough. */
+ case GRUB_EFI_RESERVED_MEMORY_TYPE:
+ case GRUB_EFI_RUNTIME_SERVICES_DATA:
+ case GRUB_EFI_MEMORY_MAPPED_IO:
+Index: grub-2.00/grub-core/normal/charset.c
+===================================================================
+--- grub-2.00.orig/grub-core/normal/charset.c
++++ grub-2.00/grub-core/normal/charset.c
+@@ -858,6 +858,7 @@ grub_bidi_line_logical_to_visual (const
+ case GRUB_BIDI_TYPE_R:
+ case GRUB_BIDI_TYPE_AL:
+ bidi_needed = 1;
++ /* Fallthrough. */
+ default:
+ {
+ if (join_state == JOIN_FORCE)
+Index: grub-2.00/grub-core/video/bochs.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/bochs.c
++++ grub-2.00/grub-core/video/bochs.c
+@@ -351,6 +351,7 @@ grub_video_bochs_setup (unsigned int wid
+ case 32:
+ framebuffer.mode_info.reserved_mask_size = 8;
+ framebuffer.mode_info.reserved_field_pos = 24;
++ /* Fallthrough. */
+
+ case 24:
+ framebuffer.mode_info.red_mask_size = 8;
+Index: grub-2.00/grub-core/video/cirrus.c
+===================================================================
+--- grub-2.00.orig/grub-core/video/cirrus.c
++++ grub-2.00/grub-core/video/cirrus.c
+@@ -431,6 +431,7 @@ grub_video_cirrus_setup (unsigned int wi
+ case 32:
+ framebuffer.mode_info.reserved_mask_size = 8;
+ framebuffer.mode_info.reserved_field_pos = 24;
++ /* Fallthrough. */
+
+ case 24:
+ framebuffer.mode_info.red_mask_size = 8;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ef893b3..a93c99e 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -36,6 +36,10 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://0001-grub-core-kern-efi-mm.c-grub_efi_finish_boot_service.patch \
file://0002-grub-core-kern-efi-mm.c-grub_efi_get_memory_map-Neve.patch \
file://0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch \
+ file://0001-btrfs-avoid-used-uninitialized-error-with-GCC7.patch \
+ file://0002-i386-x86_64-ppc-fix-switch-fallthrough-cases-with-GC.patch \
+ file://0003-Add-gnulib-fix-gcc7-fallthrough.diff.patch \
+ file://0004-Fix-remaining-cases-of-gcc-7-fallthrough-warning.patch \
"
DEPENDS = "flex-native bison-native autogen-native"
diff --git a/meta/recipes-bsp/v86d/v86d_0.1.10.bb b/meta/recipes-bsp/v86d/v86d_0.1.10.bb
index 579a0a2..e5f6fff 100644
--- a/meta/recipes-bsp/v86d/v86d_0.1.10.bb
+++ b/meta/recipes-bsp/v86d/v86d_0.1.10.bb
@@ -9,14 +9,14 @@ DEPENDS = "virtual/kernel"
RRECOMMENDS_${PN} = "kernel-module-uvesafb"
PR = "r2"
-SRC_URI = "http://distfiles.gentoo.org/distfiles/${BP}.tar.bz2 \
+SRC_URI = "${DEBIAN_MIRROR}/main/v/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://Update-x86emu-from-X.org.patch \
file://ar-from-env.patch \
file://aarch64-host.patch \
"
-SRC_URI[md5sum] = "51c792ba7b874ad8c43f0d3da4cfabe0"
-SRC_URI[sha256sum] = "634964ae18ef68c8493add2ce150e3b4502badeb0d9194b4bd81241d25e6735c"
+SRC_URI[md5sum] = "889686ec8424468fe0d205742e77a4c2"
+SRC_URI[sha256sum] = "93575c82e4307d8c4c370ec6b767f5cf87e527b2378146d652a6d8e25d5bdbc5"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index ccb10aa..882873a 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -24,6 +24,7 @@ SRC_URI = "\
file://run-ptest \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+ file://cve-2017-1000250.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch b/meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch
new file mode 100644
index 0000000..9fac961
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch
@@ -0,0 +1,34 @@
+All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
+information disclosure vulnerability which allows remote attackers to obtain
+sensitive information from the bluetoothd process memory. This vulnerability
+lies in the processing of SDP search attribute requests.
+
+CVE: CVE-2017-1000250
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 13 Sep 2017 10:01:40 +0300
+Subject: sdp: Fix Out-of-bounds heap read in service_search_attr_req function
+
+Check if there is enough data to continue otherwise return an error.
+---
+ src/sdpd-request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sdpd-request.c b/src/sdpd-request.c
+index 1eefdce..318d044 100644
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
+ } else {
+ /* continuation State exists -> get from cache */
+ sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+- if (pCache) {
++ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+ pResponse = pCache->data;
+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+--
+cgit v1.1
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
index 1f63725..34ba0f8 100644
--- a/meta/recipes-connectivity/openssh/openssh/init
+++ b/meta/recipes-connectivity/openssh/openssh/init
@@ -19,11 +19,6 @@ fi
[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
mkdir -p $SYSCONFDIR
-HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
-HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
-HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
-
check_for_no_start() {
# forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
@@ -44,33 +39,13 @@ check_config() {
/usr/sbin/sshd -t $SSHD_OPTS || exit 1
}
-check_keys() {
- # create keys if necessary
- if [ ! -f $HOST_KEY_RSA ]; then
- echo " generating ssh RSA key..."
- ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
- fi
- if [ ! -f $HOST_KEY_ECDSA ]; then
- echo " generating ssh ECDSA key..."
- ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
- fi
- if [ ! -f $HOST_KEY_DSA ]; then
- echo " generating ssh DSA key..."
- ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
- fi
- if [ ! -f $HOST_KEY_ED25519 ]; then
- echo " generating ssh ED25519 key..."
- ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
- fi
-}
-
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
case "$1" in
start)
check_for_no_start
echo "Starting OpenBSD Secure Shell server: sshd"
- check_keys
+ @LIBEXECDIR@/sshd_check_keys
check_privsep_dir
start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
echo "done."
@@ -83,7 +58,7 @@ case "$1" in
reload|force-reload)
check_for_no_start
- check_keys
+ @LIBEXECDIR@/sshd_check_keys
check_config
echo -n "Reloading OpenBSD Secure Shell server's configuration"
start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
@@ -91,7 +66,7 @@ case "$1" in
;;
restart)
- check_keys
+ @LIBEXECDIR@/sshd_check_keys
check_config
echo -n "Restarting OpenBSD Secure Shell server: sshd"
start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
new file mode 100644
index 0000000..f5bba53
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -0,0 +1,64 @@
+#! /bin/sh
+
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
+if test -f /etc/default/ssh; then
+ . /etc/default/ssh
+fi
+
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+
+# parse sshd options
+set -- ${SSHD_OPTS} --
+sshd_config=/etc/ssh/sshd_config
+while true ; do
+ case "$1" in
+ -f*) if [ "$1" = "-f" ] ; then
+ sshd_config="$2"
+ shift
+ else
+ sshd_config="${1#-f}"
+ fi
+ shift
+ ;;
+ --) shift; break;;
+ *) shift;;
+ esac
+done
+
+# parse location of keys
+HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
+HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
+HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
+HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
+
+# create keys if necessary
+if [ ! -f $HOST_KEY_RSA ]; then
+ echo " generating ssh RSA key..."
+ mkdir -p $(dirname $HOST_KEY_RSA)
+ ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
+fi
+if [ ! -f $HOST_KEY_ECDSA ]; then
+ echo " generating ssh ECDSA key..."
+ mkdir -p $(dirname $HOST_KEY_ECDSA)
+ ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
+fi
+if [ ! -f $HOST_KEY_DSA ]; then
+ echo " generating ssh DSA key..."
+ mkdir -p $(dirname $HOST_KEY_DSA)
+ ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
+fi
+if [ ! -f $HOST_KEY_ED25519 ]; then
+ echo " generating ssh ED25519 key..."
+ mkdir -p $(dirname $HOST_KEY_ED25519)
+ ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
+fi
+
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 148e6ad..603c337 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -1,22 +1,8 @@
[Unit]
Description=OpenSSH Key Generation
RequiresMountsFor=/var /run
-ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key
-ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key
-ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key
-ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key
-ConditionPathExists=!/etc/ssh/ssh_host_rsa_key
-ConditionPathExists=!/etc/ssh/ssh_host_dsa_key
-ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key
-ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key
[Service]
-Environment="SYSCONFDIR=/etc/ssh"
-EnvironmentFile=-/etc/default/ssh
-ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519
+ExecStart=@LIBEXECDIR@/sshd_check_keys
Type=oneshot
RemainAfterExit=yes
diff --git a/meta/recipes-connectivity/openssh/openssh_7.4p1.bb b/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
index c8093d4..e501ead 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+ file://sshd_check_keys \
"
PAM_SRC_URI = "file://sshd"
@@ -124,7 +125,13 @@ do_install_append () {
sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
-e 's,@BINDIR@,${bindir},g' \
+ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+
+ sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${sysconfdir}/init.d/sshd
+
+ install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
}
do_install_ptest () {
@@ -139,6 +146,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
FILES_${PN}-sftp = "${bindir}/sftp"
FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
diff --git a/meta/recipes-connectivity/portmap/portmap_6.0.bb b/meta/recipes-connectivity/portmap/portmap_6.0.bb
index 999b4a9..d970095 100644
--- a/meta/recipes-connectivity/portmap/portmap_6.0.bb
+++ b/meta/recipes-connectivity/portmap/portmap_6.0.bb
@@ -4,7 +4,7 @@ DEPENDS_append_libc-musl = " libtirpc "
PR = "r9"
-SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \
+SRC_URI = "https://fossies.org/linux/misc/old/portmap-6.0.tgz \
file://destdir-no-strip.patch \
file://tcpd-config.patch \
file://portmap.init \
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
new file mode 100644
index 0000000..436520f
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
@@ -0,0 +1,1025 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
+
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
+
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
+
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
+
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
+
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
+
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index 5215b00..d6d4206 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://wpa_supplicant.conf \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
+ file://key-replay-cve-multiple.patch \
"
SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
diff --git a/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch b/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
new file mode 100644
index 0000000..812a507
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
@@ -0,0 +1,33 @@
+From 34ecc3b7aefdd6c31e8691bd5485037bbabedbd4 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Sun, 14 Aug 2016 01:30:34 +0200
+Subject: [PATCH] ip: fix an improper optimization: req.r.rtm_scope may be
+ nonzero here
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+Upstream-Status: Backport
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+
+ networking/libiproute/iproute.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
+index e674e9a0d..48dc6e3d9 100644
+--- a/networking/libiproute/iproute.c
++++ b/networking/libiproute/iproute.c
+@@ -362,10 +362,9 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ req.r.rtm_scope = RT_SCOPE_NOWHERE;
+
+ if (cmd != RTM_DELROUTE) {
++ req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+ if (RTPROT_BOOT != 0)
+ req.r.rtm_protocol = RTPROT_BOOT;
+- if (RT_SCOPE_UNIVERSE != 0)
+- req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+ if (RTN_UNICAST != 0)
+ req.r.rtm_type = RTN_UNICAST;
+ }
+--
+2.11.0
+
diff --git a/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch b/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch
new file mode 100644
index 0000000..66bc76e
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch
@@ -0,0 +1,122 @@
+From ce4bc1ed048233e89ee4cb95830bf6f01d523d1e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 30 Dec 2015 17:32:51 +0100
+Subject: [PATCH] iproute: support "scope". Closes 8561
+
+function old new delta
+iproute_modify 1051 1120 +69
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+Upstream-Status: Backport
+Modified patch to build against busybox 1.24.1:
+- s/invarg_1_to_2/invarg
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+---
+ networking/libiproute/iproute.c | 52 ++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 19 deletions(-)
+
+diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
+index d232ee6fd..82827488f 100644
+--- a/networking/libiproute/iproute.c
++++ b/networking/libiproute/iproute.c
+@@ -313,12 +313,13 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
+ static int iproute_modify(int cmd, unsigned flags, char **argv)
+ {
+ static const char keywords[] ALIGN1 =
+- "src\0""via\0""mtu\0""lock\0""protocol\0"IF_FEATURE_IP_RULE("table\0")
++ "src\0""via\0""mtu\0""lock\0""scope\0""protocol\0"IF_FEATURE_IP_RULE("table\0")
+ "dev\0""oif\0""to\0""metric\0""onlink\0";
+ enum {
+ ARG_src,
+ ARG_via,
+ ARG_mtu, PARM_lock,
++ ARG_scope,
+ ARG_protocol,
+ IF_FEATURE_IP_RULE(ARG_table,)
+ ARG_dev,
+@@ -344,6 +345,7 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ unsigned mxlock = 0;
+ char *d = NULL;
+ smalluint ok = 0;
++ smalluint scope_ok = 0;
+ int arg;
+
+ memset(&req, 0, sizeof(req));
+@@ -352,15 +354,18 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ req.n.nlmsg_flags = NLM_F_REQUEST | flags;
+ req.n.nlmsg_type = cmd;
+ req.r.rtm_family = preferred_family;
+- if (RT_TABLE_MAIN) /* if it is zero, memset already did it */
++ if (RT_TABLE_MAIN != 0) /* if it is zero, memset already did it */
+ req.r.rtm_table = RT_TABLE_MAIN;
+- if (RT_SCOPE_NOWHERE)
++ if (RT_SCOPE_NOWHERE != 0)
+ req.r.rtm_scope = RT_SCOPE_NOWHERE;
+
+ if (cmd != RTM_DELROUTE) {
+- req.r.rtm_protocol = RTPROT_BOOT;
+- req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+- req.r.rtm_type = RTN_UNICAST;
++ if (RTPROT_BOOT != 0)
++ req.r.rtm_protocol = RTPROT_BOOT;
++ if (RT_SCOPE_UNIVERSE != 0)
++ req.r.rtm_scope = RT_SCOPE_UNIVERSE;
++ if (RTN_UNICAST != 0)
++ req.r.rtm_type = RTN_UNICAST;
+ }
+
+ mxrta->rta_type = RTA_METRICS;
+@@ -393,6 +398,13 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ }
+ mtu = get_unsigned(*argv, "mtu");
+ rta_addattr32(mxrta, sizeof(mxbuf), RTAX_MTU, mtu);
++ } else if (arg == ARG_scope) {
++ uint32_t scope;
++ NEXT_ARG();
++ if (rtnl_rtscope_a2n(&scope, *argv))
++ invarg(*argv, "scope");
++ req.r.rtm_scope = scope;
++ scope_ok = 1;
+ } else if (arg == ARG_protocol) {
+ uint32_t prot;
+ NEXT_ARG();
+@@ -469,20 +481,22 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ addattr_l(&req.n, sizeof(req), RTA_METRICS, RTA_DATA(mxrta), RTA_PAYLOAD(mxrta));
+ }
+
+- if (req.r.rtm_type == RTN_LOCAL || req.r.rtm_type == RTN_NAT)
+- req.r.rtm_scope = RT_SCOPE_HOST;
+- else
+- if (req.r.rtm_type == RTN_BROADCAST
+- || req.r.rtm_type == RTN_MULTICAST
+- || req.r.rtm_type == RTN_ANYCAST
+- ) {
+- req.r.rtm_scope = RT_SCOPE_LINK;
+- }
+- else if (req.r.rtm_type == RTN_UNICAST || req.r.rtm_type == RTN_UNSPEC) {
+- if (cmd == RTM_DELROUTE)
+- req.r.rtm_scope = RT_SCOPE_NOWHERE;
+- else if (!(ok & gw_ok))
++ if (!scope_ok) {
++ if (req.r.rtm_type == RTN_LOCAL || req.r.rtm_type == RTN_NAT)
++ req.r.rtm_scope = RT_SCOPE_HOST;
++ else
++ if (req.r.rtm_type == RTN_BROADCAST
++ || req.r.rtm_type == RTN_MULTICAST
++ || req.r.rtm_type == RTN_ANYCAST
++ ) {
+ req.r.rtm_scope = RT_SCOPE_LINK;
++ }
++ else if (req.r.rtm_type == RTN_UNICAST || req.r.rtm_type == RTN_UNSPEC) {
++ if (cmd == RTM_DELROUTE)
++ req.r.rtm_scope = RT_SCOPE_NOWHERE;
++ else if (!(ok & gw_ok))
++ req.r.rtm_scope = RT_SCOPE_LINK;
++ }
+ }
+
+ if (req.r.rtm_family == AF_UNSPEC) {
+--
+2.11.0
+
diff --git a/meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch b/meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch
new file mode 100644
index 0000000..0c3c9c0
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch
@@ -0,0 +1,70 @@
+From f94412f6bb49136694c5478d0aecb19118d1b08d Mon Sep 17 00:00:00 2001
+From: Ming Liu <peter.x.liu@external.atlascopco.com>
+Date: Wed, 31 May 2017 11:48:09 +0200
+Subject: [PATCH] tar: add IF_FEATURE_* checks
+
+A following linking error was observed:
+| ==========
+| archival/lib.a(tar.o): In function `tar_main':
+| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
+| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
+| ld: busybox_unstripped: hidden symbol `unpack_Z_stream' isn't defined
+| ld: final link failed: Bad value
+
+this happened with clang compiler, with the following configs:
+| CONFIG_TAR=y
+| # CONFIG_FEATURE_SEAMLESS_Z is not set
+
+which can be fixed by adding IF_FEATURE_* checks in.
+
+Upstream-Status: Pending [ Sent to busybox upstream on 2017-06-02 ]
+
+Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
+---
+ archival/tar.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/archival/tar.c b/archival/tar.c
+index b70e00a..7598b71 100644
+--- a/archival/tar.c
++++ b/archival/tar.c
+@@ -1216,21 +1216,26 @@ int tar_main(int argc UNUSED_PARAM, char **argv)
+ USE_FOR_MMU(IF_DESKTOP(long long) int FAST_FUNC (*xformer)(transformer_state_t *xstate);)
+ USE_FOR_NOMMU(const char *xformer_prog;)
+
+- if (opt & OPT_COMPRESS)
+- USE_FOR_MMU(xformer = unpack_Z_stream;)
++ if (opt & OPT_COMPRESS) {
++ USE_FOR_MMU(IF_FEATURE_SEAMLESS_Z(xformer = unpack_Z_stream;))
+ USE_FOR_NOMMU(xformer_prog = "uncompress";)
+- if (opt & OPT_GZIP)
+- USE_FOR_MMU(xformer = unpack_gz_stream;)
++ }
++ if (opt & OPT_GZIP) {
++ USE_FOR_MMU(IF_FEATURE_SEAMLESS_GZ(xformer = unpack_gz_stream;))
+ USE_FOR_NOMMU(xformer_prog = "gunzip";)
+- if (opt & OPT_BZIP2)
+- USE_FOR_MMU(xformer = unpack_bz2_stream;)
++ }
++ if (opt & OPT_BZIP2) {
++ USE_FOR_MMU(IF_FEATURE_SEAMLESS_BZ2(xformer = unpack_bz2_stream;))
+ USE_FOR_NOMMU(xformer_prog = "bunzip2";)
+- if (opt & OPT_LZMA)
+- USE_FOR_MMU(xformer = unpack_lzma_stream;)
++ }
++ if (opt & OPT_LZMA) {
++ USE_FOR_MMU(IF_FEATURE_SEAMLESS_LZMA(xformer = unpack_lzma_stream;))
+ USE_FOR_NOMMU(xformer_prog = "unlzma";)
+- if (opt & OPT_XZ)
+- USE_FOR_MMU(xformer = unpack_xz_stream;)
++ }
++ if (opt & OPT_XZ) {
++ USE_FOR_MMU(IF_FEATURE_SEAMLESS_XZ(xformer = unpack_xz_stream;))
+ USE_FOR_NOMMU(xformer_prog = "unxz";)
++ }
+
+ fork_transformer_with_sig(tar_handle->src_fd, xformer, xformer_prog);
+ /* Can't lseek over pipes */
+--
+2.7.4
+
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index e26dfff..6ccbffd 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -57,6 +57,9 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://0001-libiproute-handle-table-ids-larger-than-255.patch \
file://ifupdown-pass-interface-device-name-for-ipv6-route-c.patch \
file://BUG9071_buffer_overflow_arp.patch \
+ file://busybox-tar-add-IF_FEATURE_-checks.patch \
+ file://0001-iproute-support-scope-.-Closes-8561.patch \
+ file://0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
diff --git a/meta/recipes-core/expat/expat.inc b/meta/recipes-core/expat/expat.inc
index 8bfd0bf..9fa0ca2 100644
--- a/meta/recipes-core/expat/expat.inc
+++ b/meta/recipes-core/expat/expat.inc
@@ -7,9 +7,6 @@ LICENSE = "MIT"
SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
file://autotools.patch \
"
-
-SRC_URI_append_class-native = " file://no_getrandom.patch"
-
inherit autotools lib_package
# This package uses an archive format known to have issue with some
diff --git a/meta/recipes-core/expat/expat/no_getrandom.patch b/meta/recipes-core/expat/expat/no_getrandom.patch
deleted file mode 100644
index d64f1bf..0000000
--- a/meta/recipes-core/expat/expat/no_getrandom.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-The native version of expat may be used on older systems which dont have glibc 2.25
-and hence don't have getrandom() thanks to uninative. Disable the libc call and
-use the syscall instead to avoid a compatibility issue until we have 2.25 everywhere
-we support with uninative.
-
-RP
-2017/8/14
-
-Upstream-Status: Inappropriate
-
-Index: expat-2.2.3/configure.ac
-===================================================================
---- expat-2.2.3.orig/configure.ac
-+++ expat-2.2.3/configure.ac
-@@ -151,7 +151,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([
- #include <stdlib.h> /* for NULL */
- #include <sys/random.h>
- int main() {
-- return getrandom(NULL, 0U, 0U);
-+ return getrandomBREAKME(NULL, 0U, 0U);
- }
- ])], [
- AC_DEFINE([HAVE_GETRANDOM], [1],
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.25.bb b/meta/recipes-core/glibc/cross-localedef-native_2.25.bb
index cbd16f7..fae8683 100644
--- a/meta/recipes-core/glibc/cross-localedef-native_2.25.bb
+++ b/meta/recipes-core/glibc/cross-localedef-native_2.25.bb
@@ -36,6 +36,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0023-eglibc-Install-PIC-archives.patch \
file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+ file://0001-Include-locale_t.h-compatibility-header.patch \
"
# Makes for a rather long rev (22 characters), but...
#
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc
index 70e2b3a..75ababe 100644
--- a/meta/recipes-core/glibc/glibc-locale.inc
+++ b/meta/recipes-core/glibc/glibc-locale.inc
@@ -12,6 +12,10 @@ BINUTILSDEP = "virtual/${MLPREFIX}${TARGET_PREFIX}binutils:do_populate_sysroot"
BINUTILSDEP_class-nativesdk = "virtual/${TARGET_PREFIX}binutils-crosssdk:do_populate_sysroot"
do_package[depends] += "${BINUTILSDEP}"
+# localedef links with libc.so and glibc-collateral.incinhibits all default deps
+# cannot add virtual/libc to DEPENDS, because it would conflict with libc-initial in RSS
+RDEPENDS_localedef += "glibc"
+
# Binary locales are generated at build time if ENABLE_BINARY_LOCALE_GENERATION
# is set. The idea is to avoid running localedef on the target (at first boot)
# to decrease initial boot time and avoid localedef being killed by the OOM
diff --git a/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch b/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch
new file mode 100644
index 0000000..a13c428
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-Include-locale_t.h-compatibility-header.patch
@@ -0,0 +1,29 @@
+From abfeb0cf4e3261a66a7a23abc9aed33c034c850d Mon Sep 17 00:00:00 2001
+From: Joshua Watt <Joshua.Watt@garmin.com>
+Date: Wed, 6 Dec 2017 13:26:19 -0600
+Subject: [PATCH] Include locale_t.h compatibility header
+
+Newer versions of glibc (since 2.26) moved the locale typedefs from
+xlocale.h to bits/types/locale_t.h. Create a compatibility header for
+these newer versions of glibc
+
+See f0be25b6336db7492e47d2e8e72eb8af53b5506d in glibc
+
+Upstream-Status: Inappropriate compatibility with newer host glibc
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+
+---
+ locale/bits/types/locale_t.h | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 locale/bits/types/locale_t.h
+
+diff --git a/locale/bits/types/locale_t.h b/locale/bits/types/locale_t.h
+new file mode 100644
+index 0000000000..b519a6c5f8
+--- /dev/null
++++ b/locale/bits/types/locale_t.h
+@@ -0,0 +1 @@
++#include <xlocale.h>
+--
+2.14.3
+
diff --git a/meta/recipes-core/glibc/glibc/0028-Rework-fno-omit-frame-pointer-support-on-i386.patch b/meta/recipes-core/glibc/glibc/0028-Rework-fno-omit-frame-pointer-support-on-i386.patch
new file mode 100644
index 0000000..7ed2b90
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0028-Rework-fno-omit-frame-pointer-support-on-i386.patch
@@ -0,0 +1,268 @@
+From 1ea003d4fccc4646fd1848a182405a1c7000ab18 Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date: Sun, 8 Jan 2017 11:38:23 -0200
+Subject: [PATCH 28/28] Rework -fno-omit-frame-pointer support on i386
+
+Commit 6b1df8b27f fixed the -OS build issue on i386 (BZ#20729) by
+expliciting disabling frame pointer (-fomit-frame-pointer) on the
+faulty objects. Although it does fix the issue, it is a subpar
+workaround that adds complexity in build process (a rule for each
+object to add the required compiler option and pontentially more
+rules for objects that call {INLINE,INTERNAL}_SYSCALL) and does not
+allow the implementations to get all the possible debug/calltrack
+information possible (used mainly in debuggers and performance
+measurement tools).
+
+This patch fixes it by adding an explicit configure check to see
+if -fno-omit-frame-pointer is set and to act accordingly (set or
+not OPTIMIZE_FOR_GCC_5). The make rules is simplified and only
+one is required: to add libc-do-syscall on loader due mmap
+(which will be empty anyway for default build with
+-fomit-frame-pointer).
+
+Checked on i386-linux-gnu with GCC 6.2.1 with CFLAGS sets as
+'-Os', '-O2 -fno-omit-frame-pointer', and '-O2 -fomit-frame-pointer'.
+For '-Os' the testsuite issues described by BZ#19463 and BZ#15105
+still applied.
+
+It fixes BZ #21029, although it is marked as duplicated of #20729
+(I reopened to track this cleanup).
+
+ [BZ #21029]
+ * config.h.in [CAN_USE_REGISTER_ASM_EBP]: New define.
+ * sysdeps/unix/sysv/linux/i386/Makefile
+ [$(subdir) = elf] (sysdep-dl-routines): Add libc-do-syscall.
+ (uses-6-syscall-arguments): Remove.
+ [$(subdir) = misc] (CFLAGS-epoll_pwait.o): Likewise.
+ [$(subdir) = misc] (CFLAGS-epoll_pwait.os): Likewise.
+ [$(subdir) = misc] (CFLAGS-mmap.o): Likewise.
+ [$(subdir) = misc] (CFLAGS-mmap.os): Likewise.
+ [$(subdir) = misc] (CFLAGS-mmap64.o): Likewise.
+ [$(subdir) = misc] (CFLAGS-mmap64.os): Likewise.
+ [$(subdir) = misc] (CFLAGS-pselect.o): Likewise.
+ [$(subdir) = misc] (cflags-pselect.o): Likewise.
+ [$(subdir) = misc] (cflags-pselect.os): Likewise.
+ [$(subdir) = misc] (cflags-rtld-mmap.os): Likewise.
+ [$(subdir) = sysvipc] (cflags-semtimedop.o): Likewise.
+ [$(subdir) = sysvipc] (cflags-semtimedop.os): Likewise.
+ [$(subdir) = io] (CFLAGS-posix_fadvise64.o): Likewise.
+ [$(subdir) = io] (CFLAGS-posix_fadvise64.os): Likewise.
+ [$(subdir) = io] (CFLAGS-posix_fallocate.o): Likewise.
+ [$(subdir) = io] (CFLAGS-posix_fallocate.os): Likewise.
+ [$(subdir) = io] (CFLAGS-posix_fallocate64.o): Likewise.
+ [$(subdir) = io] (CFLAGS-posix_fallocate64.os): Likewise.
+ [$(subdir) = io] (CFLAGS-sync_file_range.o): Likewise.
+ [$(subdir) = io] (CFLAGS-sync_file_range.os): Likewise.
+ [$(subdir) = io] (CFLAGS-fallocate.o): Likewise.
+ [$(subdir) = io] (CFLAGS-fallocate.os): Likewise.
+ [$(subdir) = io] (CFLAGS-fallocate64.o): Likewise.
+ [$(subdir) = io] (CFLAGS-fallocate64.os): Likewise.
+ [$(subdir) = nptl] (CFLAGS-pthread_rwlock_timedrdlock.o):
+ Likewise.
+ [$(subdir) = nptl] (CFLAGS-pthread_rwlock_timedrdlock.os):
+ Likewise.
+ [$(subdir) = nptl] (CFLAGS-pthread_rwlock_timedrwlock.o):
+ Likewise.
+ [$(subdir) = nptl] (CFLAGS-pthread_rwlock_timedrwlock.os):
+ Likewise.
+ [$(subdir) = nptl] (CFLAGS-sem_wait.o): Likewise.
+ [$(subdir) = nptl] (CFLAGS-sem_wait.os): Likewise.
+ [$(subdir) = nptl] (CFLAGS-sem_timedwait.o): Likewise.
+ [$(subdir) = nptl] (CFLAGS-sem_timedwait.os): Likewise.
+ * sysdeps/unix/sysv/linux/i386/configure.ac: Add check if compiler allows
+ ebp on inline assembly.
+ * sysdeps/unix/sysv/linux/i386/configure: Regenerate.
+ * sysdeps/unix/sysv/linux/i386/sysdep.h (OPTIMIZE_FOR_GCC_5):
+ Set if CAN_USE_REGISTER_ASM_EBP is set.
+ (check_consistency): Likewise.
+
+Upstream-Status: Backport
+
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3b33d6ed6096c1d20d05a650b06026d673f7399a
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ config.h.in | 4 ++++
+ sysdeps/unix/sysv/linux/i386/Makefile | 39 +------------------------------
+ sysdeps/unix/sysv/linux/i386/configure | 39 +++++++++++++++++++++++++++++++
+ sysdeps/unix/sysv/linux/i386/configure.ac | 17 ++++++++++++++
+ sysdeps/unix/sysv/linux/i386/sysdep.h | 6 ++---
+ 5 files changed, 64 insertions(+), 41 deletions(-)
+
+diff --git a/config.h.in b/config.h.in
+index 7bfe923..fb2cc51 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -259,4 +259,8 @@
+ /* Build glibc with tunables support. */
+ #define HAVE_TUNABLES 0
+
++/* Some compiler options may now allow to use ebp in __asm__ (used mainly
++ in i386 6 argument syscall issue). */
++#define CAN_USE_REGISTER_ASM_EBP 0
++
+ #endif
+diff --git a/sysdeps/unix/sysv/linux/i386/Makefile b/sysdeps/unix/sysv/linux/i386/Makefile
+index 9609752..6aac0df 100644
+--- a/sysdeps/unix/sysv/linux/i386/Makefile
++++ b/sysdeps/unix/sysv/linux/i386/Makefile
+@@ -1,47 +1,18 @@
+ # The default ABI is 32.
+ default-abi := 32
+
+-# %ebp is used to pass the 6th argument to system calls, so these
+-# system calls are incompatible with a frame pointer.
+-uses-6-syscall-arguments = -fomit-frame-pointer
+-
+ ifeq ($(subdir),misc)
+ sysdep_routines += ioperm iopl vm86
+-CFLAGS-epoll_pwait.o += $(uses-6-syscall-arguments)
+-CFLAGS-epoll_pwait.os += $(uses-6-syscall-arguments)
+-CFLAGS-mmap.o += $(uses-6-syscall-arguments)
+-CFLAGS-mmap.os += $(uses-6-syscall-arguments)
+-CFLAGS-mmap64.o += $(uses-6-syscall-arguments)
+-CFLAGS-mmap64.os += $(uses-6-syscall-arguments)
+-CFLAGS-pselect.o += $(uses-6-syscall-arguments)
+-CFLAGS-pselect.os += $(uses-6-syscall-arguments)
+-CFLAGS-rtld-mmap.os += $(uses-6-syscall-arguments)
+-endif
+-
+-ifeq ($(subdir),sysvipc)
+-CFLAGS-semtimedop.o += $(uses-6-syscall-arguments)
+-CFLAGS-semtimedop.os += $(uses-6-syscall-arguments)
+ endif
+
+ ifeq ($(subdir),elf)
++sysdep-dl-routines += libc-do-syscall
+ sysdep-others += lddlibc4
+ install-bin += lddlibc4
+ endif
+
+ ifeq ($(subdir),io)
+ sysdep_routines += libc-do-syscall
+-CFLAGS-posix_fadvise64.o += $(uses-6-syscall-arguments)
+-CFLAGS-posix_fadvise64.os += $(uses-6-syscall-arguments)
+-CFLAGS-posix_fallocate.o += $(uses-6-syscall-arguments)
+-CFLAGS-posix_fallocate.os += $(uses-6-syscall-arguments)
+-CFLAGS-posix_fallocate64.o += $(uses-6-syscall-arguments)
+-CFLAGS-posix_fallocate64.os += $(uses-6-syscall-arguments)
+-CFLAGS-sync_file_range.o += $(uses-6-syscall-arguments)
+-CFLAGS-sync_file_range.os += $(uses-6-syscall-arguments)
+-CFLAGS-fallocate.o += $(uses-6-syscall-arguments)
+-CFLAGS-fallocate.os += $(uses-6-syscall-arguments)
+-CFLAGS-fallocate64.o += $(uses-6-syscall-arguments)
+-CFLAGS-fallocate64.os += $(uses-6-syscall-arguments)
+ endif
+
+ ifeq ($(subdir),nptl)
+@@ -61,14 +32,6 @@ ifeq ($(subdir),nptl)
+ # pull in __syscall_error routine
+ libpthread-routines += sysdep
+ libpthread-shared-only-routines += sysdep
+-CFLAGS-pthread_rwlock_timedrdlock.o += $(uses-6-syscall-arguments)
+-CFLAGS-pthread_rwlock_timedrdlock.os += $(uses-6-syscall-arguments)
+-CFLAGS-pthread_rwlock_timedwrlock.o += $(uses-6-syscall-arguments)
+-CFLAGS-pthread_rwlock_timedwrlock.os += $(uses-6-syscall-arguments)
+-CFLAGS-sem_wait.o += $(uses-6-syscall-arguments)
+-CFLAGS-sem_wait.os += $(uses-6-syscall-arguments)
+-CFLAGS-sem_timedwait.o += $(uses-6-syscall-arguments)
+-CFLAGS-sem_timedwait.os += $(uses-6-syscall-arguments)
+ endif
+
+ ifeq ($(subdir),rt)
+diff --git a/sysdeps/unix/sysv/linux/i386/configure b/sysdeps/unix/sysv/linux/i386/configure
+index eb72659..ae2c356 100644
+--- a/sysdeps/unix/sysv/linux/i386/configure
++++ b/sysdeps/unix/sysv/linux/i386/configure
+@@ -3,5 +3,44 @@
+
+ arch_minimum_kernel=2.6.32
+
++# Check if CFLAGS allows compiler to use ebp register in inline assembly.
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler flags allows ebp in inline assembly" >&5
++$as_echo_n "checking if compiler flags allows ebp in inline assembly... " >&6; }
++if ${libc_cv_can_use_register_asm_ebp+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ void foo (int i)
++ {
++ register int reg asm ("ebp") = i;
++ asm ("# %0" : : "r" (reg));
++ }
++int
++main ()
++{
++
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++ libc_cv_can_use_register_asm_ebp=yes
++else
++ libc_cv_can_use_register_asm_ebp=no
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_can_use_register_asm_ebp" >&5
++$as_echo "$libc_cv_can_use_register_asm_ebp" >&6; }
++if test $libc_cv_can_use_register_asm_ebp = yes; then
++ $as_echo "#define CAN_USE_REGISTER_ASM_EBP 1" >>confdefs.h
++
++fi
++
+ libc_cv_gcc_unwind_find_fde=yes
+ ldd_rewrite_script=sysdeps/unix/sysv/linux/ldd-rewrite.sed
+diff --git a/sysdeps/unix/sysv/linux/i386/configure.ac b/sysdeps/unix/sysv/linux/i386/configure.ac
+index 1a11da6..1cd632e 100644
+--- a/sysdeps/unix/sysv/linux/i386/configure.ac
++++ b/sysdeps/unix/sysv/linux/i386/configure.ac
+@@ -3,5 +3,22 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
+
+ arch_minimum_kernel=2.6.32
+
++# Check if CFLAGS allows compiler to use ebp register in inline assembly.
++AC_CACHE_CHECK([if compiler flags allows ebp in inline assembly],
++ libc_cv_can_use_register_asm_ebp, [
++AC_COMPILE_IFELSE(
++ [AC_LANG_PROGRAM([
++ void foo (int i)
++ {
++ register int reg asm ("ebp") = i;
++ asm ("# %0" : : "r" (reg));
++ }])],
++ [libc_cv_can_use_register_asm_ebp=yes],
++ [libc_cv_can_use_register_asm_ebp=no])
++])
++if test $libc_cv_can_use_register_asm_ebp = yes; then
++ AC_DEFINE(CAN_USE_REGISTER_ASM_EBP)
++fi
++
+ libc_cv_gcc_unwind_find_fde=yes
+ ldd_rewrite_script=sysdeps/unix/sysv/linux/ldd-rewrite.sed
+diff --git a/sysdeps/unix/sysv/linux/i386/sysdep.h b/sysdeps/unix/sysv/linux/i386/sysdep.h
+index baf4642..449b23e 100644
+--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -44,9 +44,9 @@
+ /* Since GCC 5 and above can properly spill %ebx with PIC when needed,
+ we can inline syscalls with 6 arguments if GCC 5 or above is used
+ to compile glibc. Disable GCC 5 optimization when compiling for
+- profiling since asm ("ebp") can't be used to put the 6th argument
+- in %ebp for syscall. */
+-#if __GNUC_PREREQ (5,0) && !defined PROF
++ profiling or when -fno-omit-frame-pointer is used since asm ("ebp")
++ can't be used to put the 6th argument in %ebp for syscall. */
++#if __GNUC_PREREQ (5,0) && !defined PROF && CAN_USE_REGISTER_ASM_EBP
+ # define OPTIMIZE_FOR_GCC_5
+ #endif
+
+--
+1.9.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.25.bb b/meta/recipes-core/glibc/glibc_2.25.bb
index cf9c4f7..0f1ec0c 100644
--- a/meta/recipes-core/glibc/glibc_2.25.bb
+++ b/meta/recipes-core/glibc/glibc_2.25.bb
@@ -42,6 +42,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
file://0026-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
file://0027-locale-fix-hard-coded-reference-to-gcc-E.patch \
+ file://0028-Rework-fno-omit-frame-pointer-support-on-i386.patch \
"
NATIVESDKFIXES ?= ""
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index a0a1c24..045781c 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -23,7 +23,7 @@ IMAGE_FSTYPES = "vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "405517b4290d740f7d5b7e47a68ef37080ead63b"
+SRCREV ?= "b859272ad4053185d4980cac05481b430e05345f"
SRC_URI = "git://git.yoctoproject.org/poky;branch=pyro \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-UefiHiiLib-Fix-incorrect-comparison-exp.patch b/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-UefiHiiLib-Fix-incorrect-comparison-exp.patch
new file mode 100644
index 0000000..fcd7a46
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-UefiHiiLib-Fix-incorrect-comparison-exp.patch
@@ -0,0 +1,39 @@
+From 73692710d50da1f421b0e6ddff784ca3135389b3 Mon Sep 17 00:00:00 2001
+From: Dandan Bi <dandan.bi@intel.com>
+Date: Sat, 1 Apr 2017 10:31:14 +0800
+Subject: [PATCH] MdeModulePkg/UefiHiiLib:Fix incorrect comparison expression
+
+Fix the incorrect comparison between pointer and constant zero character.
+
+https://bugzilla.tianocore.org/show_bug.cgi?id=416
+
+V2: The pointer StringPtr points to a string returned
+by ExtractConfig/ExportConfig, if it is NULL, function
+InternalHiiIfrValueAction will return FALSE. So in
+current usage model, the StringPtr can not be NULL before
+using it, so we can add ASSERT here.
+
+Cc: Eric Dong <eric.dong@intel.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Dandan Bi <dandan.bi@intel.com>
+Reviewed-by: Eric Dong <eric.dong@intel.com>
+---
+Upstream-Status: Backport
+
+ MdeModulePkg/Library/UefiHiiLib/HiiLib.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+Index: git/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+===================================================================
+--- git.orig/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
++++ git/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+@@ -2180,6 +2180,8 @@ InternalHiiIfrValueAction (
+ }
+
+ StringPtr = ConfigAltResp;
++
++ ASSERT (StringPtr != NULL);
+
+ while (StringPtr != L'\0') {
+ //
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 73fdfc6..9d988e9 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
file://0002-ovmf-update-path-to-native-BaseTools.patch \
file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
file://VfrCompile-increase-path-length-limit.patch \
+ file://0001-MdeModulePkg-UefiHiiLib-Fix-incorrect-comparison-exp.patch \
"
SRC_URI_append_class-target = " \
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 40b518b..1784c52 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -43,6 +43,40 @@ SRC_URI = "\
file://CVE-2017-6969_2.patch \
file://CVE-2017-7209.patch \
file://CVE-2017-7210.patch \
+ file://CVE-2017-7223.patch \
+ file://CVE-2017-7614.patch \
+ file://CVE-2017-8393.patch \
+ file://CVE-2017-8394.patch \
+ file://CVE-2017-8395.patch \
+ file://CVE-2017-8396_8397.patch \
+ file://CVE-2017-8398.patch \
+ file://CVE-2017-8421.patch \
+ file://CVE-2017-9038_9044.patch \
+ file://CVE-2017-9039.patch \
+ file://CVE-2017-9040_9042.patch \
+ file://CVE-2017-9742.patch \
+ file://CVE-2017-9744.patch \
+ file://CVE-2017-9745.patch \
+ file://CVE-2017-9746.patch \
+ file://CVE-2017-9747.patch \
+ file://CVE-2017-9748.patch \
+ file://CVE-2017-9749.patch \
+ file://CVE-2017-9750.patch \
+ file://CVE-2017-9751.patch \
+ file://CVE-2017-9752.patch \
+ file://CVE-2017-9753.patch \
+ file://CVE-2017-9755.patch \
+ file://CVE-2017-9756.patch \
+ file://CVE-2017-9954.patch \
+ file://CVE-2017-9955_1.patch \
+ file://CVE-2017-9955_2.patch \
+ file://CVE-2017-9955_3.patch \
+ file://CVE-2017-9955_4.patch \
+ file://CVE-2017-9955_5.patch \
+ file://CVE-2017-9955_6.patch \
+ file://CVE-2017-9955_7.patch \
+ file://CVE-2017-9955_8.patch \
+ file://CVE-2017-9955_9.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
index b3d591e..e98f31f 100644
--- a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
+++ b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
@@ -13,6 +13,8 @@ EXTRA_OECONF += "--with-sysroot=${SDKPATH}/sysroots/${TUNE_PKGARCH}${TARGET_VEND
# e.g. we switch between different machines with different tunes.
EXTRA_OECONF[vardepsexclude] = "TUNE_PKGARCH"
+LDGOLD_sdkmingw32 = ""
+
do_install () {
autotools_do_install
diff --git a/meta/recipes-devtools/binutils/binutils.inc b/meta/recipes-devtools/binutils/binutils.inc
index 7efe13f..37813dd 100644
--- a/meta/recipes-devtools/binutils/binutils.inc
+++ b/meta/recipes-devtools/binutils/binutils.inc
@@ -78,7 +78,6 @@ EXTRA_OECONF = "--program-prefix=${TARGET_PREFIX} \
LDGOLD_class-native = ""
LDGOLD_class-crosssdk = ""
-LDGOLD_sdkmingw32 = ""
LDGOLD ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', '--enable-gold=default --enable-threads', '--enable-gold --enable-ld=default --enable-threads', d)}"
# This is necessary due to a bug in the binutils Makefiles
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
new file mode 100644
index 0000000..c78c8bf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
@@ -0,0 +1,52 @@
+From 69ace2200106348a1b00d509a6a234337c104c17 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 1 Dec 2016 15:20:19 +0000
+Subject: [PATCH] Fix seg fault attempting to unget an EOF character.
+
+ PR gas/20898
+ * app.c (do_scrub_chars): Do not attempt to unget EOF.
+
+Affects: <= 2.28
+Upstream-Status: Backport
+CVE: CVE-2017-7223
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ gas/ChangeLog | 3 +++
+ gas/app.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog
++++ git/gas/ChangeLog
+@@ -1,3 +1,8 @@
++2016-12-01 Nick Clifton <nickc@redhat.com>
++
++ PR gas/20898
++ * app.c (do_scrub_chars): Do not attempt to unget EOF.
++
+ 2017-03-02 Tristan Gingold <gingold@adacore.com>
+
+ * configure: Regenerate.
+@@ -198,7 +203,6 @@
+ * config/tc-pru.c (md_number_to_chars): Fix parameter to be
+ valueT, as declared in tc.h.
+ (md_apply_fix): Fix to work on 32-bit hosts.
+->>>>>>> 0115611... RISC-V/GAS: Correct branch relaxation for weak symbols.
+
+ 2017-01-02 Alan Modra <amodra@gmail.com>
+
+Index: git/gas/app.c
+===================================================================
+--- git.orig/gas/app.c
++++ git/gas/app.c
+@@ -1350,7 +1350,7 @@ do_scrub_chars (size_t (*get) (char *, s
+ PUT (ch);
+ break;
+ }
+- else
++ else if (ch2 != EOF)
+ {
+ state = 9;
+ if (ch == EOF || !IS_SYMBOL_COMPONENT (ch))
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
new file mode 100644
index 0000000..be8631a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
@@ -0,0 +1,103 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+ PR binutils/21342
+ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+ dereference.
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7614
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c
++++ git/bfd/elflink.c
+@@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+ defined in shared libraries can't be overridden, because we
+ lose the link to the bfd which is via the symbol section. */
+ h->root.type = bfd_link_hash_new;
++ bh = &h->root;
+ }
++ else
++ bh = NULL;
+
+- bh = &h->root;
+ bed = get_elf_backend_data (abfd);
+ if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+ sec, 0, NULL, FALSE, bed->collect,
+ &bh))
+ return NULL;
+ h = (struct elf_link_hash_entry *) bh;
++ BFD_ASSERT (h != NULL);
+ h->def_regular = 1;
+ h->non_elf = 0;
+ h->root.linker_def = 1;
+@@ -11973,24 +11976,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
+ {
+ /* Finish up and write out the symbol string table (.strtab)
+ section. */
+- Elf_Internal_Shdr *symstrtab_hdr;
++ Elf_Internal_Shdr *symstrtab_hdr = NULL;
+ file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+
+- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ if (elf_symtab_shndx_list (abfd))
+ {
+- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_size = amt;
++ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+
+- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+- off, TRUE);
++ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ {
++ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_size = amt;
+
+- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+- || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+- return FALSE;
++ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++ off, TRUE);
++
++ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++ || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++ return FALSE;
++ }
+ }
+
+ symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-04-04 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21342
++ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
++ dereference.
++ (bfd_elf_final_link): Only initialize the extended symbol index
++ section if there are extended symbol tables to list.
++
+ 2017-03-07 Alan Modra <amodra@gmail.com>
+
+ PR 21224
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
new file mode 100644
index 0000000..8500a03
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
@@ -0,0 +1,205 @@
+From bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 23 Apr 2017 11:03:34 +0930
+Subject: [PATCH] PR 21412, get_reloc_section assumes .rel/.rela name for
+ SHT_REL/RELA.
+
+This patch fixes an assumption made by code that runs for objcopy and
+strip, that SHT_REL/SHR_RELA sections are always named starting with a
+.rel/.rela prefix. I'm also modifying the interface for
+elf_backend_get_reloc_section, so any backend function just needs to
+handle name mapping.
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+ parameters and comment.
+ (_bfd_elf_get_reloc_section): Delete.
+ (_bfd_elf_plt_get_reloc_section): Declare.
+ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
+ New functions. Don't blindly skip over assumed .rel/.rela prefix.
+ Extracted from..
+ (_bfd_elf_get_reloc_section): ..here. Delete.
+ (assign_section_numbers): Call elf_get_reloc_section.
+ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
+ * elfxx-target.h (elf_backend_get_reloc_section): Update.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8393
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 15 ++++++++++++++
+ bfd/elf-bfd.h | 8 ++++---
+ bfd/elf.c | 61 +++++++++++++++++++++++++++++++-----------------------
+ bfd/elf64-ppc.c | 1 +
+ bfd/elfxx-target.h | 2 +-
+ 5 files changed, 57 insertions(+), 30 deletions(-)
+
+Index: git/bfd/elf-bfd.h
+===================================================================
+--- git.orig/bfd/elf-bfd.h
++++ git/bfd/elf-bfd.h
+@@ -1322,8 +1322,10 @@ struct elf_backend_data
+ bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec,
+ bfd_vma *code_off);
+
+- /* Return the section which RELOC_SEC applies to. */
+- asection *(*get_reloc_section) (asection *reloc_sec);
++ /* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
++ asection *(*get_reloc_section) (bfd *abfd, const char *name);
+
+ /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
+ has a type >= SHT_LOOS. Returns TRUE if the fields were initialised,
+@@ -2392,7 +2394,7 @@ extern bfd_boolean _bfd_elf_is_function_
+ extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *,
+ bfd_vma *);
+
+-extern asection *_bfd_elf_get_reloc_section (asection *);
++extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *);
+
+ extern int bfd_elf_get_default_section_type (flagword);
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -3532,17 +3532,39 @@ bfd_elf_set_group_contents (bfd *abfd, a
+ H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+
+-/* Return the section which RELOC_SEC applies to. */
++/* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
+
+ asection *
+-_bfd_elf_get_reloc_section (asection *reloc_sec)
++_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name)
++{
++ /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
++ section likely apply to .got.plt or .got section. */
++ if (get_elf_backend_data (abfd)->want_got_plt
++ && strcmp (name, ".plt") == 0)
++ {
++ asection *sec;
++
++ name = ".got.plt";
++ sec = bfd_get_section_by_name (abfd, name);
++ if (sec != NULL)
++ return sec;
++ name = ".got";
++ }
++
++ return bfd_get_section_by_name (abfd, name);
++}
++
++/* Return the section to which RELOC_SEC applies. */
++
++static asection *
++elf_get_reloc_section (asection *reloc_sec)
+ {
+ const char *name;
+ unsigned int type;
+ bfd *abfd;
+-
+- if (reloc_sec == NULL)
+- return NULL;
++ const struct elf_backend_data *bed;
+
+ type = elf_section_data (reloc_sec)->this_hdr.sh_type;
+ if (type != SHT_REL && type != SHT_RELA)
+@@ -3550,28 +3572,15 @@ _bfd_elf_get_reloc_section (asection *re
+
+ /* We look up the section the relocs apply to by name. */
+ name = reloc_sec->name;
+- if (type == SHT_REL)
+- name += 4;
+- else
+- name += 5;
++ if (strncmp (name, ".rel", 4) != 0)
++ return NULL;
++ name += 4;
++ if (type == SHT_RELA && *name++ != 'a')
++ return NULL;
+
+- /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
+- section apply to .got.plt section. */
+ abfd = reloc_sec->owner;
+- if (get_elf_backend_data (abfd)->want_got_plt
+- && strcmp (name, ".plt") == 0)
+- {
+- /* .got.plt is a linker created input section. It may be mapped
+- to some other output section. Try two likely sections. */
+- name = ".got.plt";
+- reloc_sec = bfd_get_section_by_name (abfd, name);
+- if (reloc_sec != NULL)
+- return reloc_sec;
+- name = ".got";
+- }
+-
+- reloc_sec = bfd_get_section_by_name (abfd, name);
+- return reloc_sec;
++ bed = get_elf_backend_data (abfd);
++ return bed->get_reloc_section (abfd, name);
+ }
+
+ /* Assign all ELF section numbers. The dummy first section is handled here
+@@ -3833,7 +3842,7 @@ assign_section_numbers (bfd *abfd, struc
+ if (s != NULL)
+ d->this_hdr.sh_link = elf_section_data (s)->this_idx;
+
+- s = get_elf_backend_data (abfd)->get_reloc_section (sec);
++ s = elf_get_reloc_section (sec);
+ if (s != NULL)
+ {
+ d->this_hdr.sh_info = elf_section_data (s)->this_idx;
+Index: git/bfd/elf64-ppc.c
+===================================================================
+--- git.orig/bfd/elf64-ppc.c
++++ git/bfd/elf64-ppc.c
+@@ -121,6 +121,7 @@ static bfd_vma opd_entry_value
+ #define elf_backend_special_sections ppc64_elf_special_sections
+ #define elf_backend_merge_symbol_attribute ppc64_elf_merge_symbol_attribute
+ #define elf_backend_merge_symbol ppc64_elf_merge_symbol
++#define elf_backend_get_reloc_section bfd_get_section_by_name
+
+ /* The name of the dynamic interpreter. This is put in the .interp
+ section. */
+Index: git/bfd/elfxx-target.h
+===================================================================
+--- git.orig/bfd/elfxx-target.h
++++ git/bfd/elfxx-target.h
+@@ -706,7 +706,7 @@
+ #endif
+
+ #ifndef elf_backend_get_reloc_section
+-#define elf_backend_get_reloc_section _bfd_elf_get_reloc_section
++#define elf_backend_get_reloc_section _bfd_elf_plt_get_reloc_section
+ #endif
+
+ #ifndef elf_backend_copy_special_section_fields
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,18 @@
++2017-04-23 Alan Modra <amodra@gmail.com>
++
++ PR 21412
++ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
++ parameters and comment.
++ (_bfd_elf_get_reloc_section): Delete.
++ (_bfd_elf_plt_get_reloc_section): Declare.
++ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
++ New functions. Don't blindly skip over assumed .rel/.rela prefix.
++ Extracted from..
++ (_bfd_elf_get_reloc_section): ..here. Delete.
++ (assign_section_numbers): Call elf_get_reloc_section.
++ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
++ * elfxx-target.h (elf_backend_get_reloc_section): Update.
++
+ 2017-04-04 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21342
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
new file mode 100644
index 0000000..e6c6b17
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,118 @@
+From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 23 Apr 2017 15:21:11 +0930
+Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section
+ sym
+
+ PR 21414
+ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+ * elf.c (lcomm_sym): New.
+ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+ * bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8394
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/bfd-in2.h | 12 ++++++++++++
+ bfd/elf.c | 6 ++++--
+ bfd/section.c | 24 ++++++++++++------------
+ 4 files changed, 36 insertions(+), 14 deletions(-)
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h
++++ git/bfd/bfd-in2.h
+@@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4];
+ { NULL }, { NULL } \
+ }
+
++/* We use a macro to initialize the static asymbol structures because
++ traditional C does not permit us to initialize a union member while
++ gcc warns if we don't initialize it.
++ the_bfd, name, value, attr, section [, udata] */
++#ifdef __STDC__
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++#else
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++#endif
++
+ void bfd_section_list_clear (bfd *);
+
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd
+
+ /* It is only used by x86-64 so far.
+ ??? This repeats *COM* id of zero. sec->id is supposed to be unique,
+- but current usage would allow all of _bfd_std_section to be zero. t*/
++ but current usage would allow all of _bfd_std_section to be zero. */
++static const asymbol lcomm_sym
++ = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+- = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
+ "LARGE_COMMON", 0, SEC_IS_COMMON);
+
+ void
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c
++++ git/bfd/section.c
+@@ -738,20 +738,20 @@ CODE_FRAGMENT
+ . { NULL }, { NULL } \
+ . }
+ .
++.{* We use a macro to initialize the static asymbol structures because
++. traditional C does not permit us to initialize a union member while
++. gcc warns if we don't initialize it.
++. the_bfd, name, value, attr, section [, udata] *}
++.#ifdef __STDC__
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++.#else
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++.#endif
++.
+ */
+
+-/* We use a macro to initialize the static asymbol structures because
+- traditional C does not permit us to initialize a union member while
+- gcc warns if we don't initialize it. */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD. Therefore, anything
+ that tries to change them is broken, and should be repaired. */
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,12 @@
++
+ 2017-04-23 Alan Modra <amodra@gmail.com>
++ PR 21414
++ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
++ * elf.c (lcomm_sym): New.
++ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
++ * bfd-in2.h: Regenerate.
++
+++2017-04-23 Alan Modra <amodra@gmail.com>
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
new file mode 100644
index 0000000..0a9bce3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
+From e63d123268f23a4cbc45ee55fb6dbc7d84729da3 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 26 Apr 2017 13:07:49 +0100
+Subject: [PATCH] Fix seg-fault attempting to compress a debug section in a
+ corrupt binary.
+
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8395
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/compress.c | 19 +++++++++----------
+ 2 files changed, 15 insertions(+), 10 deletions(-)
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c
++++ git/bfd/compress.c
+@@ -542,7 +542,6 @@ bfd_init_section_compress_status (bfd *a
+ {
+ bfd_size_type uncompressed_size;
+ bfd_byte *uncompressed_buffer;
+- bfd_boolean ret;
+
+ /* Error if not opened for read. */
+ if (abfd->direction != read_direction
+@@ -558,18 +557,18 @@ bfd_init_section_compress_status (bfd *a
+ /* Read in the full section contents and compress it. */
+ uncompressed_size = sec->size;
+ uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
++ /* PR 21431 */
++ if (uncompressed_buffer == NULL)
++ return FALSE;
++
+ if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+ 0, uncompressed_size))
+- ret = FALSE;
+- else
+- {
+- uncompressed_size = bfd_compress_section_contents (abfd, sec,
+- uncompressed_buffer,
+- uncompressed_size);
+- ret = uncompressed_size != 0;
+- }
++ return FALSE;
+
+- return ret;
++ uncompressed_size = bfd_compress_section_contents (abfd, sec,
++ uncompressed_buffer,
++ uncompressed_size);
++ return uncompressed_size != 0;
+ }
+
+ /*
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2017-04-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21431
++ * compress.c (bfd_init_section_compress_status): Check the return
++ value from bfd_malloc.
+
+ 2017-04-23 Alan Modra <amodra@gmail.com>
+ PR 21414
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch
new file mode 100644
index 0000000..14f4282
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch
@@ -0,0 +1,102 @@
+From a941291cab71b9ac356e1c03968c177c03e602ab Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 29 Apr 2017 14:48:16 +0930
+Subject: [PATCH] PR21432, buffer overflow in perform_relocation
+
+The existing reloc offset range tests didn't catch small negative
+offsets less than the size of the reloc field.
+
+ PR 21432
+ * reloc.c (reloc_offset_in_range): New function.
+ (bfd_perform_relocation, bfd_install_relocation): Use it.
+ (_bfd_final_link_relocate): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8396
+CVE: CVE-2017-8397
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/reloc.c | 32 ++++++++++++++++++++------------
+ 2 files changed, 27 insertions(+), 12 deletions(-)
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c
++++ git/bfd/reloc.c
+@@ -538,6 +538,22 @@ bfd_check_overflow (enum complain_overfl
+ return flag;
+ }
+
++/* HOWTO describes a relocation, at offset OCTET. Return whether the
++ relocation field is within SECTION of ABFD. */
++
++static bfd_boolean
++reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
++ asection *section, bfd_size_type octet)
++{
++ bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
++ bfd_size_type reloc_size = bfd_get_reloc_size (howto);
++
++ /* The reloc field must be contained entirely within the section.
++ Allow zero length fields (marker relocs or NONE relocs where no
++ relocation will be performed) at the end of the section. */
++ return octet <= octet_end && octet + reloc_size <= octet_end;
++}
++
+ /*
+ FUNCTION
+ bfd_perform_relocation
+@@ -618,13 +634,10 @@ bfd_perform_relocation (bfd *abfd,
+ /* PR 17512: file: 0f67f69d. */
+ if (howto == NULL)
+ return bfd_reloc_undefined;
+-
+- /* Is the address of the relocation really within the section?
+- Include the size of the reloc in the test for out of range addresses.
+- PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
++
++ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1012,8 +1025,7 @@ bfd_install_relocation (bfd *abfd,
+
+ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1351,8 +1363,7 @@ _bfd_final_link_relocate (reloc_howto_ty
+ bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+
+ /* Sanity check the address. */
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (input_bfd, input_section))
++ if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-04-29 Alan Modra <amodra@gmail.com>
++
++ PR 21432
++ * reloc.c (reloc_offset_in_range): New function.
++ (bfd_perform_relocation, bfd_install_relocation): Use it.
++ (_bfd_final_link_relocate): Likewise.
++
+ 2017-04-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21431
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
new file mode 100644
index 0000000..5b9acc8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
@@ -0,0 +1,147 @@
+From d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 28 Apr 2017 10:28:04 +0100
+Subject: [PATCH] Fix heap-buffer overflow bugs caused when dumping debug
+ information from a corrupt binary.
+
+ PR binutils/21438
+ * dwarf.c (process_extended_line_op): Do not assume that the
+ string extracted from the section is NUL terminated.
+ (fetch_indirect_string): If the string retrieved from the section
+ is not NUL terminated, return an error message.
+ (fetch_indirect_line_string): Likewise.
+ (fetch_indexed_string): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8398
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 10 +++++++++
+ binutils/dwarf.c | 66 +++++++++++++++++++++++++++++++++++++++++-------------
+ 2 files changed, 60 insertions(+), 16 deletions(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -472,15 +472,20 @@ process_extended_line_op (unsigned char
+ printf (_(" Entry\tDir\tTime\tSize\tName\n"));
+ printf (" %d\t", ++state_machine_regs.last_file_entry);
+
+- name = data;
+- data += strnlen ((char *) data, end - data) + 1;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+- data += bytes_read;
+- printf ("%s\n\n", name);
++ {
++ size_t l;
++
++ name = data;
++ l = strnlen ((char *) data, end - data);
++ data += len + 1;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++ data += bytes_read;
++ printf ("%.*s\n\n", (int) l, name);
++ }
+
+ if (((unsigned int) (data - orig_data) != len) || data == end)
+ warn (_("DW_LNE_define_file: Bad opcode length\n"));
+@@ -597,18 +602,27 @@ static const unsigned char *
+ fetch_indirect_string (dwarf_vma offset)
+ {
+ struct dwarf_section *section = &debug_displays [str].section;
++ const unsigned char * ret;
+
+ if (section->start == NULL)
+ return (const unsigned char *) _("<no .debug_str section>");
+
+- if (offset > section->size)
++ if (offset >= section->size)
+ {
+ warn (_("DW_FORM_strp offset too big: %s\n"),
+ dwarf_vmatoa ("x", offset));
+ return (const unsigned char *) _("<offset is too big>");
+ }
++ ret = section->start + offset;
++ /* Unfortunately we cannot rely upon the .debug_str section ending with a
++ NUL byte. Since our caller is expecting to receive a well formed C
++ string we test for the lack of a terminating byte here. */
++ if (strnlen ((const char *) ret, section->size - offset)
++ == section->size - offset)
++ ret = (const unsigned char *)
++ _("<no NUL byte at end of .debug_str section>");
+
+- return (const unsigned char *) section->start + offset;
++ return ret;
+ }
+
+ static const char *
+@@ -621,6 +635,7 @@ fetch_indexed_string (dwarf_vma idx, str
+ struct dwarf_section *str_section = &debug_displays [str_sec_idx].section;
+ dwarf_vma index_offset = idx * offset_size;
+ dwarf_vma str_offset;
++ const char * ret;
+
+ if (index_section->start == NULL)
+ return (dwo ? _("<no .debug_str_offsets.dwo section>")
+@@ -628,7 +643,7 @@ fetch_indexed_string (dwarf_vma idx, str
+
+ if (this_set != NULL)
+ index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS];
+- if (index_offset > index_section->size)
++ if (index_offset >= index_section->size)
+ {
+ warn (_("DW_FORM_GNU_str_index offset too big: %s\n"),
+ dwarf_vmatoa ("x", index_offset));
+@@ -641,14 +656,22 @@ fetch_indexed_string (dwarf_vma idx, str
+
+ str_offset = byte_get (index_section->start + index_offset, offset_size);
+ str_offset -= str_section->address;
+- if (str_offset > str_section->size)
++ if (str_offset >= str_section->size)
+ {
+ warn (_("DW_FORM_GNU_str_index indirect offset too big: %s\n"),
+ dwarf_vmatoa ("x", str_offset));
+ return _("<indirect index offset is too big>");
+ }
+
+- return (const char *) str_section->start + str_offset;
++ ret = (const char *) str_section->start + str_offset;
++ /* Unfortunately we cannot rely upon str_section ending with a NUL byte.
++ Since our caller is expecting to receive a well formed C string we test
++ for the lack of a terminating byte here. */
++ if (strnlen (ret, str_section->size - str_offset)
++ == str_section->size - str_offset)
++ ret = (const char *) _("<no NUL byte at end of section>");
++
++ return ret;
+ }
+
+ static const char *
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,13 @@
++2017-04-28 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21438
++ * dwarf.c (process_extended_line_op): Do not assume that the
++ string extracted from the section is NUL terminated.
++ (fetch_indirect_string): If the string retrieved from the section
++ is not NUL terminated, return an error message.
++ (fetch_indirect_line_string): Likewise.
++ (fetch_indexed_string): Likewise.
++
+ 2017-02-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21157
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
new file mode 100644
index 0000000..7969c66
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@@ -0,0 +1,52 @@
+From 39ff1b79f687b65f4144ddb379f22587003443fb Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 2 May 2017 11:54:53 +0100
+Subject: [PATCH] Prevent memory exhaustion from a corrupt PE binary with an
+ overlarge number of relocs.
+
+ PR 21440
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8421
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 8 ++++++++
+ 2 files changed, 14 insertions(+)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd,
+ return;
+ }
+
++ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
++ && relsize > get_file_size (bfd_get_filename (abfd)))
++ {
++ printf (" (too many: 0x%x)\n", section->reloc_count);
++ bfd_set_error (bfd_error_file_truncated);
++ bfd_fatal (bfd_get_filename (abfd));
++ }
++
+ relpp = (arelent **) xmalloc (relsize);
+ relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-05-02 Nick Clifton <nickc@redhat.com>
++
++ PR 21440
++ * objdump.c (dump_relocs_in_section): Check for an excessive
++ number of relocs before attempting to dump them.
++
+ 2017-04-28 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21438
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch
new file mode 100644
index 0000000..535efc3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch
@@ -0,0 +1,51 @@
+From f32ba72991d2406b21ab17edc234a2f3fa7fb23d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:01:45 +0100
+Subject: [PATCH] readelf: Update check for invalid word offsets in ARM unwind
+ information.
+
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9038
+CVE: CVE-2017-9044
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -7972,9 +7972,9 @@ get_unwind_section_word (struct arm_unw_
+ return FALSE;
+
+ /* If the offset is invalid then fail. */
+- if (word_offset > (sec->sh_size - 4)
+- /* PR 18879 */
+- || (sec->sh_size < 5 && word_offset >= sec->sh_size)
++ if (/* PR 21343 *//* PR 18879 */
++ sec->sh_size < 4
++ || word_offset > (sec->sh_size - 4)
+ || ((bfd_signed_vma) word_offset) < 0)
+ return FALSE;
+
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-04-03 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21343
++ * readelf.c (get_unwind_section_word): Fix snafu checking for
++ invalid word offsets in ARM unwind information.
++
+ 2017-05-02 Nick Clifton <nickc@redhat.com>
+
+ PR 21440
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
new file mode 100644
index 0000000..aed8f7f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
@@ -0,0 +1,61 @@
+From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 12:14:06 +0100
+Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a
+ binary with an excessive number of program headers.
+
+ PR binutils/21345
+ * readelf.c (get_program_headers): Check for there being too many
+ program headers before attempting to allocate space for them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 17 ++++++++++++++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -4765,9 +4765,19 @@ get_program_headers (FILE * file)
+ if (program_headers != NULL)
+ return 1;
+
+- phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
+- sizeof (Elf_Internal_Phdr));
++ /* Be kind to memory checkers by looking for
++ e_phnum values which we know must be invalid. */
++ if (elf_header.e_phnum
++ * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr))
++ >= current_file_size)
++ {
++ error (_("Too many program headers - %#x - the file is not that big\n"),
++ elf_header.e_phnum);
++ return FALSE;
++ }
+
++ phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
++ sizeof (Elf_Internal_Phdr));
+ if (phdrs == NULL)
+ {
+ error (_("Out of memory reading %u program headers\n"),
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-04-03 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21345
++ * readelf.c (get_program_headers): Check for there being too many
++ program headers before attempting to allocate space for them.
++
++2017-04-03 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch
new file mode 100644
index 0000000..79c6a7d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch
@@ -0,0 +1,57 @@
+From 7296a62a2a237f6b1ad8db8c38b090e9f592c8cf Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 13 Apr 2017 16:06:30 +0100
+Subject: [PATCH] readelf: fix out of range subtraction, seg fault from a NULL
+ pointer and memory exhaustion, all from parsing corrupt binaries.
+
+ PR binutils/21379
+ * readelf.c (process_dynamic_section): Detect over large section
+ offsets in the DT_SYMTAB entry.
+
+ PR binutils/21345
+ * readelf.c (process_mips_specific): Catch an unfeasible memory
+ allocation before it happens and print a suitable error message.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9040
+CVE: CVE-2017-9042
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 12 ++++++++++++
+ binutils/readelf.c | 26 +++++++++++++++++++++-----
+ 2 files changed, 33 insertions(+), 5 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -9306,6 +9306,12 @@ process_dynamic_section (FILE * file)
+ processing that. This is overkill, I know, but it
+ should work. */
+ section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0);
++ if ((bfd_size_type) section.sh_offset > current_file_size)
++ {
++ /* See PR 21379 for a reproducer. */
++ error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset);
++ return FALSE;
++ }
+
+ if (archive_file_offset != 0)
+ section.sh_size = archive_file_size - section.sh_offset;
+@@ -15175,6 +15181,15 @@ process_mips_specific (FILE * file)
+ return 0;
+ }
+
++ /* PR 21345 - print a slightly more helpful error message
++ if we are sure that the cmalloc will fail. */
++ if (conflictsno * sizeof (* iconf) > current_file_size)
++ {
++ error (_("Overlarge number of conflicts detected: %lx\n"),
++ (long) conflictsno);
++ return FALSE;
++ }
++
+ iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf));
+ if (iconf == NULL)
+ {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch
new file mode 100644
index 0000000..0c9ed0d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch
@@ -0,0 +1,45 @@
+From e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 17:10:28 +0100
+Subject: [PATCH] Fix seg-fault when trying to disassemble a corrupt score
+ binary.
+
+ PR binutils/21576
+ * score7-dis.c (score_opcodes): Add sentinel.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9742
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog | 5 +++++
+ opcodes/score7-dis.c | 3 ++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/opcodes/score7-dis.c
+===================================================================
+--- git.orig/opcodes/score7-dis.c
++++ git/opcodes/score7-dis.c
+@@ -513,7 +513,8 @@ static struct score_opcode score_opcodes
+ {0x00000d05, 0x00007f0f, "tvc!"},
+ {0x00000026, 0x3e0003ff, "xor\t\t%20-24r, %15-19r, %10-14r"},
+ {0x00000027, 0x3e0003ff, "xor.c\t\t%20-24r, %15-19r, %10-14r"},
+- {0x00002007, 0x0000700f, "xor!\t\t%8-11r, %4-7r"}
++ {0x00002007, 0x0000700f, "xor!\t\t%8-11r, %4-7r"},
++ { 0, 0, NULL }
+ };
+
+ typedef struct
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog
++++ git/opcodes/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21576
++ * score7-dis.c (score_opcodes): Add sentinel.
++
+ 2017-03-07 Alan Modra <amodra@gmail.com>
+
+ Apply from master
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch
new file mode 100644
index 0000000..c34a5a6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch
@@ -0,0 +1,46 @@
+From f461bbd847f15657f3dd2f317c30c75a7520da1f Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 17:01:54 +0100
+Subject: [PATCH] Fix address violation bug when disassembling a corrupt SH
+ binary.
+
+ PR binutils/21578
+ * elf32-sh.c (sh_elf_set_mach_from_flags): Fix check for invalid
+ flag value.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9744
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf32-sh.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf32-sh.c
+===================================================================
+--- git.orig/bfd/elf32-sh.c
++++ git/bfd/elf32-sh.c
+@@ -6344,7 +6344,7 @@ sh_elf_set_mach_from_flags (bfd *abfd)
+ {
+ flagword flags = elf_elfheader (abfd)->e_flags & EF_SH_MACH_MASK;
+
+- if (flags >= sizeof(sh_ef_bfd_table))
++ if (flags >= ARRAY_SIZE (sh_ef_bfd_table))
+ return FALSE;
+
+ if (sh_ef_bfd_table[flags] == 0)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21578
++ * elf32-sh.c (sh_elf_set_mach_from_flags): Fix check for invalid
++ flag value.
++
+ 2017-04-29 Alan Modra <amodra@gmail.com>
+
+ PR 21432
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000..0b3885b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,35 @@
+From 76800cba595efc3fe95a446c2d664e42ae4ee869 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 12:08:57 +0100
+Subject: [PATCH] Handle EITR records in VMS Alpha binaries with overlarge
+ command length parameters.
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9745
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/vms-alpha.c | 16 ++++++++--------
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c
++++ git/bfd/vms-alpha.c
+@@ -1741,6 +1741,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+
++#if VMS_DEBUG
++ _bfd_vms_debug (4, "etir: %s(%d)\n",
++ _bfd_vms_etir_name (cmd), cmd);
++ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+ switch (cmd)
+ {
+ /* Stack global
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
new file mode 100644
index 0000000..bd4a40c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
@@ -0,0 +1,91 @@
+From ae87f7e73eba29bd38b3a9684a10b948ed715612 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 16:50:03 +0100
+Subject: [PATCH] Fix address violation when disassembling a corrupt binary.
+
+ PR binutils/21580
+binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
+ printing out rae insns.
+
+ld * testsuite/ld-nds32/diff.d: Adjust expected output.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9746
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/objdump.c | 27 +++++++++++++++------------
+ ld/ChangeLog | 5 +++++
+ ld/testsuite/ld-nds32/diff.d | 6 +++---
+ 3 files changed, 23 insertions(+), 15 deletions(-)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -1855,20 +1855,23 @@ disassemble_bytes (struct disassemble_in
+
+ for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
+ {
+- int k;
+-
+- if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
+- {
+- for (k = bpc - 1; k >= 0; k--)
+- printf ("%02x", (unsigned) data[j + k]);
+- putchar (' ');
+- }
+- else
++ /* PR 21580: Check for a buffer ending early. */
++ if (j + bpc <= stop_offset * opb)
+ {
+- for (k = 0; k < bpc; k++)
+- printf ("%02x", (unsigned) data[j + k]);
+- putchar (' ');
++ int k;
++
++ if (inf->display_endian == BFD_ENDIAN_LITTLE)
++ {
++ for (k = bpc - 1; k >= 0; k--)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
++ else
++ {
++ for (k = 0; k < bpc; k++)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
+ }
++ putchar (' ');
+ }
+
+ for (; pb < octets_per_line; pb += bpc)
+Index: git/ld/testsuite/ld-nds32/diff.d
+===================================================================
+--- git.orig/ld/testsuite/ld-nds32/diff.d
++++ git/ld/testsuite/ld-nds32/diff.d
+@@ -7,9 +7,9 @@
+
+ Disassembly of section .data:
+ 00008000 <WORD> (7e 00 00 00|00 00 00 7e).*
+-00008004 <HALF> (7e 00 7e fe|00 7e 7e fe).*
+-00008006 <BYTE> 7e fe 00 fe.*
+-00008007 <ULEB128> fe 00.*
++00008004 <HALF> (7e 00|00 7e).*
++00008006 <BYTE> 7e.*
++00008007 <ULEB128> fe.*
+ ...
+ 00008009 <ULEB128_2> fe 00.*
+ .*
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog
++++ git/ld/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21580
++ * testsuite/ld-nds32/diff.d: Adjust expected output.
++
+ 2017-03-07 Alan Modra <amodra@gmail.com>
+
+ * ldlang.c (open_input_bfds): Check that lang_assignment_statement
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
new file mode 100644
index 0000000..41ead54
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
@@ -0,0 +1,43 @@
+From 62b76e4b6e0b4cb5b3e0053d1de4097b32577049 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 13:08:47 +0100
+Subject: [PATCH] Fix address violation parsing a corrupt ieee binary.
+
+ PR binutils/21581
+ (ieee_archive_p): Use a static buffer to avoid compiler bugs.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9747
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 2 ++
+ bfd/ieee.c | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+Index: git/bfd/ieee.c
+===================================================================
+--- git.orig/bfd/ieee.c
++++ git/bfd/ieee.c
+@@ -1357,7 +1357,7 @@ ieee_archive_p (bfd *abfd)
+ {
+ char *library;
+ unsigned int i;
+- unsigned char buffer[512];
++ static unsigned char buffer[512];
+ file_ptr buffer_offset = 0;
+ ieee_ar_data_type *save = abfd->tdata.ieee_ar_data;
+ ieee_ar_data_type *ieee;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21581
++ (ieee_archive_p): Likewise.
++
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21578
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
new file mode 100644
index 0000000..0207023
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
@@ -0,0 +1,46 @@
+From 63634bb4a107877dd08b6282e28e11cfd1a1649e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 12:44:23 +0100
+Subject: [PATCH] Avoid a possible compiler bug by using a static buffer
+ instead of a stack local buffer.
+
+ PR binutils/21582
+ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
+ bugs.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9748
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/ieee.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/ieee.c
+===================================================================
+--- git.orig/bfd/ieee.c
++++ git/bfd/ieee.c
+@@ -1875,7 +1875,7 @@ ieee_object_p (bfd *abfd)
+ char *processor;
+ unsigned int part;
+ ieee_data_type *ieee;
+- unsigned char buffer[300];
++ static unsigned char buffer[300];
+ ieee_data_type *save = IEEE_DATA (abfd);
+ bfd_size_type amt;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21582
++ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
++ bugs.
++
+ PR binutils/21581
+ (ieee_archive_p): Likewise.
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch
new file mode 100644
index 0000000..3cc2afc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9749.patch
@@ -0,0 +1,77 @@
+From 08c7881b814c546efc3996fd1decdf0877f7a779 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 11:52:02 +0100
+Subject: [PATCH] Prevent invalid array accesses when disassembling a corrupt
+ bfin binary.
+
+ PR binutils/21586
+ * bfin-dis.c (gregs): Clip index to prevent overflow.
+ (regs): Likewise.
+ (regs_lo): Likewise.
+ (regs_hi): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9749
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog | 8 ++++++++
+ opcodes/bfin-dis.c | 8 ++++----
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog
++++ git/opcodes/ChangeLog
+@@ -1,3 +1,11 @@
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21586
++ * bfin-dis.c (gregs): Clip index to prevent overflow.
++ (regs): Likewise.
++ (regs_lo): Likewise.
++ (regs_hi): Likewise.
++
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21576
+Index: git/opcodes/bfin-dis.c
+===================================================================
+--- git.orig/opcodes/bfin-dis.c
++++ git/opcodes/bfin-dis.c
+@@ -350,7 +350,7 @@ static const enum machine_registers deco
+ REG_P0, REG_P1, REG_P2, REG_P3, REG_P4, REG_P5, REG_SP, REG_FP,
+ };
+
+-#define gregs(x, i) REGNAME (decode_gregs[((i) << 3) | (x)])
++#define gregs(x, i) REGNAME (decode_gregs[(((i) << 3) | (x)) & 15])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs)]. */
+ static const enum machine_registers decode_regs[] =
+@@ -361,7 +361,7 @@ static const enum machine_registers deco
+ REG_B0, REG_B1, REG_B2, REG_B3, REG_L0, REG_L1, REG_L2, REG_L3,
+ };
+
+-#define regs(x, i) REGNAME (decode_regs[((i) << 3) | (x)])
++#define regs(x, i) REGNAME (decode_regs[(((i) << 3) | (x)) & 31])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs) Low Half]. */
+ static const enum machine_registers decode_regs_lo[] =
+@@ -372,7 +372,7 @@ static const enum machine_registers deco
+ REG_BL0, REG_BL1, REG_BL2, REG_BL3, REG_LL0, REG_LL1, REG_LL2, REG_LL3,
+ };
+
+-#define regs_lo(x, i) REGNAME (decode_regs_lo[((i) << 3) | (x)])
++#define regs_lo(x, i) REGNAME (decode_regs_lo[(((i) << 3) | (x)) & 31])
+
+ /* [dregs pregs (iregs mregs) (bregs lregs) High Half]. */
+ static const enum machine_registers decode_regs_hi[] =
+@@ -383,7 +383,7 @@ static const enum machine_registers deco
+ REG_BH0, REG_BH1, REG_BH2, REG_BH3, REG_LH0, REG_LH1, REG_LH2, REG_LH3,
+ };
+
+-#define regs_hi(x, i) REGNAME (decode_regs_hi[((i) << 3) | (x)])
++#define regs_hi(x, i) REGNAME (decode_regs_hi[(((i) << 3) | (x)) & 31])
+
+ static const enum machine_registers decode_statbits[] =
+ {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
new file mode 100644
index 0000000..fe8fa69
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
@@ -0,0 +1,247 @@
+From db5fa770268baf8cc82cf9b141d69799fd485fe2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 13:35:06 +0100
+Subject: [PATCH] Fix address violation problems when disassembling a corrupt
+ RX binary.
+
+ PR binutils/21587
+ * rx-decode.opc: Include libiberty.h
+ (GET_SCALE): New macro - validates access to SCALE array.
+ (GET_PSCALE): New macro - validates access to PSCALE array.
+ (DIs, SIs, S2Is, rx_disp): Use new macros.
+ * rx-decode.c: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9750
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog | 9 +++++++++
+ opcodes/rx-decode.c | 24 ++++++++++++++----------
+ opcodes/rx-decode.opc | 24 ++++++++++++++----------
+ 3 files changed, 37 insertions(+), 20 deletions(-)
+
+Index: git/opcodes/rx-decode.c
+===================================================================
+--- git.orig/opcodes/rx-decode.c
++++ git/opcodes/rx-decode.c
+@@ -27,6 +27,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -45,7 +46,7 @@ static int trace = 0;
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -53,7 +54,7 @@ static int bwl[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -61,7 +62,7 @@ static int sbwl[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -69,7 +70,7 @@ static int ubw[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -89,6 +90,9 @@ static int SCALE[] = { 1, 2, 4, 0 };
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -107,7 +111,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -115,7 +119,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -124,7 +128,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -211,7 +215,7 @@ immediate (int sfield, int ex, LocalData
+ }
+
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
++rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+ int disp;
+
+@@ -228,7 +232,7 @@ rx_disp (int n, int type, int reg, int s
+ case 1:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+ disp = GETBYTE ();
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ case 2:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -238,7 +242,7 @@ rx_disp (int n, int type, int reg, int s
+ #else
+ disp = disp + GETBYTE () * 256;
+ #endif
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ default:
+ abort ();
+Index: git/opcodes/rx-decode.opc
+===================================================================
+--- git.orig/opcodes/rx-decode.opc
++++ git/opcodes/rx-decode.opc
+@@ -26,6 +26,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -44,7 +45,7 @@ static int trace = 0;
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -52,7 +53,7 @@ static int bwl[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -60,7 +61,7 @@ static int sbwl[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -68,7 +69,7 @@ static int ubw[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -88,6 +89,9 @@ static int SCALE[] = { 1, 2, 4, 0 };
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -106,7 +110,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -114,7 +118,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -123,7 +127,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -210,7 +214,7 @@ immediate (int sfield, int ex, LocalData
+ }
+
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
++rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+ int disp;
+
+@@ -227,7 +231,7 @@ rx_disp (int n, int type, int reg, int s
+ case 1:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+ disp = GETBYTE ();
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ case 2:
+ ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -237,7 +241,7 @@ rx_disp (int n, int type, int reg, int s
+ #else
+ disp = disp + GETBYTE () * 256;
+ #endif
+- ld->rx->op[n].addend = disp * PSCALE[size];
++ ld->rx->op[n].addend = disp * GET_PSCALE (size);
+ break;
+ default:
+ abort ();
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
new file mode 100644
index 0000000..d7c18cf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
@@ -0,0 +1,3748 @@
+From 63323b5b23bd83fa7b04ea00dff593c933e9b0e3 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 12:37:01 +0100
+Subject: [PATCH] Fix address violation when disassembling a corrupt RL78
+ binary.
+
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
+ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
+ array.
+ * rl78-decode.c: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9751
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog | 9 +
+ opcodes/rl78-decode.c | 820 ++++++++++++++++++++++++------------------------
+ opcodes/rl78-decode.opc | 6 +-
+ 3 files changed, 424 insertions(+), 411 deletions(-)
+
+diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
+index 34b1844..c77f00a 100644
+--- a/opcodes/ChangeLog
++++ b/opcodes/ChangeLog
+@@ -1,5 +1,14 @@
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21588
++ * rl78-decode.opc (OP_BUF_LEN): Define.
++ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
++ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
++ array.
++ * rl78-decode.c: Regenerate.
++
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21586
+ * bfin-dis.c (gregs): Clip index to prevent overflow.
+ (regs): Likewise.
+diff --git a/opcodes/rl78-decode.c b/opcodes/rl78-decode.c
+index d0566ea..b2d4bd6 100644
+--- a/opcodes/rl78-decode.c
++++ b/opcodes/rl78-decode.c
+@@ -51,7 +51,9 @@ typedef struct
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -169,7 +171,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld = &lds;
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+@@ -201,7 +203,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("nop");
+-#line 911 "rl78-decode.opc"
++#line 913 "rl78-decode.opc"
+ ID(nop);
+
+ /*----------------------------------------------------------------------*/
+@@ -214,7 +216,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x07:
+ {
+ /** 0000 0rw1 addw %0, %1 */
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -224,7 +226,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("addw %0, %1");
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -239,7 +241,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addw %0, %e!1");
+-#line 265 "rl78-decode.opc"
++#line 267 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -254,7 +256,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addw %0, #%1");
+-#line 271 "rl78-decode.opc"
++#line 273 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -269,7 +271,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addw %0, %1");
+-#line 277 "rl78-decode.opc"
++#line 279 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ }
+@@ -284,7 +286,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xch a, x");
+-#line 1234 "rl78-decode.opc"
++#line 1236 "rl78-decode.opc"
+ ID(xch); DR(A); SR(X);
+
+ /*----------------------------------------------------------------------*/
+@@ -301,7 +303,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 678 "rl78-decode.opc"
++#line 680 "rl78-decode.opc"
+ ID(mov); DR(A); SM(B, IMMU(2));
+
+ }
+@@ -316,7 +318,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("add %0, #%1");
+-#line 228 "rl78-decode.opc"
++#line 230 "rl78-decode.opc"
+ ID(add); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -333,7 +335,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("add %0, %1");
+-#line 222 "rl78-decode.opc"
++#line 224 "rl78-decode.opc"
+ ID(add); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -348,7 +350,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("add %0, #%1");
+-#line 216 "rl78-decode.opc"
++#line 218 "rl78-decode.opc"
+ ID(add); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -363,7 +365,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 204 "rl78-decode.opc"
++#line 206 "rl78-decode.opc"
+ ID(add); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -378,7 +380,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("add %0, %ea1");
+-#line 210 "rl78-decode.opc"
++#line 212 "rl78-decode.opc"
+ ID(add); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -393,7 +395,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("add %0, %e!1");
+-#line 201 "rl78-decode.opc"
++#line 203 "rl78-decode.opc"
+ ID(add); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -408,7 +410,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addw %0, #%1");
+-#line 280 "rl78-decode.opc"
++#line 282 "rl78-decode.opc"
+ ID(add); W(); DR(SP); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -425,7 +427,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("es:");
+-#line 193 "rl78-decode.opc"
++#line 195 "rl78-decode.opc"
+ DE(); SE();
+ op ++;
+ pc ++;
+@@ -440,7 +442,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x16:
+ {
+ /** 0001 0ra0 movw %0, %1 */
+-#line 859 "rl78-decode.opc"
++#line 861 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -450,7 +452,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 859 "rl78-decode.opc"
++#line 861 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SR(AX);
+
+ }
+@@ -460,7 +462,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x17:
+ {
+ /** 0001 0ra1 movw %0, %1 */
+-#line 856 "rl78-decode.opc"
++#line 858 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -470,7 +472,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 856 "rl78-decode.opc"
++#line 858 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SRW(ra);
+
+ }
+@@ -485,7 +487,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 729 "rl78-decode.opc"
++#line 731 "rl78-decode.opc"
+ ID(mov); DM(B, IMMU(2)); SR(A);
+
+ }
+@@ -500,7 +502,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 726 "rl78-decode.opc"
++#line 728 "rl78-decode.opc"
+ ID(mov); DM(B, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -515,7 +517,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addc %0, #%1");
+-#line 260 "rl78-decode.opc"
++#line 262 "rl78-decode.opc"
+ ID(addc); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -532,7 +534,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addc %0, %1");
+-#line 257 "rl78-decode.opc"
++#line 259 "rl78-decode.opc"
+ ID(addc); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -547,7 +549,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addc %0, #%1");
+-#line 248 "rl78-decode.opc"
++#line 250 "rl78-decode.opc"
+ ID(addc); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -562,7 +564,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 236 "rl78-decode.opc"
++#line 238 "rl78-decode.opc"
+ ID(addc); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -577,7 +579,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addc %0, %ea1");
+-#line 245 "rl78-decode.opc"
++#line 247 "rl78-decode.opc"
+ ID(addc); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -592,7 +594,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addc %0, %e!1");
+-#line 233 "rl78-decode.opc"
++#line 235 "rl78-decode.opc"
+ ID(addc); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -607,7 +609,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subw %0, #%1");
+-#line 1198 "rl78-decode.opc"
++#line 1200 "rl78-decode.opc"
+ ID(sub); W(); DR(SP); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -620,7 +622,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x27:
+ {
+ /** 0010 0rw1 subw %0, %1 */
+-#line 1192 "rl78-decode.opc"
++#line 1194 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -630,7 +632,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("subw %0, %1");
+-#line 1192 "rl78-decode.opc"
++#line 1194 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -645,7 +647,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subw %0, %e!1");
+-#line 1183 "rl78-decode.opc"
++#line 1185 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -660,7 +662,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subw %0, #%1");
+-#line 1189 "rl78-decode.opc"
++#line 1191 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -675,7 +677,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subw %0, %1");
+-#line 1195 "rl78-decode.opc"
++#line 1197 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ }
+@@ -690,7 +692,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 741 "rl78-decode.opc"
++#line 743 "rl78-decode.opc"
+ ID(mov); DM(C, IMMU(2)); SR(A);
+
+ }
+@@ -705,7 +707,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 684 "rl78-decode.opc"
++#line 686 "rl78-decode.opc"
+ ID(mov); DR(A); SM(C, IMMU(2));
+
+ }
+@@ -720,7 +722,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("sub %0, #%1");
+-#line 1146 "rl78-decode.opc"
++#line 1148 "rl78-decode.opc"
+ ID(sub); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -737,7 +739,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1140 "rl78-decode.opc"
++#line 1142 "rl78-decode.opc"
+ ID(sub); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -752,7 +754,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("sub %0, #%1");
+-#line 1134 "rl78-decode.opc"
++#line 1136 "rl78-decode.opc"
+ ID(sub); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -767,7 +769,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1122 "rl78-decode.opc"
++#line 1124 "rl78-decode.opc"
+ ID(sub); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -782,7 +784,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("sub %0, %ea1");
+-#line 1128 "rl78-decode.opc"
++#line 1130 "rl78-decode.opc"
+ ID(sub); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -797,7 +799,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("sub %0, %e!1");
+-#line 1119 "rl78-decode.opc"
++#line 1121 "rl78-decode.opc"
+ ID(sub); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -808,7 +810,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x36:
+ {
+ /** 0011 0rg0 movw %0, #%1 */
+-#line 853 "rl78-decode.opc"
++#line 855 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -818,7 +820,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("movw %0, #%1");
+-#line 853 "rl78-decode.opc"
++#line 855 "rl78-decode.opc"
+ ID(mov); W(); DRW(rg); SC(IMMU(2));
+
+ }
+@@ -830,7 +832,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x00:
+ {
+ /** 0011 0001 0bit 0000 btclr %s1, $%a0 */
+-#line 416 "rl78-decode.opc"
++#line 418 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -840,7 +842,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %s1, $%a0");
+-#line 416 "rl78-decode.opc"
++#line 418 "rl78-decode.opc"
+ ID(branch_cond_clear); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ /*----------------------------------------------------------------------*/
+@@ -850,7 +852,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x01:
+ {
+ /** 0011 0001 0bit 0001 btclr %1, $%a0 */
+-#line 410 "rl78-decode.opc"
++#line 412 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -860,7 +862,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %1, $%a0");
+-#line 410 "rl78-decode.opc"
++#line 412 "rl78-decode.opc"
+ ID(branch_cond_clear); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(T);
+
+ }
+@@ -868,7 +870,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x02:
+ {
+ /** 0011 0001 0bit 0010 bt %s1, $%a0 */
+-#line 402 "rl78-decode.opc"
++#line 404 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -878,7 +880,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %s1, $%a0");
+-#line 402 "rl78-decode.opc"
++#line 404 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ /*----------------------------------------------------------------------*/
+@@ -888,7 +890,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x03:
+ {
+ /** 0011 0001 0bit 0011 bt %1, $%a0 */
+-#line 396 "rl78-decode.opc"
++#line 398 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -898,7 +900,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %1, $%a0");
+-#line 396 "rl78-decode.opc"
++#line 398 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(T);
+
+ }
+@@ -906,7 +908,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x04:
+ {
+ /** 0011 0001 0bit 0100 bf %s1, $%a0 */
+-#line 363 "rl78-decode.opc"
++#line 365 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -916,7 +918,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %s1, $%a0");
+-#line 363 "rl78-decode.opc"
++#line 365 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SADDR); SB(bit); DC(pc+IMMS(1)+4); COND(F);
+
+ /*----------------------------------------------------------------------*/
+@@ -926,7 +928,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x05:
+ {
+ /** 0011 0001 0bit 0101 bf %1, $%a0 */
+-#line 357 "rl78-decode.opc"
++#line 359 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -936,7 +938,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %1, $%a0");
+-#line 357 "rl78-decode.opc"
++#line 359 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(A); SB(bit); COND(F);
+
+ }
+@@ -944,7 +946,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x07:
+ {
+ /** 0011 0001 0cnt 0111 shl %0, %1 */
+-#line 1075 "rl78-decode.opc"
++#line 1077 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -954,7 +956,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1075 "rl78-decode.opc"
++#line 1077 "rl78-decode.opc"
+ ID(shl); DR(C); SC(cnt);
+
+ }
+@@ -962,7 +964,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x08:
+ {
+ /** 0011 0001 0cnt 1000 shl %0, %1 */
+-#line 1072 "rl78-decode.opc"
++#line 1074 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -972,7 +974,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1072 "rl78-decode.opc"
++#line 1074 "rl78-decode.opc"
+ ID(shl); DR(B); SC(cnt);
+
+ }
+@@ -980,7 +982,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x09:
+ {
+ /** 0011 0001 0cnt 1001 shl %0, %1 */
+-#line 1069 "rl78-decode.opc"
++#line 1071 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -990,7 +992,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shl %0, %1");
+-#line 1069 "rl78-decode.opc"
++#line 1071 "rl78-decode.opc"
+ ID(shl); DR(A); SC(cnt);
+
+ }
+@@ -998,7 +1000,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x0a:
+ {
+ /** 0011 0001 0cnt 1010 shr %0, %1 */
+-#line 1086 "rl78-decode.opc"
++#line 1088 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1008,7 +1010,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("shr %0, %1");
+-#line 1086 "rl78-decode.opc"
++#line 1088 "rl78-decode.opc"
+ ID(shr); DR(A); SC(cnt);
+
+ }
+@@ -1016,7 +1018,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x0b:
+ {
+ /** 0011 0001 0cnt 1011 sar %0, %1 */
+-#line 1033 "rl78-decode.opc"
++#line 1035 "rl78-decode.opc"
+ int cnt AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1026,7 +1028,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" cnt = 0x%x\n", cnt);
+ }
+ SYNTAX("sar %0, %1");
+-#line 1033 "rl78-decode.opc"
++#line 1035 "rl78-decode.opc"
+ ID(sar); DR(A); SC(cnt);
+
+ }
+@@ -1035,7 +1037,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x8c:
+ {
+ /** 0011 0001 wcnt 1100 shlw %0, %1 */
+-#line 1081 "rl78-decode.opc"
++#line 1083 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1045,7 +1047,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shlw %0, %1");
+-#line 1081 "rl78-decode.opc"
++#line 1083 "rl78-decode.opc"
+ ID(shl); W(); DR(BC); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1056,7 +1058,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x8d:
+ {
+ /** 0011 0001 wcnt 1101 shlw %0, %1 */
+-#line 1078 "rl78-decode.opc"
++#line 1080 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1066,7 +1068,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shlw %0, %1");
+-#line 1078 "rl78-decode.opc"
++#line 1080 "rl78-decode.opc"
+ ID(shl); W(); DR(AX); SC(wcnt);
+
+ }
+@@ -1075,7 +1077,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x8e:
+ {
+ /** 0011 0001 wcnt 1110 shrw %0, %1 */
+-#line 1089 "rl78-decode.opc"
++#line 1091 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1085,7 +1087,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("shrw %0, %1");
+-#line 1089 "rl78-decode.opc"
++#line 1091 "rl78-decode.opc"
+ ID(shr); W(); DR(AX); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1096,7 +1098,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x8f:
+ {
+ /** 0011 0001 wcnt 1111 sarw %0, %1 */
+-#line 1036 "rl78-decode.opc"
++#line 1038 "rl78-decode.opc"
+ int wcnt AU = (op[1] >> 4) & 0x0f;
+ if (trace)
+ {
+@@ -1106,7 +1108,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" wcnt = 0x%x\n", wcnt);
+ }
+ SYNTAX("sarw %0, %1");
+-#line 1036 "rl78-decode.opc"
++#line 1038 "rl78-decode.opc"
+ ID(sar); W(); DR(AX); SC(wcnt);
+
+ /*----------------------------------------------------------------------*/
+@@ -1116,7 +1118,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x80:
+ {
+ /** 0011 0001 1bit 0000 btclr %s1, $%a0 */
+-#line 413 "rl78-decode.opc"
++#line 415 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1126,7 +1128,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %s1, $%a0");
+-#line 413 "rl78-decode.opc"
++#line 415 "rl78-decode.opc"
+ ID(branch_cond_clear); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ }
+@@ -1134,7 +1136,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x81:
+ {
+ /** 0011 0001 1bit 0001 btclr %e1, $%a0 */
+-#line 407 "rl78-decode.opc"
++#line 409 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1144,7 +1146,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("btclr %e1, $%a0");
+-#line 407 "rl78-decode.opc"
++#line 409 "rl78-decode.opc"
+ ID(branch_cond_clear); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(T);
+
+ }
+@@ -1152,7 +1154,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x82:
+ {
+ /** 0011 0001 1bit 0010 bt %s1, $%a0 */
+-#line 399 "rl78-decode.opc"
++#line 401 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1162,7 +1164,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %s1, $%a0");
+-#line 399 "rl78-decode.opc"
++#line 401 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(T);
+
+ }
+@@ -1170,7 +1172,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x83:
+ {
+ /** 0011 0001 1bit 0011 bt %e1, $%a0 */
+-#line 393 "rl78-decode.opc"
++#line 395 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1180,7 +1182,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bt %e1, $%a0");
+-#line 393 "rl78-decode.opc"
++#line 395 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(T);
+
+ }
+@@ -1188,7 +1190,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x84:
+ {
+ /** 0011 0001 1bit 0100 bf %s1, $%a0 */
+-#line 360 "rl78-decode.opc"
++#line 362 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1198,7 +1200,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %s1, $%a0");
+-#line 360 "rl78-decode.opc"
++#line 362 "rl78-decode.opc"
+ ID(branch_cond); SM(None, SFR); SB(bit); DC(pc+IMMS(1)+4); COND(F);
+
+ }
+@@ -1206,7 +1208,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x85:
+ {
+ /** 0011 0001 1bit 0101 bf %e1, $%a0 */
+-#line 354 "rl78-decode.opc"
++#line 356 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -1216,7 +1218,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("bf %e1, $%a0");
+-#line 354 "rl78-decode.opc"
++#line 356 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SM(HL,0); SB(bit); COND(F);
+
+ }
+@@ -1229,7 +1231,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x37:
+ {
+ /** 0011 0ra1 xchw %0, %1 */
+-#line 1239 "rl78-decode.opc"
++#line 1241 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -1239,7 +1241,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("xchw %0, %1");
+-#line 1239 "rl78-decode.opc"
++#line 1241 "rl78-decode.opc"
+ ID(xch); W(); DR(AX); SRW(ra);
+
+ /*----------------------------------------------------------------------*/
+@@ -1256,7 +1258,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 738 "rl78-decode.opc"
++#line 740 "rl78-decode.opc"
+ ID(mov); DM(C, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -1271,7 +1273,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, #%1");
+-#line 732 "rl78-decode.opc"
++#line 734 "rl78-decode.opc"
+ ID(mov); DM(BC, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -1286,7 +1288,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subc %0, #%1");
+-#line 1178 "rl78-decode.opc"
++#line 1180 "rl78-decode.opc"
+ ID(subc); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1303,7 +1305,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1175 "rl78-decode.opc"
++#line 1177 "rl78-decode.opc"
+ ID(subc); DR(A); SM(None, SADDR); Fzac;
+
+ }
+@@ -1318,7 +1320,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subc %0, #%1");
+-#line 1166 "rl78-decode.opc"
++#line 1168 "rl78-decode.opc"
+ ID(subc); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1333,7 +1335,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1154 "rl78-decode.opc"
++#line 1156 "rl78-decode.opc"
+ ID(subc); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -1348,7 +1350,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subc %0, %ea1");
+-#line 1163 "rl78-decode.opc"
++#line 1165 "rl78-decode.opc"
+ ID(subc); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1363,7 +1365,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("subc %0, %e!1");
+-#line 1151 "rl78-decode.opc"
++#line 1153 "rl78-decode.opc"
+ ID(subc); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1378,7 +1380,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %e!0, #%1");
+-#line 480 "rl78-decode.opc"
++#line 482 "rl78-decode.opc"
+ ID(cmp); DM(None, IMMU(2)); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1393,7 +1395,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 717 "rl78-decode.opc"
++#line 719 "rl78-decode.opc"
+ ID(mov); DR(ES); SC(IMMU(1));
+
+ }
+@@ -1408,7 +1410,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmpw %0, %e!1");
+-#line 531 "rl78-decode.opc"
++#line 533 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1418,7 +1420,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x47:
+ {
+ /** 0100 0ra1 cmpw %0, %1 */
+-#line 540 "rl78-decode.opc"
++#line 542 "rl78-decode.opc"
+ int ra AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -1428,7 +1430,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("cmpw %0, %1");
+-#line 540 "rl78-decode.opc"
++#line 542 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SRW(ra); Fzac;
+
+ }
+@@ -1443,7 +1445,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmpw %0, #%1");
+-#line 537 "rl78-decode.opc"
++#line 539 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SC(IMMU(2)); Fzac;
+
+ }
+@@ -1458,7 +1460,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmpw %0, %1");
+-#line 543 "rl78-decode.opc"
++#line 545 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(None, SADDR); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1475,7 +1477,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 735 "rl78-decode.opc"
++#line 737 "rl78-decode.opc"
+ ID(mov); DM(BC, IMMU(2)); SR(A);
+
+ }
+@@ -1490,7 +1492,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 681 "rl78-decode.opc"
++#line 683 "rl78-decode.opc"
+ ID(mov); DR(A); SM(BC, IMMU(2));
+
+ }
+@@ -1505,7 +1507,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %0, #%1");
+-#line 483 "rl78-decode.opc"
++#line 485 "rl78-decode.opc"
+ ID(cmp); DM(None, SADDR); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1520,7 +1522,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 510 "rl78-decode.opc"
++#line 512 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(None, SADDR); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -1537,7 +1539,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %0, #%1");
+-#line 501 "rl78-decode.opc"
++#line 503 "rl78-decode.opc"
+ ID(cmp); DR(A); SC(IMMU(1)); Fzac;
+
+ }
+@@ -1552,7 +1554,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 489 "rl78-decode.opc"
++#line 491 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(HL, 0); Fzac;
+
+ }
+@@ -1567,7 +1569,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %0, %ea1");
+-#line 498 "rl78-decode.opc"
++#line 500 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1582,7 +1584,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp %0, %e!1");
+-#line 486 "rl78-decode.opc"
++#line 488 "rl78-decode.opc"
+ ID(cmp); DR(A); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -1597,7 +1599,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x57:
+ {
+ /** 0101 0reg mov %0, #%1 */
+-#line 669 "rl78-decode.opc"
++#line 671 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -1607,7 +1609,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 669 "rl78-decode.opc"
++#line 671 "rl78-decode.opc"
+ ID(mov); DRB(reg); SC(IMMU(1));
+
+ }
+@@ -1622,7 +1624,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 871 "rl78-decode.opc"
++#line 873 "rl78-decode.opc"
+ ID(mov); W(); DM(B, IMMU(2)); SR(AX);
+
+ }
+@@ -1637,7 +1639,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 862 "rl78-decode.opc"
++#line 864 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(B, IMMU(2));
+
+ }
+@@ -1652,7 +1654,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("and %0, #%1");
+-#line 312 "rl78-decode.opc"
++#line 314 "rl78-decode.opc"
+ ID(and); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -1669,7 +1671,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("and %0, %1");
+-#line 309 "rl78-decode.opc"
++#line 311 "rl78-decode.opc"
+ ID(and); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -1684,7 +1686,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("and %0, #%1");
+-#line 300 "rl78-decode.opc"
++#line 302 "rl78-decode.opc"
+ ID(and); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -1699,7 +1701,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 288 "rl78-decode.opc"
++#line 290 "rl78-decode.opc"
+ ID(and); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -1714,7 +1716,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("and %0, %ea1");
+-#line 294 "rl78-decode.opc"
++#line 296 "rl78-decode.opc"
+ ID(and); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -1729,7 +1731,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("and %0, %e!1");
+-#line 285 "rl78-decode.opc"
++#line 287 "rl78-decode.opc"
+ ID(and); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -1743,7 +1745,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x67:
+ {
+ /** 0110 0rba mov %0, %1 */
+-#line 672 "rl78-decode.opc"
++#line 674 "rl78-decode.opc"
+ int rba AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -1753,7 +1755,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("mov %0, %1");
+-#line 672 "rl78-decode.opc"
++#line 674 "rl78-decode.opc"
+ ID(mov); DR(A); SRB(rba);
+
+ }
+@@ -1772,7 +1774,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x07:
+ {
+ /** 0110 0001 0000 0reg add %0, %1 */
+-#line 225 "rl78-decode.opc"
++#line 227 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1782,7 +1784,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("add %0, %1");
+-#line 225 "rl78-decode.opc"
++#line 227 "rl78-decode.opc"
+ ID(add); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1796,7 +1798,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x0f:
+ {
+ /** 0110 0001 0000 1rba add %0, %1 */
+-#line 219 "rl78-decode.opc"
++#line 221 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1806,7 +1808,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("add %0, %1");
+-#line 219 "rl78-decode.opc"
++#line 221 "rl78-decode.opc"
+ ID(add); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1821,7 +1823,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("addw %0, %ea1");
+-#line 268 "rl78-decode.opc"
++#line 270 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1836,7 +1838,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x17:
+ {
+ /** 0110 0001 0001 0reg addc %0, %1 */
+-#line 254 "rl78-decode.opc"
++#line 256 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1846,7 +1848,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("addc %0, %1");
+-#line 254 "rl78-decode.opc"
++#line 256 "rl78-decode.opc"
+ ID(addc); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1860,7 +1862,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x1f:
+ {
+ /** 0110 0001 0001 1rba addc %0, %1 */
+-#line 251 "rl78-decode.opc"
++#line 253 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1870,7 +1872,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("addc %0, %1");
+-#line 251 "rl78-decode.opc"
++#line 253 "rl78-decode.opc"
+ ID(addc); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1885,7 +1887,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x27:
+ {
+ /** 0110 0001 0010 0reg sub %0, %1 */
+-#line 1143 "rl78-decode.opc"
++#line 1145 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1895,7 +1897,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1143 "rl78-decode.opc"
++#line 1145 "rl78-decode.opc"
+ ID(sub); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1909,7 +1911,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x2f:
+ {
+ /** 0110 0001 0010 1rba sub %0, %1 */
+-#line 1137 "rl78-decode.opc"
++#line 1139 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1919,7 +1921,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("sub %0, %1");
+-#line 1137 "rl78-decode.opc"
++#line 1139 "rl78-decode.opc"
+ ID(sub); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1934,7 +1936,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("subw %0, %ea1");
+-#line 1186 "rl78-decode.opc"
++#line 1188 "rl78-decode.opc"
+ ID(sub); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -1949,7 +1951,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x37:
+ {
+ /** 0110 0001 0011 0reg subc %0, %1 */
+-#line 1172 "rl78-decode.opc"
++#line 1174 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1959,7 +1961,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1172 "rl78-decode.opc"
++#line 1174 "rl78-decode.opc"
+ ID(subc); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -1973,7 +1975,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x3f:
+ {
+ /** 0110 0001 0011 1rba subc %0, %1 */
+-#line 1169 "rl78-decode.opc"
++#line 1171 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -1983,7 +1985,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("subc %0, %1");
+-#line 1169 "rl78-decode.opc"
++#line 1171 "rl78-decode.opc"
+ ID(subc); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -1998,7 +2000,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x47:
+ {
+ /** 0110 0001 0100 0reg cmp %0, %1 */
+-#line 507 "rl78-decode.opc"
++#line 509 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2008,7 +2010,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 507 "rl78-decode.opc"
++#line 509 "rl78-decode.opc"
+ ID(cmp); DRB(reg); SR(A); Fzac;
+
+ }
+@@ -2022,7 +2024,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x4f:
+ {
+ /** 0110 0001 0100 1rba cmp %0, %1 */
+-#line 504 "rl78-decode.opc"
++#line 506 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2032,7 +2034,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("cmp %0, %1");
+-#line 504 "rl78-decode.opc"
++#line 506 "rl78-decode.opc"
+ ID(cmp); DR(A); SRB(rba); Fzac;
+
+ }
+@@ -2047,7 +2049,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("cmpw %0, %ea1");
+-#line 534 "rl78-decode.opc"
++#line 536 "rl78-decode.opc"
+ ID(cmp); W(); DR(AX); SM(HL, IMMU(1)); Fzac;
+
+ }
+@@ -2062,7 +2064,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x57:
+ {
+ /** 0110 0001 0101 0reg and %0, %1 */
+-#line 306 "rl78-decode.opc"
++#line 308 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2072,7 +2074,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("and %0, %1");
+-#line 306 "rl78-decode.opc"
++#line 308 "rl78-decode.opc"
+ ID(and); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2086,7 +2088,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x5f:
+ {
+ /** 0110 0001 0101 1rba and %0, %1 */
+-#line 303 "rl78-decode.opc"
++#line 305 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2096,7 +2098,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("and %0, %1");
+-#line 303 "rl78-decode.opc"
++#line 305 "rl78-decode.opc"
+ ID(and); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2111,7 +2113,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("inc %ea0");
+-#line 584 "rl78-decode.opc"
++#line 586 "rl78-decode.opc"
+ ID(add); DM(HL, IMMU(1)); SC(1); Fza;
+
+ }
+@@ -2126,7 +2128,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x67:
+ {
+ /** 0110 0001 0110 0reg or %0, %1 */
+-#line 961 "rl78-decode.opc"
++#line 963 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2136,7 +2138,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("or %0, %1");
+-#line 961 "rl78-decode.opc"
++#line 963 "rl78-decode.opc"
+ ID(or); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2150,7 +2152,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x6f:
+ {
+ /** 0110 0001 0110 1rba or %0, %1 */
+-#line 958 "rl78-decode.opc"
++#line 960 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2160,7 +2162,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("or %0, %1");
+-#line 958 "rl78-decode.opc"
++#line 960 "rl78-decode.opc"
+ ID(or); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2175,7 +2177,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("dec %ea0");
+-#line 551 "rl78-decode.opc"
++#line 553 "rl78-decode.opc"
+ ID(sub); DM(HL, IMMU(1)); SC(1); Fza;
+
+ }
+@@ -2190,7 +2192,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x77:
+ {
+ /** 0110 0001 0111 0reg xor %0, %1 */
+-#line 1265 "rl78-decode.opc"
++#line 1267 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2200,7 +2202,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1265 "rl78-decode.opc"
++#line 1267 "rl78-decode.opc"
+ ID(xor); DRB(reg); SR(A); Fz;
+
+ }
+@@ -2214,7 +2216,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7f:
+ {
+ /** 0110 0001 0111 1rba xor %0, %1 */
+-#line 1262 "rl78-decode.opc"
++#line 1264 "rl78-decode.opc"
+ int rba AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2224,7 +2226,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1262 "rl78-decode.opc"
++#line 1264 "rl78-decode.opc"
+ ID(xor); DR(A); SRB(rba); Fz;
+
+ }
+@@ -2239,7 +2241,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("incw %ea0");
+-#line 598 "rl78-decode.opc"
++#line 600 "rl78-decode.opc"
+ ID(add); W(); DM(HL, IMMU(1)); SC(1);
+
+ }
+@@ -2255,7 +2257,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 207 "rl78-decode.opc"
++#line 209 "rl78-decode.opc"
+ ID(add); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2270,7 +2272,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("add %0, %e1");
+-#line 213 "rl78-decode.opc"
++#line 215 "rl78-decode.opc"
+ ID(add); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2309,9 +2311,9 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf7:
+ {
+ /** 0110 0001 1nnn 01mm callt [%x0] */
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ int nnn AU = (op[1] >> 4) & 0x07;
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ int mm AU = op[1] & 0x03;
+ if (trace)
+ {
+@@ -2322,7 +2324,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" mm = 0x%x\n", mm);
+ }
+ SYNTAX("callt [%x0]");
+-#line 433 "rl78-decode.opc"
++#line 435 "rl78-decode.opc"
+ ID(call); DM(None, 0x80 + mm*16 + nnn*2);
+
+ /*----------------------------------------------------------------------*/
+@@ -2338,7 +2340,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x8f:
+ {
+ /** 0110 0001 1000 1reg xch %0, %1 */
+-#line 1224 "rl78-decode.opc"
++#line 1226 "rl78-decode.opc"
+ int reg AU = op[1] & 0x07;
+ if (trace)
+ {
+@@ -2348,7 +2350,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("xch %0, %1");
+-#line 1224 "rl78-decode.opc"
++#line 1226 "rl78-decode.opc"
+ /* Note: DECW uses reg == X, so this must follow DECW */
+ ID(xch); DR(A); SRB(reg);
+
+@@ -2364,7 +2366,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("decw %ea0");
+-#line 565 "rl78-decode.opc"
++#line 567 "rl78-decode.opc"
+ ID(sub); W(); DM(HL, IMMU(1)); SC(1);
+
+ }
+@@ -2379,7 +2381,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 239 "rl78-decode.opc"
++#line 241 "rl78-decode.opc"
+ ID(addc); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2394,7 +2396,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("addc %0, %e1");
+-#line 242 "rl78-decode.opc"
++#line 244 "rl78-decode.opc"
+ ID(addc); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2410,7 +2412,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1125 "rl78-decode.opc"
++#line 1127 "rl78-decode.opc"
+ ID(sub); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2425,7 +2427,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sub %0, %e1");
+-#line 1131 "rl78-decode.opc"
++#line 1133 "rl78-decode.opc"
+ ID(sub); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2440,7 +2442,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %1");
+-#line 1228 "rl78-decode.opc"
++#line 1230 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, SADDR);
+
+ }
+@@ -2455,7 +2457,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1221 "rl78-decode.opc"
++#line 1223 "rl78-decode.opc"
+ ID(xch); DR(A); SM2(HL, C, 0);
+
+ }
+@@ -2470,7 +2472,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e!1");
+-#line 1203 "rl78-decode.opc"
++#line 1205 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, IMMU(2));
+
+ }
+@@ -2485,7 +2487,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %s1");
+-#line 1231 "rl78-decode.opc"
++#line 1233 "rl78-decode.opc"
+ ID(xch); DR(A); SM(None, SFR);
+
+ }
+@@ -2500,7 +2502,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1212 "rl78-decode.opc"
++#line 1214 "rl78-decode.opc"
+ ID(xch); DR(A); SM(HL, 0);
+
+ }
+@@ -2515,7 +2517,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %ea1");
+-#line 1218 "rl78-decode.opc"
++#line 1220 "rl78-decode.opc"
+ ID(xch); DR(A); SM(HL, IMMU(1));
+
+ }
+@@ -2530,7 +2532,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1206 "rl78-decode.opc"
++#line 1208 "rl78-decode.opc"
+ ID(xch); DR(A); SM(DE, 0);
+
+ }
+@@ -2545,7 +2547,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %ea1");
+-#line 1209 "rl78-decode.opc"
++#line 1211 "rl78-decode.opc"
+ ID(xch); DR(A); SM(DE, IMMU(1));
+
+ }
+@@ -2560,7 +2562,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1157 "rl78-decode.opc"
++#line 1159 "rl78-decode.opc"
+ ID(subc); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2575,7 +2577,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("subc %0, %e1");
+-#line 1160 "rl78-decode.opc"
++#line 1162 "rl78-decode.opc"
+ ID(subc); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2590,7 +2592,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 723 "rl78-decode.opc"
++#line 725 "rl78-decode.opc"
+ ID(mov); DR(ES); SM(None, SADDR);
+
+ }
+@@ -2605,7 +2607,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xch %0, %e1");
+-#line 1215 "rl78-decode.opc"
++#line 1217 "rl78-decode.opc"
+ ID(xch); DR(A); SM2(HL, B, 0);
+
+ }
+@@ -2620,7 +2622,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 492 "rl78-decode.opc"
++#line 494 "rl78-decode.opc"
+ ID(cmp); DR(A); SM2(HL, B, 0); Fzac;
+
+ }
+@@ -2635,7 +2637,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("cmp %0, %e1");
+-#line 495 "rl78-decode.opc"
++#line 497 "rl78-decode.opc"
+ ID(cmp); DR(A); SM2(HL, C, 0); Fzac;
+
+ }
+@@ -2650,7 +2652,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("bh $%a0");
+-#line 340 "rl78-decode.opc"
++#line 342 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(None); COND(H);
+
+ }
+@@ -2665,7 +2667,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1094 "rl78-decode.opc"
++#line 1096 "rl78-decode.opc"
+ ID(skip); COND(C);
+
+ }
+@@ -2680,7 +2682,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 660 "rl78-decode.opc"
++#line 662 "rl78-decode.opc"
+ ID(mov); DR(A); SM2(HL, B, 0);
+
+ }
+@@ -2691,7 +2693,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfa:
+ {
+ /** 0110 0001 11rg 1010 call %0 */
+-#line 430 "rl78-decode.opc"
++#line 432 "rl78-decode.opc"
+ int rg AU = (op[1] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -2701,7 +2703,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("call %0");
+-#line 430 "rl78-decode.opc"
++#line 432 "rl78-decode.opc"
+ ID(call); DRW(rg);
+
+ }
+@@ -2716,7 +2718,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("br ax");
+-#line 380 "rl78-decode.opc"
++#line 382 "rl78-decode.opc"
+ ID(branch); DR(AX);
+
+ /*----------------------------------------------------------------------*/
+@@ -2733,7 +2735,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("brk");
+-#line 388 "rl78-decode.opc"
++#line 390 "rl78-decode.opc"
+ ID(break);
+
+ /*----------------------------------------------------------------------*/
+@@ -2750,7 +2752,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("pop %s0");
+-#line 989 "rl78-decode.opc"
++#line 991 "rl78-decode.opc"
+ ID(mov); W(); DR(PSW); SPOP();
+
+ /*----------------------------------------------------------------------*/
+@@ -2767,7 +2769,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("movs %ea0, %1");
+-#line 811 "rl78-decode.opc"
++#line 813 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SR(X); Fzc;
+
+ /*----------------------------------------------------------------------*/
+@@ -2780,7 +2782,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xff:
+ {
+ /** 0110 0001 11rb 1111 sel rb%1 */
+-#line 1041 "rl78-decode.opc"
++#line 1043 "rl78-decode.opc"
+ int rb AU = (op[1] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -2790,7 +2792,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rb = 0x%x\n", rb);
+ }
+ SYNTAX("sel rb%1");
+-#line 1041 "rl78-decode.opc"
++#line 1043 "rl78-decode.opc"
+ ID(sel); SC(rb);
+
+ /*----------------------------------------------------------------------*/
+@@ -2807,7 +2809,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 291 "rl78-decode.opc"
++#line 293 "rl78-decode.opc"
+ ID(and); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -2822,7 +2824,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("and %0, %e1");
+-#line 297 "rl78-decode.opc"
++#line 299 "rl78-decode.opc"
+ ID(and); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -2837,7 +2839,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("bnh $%a0");
+-#line 343 "rl78-decode.opc"
++#line 345 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+3); SR(None); COND(NH);
+
+ }
+@@ -2852,7 +2854,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1100 "rl78-decode.opc"
++#line 1102 "rl78-decode.opc"
+ ID(skip); COND(NC);
+
+ }
+@@ -2867,7 +2869,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 627 "rl78-decode.opc"
++#line 629 "rl78-decode.opc"
+ ID(mov); DM2(HL, B, 0); SR(A);
+
+ }
+@@ -2882,7 +2884,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("ror %0, %1");
+-#line 1022 "rl78-decode.opc"
++#line 1024 "rl78-decode.opc"
+ ID(ror); DR(A); SC(1);
+
+ }
+@@ -2897,7 +2899,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("rolc %0, %1");
+-#line 1016 "rl78-decode.opc"
++#line 1018 "rl78-decode.opc"
+ ID(rolc); DR(A); SC(1);
+
+ }
+@@ -2912,7 +2914,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("push %s1");
+-#line 997 "rl78-decode.opc"
++#line 999 "rl78-decode.opc"
+ ID(mov); W(); DPUSH(); SR(PSW);
+
+ /*----------------------------------------------------------------------*/
+@@ -2929,7 +2931,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("cmps %0, %ea1");
+-#line 526 "rl78-decode.opc"
++#line 528 "rl78-decode.opc"
+ ID(cmp); DR(X); SM(HL, IMMU(1)); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -2946,7 +2948,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 946 "rl78-decode.opc"
++#line 948 "rl78-decode.opc"
+ ID(or); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -2961,7 +2963,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 952 "rl78-decode.opc"
++#line 954 "rl78-decode.opc"
+ ID(or); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -2976,7 +2978,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1097 "rl78-decode.opc"
++#line 1099 "rl78-decode.opc"
+ ID(skip); COND(H);
+
+ }
+@@ -2991,7 +2993,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1109 "rl78-decode.opc"
++#line 1111 "rl78-decode.opc"
+ ID(skip); COND(Z);
+
+ /*----------------------------------------------------------------------*/
+@@ -3008,7 +3010,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 663 "rl78-decode.opc"
++#line 665 "rl78-decode.opc"
+ ID(mov); DR(A); SM2(HL, C, 0);
+
+ }
+@@ -3023,7 +3025,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("rol %0, %1");
+-#line 1013 "rl78-decode.opc"
++#line 1015 "rl78-decode.opc"
+ ID(rol); DR(A); SC(1);
+
+ }
+@@ -3038,7 +3040,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("retb");
+-#line 1008 "rl78-decode.opc"
++#line 1010 "rl78-decode.opc"
+ ID(reti);
+
+ /*----------------------------------------------------------------------*/
+@@ -3055,7 +3057,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("halt");
+-#line 576 "rl78-decode.opc"
++#line 578 "rl78-decode.opc"
+ ID(halt);
+
+ /*----------------------------------------------------------------------*/
+@@ -3066,7 +3068,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfe:
+ {
+ /** 0110 0001 111r 1110 rolwc %0, %1 */
+-#line 1019 "rl78-decode.opc"
++#line 1021 "rl78-decode.opc"
+ int r AU = (op[1] >> 4) & 0x01;
+ if (trace)
+ {
+@@ -3076,7 +3078,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" r = 0x%x\n", r);
+ }
+ SYNTAX("rolwc %0, %1");
+-#line 1019 "rl78-decode.opc"
++#line 1021 "rl78-decode.opc"
+ ID(rolc); W(); DRW(r); SC(1);
+
+ }
+@@ -3091,7 +3093,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1250 "rl78-decode.opc"
++#line 1252 "rl78-decode.opc"
+ ID(xor); DR(A); SM2(HL, B, 0); Fz;
+
+ }
+@@ -3106,7 +3108,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1256 "rl78-decode.opc"
++#line 1258 "rl78-decode.opc"
+ ID(xor); DR(A); SM2(HL, C, 0); Fz;
+
+ }
+@@ -3121,7 +3123,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1103 "rl78-decode.opc"
++#line 1105 "rl78-decode.opc"
+ ID(skip); COND(NH);
+
+ }
+@@ -3136,7 +3138,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("sk%c1");
+-#line 1106 "rl78-decode.opc"
++#line 1108 "rl78-decode.opc"
+ ID(skip); COND(NZ);
+
+ }
+@@ -3151,7 +3153,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 636 "rl78-decode.opc"
++#line 638 "rl78-decode.opc"
+ ID(mov); DM2(HL, C, 0); SR(A);
+
+ }
+@@ -3166,7 +3168,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("rorc %0, %1");
+-#line 1025 "rl78-decode.opc"
++#line 1027 "rl78-decode.opc"
+ ID(rorc); DR(A); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -3186,7 +3188,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("reti");
+-#line 1005 "rl78-decode.opc"
++#line 1007 "rl78-decode.opc"
+ ID(reti);
+
+ }
+@@ -3201,7 +3203,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("stop");
+-#line 1114 "rl78-decode.opc"
++#line 1116 "rl78-decode.opc"
+ ID(stop);
+
+ /*----------------------------------------------------------------------*/
+@@ -3221,7 +3223,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 874 "rl78-decode.opc"
++#line 876 "rl78-decode.opc"
+ ID(mov); W(); DM(C, IMMU(2)); SR(AX);
+
+ }
+@@ -3236,7 +3238,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 865 "rl78-decode.opc"
++#line 867 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(C, IMMU(2));
+
+ }
+@@ -3251,7 +3253,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("or %0, #%1");
+-#line 967 "rl78-decode.opc"
++#line 969 "rl78-decode.opc"
+ ID(or); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -3268,7 +3270,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("or %0, %1");
+-#line 964 "rl78-decode.opc"
++#line 966 "rl78-decode.opc"
+ ID(or); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -3283,7 +3285,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("or %0, #%1");
+-#line 955 "rl78-decode.opc"
++#line 957 "rl78-decode.opc"
+ ID(or); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -3298,7 +3300,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("or %0, %e1");
+-#line 943 "rl78-decode.opc"
++#line 945 "rl78-decode.opc"
+ ID(or); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -3313,7 +3315,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("or %0, %ea1");
+-#line 949 "rl78-decode.opc"
++#line 951 "rl78-decode.opc"
+ ID(or); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -3328,7 +3330,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("or %0, %e!1");
+-#line 940 "rl78-decode.opc"
++#line 942 "rl78-decode.opc"
+ ID(or); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -3342,7 +3344,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x77:
+ {
+ /** 0111 0rba mov %0, %1 */
+-#line 696 "rl78-decode.opc"
++#line 698 "rl78-decode.opc"
+ int rba AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -3352,7 +3354,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rba = 0x%x\n", rba);
+ }
+ SYNTAX("mov %0, %1");
+-#line 696 "rl78-decode.opc"
++#line 698 "rl78-decode.opc"
+ ID(mov); DRB(rba); SR(A);
+
+ }
+@@ -3371,7 +3373,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x70:
+ {
+ /** 0111 0001 0bit 0000 set1 %e!0 */
+-#line 1046 "rl78-decode.opc"
++#line 1048 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3381,7 +3383,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %e!0");
+-#line 1046 "rl78-decode.opc"
++#line 1048 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); DB(bit); SC(1);
+
+ }
+@@ -3396,7 +3398,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x71:
+ {
+ /** 0111 0001 0bit 0001 mov1 %0, cy */
+-#line 803 "rl78-decode.opc"
++#line 805 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3406,7 +3408,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %0, cy");
+-#line 803 "rl78-decode.opc"
++#line 805 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SCY();
+
+ }
+@@ -3421,7 +3423,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x72:
+ {
+ /** 0111 0001 0bit 0010 set1 %0 */
+-#line 1064 "rl78-decode.opc"
++#line 1066 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3431,7 +3433,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %0");
+-#line 1064 "rl78-decode.opc"
++#line 1066 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -3448,7 +3450,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x73:
+ {
+ /** 0111 0001 0bit 0011 clr1 %0 */
+-#line 456 "rl78-decode.opc"
++#line 458 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3458,7 +3460,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %0");
+-#line 456 "rl78-decode.opc"
++#line 458 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); DB(bit); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -3475,7 +3477,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x74:
+ {
+ /** 0111 0001 0bit 0100 mov1 cy, %1 */
+-#line 797 "rl78-decode.opc"
++#line 799 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3485,7 +3487,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %1");
+-#line 797 "rl78-decode.opc"
++#line 799 "rl78-decode.opc"
+ ID(mov); DCY(); SM(None, SADDR); SB(bit);
+
+ }
+@@ -3500,7 +3502,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x75:
+ {
+ /** 0111 0001 0bit 0101 and1 cy, %s1 */
+-#line 326 "rl78-decode.opc"
++#line 328 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3510,7 +3512,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %s1");
+-#line 326 "rl78-decode.opc"
++#line 328 "rl78-decode.opc"
+ ID(and); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3530,7 +3532,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x76:
+ {
+ /** 0111 0001 0bit 0110 or1 cy, %s1 */
+-#line 981 "rl78-decode.opc"
++#line 983 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3540,7 +3542,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %s1");
+-#line 981 "rl78-decode.opc"
++#line 983 "rl78-decode.opc"
+ ID(or); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3557,7 +3559,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x77:
+ {
+ /** 0111 0001 0bit 0111 xor1 cy, %s1 */
+-#line 1285 "rl78-decode.opc"
++#line 1287 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3567,7 +3569,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %s1");
+-#line 1285 "rl78-decode.opc"
++#line 1287 "rl78-decode.opc"
+ ID(xor); DCY(); SM(None, SADDR); SB(bit);
+
+ /*----------------------------------------------------------------------*/
+@@ -3584,7 +3586,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x78:
+ {
+ /** 0111 0001 0bit 1000 clr1 %e!0 */
+-#line 438 "rl78-decode.opc"
++#line 440 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3594,7 +3596,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %e!0");
+-#line 438 "rl78-decode.opc"
++#line 440 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); DB(bit); SC(0);
+
+ }
+@@ -3609,7 +3611,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x79:
+ {
+ /** 0111 0001 0bit 1001 mov1 %s0, cy */
+-#line 806 "rl78-decode.opc"
++#line 808 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3619,7 +3621,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %s0, cy");
+-#line 806 "rl78-decode.opc"
++#line 808 "rl78-decode.opc"
+ ID(mov); DM(None, SFR); DB(bit); SCY();
+
+ /*----------------------------------------------------------------------*/
+@@ -3636,7 +3638,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7a:
+ {
+ /** 0111 0001 0bit 1010 set1 %s0 */
+-#line 1058 "rl78-decode.opc"
++#line 1060 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3646,7 +3648,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %s0");
+-#line 1058 "rl78-decode.opc"
++#line 1060 "rl78-decode.opc"
+ op0 = SFR;
+ ID(mov); DM(None, op0); DB(bit); SC(1);
+ if (op0 == RL78_SFR_PSW && bit == 7)
+@@ -3664,7 +3666,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7b:
+ {
+ /** 0111 0001 0bit 1011 clr1 %s0 */
+-#line 450 "rl78-decode.opc"
++#line 452 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3674,7 +3676,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %s0");
+-#line 450 "rl78-decode.opc"
++#line 452 "rl78-decode.opc"
+ op0 = SFR;
+ ID(mov); DM(None, op0); DB(bit); SC(0);
+ if (op0 == RL78_SFR_PSW && bit == 7)
+@@ -3692,7 +3694,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7c:
+ {
+ /** 0111 0001 0bit 1100 mov1 cy, %s1 */
+-#line 800 "rl78-decode.opc"
++#line 802 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3702,7 +3704,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %s1");
+-#line 800 "rl78-decode.opc"
++#line 802 "rl78-decode.opc"
+ ID(mov); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3717,7 +3719,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7d:
+ {
+ /** 0111 0001 0bit 1101 and1 cy, %s1 */
+-#line 323 "rl78-decode.opc"
++#line 325 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3727,7 +3729,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %s1");
+-#line 323 "rl78-decode.opc"
++#line 325 "rl78-decode.opc"
+ ID(and); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3742,7 +3744,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7e:
+ {
+ /** 0111 0001 0bit 1110 or1 cy, %s1 */
+-#line 978 "rl78-decode.opc"
++#line 980 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3752,7 +3754,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %s1");
+-#line 978 "rl78-decode.opc"
++#line 980 "rl78-decode.opc"
+ ID(or); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3767,7 +3769,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x7f:
+ {
+ /** 0111 0001 0bit 1111 xor1 cy, %s1 */
+-#line 1282 "rl78-decode.opc"
++#line 1284 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3777,7 +3779,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %s1");
+-#line 1282 "rl78-decode.opc"
++#line 1284 "rl78-decode.opc"
+ ID(xor); DCY(); SM(None, SFR); SB(bit);
+
+ }
+@@ -3792,7 +3794,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("set1 cy");
+-#line 1055 "rl78-decode.opc"
++#line 1057 "rl78-decode.opc"
+ ID(mov); DCY(); SC(1);
+
+ }
+@@ -3807,7 +3809,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf1:
+ {
+ /** 0111 0001 1bit 0001 mov1 %e0, cy */
+-#line 785 "rl78-decode.opc"
++#line 787 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3817,7 +3819,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %e0, cy");
+-#line 785 "rl78-decode.opc"
++#line 787 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SCY();
+
+ }
+@@ -3832,7 +3834,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf2:
+ {
+ /** 0111 0001 1bit 0010 set1 %e0 */
+-#line 1049 "rl78-decode.opc"
++#line 1051 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3842,7 +3844,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %e0");
+-#line 1049 "rl78-decode.opc"
++#line 1051 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SC(1);
+
+ }
+@@ -3857,7 +3859,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf3:
+ {
+ /** 0111 0001 1bit 0011 clr1 %e0 */
+-#line 441 "rl78-decode.opc"
++#line 443 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3867,7 +3869,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %e0");
+-#line 441 "rl78-decode.opc"
++#line 443 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); DB(bit); SC(0);
+
+ }
+@@ -3882,7 +3884,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf4:
+ {
+ /** 0111 0001 1bit 0100 mov1 cy, %e1 */
+-#line 791 "rl78-decode.opc"
++#line 793 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3892,7 +3894,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %e1");
+-#line 791 "rl78-decode.opc"
++#line 793 "rl78-decode.opc"
+ ID(mov); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3907,7 +3909,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf5:
+ {
+ /** 0111 0001 1bit 0101 and1 cy, %e1 */
+-#line 317 "rl78-decode.opc"
++#line 319 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3917,7 +3919,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %e1");
+-#line 317 "rl78-decode.opc"
++#line 319 "rl78-decode.opc"
+ ID(and); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3932,7 +3934,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf6:
+ {
+ /** 0111 0001 1bit 0110 or1 cy, %e1 */
+-#line 972 "rl78-decode.opc"
++#line 974 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3942,7 +3944,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %e1");
+-#line 972 "rl78-decode.opc"
++#line 974 "rl78-decode.opc"
+ ID(or); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3957,7 +3959,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf7:
+ {
+ /** 0111 0001 1bit 0111 xor1 cy, %e1 */
+-#line 1276 "rl78-decode.opc"
++#line 1278 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -3967,7 +3969,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %e1");
+-#line 1276 "rl78-decode.opc"
++#line 1278 "rl78-decode.opc"
+ ID(xor); DCY(); SM(HL, 0); SB(bit);
+
+ }
+@@ -3982,7 +3984,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("clr1 cy");
+-#line 447 "rl78-decode.opc"
++#line 449 "rl78-decode.opc"
+ ID(mov); DCY(); SC(0);
+
+ }
+@@ -3997,7 +3999,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf9:
+ {
+ /** 0111 0001 1bit 1001 mov1 %e0, cy */
+-#line 788 "rl78-decode.opc"
++#line 790 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4007,7 +4009,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 %e0, cy");
+-#line 788 "rl78-decode.opc"
++#line 790 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SCY();
+
+ }
+@@ -4022,7 +4024,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfa:
+ {
+ /** 0111 0001 1bit 1010 set1 %0 */
+-#line 1052 "rl78-decode.opc"
++#line 1054 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4032,7 +4034,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("set1 %0");
+-#line 1052 "rl78-decode.opc"
++#line 1054 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SC(1);
+
+ }
+@@ -4047,7 +4049,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfb:
+ {
+ /** 0111 0001 1bit 1011 clr1 %0 */
+-#line 444 "rl78-decode.opc"
++#line 446 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4057,7 +4059,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("clr1 %0");
+-#line 444 "rl78-decode.opc"
++#line 446 "rl78-decode.opc"
+ ID(mov); DR(A); DB(bit); SC(0);
+
+ }
+@@ -4072,7 +4074,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfc:
+ {
+ /** 0111 0001 1bit 1100 mov1 cy, %e1 */
+-#line 794 "rl78-decode.opc"
++#line 796 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4082,7 +4084,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("mov1 cy, %e1");
+-#line 794 "rl78-decode.opc"
++#line 796 "rl78-decode.opc"
+ ID(mov); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4097,7 +4099,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfd:
+ {
+ /** 0111 0001 1bit 1101 and1 cy, %1 */
+-#line 320 "rl78-decode.opc"
++#line 322 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4107,7 +4109,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("and1 cy, %1");
+-#line 320 "rl78-decode.opc"
++#line 322 "rl78-decode.opc"
+ ID(and); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4122,7 +4124,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfe:
+ {
+ /** 0111 0001 1bit 1110 or1 cy, %1 */
+-#line 975 "rl78-decode.opc"
++#line 977 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4132,7 +4134,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("or1 cy, %1");
+-#line 975 "rl78-decode.opc"
++#line 977 "rl78-decode.opc"
+ ID(or); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4147,7 +4149,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xff:
+ {
+ /** 0111 0001 1bit 1111 xor1 cy, %1 */
+-#line 1279 "rl78-decode.opc"
++#line 1281 "rl78-decode.opc"
+ int bit AU = (op[1] >> 4) & 0x07;
+ if (trace)
+ {
+@@ -4157,7 +4159,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" bit = 0x%x\n", bit);
+ }
+ SYNTAX("xor1 cy, %1");
+-#line 1279 "rl78-decode.opc"
++#line 1281 "rl78-decode.opc"
+ ID(xor); DCY(); SR(A); SB(bit);
+
+ }
+@@ -4172,7 +4174,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0], op[1]);
+ }
+ SYNTAX("not1 cy");
+-#line 916 "rl78-decode.opc"
++#line 918 "rl78-decode.opc"
+ ID(xor); DCY(); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4192,7 +4194,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 877 "rl78-decode.opc"
++#line 879 "rl78-decode.opc"
+ ID(mov); W(); DM(BC, IMMU(2)); SR(AX);
+
+ }
+@@ -4207,7 +4209,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 868 "rl78-decode.opc"
++#line 870 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(BC, IMMU(2));
+
+ }
+@@ -4222,7 +4224,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xor %0, #%1");
+-#line 1271 "rl78-decode.opc"
++#line 1273 "rl78-decode.opc"
+ ID(xor); DM(None, SADDR); SC(IMMU(1)); Fz;
+
+ /*----------------------------------------------------------------------*/
+@@ -4239,7 +4241,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xor %0, %1");
+-#line 1268 "rl78-decode.opc"
++#line 1270 "rl78-decode.opc"
+ ID(xor); DR(A); SM(None, SADDR); Fz;
+
+ }
+@@ -4254,7 +4256,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xor %0, #%1");
+-#line 1259 "rl78-decode.opc"
++#line 1261 "rl78-decode.opc"
+ ID(xor); DR(A); SC(IMMU(1)); Fz;
+
+ }
+@@ -4269,7 +4271,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xor %0, %e1");
+-#line 1247 "rl78-decode.opc"
++#line 1249 "rl78-decode.opc"
+ ID(xor); DR(A); SM(HL, 0); Fz;
+
+ }
+@@ -4284,7 +4286,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xor %0, %ea1");
+-#line 1253 "rl78-decode.opc"
++#line 1255 "rl78-decode.opc"
+ ID(xor); DR(A); SM(HL, IMMU(1)); Fz;
+
+ }
+@@ -4299,7 +4301,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("xor %0, %e!1");
+-#line 1244 "rl78-decode.opc"
++#line 1246 "rl78-decode.opc"
+ ID(xor); DR(A); SM(None, IMMU(2)); Fz;
+
+ }
+@@ -4314,7 +4316,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x87:
+ {
+ /** 1000 0reg inc %0 */
+-#line 587 "rl78-decode.opc"
++#line 589 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -4324,7 +4326,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("inc %0");
+-#line 587 "rl78-decode.opc"
++#line 589 "rl78-decode.opc"
+ ID(add); DRB(reg); SC(1); Fza;
+
+ }
+@@ -4339,7 +4341,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 666 "rl78-decode.opc"
++#line 668 "rl78-decode.opc"
+ ID(mov); DR(A); SM(SP, IMMU(1));
+
+ }
+@@ -4354,7 +4356,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 648 "rl78-decode.opc"
++#line 650 "rl78-decode.opc"
+ ID(mov); DR(A); SM(DE, 0);
+
+ }
+@@ -4369,7 +4371,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 651 "rl78-decode.opc"
++#line 653 "rl78-decode.opc"
+ ID(mov); DR(A); SM(DE, IMMU(1));
+
+ }
+@@ -4384,7 +4386,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e1");
+-#line 654 "rl78-decode.opc"
++#line 656 "rl78-decode.opc"
+ ID(mov); DR(A); SM(HL, 0);
+
+ }
+@@ -4399,7 +4401,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %ea1");
+-#line 657 "rl78-decode.opc"
++#line 659 "rl78-decode.opc"
+ ID(mov); DR(A); SM(HL, IMMU(1));
+
+ }
+@@ -4414,7 +4416,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 690 "rl78-decode.opc"
++#line 692 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, SADDR);
+
+ }
+@@ -4429,7 +4431,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %s1");
+-#line 687 "rl78-decode.opc"
++#line 689 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, SFR);
+
+ }
+@@ -4444,7 +4446,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 645 "rl78-decode.opc"
++#line 647 "rl78-decode.opc"
+ ID(mov); DR(A); SM(None, IMMU(2));
+
+ }
+@@ -4459,7 +4461,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x97:
+ {
+ /** 1001 0reg dec %0 */
+-#line 554 "rl78-decode.opc"
++#line 556 "rl78-decode.opc"
+ int reg AU = op[0] & 0x07;
+ if (trace)
+ {
+@@ -4469,7 +4471,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" reg = 0x%x\n", reg);
+ }
+ SYNTAX("dec %0");
+-#line 554 "rl78-decode.opc"
++#line 556 "rl78-decode.opc"
+ ID(sub); DRB(reg); SC(1); Fza;
+
+ }
+@@ -4484,7 +4486,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %a0, %1");
+-#line 642 "rl78-decode.opc"
++#line 644 "rl78-decode.opc"
+ ID(mov); DM(SP, IMMU(1)); SR(A);
+
+ }
+@@ -4499,7 +4501,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 615 "rl78-decode.opc"
++#line 617 "rl78-decode.opc"
+ ID(mov); DM(DE, 0); SR(A);
+
+ }
+@@ -4514,7 +4516,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %ea0, %1");
+-#line 621 "rl78-decode.opc"
++#line 623 "rl78-decode.opc"
+ ID(mov); DM(DE, IMMU(1)); SR(A);
+
+ }
+@@ -4529,7 +4531,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e0, %1");
+-#line 624 "rl78-decode.opc"
++#line 626 "rl78-decode.opc"
+ ID(mov); DM(HL, 0); SR(A);
+
+ }
+@@ -4544,7 +4546,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %ea0, %1");
+-#line 633 "rl78-decode.opc"
++#line 635 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SR(A);
+
+ }
+@@ -4559,7 +4561,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 747 "rl78-decode.opc"
++#line 749 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SR(A);
+
+ }
+@@ -4574,7 +4576,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %s0, %1");
+-#line 780 "rl78-decode.opc"
++#line 782 "rl78-decode.opc"
+ ID(mov); DM(None, SFR); SR(A);
+
+ /*----------------------------------------------------------------------*/
+@@ -4591,7 +4593,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e!0, %1");
+-#line 612 "rl78-decode.opc"
++#line 614 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SR(A);
+
+ }
+@@ -4606,7 +4608,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("inc %e!0");
+-#line 581 "rl78-decode.opc"
++#line 583 "rl78-decode.opc"
+ ID(add); DM(None, IMMU(2)); SC(1); Fza;
+
+ }
+@@ -4617,7 +4619,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xa7:
+ {
+ /** 1010 0rg1 incw %0 */
+-#line 601 "rl78-decode.opc"
++#line 603 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -4627,7 +4629,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("incw %0");
+-#line 601 "rl78-decode.opc"
++#line 603 "rl78-decode.opc"
+ ID(add); W(); DRW(rg); SC(1);
+
+ }
+@@ -4642,7 +4644,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("incw %e!0");
+-#line 595 "rl78-decode.opc"
++#line 597 "rl78-decode.opc"
+ ID(add); W(); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -4657,7 +4659,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("inc %0");
+-#line 590 "rl78-decode.opc"
++#line 592 "rl78-decode.opc"
+ ID(add); DM(None, SADDR); SC(1); Fza;
+
+ /*----------------------------------------------------------------------*/
+@@ -4674,7 +4676,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("incw %0");
+-#line 604 "rl78-decode.opc"
++#line 606 "rl78-decode.opc"
+ ID(add); W(); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4691,7 +4693,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %a1");
+-#line 850 "rl78-decode.opc"
++#line 852 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(SP, IMMU(1));
+
+ }
+@@ -4706,7 +4708,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 838 "rl78-decode.opc"
++#line 840 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(DE, 0);
+
+ }
+@@ -4721,7 +4723,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %ea1");
+-#line 841 "rl78-decode.opc"
++#line 843 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(DE, IMMU(1));
+
+ }
+@@ -4736,7 +4738,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %e1");
+-#line 844 "rl78-decode.opc"
++#line 846 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(HL, 0);
+
+ }
+@@ -4751,7 +4753,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %ea1");
+-#line 847 "rl78-decode.opc"
++#line 849 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(HL, IMMU(1));
+
+ }
+@@ -4766,7 +4768,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %1");
+-#line 880 "rl78-decode.opc"
++#line 882 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, SADDR);
+
+ }
+@@ -4781,7 +4783,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %s1");
+-#line 883 "rl78-decode.opc"
++#line 885 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, SFR);
+
+ }
+@@ -4796,7 +4798,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %e!1");
+-#line 834 "rl78-decode.opc"
++#line 836 "rl78-decode.opc"
+ ID(mov); W(); DR(AX); SM(None, IMMU(2));
+
+
+@@ -4812,7 +4814,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("dec %e!0");
+-#line 548 "rl78-decode.opc"
++#line 550 "rl78-decode.opc"
+ ID(sub); DM(None, IMMU(2)); SC(1); Fza;
+
+ }
+@@ -4823,7 +4825,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xb7:
+ {
+ /** 1011 0rg1 decw %0 */
+-#line 568 "rl78-decode.opc"
++#line 570 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -4833,7 +4835,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("decw %0");
+-#line 568 "rl78-decode.opc"
++#line 570 "rl78-decode.opc"
+ ID(sub); W(); DRW(rg); SC(1);
+
+ }
+@@ -4848,7 +4850,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("decw %e!0");
+-#line 562 "rl78-decode.opc"
++#line 564 "rl78-decode.opc"
+ ID(sub); W(); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -4863,7 +4865,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("dec %0");
+-#line 557 "rl78-decode.opc"
++#line 559 "rl78-decode.opc"
+ ID(sub); DM(None, SADDR); SC(1); Fza;
+
+ /*----------------------------------------------------------------------*/
+@@ -4880,7 +4882,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("decw %0");
+-#line 571 "rl78-decode.opc"
++#line 573 "rl78-decode.opc"
+ ID(sub); W(); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -4897,7 +4899,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %a0, %1");
+-#line 831 "rl78-decode.opc"
++#line 833 "rl78-decode.opc"
+ ID(mov); W(); DM(SP, IMMU(1)); SR(AX);
+
+ }
+@@ -4912,7 +4914,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 819 "rl78-decode.opc"
++#line 821 "rl78-decode.opc"
+ ID(mov); W(); DM(DE, 0); SR(AX);
+
+ }
+@@ -4927,7 +4929,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %ea0, %1");
+-#line 822 "rl78-decode.opc"
++#line 824 "rl78-decode.opc"
+ ID(mov); W(); DM(DE, IMMU(1)); SR(AX);
+
+ }
+@@ -4942,7 +4944,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %e0, %1");
+-#line 825 "rl78-decode.opc"
++#line 827 "rl78-decode.opc"
+ ID(mov); W(); DM(HL, 0); SR(AX);
+
+ }
+@@ -4957,7 +4959,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %ea0, %1");
+-#line 828 "rl78-decode.opc"
++#line 830 "rl78-decode.opc"
+ ID(mov); W(); DM(HL, IMMU(1)); SR(AX);
+
+ }
+@@ -4972,7 +4974,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, %1");
+-#line 895 "rl78-decode.opc"
++#line 897 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SADDR); SR(AX);
+
+ }
+@@ -4987,7 +4989,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %s0, %1");
+-#line 901 "rl78-decode.opc"
++#line 903 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SFR); SR(AX);
+
+ /*----------------------------------------------------------------------*/
+@@ -5004,7 +5006,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %e!0, %1");
+-#line 816 "rl78-decode.opc"
++#line 818 "rl78-decode.opc"
+ ID(mov); W(); DM(None, IMMU(2)); SR(AX);
+
+ }
+@@ -5015,7 +5017,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xc6:
+ {
+ /** 1100 0rg0 pop %0 */
+-#line 986 "rl78-decode.opc"
++#line 988 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -5025,7 +5027,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("pop %0");
+-#line 986 "rl78-decode.opc"
++#line 988 "rl78-decode.opc"
+ ID(mov); W(); DRW(rg); SPOP();
+
+ }
+@@ -5036,7 +5038,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xc7:
+ {
+ /** 1100 0rg1 push %1 */
+-#line 994 "rl78-decode.opc"
++#line 996 "rl78-decode.opc"
+ int rg AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -5046,7 +5048,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("push %1");
+-#line 994 "rl78-decode.opc"
++#line 996 "rl78-decode.opc"
+ ID(mov); W(); DPUSH(); SRW(rg);
+
+ }
+@@ -5061,7 +5063,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %a0, #%1");
+-#line 639 "rl78-decode.opc"
++#line 641 "rl78-decode.opc"
+ ID(mov); DM(SP, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5076,7 +5078,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %0, #%1");
+-#line 892 "rl78-decode.opc"
++#line 894 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SADDR); SC(IMMU(2));
+
+ }
+@@ -5091,7 +5093,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %ea0, #%1");
+-#line 618 "rl78-decode.opc"
++#line 620 "rl78-decode.opc"
+ ID(mov); DM(DE, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5106,7 +5108,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("movw %s0, #%1");
+-#line 898 "rl78-decode.opc"
++#line 900 "rl78-decode.opc"
+ ID(mov); W(); DM(None, SFR); SC(IMMU(2));
+
+ }
+@@ -5121,7 +5123,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %ea0, #%1");
+-#line 630 "rl78-decode.opc"
++#line 632 "rl78-decode.opc"
+ ID(mov); DM(HL, IMMU(1)); SC(IMMU(1));
+
+ }
+@@ -5136,7 +5138,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, #%1");
+-#line 744 "rl78-decode.opc"
++#line 746 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(IMMU(1));
+
+ }
+@@ -5151,7 +5153,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %s0, #%1");
+-#line 750 "rl78-decode.opc"
++#line 752 "rl78-decode.opc"
+ op0 = SFR;
+ op1 = IMMU(1);
+ ID(mov); DM(None, op0); SC(op1);
+@@ -5193,7 +5195,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %e!0, #%1");
+-#line 609 "rl78-decode.opc"
++#line 611 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(IMMU(1));
+
+ }
+@@ -5204,7 +5206,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xd3:
+ {
+ /** 1101 00rg cmp0 %0 */
+-#line 518 "rl78-decode.opc"
++#line 520 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5214,7 +5216,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("cmp0 %0");
+-#line 518 "rl78-decode.opc"
++#line 520 "rl78-decode.opc"
+ ID(cmp); DRB(rg); SC(0); Fzac;
+
+ }
+@@ -5229,7 +5231,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp0 %0");
+-#line 521 "rl78-decode.opc"
++#line 523 "rl78-decode.opc"
+ ID(cmp); DM(None, SADDR); SC(0); Fzac;
+
+ /*----------------------------------------------------------------------*/
+@@ -5246,7 +5248,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("cmp0 %e!0");
+-#line 515 "rl78-decode.opc"
++#line 517 "rl78-decode.opc"
+ ID(cmp); DM(None, IMMU(2)); SC(0); Fzac;
+
+ }
+@@ -5261,7 +5263,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mulu x");
+-#line 906 "rl78-decode.opc"
++#line 908 "rl78-decode.opc"
+ ID(mulu);
+
+ /*----------------------------------------------------------------------*/
+@@ -5278,7 +5280,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("ret");
+-#line 1002 "rl78-decode.opc"
++#line 1004 "rl78-decode.opc"
+ ID(ret);
+
+ }
+@@ -5293,7 +5295,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 711 "rl78-decode.opc"
++#line 713 "rl78-decode.opc"
+ ID(mov); DR(X); SM(None, SADDR);
+
+ }
+@@ -5308,7 +5310,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 708 "rl78-decode.opc"
++#line 710 "rl78-decode.opc"
+ ID(mov); DR(X); SM(None, IMMU(2));
+
+ }
+@@ -5318,7 +5320,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfa:
+ {
+ /** 11ra 1010 movw %0, %1 */
+-#line 889 "rl78-decode.opc"
++#line 891 "rl78-decode.opc"
+ int ra AU = (op[0] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -5328,7 +5330,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %1");
+-#line 889 "rl78-decode.opc"
++#line 891 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SM(None, SADDR);
+
+ }
+@@ -5338,7 +5340,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xfb:
+ {
+ /** 11ra 1011 movw %0, %es!1 */
+-#line 886 "rl78-decode.opc"
++#line 888 "rl78-decode.opc"
+ int ra AU = (op[0] >> 4) & 0x03;
+ if (trace)
+ {
+@@ -5348,7 +5350,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" ra = 0x%x\n", ra);
+ }
+ SYNTAX("movw %0, %es!1");
+-#line 886 "rl78-decode.opc"
++#line 888 "rl78-decode.opc"
+ ID(mov); W(); DRW(ra); SM(None, IMMU(2));
+
+ }
+@@ -5363,7 +5365,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("bc $%a0");
+-#line 334 "rl78-decode.opc"
++#line 336 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(C);
+
+ }
+@@ -5378,7 +5380,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("bz $%a0");
+-#line 346 "rl78-decode.opc"
++#line 348 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(Z);
+
+ }
+@@ -5393,7 +5395,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("bnc $%a0");
+-#line 337 "rl78-decode.opc"
++#line 339 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(NC);
+
+ }
+@@ -5408,7 +5410,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("bnz $%a0");
+-#line 349 "rl78-decode.opc"
++#line 351 "rl78-decode.opc"
+ ID(branch_cond); DC(pc+IMMS(1)+2); SR(None); COND(NZ);
+
+ /*----------------------------------------------------------------------*/
+@@ -5421,7 +5423,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xe3:
+ {
+ /** 1110 00rg oneb %0 */
+-#line 924 "rl78-decode.opc"
++#line 926 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5431,7 +5433,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("oneb %0");
+-#line 924 "rl78-decode.opc"
++#line 926 "rl78-decode.opc"
+ ID(mov); DRB(rg); SC(1);
+
+ }
+@@ -5446,7 +5448,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("oneb %0");
+-#line 927 "rl78-decode.opc"
++#line 929 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -5463,7 +5465,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("oneb %e!0");
+-#line 921 "rl78-decode.opc"
++#line 923 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(1);
+
+ }
+@@ -5478,7 +5480,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("onew %0");
+-#line 932 "rl78-decode.opc"
++#line 934 "rl78-decode.opc"
+ ID(mov); DR(AX); SC(1);
+
+ }
+@@ -5493,7 +5495,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("onew %0");
+-#line 935 "rl78-decode.opc"
++#line 937 "rl78-decode.opc"
+ ID(mov); DR(BC); SC(1);
+
+ /*----------------------------------------------------------------------*/
+@@ -5510,7 +5512,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 699 "rl78-decode.opc"
++#line 701 "rl78-decode.opc"
+ ID(mov); DR(B); SM(None, SADDR);
+
+ }
+@@ -5525,7 +5527,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 693 "rl78-decode.opc"
++#line 695 "rl78-decode.opc"
+ ID(mov); DR(B); SM(None, IMMU(2));
+
+ }
+@@ -5540,7 +5542,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("br !%!a0");
+-#line 368 "rl78-decode.opc"
++#line 370 "rl78-decode.opc"
+ ID(branch); DC(IMMU(3));
+
+ }
+@@ -5555,7 +5557,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("br %!a0");
+-#line 371 "rl78-decode.opc"
++#line 373 "rl78-decode.opc"
+ ID(branch); DC(IMMU(2));
+
+ }
+@@ -5570,7 +5572,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("br $%!a0");
+-#line 374 "rl78-decode.opc"
++#line 376 "rl78-decode.opc"
+ ID(branch); DC(pc+IMMS(2)+3);
+
+ }
+@@ -5585,7 +5587,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("br $%a0");
+-#line 377 "rl78-decode.opc"
++#line 379 "rl78-decode.opc"
+ ID(branch); DC(pc+IMMS(1)+2);
+
+ }
+@@ -5596,7 +5598,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0xf3:
+ {
+ /** 1111 00rg clrb %0 */
+-#line 464 "rl78-decode.opc"
++#line 466 "rl78-decode.opc"
+ int rg AU = op[0] & 0x03;
+ if (trace)
+ {
+@@ -5606,7 +5608,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rg = 0x%x\n", rg);
+ }
+ SYNTAX("clrb %0");
+-#line 464 "rl78-decode.opc"
++#line 466 "rl78-decode.opc"
+ ID(mov); DRB(rg); SC(0);
+
+ }
+@@ -5621,7 +5623,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("clrb %0");
+-#line 467 "rl78-decode.opc"
++#line 469 "rl78-decode.opc"
+ ID(mov); DM(None, SADDR); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -5638,7 +5640,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("clrb %e!0");
+-#line 461 "rl78-decode.opc"
++#line 463 "rl78-decode.opc"
+ ID(mov); DM(None, IMMU(2)); SC(0);
+
+ }
+@@ -5653,7 +5655,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("clrw %0");
+-#line 472 "rl78-decode.opc"
++#line 474 "rl78-decode.opc"
+ ID(mov); DR(AX); SC(0);
+
+ }
+@@ -5668,7 +5670,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("clrw %0");
+-#line 475 "rl78-decode.opc"
++#line 477 "rl78-decode.opc"
+ ID(mov); DR(BC); SC(0);
+
+ /*----------------------------------------------------------------------*/
+@@ -5685,7 +5687,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %1");
+-#line 705 "rl78-decode.opc"
++#line 707 "rl78-decode.opc"
+ ID(mov); DR(C); SM(None, SADDR);
+
+ }
+@@ -5700,7 +5702,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("mov %0, %e!1");
+-#line 702 "rl78-decode.opc"
++#line 704 "rl78-decode.opc"
+ ID(mov); DR(C); SM(None, IMMU(2));
+
+ }
+@@ -5715,7 +5717,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("call !%!a0");
+-#line 421 "rl78-decode.opc"
++#line 423 "rl78-decode.opc"
+ ID(call); DC(IMMU(3));
+
+ }
+@@ -5730,7 +5732,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("call %!a0");
+-#line 424 "rl78-decode.opc"
++#line 426 "rl78-decode.opc"
+ ID(call); DC(IMMU(2));
+
+ }
+@@ -5745,7 +5747,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("call $%!a0");
+-#line 427 "rl78-decode.opc"
++#line 429 "rl78-decode.opc"
+ ID(call); DC(pc+IMMS(2)+3);
+
+ }
+@@ -5760,13 +5762,13 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("brk1");
+-#line 385 "rl78-decode.opc"
++#line 387 "rl78-decode.opc"
+ ID(break);
+
+ }
+ break;
+ }
+-#line 1290 "rl78-decode.opc"
++#line 1292 "rl78-decode.opc"
+
+ return rl78->n_bytes;
+ }
+diff --git a/opcodes/rl78-decode.opc b/opcodes/rl78-decode.opc
+index 6212f08..b25e441 100644
+--- a/opcodes/rl78-decode.opc
++++ b/opcodes/rl78-decode.opc
+@@ -50,7 +50,9 @@ typedef struct
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -168,7 +170,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld = &lds;
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
new file mode 100644
index 0000000..f63a993
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
@@ -0,0 +1,208 @@
+From c53d2e6d744da000aaafe0237bced090aab62818 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 11:27:15 +0100
+Subject: [PATCH] Fix potential address violations when processing a corrupt
+ Alpha VMA binary.
+
+ PR binutils/21589
+ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
+ maximum value for the ascic pointer. Check that name processing
+ does not read beyond this value.
+ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
+ end of etir record.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9752
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 9 +++++++++
+ bfd/vms-alpha.c | 51 +++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 50 insertions(+), 10 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -9,6 +9,15 @@
+
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21589
++ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
++ maximum value for the ascic pointer. Check that name processing
++ does not read beyond this value.
++ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
++ end of etir record.
++
++2017-06-14 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21578
+ * elf32-sh.c (sh_elf_set_mach_from_flags): Fix check for invalid
+ flag value.
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c
++++ git/bfd/vms-alpha.c
+@@ -1456,7 +1456,7 @@ dst_retrieve_location (bfd *abfd, unsign
+ /* Write multiple bytes to section image. */
+
+ static bfd_boolean
+-image_write (bfd *abfd, unsigned char *ptr, int size)
++image_write (bfd *abfd, unsigned char *ptr, unsigned int size)
+ {
+ #if VMS_DEBUG
+ _bfd_vms_debug (8, "image_write from (%p, %d) to (%ld)\n", ptr, size,
+@@ -1603,14 +1603,16 @@ _bfd_vms_etir_name (int cmd)
+ #define HIGHBIT(op) ((op & 0x80000000L) == 0x80000000L)
+
+ static void
+-_bfd_vms_get_value (bfd *abfd, const unsigned char *ascic,
++_bfd_vms_get_value (bfd *abfd,
++ const unsigned char *ascic,
++ const unsigned char *max_ascic,
+ struct bfd_link_info *info,
+ bfd_vma *vma,
+ struct alpha_vms_link_hash_entry **hp)
+ {
+ char name[257];
+- int len;
+- int i;
++ unsigned int len;
++ unsigned int i;
+ struct alpha_vms_link_hash_entry *h;
+
+ /* Not linking. Do not try to resolve the symbol. */
+@@ -1622,6 +1624,14 @@ _bfd_vms_get_value (bfd *abfd, const uns
+ }
+
+ len = *ascic;
++ if (ascic + len >= max_ascic)
++ {
++ _bfd_error_handler (_("Corrupt vms value"));
++ *vma = 0;
++ *hp = NULL;
++ return;
++ }
++
+ for (i = 0; i < len; i++)
+ name[i] = ascic[i + 1];
+ name[i] = 0;
+@@ -1741,6 +1751,15 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+
++ /* PR 21589: Check for a corrupt ETIR record. */
++ if (cmd_length < 4)
++ {
++ corrupt_etir:
++ _bfd_error_handler (_("Corrupt ETIR record encountered"));
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++
+ switch (cmd)
+ {
+ /* Stack global
+@@ -1748,7 +1767,7 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+
+ stack 32 bit value of symbol (high bits set to 0). */
+ case ETIR__C_STA_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ _bfd_vms_push (abfd, op1, alpha_vms_sym_to_ctxt (h));
+ break;
+
+@@ -1757,6 +1776,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+
+ stack 32 bit value, sign extend to 64 bit. */
+ case ETIR__C_STA_LW:
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ _bfd_vms_push (abfd, bfd_getl32 (ptr), RELC_NONE);
+ break;
+
+@@ -1765,6 +1786,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+
+ stack 64 bit value of symbol. */
+ case ETIR__C_STA_QW:
++ if (ptr + 8 >= maxptr)
++ goto corrupt_etir;
+ _bfd_vms_push (abfd, bfd_getl64 (ptr), RELC_NONE);
+ break;
+
+@@ -1778,6 +1801,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ {
+ int psect;
+
++ if (ptr + 12 >= maxptr)
++ goto corrupt_etir;
+ psect = bfd_getl32 (ptr);
+ if ((unsigned int) psect >= PRIV (section_count))
+ {
+@@ -1867,6 +1892,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ {
+ int size;
+
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ size = bfd_getl32 (ptr);
+ _bfd_vms_pop (abfd, &op1, &rel1);
+ if (rel1 != RELC_NONE)
+@@ -1879,7 +1906,7 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ /* Store global: write symbol value
+ arg: cs global symbol name. */
+ case ETIR__C_STO_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->typ == EGSD__C_SYMG)
+@@ -1901,7 +1928,7 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ /* Store code address: write address of entry point
+ arg: cs global symbol name (procedure). */
+ case ETIR__C_STO_CA:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->flags & EGSY__V_NORM)
+@@ -1946,8 +1973,10 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ da data. */
+ case ETIR__C_STO_IMM:
+ {
+- int size;
++ unsigned int size;
+
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ size = bfd_getl32 (ptr);
+ image_write (abfd, ptr + 4, size);
+ }
+@@ -1960,7 +1989,7 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ store global longword: store 32bit value of symbol
+ arg: cs symbol name. */
+ case ETIR__C_STO_GBL_LW:
+- _bfd_vms_get_value (abfd, ptr, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, &op1, &h);
+ #if 0
+ abort ();
+ #endif
+@@ -2013,7 +2042,7 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ da signature. */
+
+ case ETIR__C_STC_LP_PSB:
+- _bfd_vms_get_value (abfd, ptr + 4, info, &op1, &h);
++ _bfd_vms_get_value (abfd, ptr + 4, maxptr, info, &op1, &h);
+ if (h && h->sym)
+ {
+ if (h->sym->typ == EGSD__C_SYMG)
+@@ -2109,6 +2138,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ /* Augment relocation base: increment image location counter by offset
+ arg: lw offset value. */
+ case ETIR__C_CTL_AUGRB:
++ if (ptr + 4 >= maxptr)
++ goto corrupt_etir;
+ op1 = bfd_getl32 (ptr);
+ image_inc_ptr (abfd, op1);
+ break;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
new file mode 100644
index 0000000..241142b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
@@ -0,0 +1,79 @@
+From 04f963fd489cae724a60140e13984415c205f4ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 14 Jun 2017 10:35:16 +0100
+Subject: [PATCH] Fix seg-faults in objdump when disassembling a corrupt
+ versados binary.
+
+ PR binutils/21591
+ * versados.c (versados_mkobject): Zero the allocated tdata structure.
+ (process_otr): Check for an invalid offset in the otr structure.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9753
+CVE: CVE-2017-9754
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/versados.c | 12 ++++++++----
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+Index: git/bfd/versados.c
+===================================================================
+--- git.orig/bfd/versados.c
++++ git/bfd/versados.c
+@@ -149,7 +149,7 @@ versados_mkobject (bfd *abfd)
+ if (abfd->tdata.versados_data == NULL)
+ {
+ bfd_size_type amt = sizeof (tdata_type);
+- tdata_type *tdata = bfd_alloc (abfd, amt);
++ tdata_type *tdata = bfd_zalloc (abfd, amt);
+
+ if (tdata == NULL)
+ return FALSE;
+@@ -345,13 +345,13 @@ reloc_howto_type versados_howto_table[]
+ };
+
+ static int
+-get_offset (int len, unsigned char *ptr)
++get_offset (unsigned int len, unsigned char *ptr)
+ {
+ int val = 0;
+
+ if (len)
+ {
+- int i;
++ unsigned int i;
+
+ val = *ptr++;
+ if (val & 0x80)
+@@ -394,9 +394,13 @@ process_otr (bfd *abfd, struct ext_otr *
+ int flag = *srcp++;
+ int esdids = (flag >> 5) & 0x7;
+ int sizeinwords = ((flag >> 3) & 1) ? 2 : 1;
+- int offsetlen = flag & 0x7;
++ unsigned int offsetlen = flag & 0x7;
+ int j;
+
++ /* PR 21591: Check for invalid lengths. */
++ if (srcp + esdids + offsetlen >= endp)
++ return;
++
+ if (esdids == 0)
+ {
+ /* A zero esdid means the new pc is the offset given. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -8,6 +8,10 @@
+ (ieee_archive_p): Likewise.
+
+ 2017-06-14 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21591
++ * versados.c (versados_mkobject): Zero the allocated tdata structure.
++ (process_otr): Check for an invalid offset in the otr structure.
+
+ PR binutils/21589
+ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
new file mode 100644
index 0000000..15dc909
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
@@ -0,0 +1,63 @@
+From 0d96e4df4812c3bad77c229dfef47a9bc115ac12 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Thu, 15 Jun 2017 06:40:17 -0700
+Subject: [PATCH] i386-dis: Check valid bnd register
+
+Since there are only 4 bnd registers, return "(bad)" for register
+number > 3.
+
+ PR binutils/21594
+ * i386-dis.c (OP_E_register): Check valid bnd register.
+ (OP_G): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9755
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog | 6 ++++++
+ opcodes/i386-dis.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+)
+
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog
++++ git/opcodes/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-15 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21594
++ * i386-dis.c (OP_E_register): Check valid bnd register.
++ (OP_G): Likewise.
++
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21588
+Index: git/opcodes/i386-dis.c
+===================================================================
+--- git.orig/opcodes/i386-dis.c
++++ git/opcodes/i386-dis.c
+@@ -14939,6 +14939,11 @@ OP_E_register (int bytemode, int sizefla
+ names = address_mode == mode_64bit ? names64 : names32;
+ break;
+ case bnd_mode:
++ if (reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ names = names_bnd;
+ break;
+ case indir_v_mode:
+@@ -15483,6 +15488,11 @@ OP_G (int bytemode, int sizeflag)
+ oappend (names64[modrm.reg + add]);
+ break;
+ case bnd_mode:
++ if (modrm.reg > 0x3)
++ {
++ oappend ("(bad)");
++ return;
++ }
+ oappend (names_bnd[modrm.reg]);
+ break;
+ case v_mode:
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
new file mode 100644
index 0000000..191d0be
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
@@ -0,0 +1,50 @@
+From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 13:26:54 +0100
+Subject: [PATCH] Prevent address violation problem when disassembling corrupt
+ aarch64 binary.
+
+ PR binutils/21595
+ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
+ range value.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9756
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ opcodes/ChangeLog | 6 ++++++
+ opcodes/aarch64-dis.c | 3 +++
+ 2 files changed, 9 insertions(+)
+
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog
++++ git/opcodes/ChangeLog
+@@ -6,6 +6,12 @@
+
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/21595
++ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
++ range value.
++
++2017-06-15 Nick Clifton <nickc@redhat.com>
++
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
+Index: git/opcodes/aarch64-dis.c
+===================================================================
+--- git.orig/opcodes/aarch64-dis.c
++++ git/opcodes/aarch64-dis.c
+@@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_
+ info->reglist.first_regno = extract_field (FLD_Rt, code, 0);
+ /* opcode */
+ value = extract_field (FLD_opcode, code, 0);
++ /* PR 21595: Check for a bogus value. */
++ if (value >= ARRAY_SIZE (data))
++ return 0;
+ if (expected_num != data[value].num_elements || data[value].is_reserved)
+ return 0;
+ info->reglist.num_regs = data[value].num_regs;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
new file mode 100644
index 0000000..8a9d7eb
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
+From 04e15b4a9462cb1ae819e878a6009829aab8020b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 26 Jun 2017 15:46:34 +0100
+Subject: [PATCH] Fix address violation parsing a corrupt texhex format file.
+
+ PR binutils/21670
+ * tekhex.c (getvalue): Check for the source pointer exceeding the
+ end pointer before the first byte is read.
+
+Upstream-Status: Backport
+CVE: CVE_2017-9954
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/tekhex.c | 6 +++++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+Index: git/bfd/tekhex.c
+===================================================================
+--- git.orig/bfd/tekhex.c
++++ git/bfd/tekhex.c
+@@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep,
+ bfd_vma value = 0;
+ unsigned int len;
+
++ if (src >= endp)
++ return FALSE;
++
+ if (!ISHEX (*src))
+ return FALSE;
+
+@@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func
+ /* To the front of the file. */
+ if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
+ return FALSE;
++
+ while (! is_eof)
+ {
+- char src[MAXCHUNK];
++ static char src[MAXCHUNK];
+ char type;
+
+ /* Find first '%'. */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21670
++ * tekhex.c (getvalue): Check for the source pointer exceeding the
++ end pointer before the first byte is read.
++
+ 2017-06-15 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21582
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
new file mode 100644
index 0000000..774670f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
@@ -0,0 +1,168 @@
+From cfd14a500e0485374596234de4db10e88ebc7618 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 26 Jun 2017 15:25:08 +0100
+Subject: [PATCH] Fix address violations when atempting to parse fuzzed
+ binaries.
+
+ PR binutils/21665
+bfd * opncls.c (get_build_id): Check that the section is beig enough
+ to contain the whole note.
+ * compress.c (bfd_get_full_section_contents): Check for and reject
+ a section whoes size is greater than the size of the entire file.
+ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
+ contain a notes section.
+
+binutils* objdump.c (disassemble_section): Skip any section that is bigger
+ than the entire file.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 10 ++++++++++
+ bfd/compress.c | 6 ++++++
+ bfd/elf32-v850.c | 4 +++-
+ bfd/opncls.c | 18 ++++++++++++++++--
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 4 ++--
+ 6 files changed, 43 insertions(+), 5 deletions(-)
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c
++++ git/bfd/compress.c
+@@ -239,6 +239,12 @@ bfd_get_full_section_contents (bfd *abfd
+ *ptr = NULL;
+ return TRUE;
+ }
++ else if (bfd_get_file_size (abfd) > 0
++ && sz > (bfd_size_type) bfd_get_file_size (abfd))
++ {
++ *ptr = NULL;
++ return FALSE;
++ }
+
+ switch (sec->compress_status)
+ {
+Index: git/bfd/elf32-v850.c
+===================================================================
+--- git.orig/bfd/elf32-v850.c
++++ git/bfd/elf32-v850.c
+@@ -2450,7 +2450,9 @@ v850_elf_copy_notes (bfd *ibfd, bfd *obf
+ BFD_ASSERT (bfd_malloc_and_get_section (ibfd, inotes, & icont));
+
+ if ((ocont = elf_section_data (onotes)->this_hdr.contents) == NULL)
+- BFD_ASSERT (bfd_malloc_and_get_section (obfd, onotes, & ocont));
++ /* If the output is being stripped then it is possible for
++ the notes section to disappear. In this case do nothing. */
++ return;
+
+ /* Copy/overwrite notes from the input to the output. */
+ memcpy (ocont, icont, bfd_section_size (obfd, onotes));
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1776,6 +1776,7 @@ get_build_id (bfd *abfd)
+ Elf_External_Note *enote;
+ bfd_byte *contents;
+ asection *sect;
++ bfd_size_type size;
+
+ BFD_ASSERT (abfd);
+
+@@ -1790,8 +1791,9 @@ get_build_id (bfd *abfd)
+ return NULL;
+ }
+
++ size = bfd_get_section_size (sect);
+ /* FIXME: Should we support smaller build-id notes ? */
+- if (bfd_get_section_size (sect) < 0x24)
++ if (size < 0x24)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return NULL;
+@@ -1804,6 +1806,17 @@ get_build_id (bfd *abfd)
+ return NULL;
+ }
+
++ /* FIXME: Paranoia - allow for compressed build-id sections.
++ Maybe we should complain if this size is different from
++ the one obtained above... */
++ size = bfd_get_section_size (sect);
++ if (size < sizeof (Elf_External_Note))
++ {
++ bfd_set_error (bfd_error_invalid_operation);
++ free (contents);
++ return NULL;
++ }
++
+ enote = (Elf_External_Note *) contents;
+ inote.type = H_GET_32 (abfd, enote->type);
+ inote.namesz = H_GET_32 (abfd, enote->namesz);
+@@ -1815,7 +1828,8 @@ get_build_id (bfd *abfd)
+ if (inote.descsz == 0
+ || inote.type != NT_GNU_BUILD_ID
+ || inote.namesz != 4 /* sizeof "GNU" */
+- || strcmp (inote.namedata, "GNU") != 0)
++ || strncmp (inote.namedata, "GNU", 4) != 0
++ || size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz))
+ {
+ free (contents);
+ bfd_set_error (bfd_error_invalid_operation);
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -2048,7 +2048,7 @@ disassemble_section (bfd *abfd, asection
+ return;
+
+ datasize = bfd_get_section_size (section);
+- if (datasize == 0)
++ if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+ return;
+
+ if (start_address == (bfd_vma) -1
+@@ -2912,7 +2912,7 @@ dump_target_specific (bfd *abfd)
+ static void
+ dump_section (bfd *abfd, asection *section, void *dummy ATTRIBUTE_UNUSED)
+ {
+- bfd_byte *data = 0;
++ bfd_byte *data = NULL;
+ bfd_size_type datasize;
+ bfd_vma addr_offset;
+ bfd_vma start_offset;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,14 @@
+ 2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * opncls.c (get_build_id): Check that the section is beig enough
++ to contain the whole note.
++ * compress.c (bfd_get_full_section_contents): Check for and reject
++ a section whoes size is greater than the size of the entire file.
++ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
++ contain a notes section.
++
++2017-06-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21670
+ * tekhex.c (getvalue): Check for the source pointer exceeding the
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-26 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * objdump.c (disassemble_section): Skip any section that is bigger
++ than the entire file.
++
+ 2017-04-03 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21345
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
new file mode 100644
index 0000000..f95295f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
@@ -0,0 +1,122 @@
+From 0630b49c470ca2e3c3f74da4c7e4ff63440dd71f Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 26 Jun 2017 09:24:49 -0700
+Subject: [PATCH] Check file size before getting section contents
+
+Don't check the section size in bfd_get_full_section_contents since
+the size of a decompressed section may be larger than the file size.
+Instead, check file size in _bfd_generic_get_section_contents.
+
+ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Don't check the
+ file size here.
+ * libbfd.c (_bfd_generic_get_section_contents): Check for and
+ reject a section whoes size + offset is greater than the size
+ of the entire file.
+ (_bfd_generic_get_section_contents_in_window): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 10 +++++++++-
+ bfd/compress.c | 8 +-------
+ bfd/libbfd.c | 17 ++++++++++++++++-
+ 3 files changed, 26 insertions(+), 9 deletions(-)
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c
++++ git/bfd/compress.c
+@@ -239,12 +239,6 @@ bfd_get_full_section_contents (bfd *abfd
+ *ptr = NULL;
+ return TRUE;
+ }
+- else if (bfd_get_file_size (abfd) > 0
+- && sz > (bfd_size_type) bfd_get_file_size (abfd))
+- {
+- *ptr = NULL;
+- return FALSE;
+- }
+
+ switch (sec->compress_status)
+ {
+@@ -260,7 +254,7 @@ bfd_get_full_section_contents (bfd *abfd
+ /* xgettext:c-format */
+ (_("error: %B(%A) is too large (%#lx bytes)"),
+ abfd, sec, (long) sz);
+- return FALSE;
++ return FALSE;
+ }
+ }
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c
++++ git/bfd/libbfd.c
+@@ -780,6 +780,7 @@ _bfd_generic_get_section_contents (bfd *
+ bfd_size_type count)
+ {
+ bfd_size_type sz;
++ file_ptr filesz;
+ if (count == 0)
+ return TRUE;
+
+@@ -802,8 +803,15 @@ _bfd_generic_get_section_contents (bfd *
+ sz = section->rawsize;
+ else
+ sz = section->size;
++ filesz = bfd_get_file_size (abfd);
++ if (filesz < 0)
++ {
++ /* This should never happen. */
++ abort ();
++ }
+ if (offset + count < count
+- || offset + count > sz)
++ || offset + count > sz
++ || (section->filepos + offset + sz) > (bfd_size_type) filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -826,6 +834,7 @@ _bfd_generic_get_section_contents_in_win
+ {
+ #ifdef USE_MMAP
+ bfd_size_type sz;
++ file_ptr filesz;
+
+ if (count == 0)
+ return TRUE;
+@@ -858,7 +867,13 @@ _bfd_generic_get_section_contents_in_win
+ sz = section->rawsize;
+ else
+ sz = section->size;
++ filesz = bfd_get_file_size (abfd);
++ {
++ /* This should never happen. */
++ abort ();
++ }
+ if (offset + count > sz
++ || (section->filepos + offset + sz) > (bfd_size_type) filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,13 @@
++2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21665
++ * compress.c (bfd_get_full_section_contents): Don't check the
++ file size here.
++ * libbfd.c (_bfd_generic_get_section_contents): Check for and
++ reject a section whoes size + offset is greater than the size
++ of the entire file.
++ (_bfd_generic_get_section_contents_in_window): Likewise.
++
+ 2017-06-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
new file mode 100644
index 0000000..1b67c4e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
@@ -0,0 +1,48 @@
+From 1f473e3d0ad285195934e6a077c7ed32afe66437 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 26 Jun 2017 15:47:16 -0700
+Subject: [PATCH] Add a missing line to
+ _bfd_generic_get_section_contents_in_window
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Add
+ a missing line.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #3
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/libbfd.c | 1 +
+ 2 files changed, 7 insertions(+)
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c
++++ git/bfd/libbfd.c
+@@ -868,6 +868,7 @@ _bfd_generic_get_section_contents_in_win
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
++ if (filesz < 0)
+ {
+ /* This should never happen. */
+ abort ();
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,6 +1,12 @@
+ 2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Add
++ a missing line.
++
++2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21665
+ * compress.c (bfd_get_full_section_contents): Don't check the
+ file size here.
+ * libbfd.c (_bfd_generic_get_section_contents): Check for and
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
new file mode 100644
index 0000000..97d529a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
@@ -0,0 +1,51 @@
+From ab27f80c5dceaa23c4ba7f62c0d5d22a5d5dd7a1 Mon Sep 17 00:00:00 2001
+From: Pedro Alves <palves@redhat.com>
+Date: Tue, 27 Jun 2017 00:21:25 +0100
+Subject: [PATCH] Fix GDB regressions caused by previous
+ bfd_get_section_contents changes
+
+Ref: https://sourceware.org/ml/binutils/2017-06/msg00343.html
+
+bfd/ChangeLog:
+2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
+ "sz".
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #4
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/libbfd.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-26 Pedro Alves <palves@redhat.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
++ "sz".
++
+ 2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/21665
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c
++++ git/bfd/libbfd.c
+@@ -811,7 +811,7 @@ _bfd_generic_get_section_contents (bfd *
+ }
+ if (offset + count < count
+ || offset + count > sz
+- || (section->filepos + offset + sz) > (bfd_size_type) filesz)
++ || (section->filepos + offset + count) > (bfd_size_type) filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
new file mode 100644
index 0000000..da3bd37
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
@@ -0,0 +1,89 @@
+From 7211ae501eb0de1044983f2dfb00091a58fbd66c Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 27 Jun 2017 09:45:04 +0930
+Subject: [PATCH] More fixes for bfd_get_section_contents change
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+ Use unsigned file pointer type, and remove cast.
+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+ Add "count", not "sz".
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #5
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/libbfd.c | 18 ++++--------------
+ 2 files changed, 12 insertions(+), 14 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-06-27 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
++ Use unsigned file pointer type, and remove cast.
++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
++ Add "count", not "sz".
++
+ 2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c
++++ git/bfd/libbfd.c
+@@ -780,7 +780,7 @@ _bfd_generic_get_section_contents (bfd *
+ bfd_size_type count)
+ {
+ bfd_size_type sz;
+- file_ptr filesz;
++ ufile_ptr filesz;
+ if (count == 0)
+ return TRUE;
+
+@@ -804,14 +804,9 @@ _bfd_generic_get_section_contents (bfd *
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+- if (filesz < 0)
+- {
+- /* This should never happen. */
+- abort ();
+- }
+ if (offset + count < count
+ || offset + count > sz
+- || (section->filepos + offset + count) > (bfd_size_type) filesz)
++ || section->filepos + offset + count > filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -834,7 +829,7 @@ _bfd_generic_get_section_contents_in_win
+ {
+ #ifdef USE_MMAP
+ bfd_size_type sz;
+- file_ptr filesz;
++ ufile_ptr filesz;
+
+ if (count == 0)
+ return TRUE;
+@@ -868,13 +863,8 @@ _bfd_generic_get_section_contents_in_win
+ else
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+- if (filesz < 0)
+- {
+- /* This should never happen. */
+- abort ();
+- }
+ if (offset + count > sz
+- || (section->filepos + offset + sz) > (bfd_size_type) filesz
++ || section->filepos + offset + count > filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
new file mode 100644
index 0000000..e36429a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
@@ -0,0 +1,56 @@
+From ea9aafc41a764e4e2dbb88a7b031e886b481b99a Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 27 Jun 2017 14:43:49 +0930
+Subject: [PATCH] Warning fix
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Warning fix.
+ (_bfd_generic_get_section_contents_in_window): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #6
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 12 +++++++++---
+ bfd/libbfd.c | 4 ++--
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c
++++ git/bfd/libbfd.c
+@@ -806,7 +806,7 @@ _bfd_generic_get_section_contents (bfd *
+ filesz = bfd_get_file_size (abfd);
+ if (offset + count < count
+ || offset + count > sz
+- || section->filepos + offset + count > filesz)
++ || (ufile_ptr) section->filepos + offset + count > filesz)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+@@ -864,7 +864,7 @@ _bfd_generic_get_section_contents_in_win
+ sz = section->size;
+ filesz = bfd_get_file_size (abfd);
+ if (offset + count > sz
+- || section->filepos + offset + count > filesz
++ || (ufile_ptr) section->filepos + offset + count > filesz
+ || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+ TRUE))
+ return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-06-27 Alan Modra <amodra@gmail.com>
+
++ PR binutils/21665
++ * libbfd.c (_bfd_generic_get_section_contents): Warning fix.
++ (_bfd_generic_get_section_contents_in_window): Likewise.
++
++2017-06-27 Alan Modra <amodra@gmail.com>
++
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+ Use unsigned file pointer type, and remove cast.
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
new file mode 100644
index 0000000..2cae63b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
@@ -0,0 +1,80 @@
+From 60a02042bacf8d25814430080adda61ed086bca6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 30 Jun 2017 11:03:37 +0100
+Subject: [PATCH] Fix failures in MMIX linker tests introduced by fix for PR
+ 21665.
+
+ PR binutils/21665
+ * objdump.c (disassemble_section): Move check for an overlarge
+ section to just before the allocation of memory. Do not check
+ section size against file size, but instead use an arbitrary 2Gb
+ limit. Issue a warning message if the section is too big.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #7
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 8 ++++++++
+ binutils/objdump.c | 25 ++++++++++++++++++++++++-
+ 2 files changed, 32 insertions(+), 1 deletion(-)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -2048,7 +2048,7 @@ disassemble_section (bfd *abfd, asection
+ return;
+
+ datasize = bfd_get_section_size (section);
+- if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
++ if (datasize == 0)
+ return;
+
+ if (start_address == (bfd_vma) -1
+@@ -2112,6 +2112,29 @@ disassemble_section (bfd *abfd, asection
+ }
+ rel_ppend = rel_pp + rel_count;
+
++ /* PR 21665: Check for overlarge datasizes.
++ Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
++ this fails when using compressed sections or compressed file formats
++ (eg MMO, tekhex).
++
++ The call to xmalloc below will fail if too much memory is requested,
++ which will catch the problem in the normal use case. But if a memory
++ checker is in use, eg valgrind or sanitize, then an exception will
++ be still generated, so we try to catch the problem first.
++
++ Unfortunately there is no simple way to determine how much memory can
++ be allocated by calling xmalloc. So instead we use a simple, arbitrary
++ limit of 2Gb. Hopefully this should be enough for most users. If
++ someone does start trying to disassemble sections larger then 2Gb in
++ size they will doubtless complain and we can increase the limit. */
++#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
++ if (datasize > MAX_XMALLOC)
++ {
++ non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
++ section->name, (unsigned long) datasize);
++ return;
++ }
++
+ data = (bfd_byte *) xmalloc (datasize);
+
+ bfd_get_section_contents (abfd, section, data, 0, datasize);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,11 @@
++2017-06-30 Nick Clifton <nickc@redhat.com>
++
++ PR binutils/21665
++ * objdump.c (disassemble_section): Move check for an overlarge
++ section to just before the allocation of memory. Do not check
++ section size against file size, but instead use an arbitrary 2Gb
++ limit. Issue a warning message if the section is too big.
++
+ 2017-06-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
new file mode 100644
index 0000000..45dd974
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
@@ -0,0 +1,187 @@
+From bae7501e87ab614115d9d3213b4dd18d96e604db Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 1 Jul 2017 21:58:10 +0930
+Subject: [PATCH] Use bfd_malloc_and_get_section
+
+It's nicer than xmalloc followed by bfd_get_section_contents, since
+xmalloc exits on failure and needs a check that its size_t arg doesn't
+lose high bits when converted from bfd_size_type.
+
+ PR binutils/21665
+ * objdump.c (strtab): Make var a bfd_byte*.
+ (disassemble_section): Don't limit malloc size. Instead, use
+ bfd_malloc_and_get_section.
+ (read_section_stabs): Use bfd_malloc_and_get_section. Return
+ bfd_byte*.
+ (find_stabs_section): Remove now unnecessary cast.
+ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
+ contents on error return.
+ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #8
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 13 +++++++++++++
+ binutils/nlmconv.c | 6 ++----
+ binutils/objcopy.c | 5 +++--
+ binutils/objdump.c | 44 +++++++-------------------------------------
+ 4 files changed, 25 insertions(+), 43 deletions(-)
+
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,16 @@
++2017-07-01 Alan Modra <amodra@gmail.com>
++
++ PR binutils/21665
++ * objdump.c (strtab): Make var a bfd_byte*.
++ (disassemble_section): Don't limit malloc size. Instead, use
++ bfd_malloc_and_get_section.
++ (read_section_stabs): Use bfd_malloc_and_get_section. Return
++ bfd_byte*.
++ (find_stabs_section): Remove now unnecessary cast.
++ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
++ contents on error return.
++ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
++
+ 2017-06-30 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21665
+Index: git/binutils/nlmconv.c
+===================================================================
+--- git.orig/binutils/nlmconv.c
++++ git/binutils/nlmconv.c
+@@ -1224,7 +1224,7 @@ copy_sections (bfd *inbfd, asection *ins
+ const char *inname;
+ asection *outsec;
+ bfd_size_type size;
+- void *contents;
++ bfd_byte *contents;
+ long reloc_size;
+ bfd_byte buf[4];
+ bfd_size_type add;
+@@ -1240,9 +1240,7 @@ copy_sections (bfd *inbfd, asection *ins
+ contents = NULL;
+ else
+ {
+- contents = xmalloc (size);
+- if (! bfd_get_section_contents (inbfd, insec, contents,
+- (file_ptr) 0, size))
++ if (!bfd_malloc_and_get_section (inbfd, insec, &contents))
+ bfd_fatal (bfd_get_filename (inbfd));
+ }
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -180,7 +180,7 @@ static long dynsymcount = 0;
+ static bfd_byte *stabs;
+ static bfd_size_type stab_size;
+
+-static char *strtab;
++static bfd_byte *strtab;
+ static bfd_size_type stabstr_size;
+
+ static bfd_boolean is_relocatable = FALSE;
+@@ -2112,29 +2112,6 @@ disassemble_section (bfd *abfd, asection
+ }
+ rel_ppend = rel_pp + rel_count;
+
+- /* PR 21665: Check for overlarge datasizes.
+- Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
+- this fails when using compressed sections or compressed file formats
+- (eg MMO, tekhex).
+-
+- The call to xmalloc below will fail if too much memory is requested,
+- which will catch the problem in the normal use case. But if a memory
+- checker is in use, eg valgrind or sanitize, then an exception will
+- be still generated, so we try to catch the problem first.
+-
+- Unfortunately there is no simple way to determine how much memory can
+- be allocated by calling xmalloc. So instead we use a simple, arbitrary
+- limit of 2Gb. Hopefully this should be enough for most users. If
+- someone does start trying to disassemble sections larger then 2Gb in
+- size they will doubtless complain and we can increase the limit. */
+-#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
+- if (datasize > MAX_XMALLOC)
+- {
+- non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
+- section->name, (unsigned long) datasize);
+- return;
+- }
+-
+ data = (bfd_byte *) xmalloc (datasize);
+
+ bfd_get_section_contents (abfd, section, data, 0, datasize);
+@@ -2652,12 +2629,11 @@ dump_dwarf (bfd *abfd)
+ /* Read ABFD's stabs section STABSECT_NAME, and return a pointer to
+ it. Return NULL on failure. */
+
+-static char *
++static bfd_byte *
+ read_section_stabs (bfd *abfd, const char *sect_name, bfd_size_type *size_ptr)
+ {
+ asection *stabsect;
+- bfd_size_type size;
+- char *contents;
++ bfd_byte *contents;
+
+ stabsect = bfd_get_section_by_name (abfd, sect_name);
+ if (stabsect == NULL)
+@@ -2666,10 +2642,7 @@ read_section_stabs (bfd *abfd, const cha
+ return FALSE;
+ }
+
+- size = bfd_section_size (abfd, stabsect);
+- contents = (char *) xmalloc (size);
+-
+- if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size))
++ if (!bfd_malloc_and_get_section (abfd, stabsect, &contents))
+ {
+ non_fatal (_("reading %s section of %s failed: %s"),
+ sect_name, bfd_get_filename (abfd),
+@@ -2679,7 +2652,7 @@ read_section_stabs (bfd *abfd, const cha
+ return NULL;
+ }
+
+- *size_ptr = size;
++ *size_ptr = bfd_section_size (abfd, stabsect);
+
+ return contents;
+ }
+@@ -2806,8 +2779,7 @@ find_stabs_section (bfd *abfd, asection
+
+ if (strtab)
+ {
+- stabs = (bfd_byte *) read_section_stabs (abfd, section->name,
+- &stab_size);
++ stabs = read_section_stabs (abfd, section->name, &stab_size);
+ if (stabs)
+ print_section_stabs (abfd, section->name, &sought->string_offset);
+ }
+Index: git/binutils/objcopy.c
+===================================================================
+--- git.orig/binutils/objcopy.c
++++ git/binutils/objcopy.c
+@@ -2186,14 +2186,15 @@ copy_object (bfd *ibfd, bfd *obfd, const
+ continue;
+ }
+
+- bfd_byte * contents = xmalloc (size);
+- if (bfd_get_section_contents (ibfd, sec, contents, 0, size))
++ bfd_byte *contents;
++ if (bfd_malloc_and_get_section (ibfd, sec, &contents))
+ {
+ if (fwrite (contents, 1, size, f) != size)
+ {
+ non_fatal (_("error writing section contents to %s (error: %s)"),
+ pdump->filename,
+ strerror (errno));
++ free (contents);
+ return FALSE;
+ }
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
new file mode 100644
index 0000000..c6353d8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
@@ -0,0 +1,361 @@
+From 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 30 May 2017 06:34:05 -0700
+Subject: [PATCH] Add bfd_get_file_size to get archive element size
+
+We can't use stat() to get archive element size. Add bfd_get_file_size
+to get size for both normal files and archive elements.
+
+bfd/
+
+ PR binutils/21519
+ * bfdio.c (bfd_get_file_size): New function.
+ * bfd-in2.h: Regenerated.
+
+binutils/
+
+ PR binutils/21519
+ * objdump.c (dump_relocs_in_section): Replace get_file_size
+ with bfd_get_file_size to get archive element size.
+ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
+ proc.
+ (test_objdump_h): Likewise.
+ (test_objdump_t): Likewise.
+ (test_objdump_r): Likewise.
+ (test_objdump_s): Likewise.
+ Add objdump tests on archive.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 +
+ bfd/bfd-in2.h | 2 +
+ bfd/bfdio.c | 23 ++++
+ binutils/ChangeLog | 13 ++
+ binutils/objdump.c | 2 +-
+ binutils/testsuite/binutils-all/objdump.exp | 178 +++++++++++++++++++---------
+ 6 files changed, 170 insertions(+), 54 deletions(-)
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h
++++ git/bfd/bfd-in2.h
+@@ -1241,6 +1241,8 @@ long bfd_get_mtime (bfd *abfd);
+
+ file_ptr bfd_get_size (bfd *abfd);
+
++file_ptr bfd_get_file_size (bfd *abfd);
++
+ void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len,
+ int prot, int flags, file_ptr offset,
+ void **map_addr, bfd_size_type *map_len);
+Index: git/bfd/bfdio.c
+===================================================================
+--- git.orig/bfd/bfdio.c
++++ git/bfd/bfdio.c
+@@ -434,6 +434,29 @@ bfd_get_size (bfd *abfd)
+ return buf.st_size;
+ }
+
++/*
++FUNCTION
++ bfd_get_file_size
++
++SYNOPSIS
++ file_ptr bfd_get_file_size (bfd *abfd);
++
++DESCRIPTION
++ Return the file size (as read from file system) for the file
++ associated with BFD @var{abfd}. It supports both normal files
++ and archive elements.
++
++*/
++
++file_ptr
++bfd_get_file_size (bfd *abfd)
++{
++ if (abfd->my_archive != NULL
++ && !bfd_is_thin_archive (abfd->my_archive))
++ return arelt_size (abfd);
++
++ return bfd_get_size (abfd);
++}
+
+ /*
+ FUNCTION
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -3310,7 +3310,7 @@ dump_relocs_in_section (bfd *abfd,
+ }
+
+ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+- && relsize > get_file_size (bfd_get_filename (abfd)))
++ && relsize > bfd_get_file_size (abfd))
+ {
+ printf (" (too many: 0x%x)\n", section->reloc_count);
+ bfd_set_error (bfd_error_file_truncated);
+Index: git/binutils/testsuite/binutils-all/objdump.exp
+===================================================================
+--- git.orig/binutils/testsuite/binutils-all/objdump.exp
++++ git/binutils/testsuite/binutils-all/objdump.exp
+@@ -64,96 +64,168 @@ if [regexp $want $got] then {
+ if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest.o]} then {
+ return
+ }
++if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest2.o]} then {
++ return
++}
+ if [is_remote host] {
+ set testfile [remote_download host tmpdir/bintest.o]
++ set testfile2 [remote_download host tmpdir/bintest2.o]
+ } else {
+ set testfile tmpdir/bintest.o
++ set testfile2 tmpdir/bintest2.o
++}
++
++if { ![istarget "alpha-*-*"] || [is_elf_format] } then {
++ remote_file host file delete tmpdir/bintest.a
++ set got [binutils_run $AR "rc tmpdir/bintest.a $testfile2"]
++ if ![string match "" $got] then {
++ fail "bintest.a"
++ remote_file host delete tmpdir/bintest.a
++ } else {
++ if [is_remote host] {
++ set testarchive [remote_download host tmpdir/bintest.a]
++ } else {
++ set testarchive tmpdir/bintest.a
++ }
++ }
++ remote_file host delete tmpdir/bintest2.o
+ }
+
+ # Test objdump -f
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
++proc test_objdump_f { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
++ global cpus_regex
+
+-set want "$testfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
+
+-if ![regexp $want $got] then {
+- fail "objdump -f"
+-} else {
+- pass "objdump -f"
++ set want "$dumpfile:\[ \]*file format.*architecture:\[ \]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
++
++ if ![regexp $want $got] then {
++ fail "objdump -f ($testfile, $dumpfile)"
++ } else {
++ pass "objdump -f ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_f $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_f $testarchive bintest2.o
+ }
+
+ # Test objdump -h
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
++proc test_objdump_h { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
+
+-if ![regexp $want $got all text_name text_size data_name data_size] then {
+- fail "objdump -h"
+-} else {
+- verbose "text name is $text_name size is $text_size"
+- verbose "data name is $data_name size is $data_size"
+- set ets 8
+- set eds 4
+- # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
+- if [istarget *c4x*-*-*] then {
+- set ets 2
+- set eds 1
+- }
+- # c54x section sizes are in bytes, not octets; adjust accordingly
+- if [istarget *c54x*-*-*] then {
+- set ets 4
+- set eds 2
+- }
+- if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
+- send_log "sizes too small\n"
+- fail "objdump -h"
++ set want "$dumpfile:\[ \]*file format.*Sections.*\[0-9\]+\[ \]+\[^ \]*(text|TEXT|P|\\\$CODE\\\$)\[^ \]*\[ \]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ \]+\[^ \]*(\\.data|DATA|D_1)\[^ \]*\[ \]*(\[0-9a-fA-F\]+)"
++
++ if ![regexp $want $got all text_name text_size data_name data_size] then {
++ fail "objdump -h ($testfile, $dumpfile)"
+ } else {
+- pass "objdump -h"
++ verbose "text name is $text_name size is $text_size"
++ verbose "data name is $data_name size is $data_size"
++ set ets 8
++ set eds 4
++ # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
++ if [istarget *c4x*-*-*] then {
++ set ets 2
++ set eds 1
++ }
++ # c54x section sizes are in bytes, not octets; adjust accordingly
++ if [istarget *c54x*-*-*] then {
++ set ets 4
++ set eds 2
++ }
++ if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
++ send_log "sizes too small\n"
++ fail "objdump -h ($testfile, $dumpfile)"
++ } else {
++ pass "objdump -h ($testfile, $dumpfile)"
++ }
+ }
+ }
+
++test_objdump_h $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_h $testarchive bintest2.o
++}
++
+ # Test objdump -t
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
++proc test_objdump_t { testfile} {
++ global OBJDUMP
++ global OBJDUMPFLAGS
++
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
++
++ if [info exists vars] then { unset vars }
++ while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
++ set vars($symbol) 1
++ set got $rest
++ }
+
+-if [info exists vars] then { unset vars }
+-while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
+- set vars($symbol) 1
+- set got $rest
++ if {![info exists vars(text_symbol)] \
++ || ![info exists vars(data_symbol)] \
++ || ![info exists vars(common_symbol)] \
++ || ![info exists vars(external_symbol)]} then {
++ fail "objdump -t ($testfile)"
++ } else {
++ pass "objdump -t ($testfile)"
++ }
+ }
+
+-if {![info exists vars(text_symbol)] \
+- || ![info exists vars(data_symbol)] \
+- || ![info exists vars(common_symbol)] \
+- || ![info exists vars(external_symbol)]} then {
+- fail "objdump -t"
+-} else {
+- pass "objdump -t"
++test_objdump_t $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_t $testarchive
+ }
+
+ # Test objdump -r
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
++proc test_objdump_r { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
+
+-if [regexp $want $got] then {
+- pass "objdump -r"
+-} else {
+- fail "objdump -r"
++ set want "$dumpfile:\[ \]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
++
++ if [regexp $want $got] then {
++ pass "objdump -r ($testfile, $dumpfile)"
++ } else {
++ fail "objdump -r ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_r $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_r $testarchive bintest2.o
+ }
+
+ # Test objdump -s
+
+-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
++proc test_objdump_s { testfile dumpfile } {
++ global OBJDUMP
++ global OBJDUMPFLAGS
+
+-set want "$testfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
++ set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
+
+-if [regexp $want $got] then {
+- pass "objdump -s"
+-} else {
+- fail "objdump -s"
++ set want "$dumpfile:\[ \]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ \]*\[0-9a-fA-F\]*\[ \]*(00000002|02000000|00000200)"
++
++ if [regexp $want $got] then {
++ pass "objdump -s ($testfile, $dumpfile)"
++ } else {
++ fail "objdump -s ($testfile, $dumpfile)"
++ }
++}
++
++test_objdump_s $testfile $testfile
++if { [ remote_file host exists $testarchive ] } then {
++ test_objdump_s $testarchive bintest2.o
+ }
+
+ # Test objdump -s on a file that contains a compressed .debug section
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21519
++ * bfdio.c (bfd_get_file_size): New function.
++ * bfd-in2.h: Regenerated.
++
+ 2017-06-27 Alan Modra <amodra@gmail.com>
+
+ PR binutils/21665
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,16 @@
++2017-05-30 H.J. Lu <hongjiu.lu@intel.com>
++
++ PR binutils/21519
++ * objdump.c (dump_relocs_in_section): Replace get_file_size
++ with bfd_get_file_size to get archive element size.
++ * testsuite/binutils-all/objdump.exp (test_objdump_f): New
++ proc.
++ (test_objdump_h): Likewise.
++ (test_objdump_t): Likewise.
++ (test_objdump_r): Likewise.
++ (test_objdump_s): Likewise.
++ Add objdump tests on archive.
++
+ 2017-07-01 Alan Modra <amodra@gmail.com>
+
+ PR binutils/21665
diff --git a/meta/recipes-devtools/diffstat/diffstat_1.61.bb b/meta/recipes-devtools/diffstat/diffstat_1.61.bb
index 0ec41c3..583b387 100644
--- a/meta/recipes-devtools/diffstat/diffstat_1.61.bb
+++ b/meta/recipes-devtools/diffstat/diffstat_1.61.bb
@@ -7,7 +7,7 @@ SECTION = "devel"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://install-sh;endline=42;md5=b3549726c1022bee09c174c72a0ca4a5"
-SRC_URI = "ftp://invisible-island.net/diffstat/diffstat-${PV}.tgz \
+SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \
file://run-ptest \
"
diff --git a/meta/recipes-devtools/dpkg/dpkg.inc b/meta/recipes-devtools/dpkg/dpkg.inc
index 870117a..fe4732d 100644
--- a/meta/recipes-devtools/dpkg/dpkg.inc
+++ b/meta/recipes-devtools/dpkg/dpkg.inc
@@ -9,7 +9,7 @@ RDEPENDS_${PN}_class-native = ""
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/d/dpkg/"
-inherit autotools gettext perlnative pkgconfig systemd
+inherit autotools gettext perlnative pkgconfig systemd perl-version
python () {
if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d):
@@ -20,8 +20,8 @@ python () {
export PERL = "${bindir}/perl"
PERL_class-native = "${STAGING_BINDIR_NATIVE}/perl-native/perl"
-export PERL_LIBDIR = "${libdir}/perl"
-PERL_LIBDIR_class-native = "${libdir}/perl-native/perl"
+export PERL_LIBDIR = "${libdir}/perl/${@get_perl_version(d)}"
+PERL_LIBDIR_class-native = "${libdir}/perl-native/perl/${@get_perl_version(d)}"
EXTRA_OECONF = "\
--disable-dselect \
@@ -37,12 +37,6 @@ PACKAGECONFIG[liblzma] = "--with-liblzma,--without-liblzma, xz"
EXTRA_OECONF += "TAR=tar"
EXTRA_OECONF_append_class-target = " DEB_HOST_ARCH=${DPKG_ARCH}"
-do_configure () {
- echo >> ${S}/m4/compiler.m4
- sed -i -e 's#PERL_LIBDIR=.*$#PERL_LIBDIR="${libdir}/perl"#' ${S}/configure
- autotools_do_configure
-}
-
do_install_append () {
if [ "${PN}" = "dpkg-native" ]; then
# update-alternatives doesn't have an offline mode
@@ -73,7 +67,26 @@ FILES_update-alternatives-dpkg = "${bindir}/update-alternatives ${localstatedir}
RPROVIDES_update-alternatives-dpkg += "update-alternatives"
PACKAGES += "${PN}-perl"
-FILES_${PN}-perl = "${libdir}/perl"
+FILES_${PN}-perl = "${libdir}/perl/${@get_perl_version(d)}"
+
+RDEPENDS_${PN}-perl += "perl-module-carp perl-module-constant \
+ perl-module-cwd perl-module-digest \
+ perl-module-digest-md5 perl-module-errno \
+ perl-module-exporter perl-module-fcntl \
+ perl-module-feature perl-module-file-basename \
+ perl-module-file-compare perl-module-file-copy \
+ perl-module-file-find perl-module-file-path \
+ perl-module-file-spec perl-module-file-temp \
+ perl-module-list-util perl-module-overload \
+ perl-module-parent perl-module-storable \
+ perl-module-filehandle perl-module-io \
+ perl-module-io-handle perl-module-io-seekable \
+ perl-module-posix perl-module-scalar-util \
+ perl-module-selectsaver perl-module-symbol \
+ perl-module-term-ansicolor perl-module-tie-handle \
+ perl-module-tie-hash perl-module-storable \
+ perl-module-time-hires perl-module-time-piece \
+ perl-module-xsloader"
# Split out start-stop-daemon to its own package. Note that it
# is installed in a different directory than the one used for
diff --git a/meta/recipes-devtools/gcc/gcc-6.3.inc b/meta/recipes-devtools/gcc/gcc-6.3.inc
index 71d0aff..5c81a33 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-6.3.inc
@@ -71,7 +71,7 @@ SRC_URI = "\
file://0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch \
file://0039-Fix-various-_FOR_BUILD-and-related-variables.patch \
file://0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch \
- file://0041-ssp_nonshared.patch \
+ file://0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch \
file://0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch \
file://0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch \
file://0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch \
@@ -80,6 +80,7 @@ SRC_URI = "\
file://0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch \
file://0048-sync-gcc-stddef.h-with-musl.patch \
file://0054_all_nopie-all-flags.patch \
+ file://0055-unwind_h-glibc26.patch \
${BACKPORTS} \
"
BACKPORTS = "\
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch b/meta/recipes-devtools/gcc/gcc-6.3/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
new file mode 100644
index 0000000..29b7ce7
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.3/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
@@ -0,0 +1,87 @@
+From 210f6b3b82084cc756e02b8bc12f909a43b14ee8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 27 Jun 2017 18:10:54 -0700
+Subject: [PATCH 40/49] Add ssp_nonshared to link commandline for musl targets
+
+when -fstack-protector options are enabled we need to
+link with ssp_shared on musl since it does not provide
+the __stack_chk_fail_local() so essentially it provides
+libssp but not libssp_nonshared something like
+TARGET_LIBC_PROVIDES_SSP_BUT_NOT_SSP_NONSHARED
+ where-as for glibc the needed symbols
+are already present in libc_nonshared library therefore
+we do not need any library helper on glibc based systems
+but musl needs the libssp_noshared from gcc
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gcc/config/linux.h | 7 +++++++
+ gcc/config/rs6000/linux.h | 10 ++++++++++
+ gcc/config/rs6000/linux64.h | 10 ++++++++++
+ 3 files changed, 27 insertions(+)
+
+diff --git a/gcc/config/linux.h b/gcc/config/linux.h
+index 2e683d0c430..1b4df798671 100644
+--- a/gcc/config/linux.h
++++ b/gcc/config/linux.h
+@@ -182,6 +182,13 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
+ { GCC_INCLUDE_DIR, "GCC", 0, 1, 0, 0 }, \
+ { 0, 0, 0, 0, 0, 0 } \
+ }
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#undef LINK_SSP_SPEC
++#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
++ "|fstack-protector-strong|fstack-protector-explicit" \
++ ":-lssp_nonshared}"
++#endif
++
+ #endif
+
+ #if (DEFAULT_LIBC == LIBC_UCLIBC) && defined (SINGLE_LIBC) /* uClinux */
+diff --git a/gcc/config/rs6000/linux.h b/gcc/config/rs6000/linux.h
+index 684afd6c190..22cfa391b89 100644
+--- a/gcc/config/rs6000/linux.h
++++ b/gcc/config/rs6000/linux.h
+@@ -91,6 +91,16 @@
+ " -m elf32ppclinux")
+ #endif
+
++/* link libssp_nonshared.a with musl */
++#if DEFAULT_LIBC == LIBC_MUSL
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#undef LINK_SSP_SPEC
++#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
++ "|fstack-protector-strong|fstack-protector-explicit" \
++ ":-lssp_nonshared}"
++#endif
++#endif
++
+ #undef LINK_OS_LINUX_SPEC
+ #define LINK_OS_LINUX_SPEC LINK_OS_LINUX_EMUL " %{!shared: %{!static: \
+ %{rdynamic:-export-dynamic} \
+diff --git a/gcc/config/rs6000/linux64.h b/gcc/config/rs6000/linux64.h
+index 3b00ec0fcf0..8371f8d7b6b 100644
+--- a/gcc/config/rs6000/linux64.h
++++ b/gcc/config/rs6000/linux64.h
+@@ -465,6 +465,16 @@ extern int dot_symbols;
+ " -m elf64ppc")
+ #endif
+
++/* link libssp_nonshared.a with musl */
++#if DEFAULT_LIBC == LIBC_MUSL
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#undef LINK_SSP_SPEC
++#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
++ "|fstack-protector-strong|fstack-protector-explicit" \
++ ":-lssp_nonshared}"
++#endif
++#endif
++
+ #define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " %{!shared: %{!static: \
+ %{rdynamic:-export-dynamic} \
+ -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}} \
+--
+2.13.2
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch b/meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch
deleted file mode 100644
index 0744529..0000000
--- a/meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 551a5db7acb56e085a101f1c222d51b2c1b039a4 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy <nsz@port70.net>
-Date: Sat, 7 Nov 2015 14:58:40 +0000
-Subject: [PATCH 41/46] ssp_nonshared
-
----
-Upstream-Status: Inappropriate [OE Configuration]
-
- gcc/gcc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/gcc/gcc.c b/gcc/gcc.c
-index 2812819..9de96ee 100644
---- a/gcc/gcc.c
-+++ b/gcc/gcc.c
-@@ -863,7 +863,8 @@ proper position among the other output files. */
- #ifndef LINK_SSP_SPEC
- #ifdef TARGET_LIBC_PROVIDES_SSP
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
-- "|fstack-protector-strong|fstack-protector-explicit:}"
-+ "|fstack-protector-strong|fstack-protector-explicit" \
-+ ":-lssp_nonshared}"
- #else
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
- "|fstack-protector-strong|fstack-protector-explicit" \
---
-2.8.2
-
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0055-unwind_h-glibc26.patch b/meta/recipes-devtools/gcc/gcc-6.3/0055-unwind_h-glibc26.patch
new file mode 100644
index 0000000..c266cfe
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.3/0055-unwind_h-glibc26.patch
@@ -0,0 +1,139 @@
+Backport and edit of patches from:
+https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=249957
+by jsm28 (Joseph Myers)
+
+Current glibc no longer gives the ucontext_t type the tag struct
+ucontext, to conform with POSIX namespace rules. This requires
+various linux-unwind.h files in libgcc, that were previously using
+struct ucontext, to be fixed to use ucontext_t instead. This is
+similar to the removal of the struct siginfo tag from siginfo_t some
+years ago.
+
+This patch changes those files to use ucontext_t instead. As the
+standard name that should be unconditionally safe, so this is not
+restricted to architectures supported by glibc, or conditioned on the
+glibc version.
+
+Upstream-Status: Backport
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- branches/gcc-6-branch/libgcc/config/aarch64/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/aarch64/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -52,7 +52,7 @@
+ struct rt_sigframe
+ {
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ };
+
+ struct rt_sigframe *rt_;
+--- branches/gcc-6-branch/libgcc/config/alpha/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/alpha/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -51,7 +51,7 @@
+ {
+ struct rt_sigframe {
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *rt_ = context->cfa;
+ sc = &rt_->uc.uc_mcontext;
+ }
+--- branches/gcc-6-branch/libgcc/config/bfin/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/bfin/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -52,7 +52,7 @@
+ void *puc;
+ char retcode[8];
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *rt_ = context->cfa;
+
+ /* The void * cast is necessary to avoid an aliasing warning.
+--- branches/gcc-6-branch/libgcc/config/i386/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/i386/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -58,7 +58,7 @@
+ if (*(unsigned char *)(pc+0) == 0x48
+ && *(unsigned long long *)(pc+1) == RT_SIGRETURN_SYSCALL)
+ {
+- struct ucontext *uc_ = context->cfa;
++ ucontext_t *uc_ = context->cfa;
+ /* The void * cast is necessary to avoid an aliasing warning.
+ The aliasing warning is correct, but should not be a problem
+ because it does not alias anything. */
+@@ -138,7 +138,7 @@
+ siginfo_t *pinfo;
+ void *puc;
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *rt_ = context->cfa;
+ /* The void * cast is necessary to avoid an aliasing warning.
+ The aliasing warning is correct, but should not be a problem
+--- branches/gcc-6-branch/libgcc/config/m68k/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/m68k/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -33,7 +33,7 @@
+ /* <sys/ucontext.h> is unfortunately broken right now. */
+ struct uw_ucontext {
+ unsigned long uc_flags;
+- struct ucontext *uc_link;
++ ucontext_t *uc_link;
+ stack_t uc_stack;
+ mcontext_t uc_mcontext;
+ unsigned long uc_filler[80];
+--- branches/gcc-6-branch/libgcc/config/nios2/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/nios2/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -38,7 +38,7 @@
+
+ struct nios2_ucontext {
+ unsigned long uc_flags;
+- struct ucontext *uc_link;
++ ucontext_t *uc_link;
+ stack_t uc_stack;
+ struct nios2_mcontext uc_mcontext;
+ sigset_t uc_sigmask; /* mask last for extensibility */
+--- branches/gcc-6-branch/libgcc/config/pa/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/pa/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -80,7 +80,7 @@
+ struct sigcontext *sc;
+ struct rt_sigframe {
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *frame;
+
+ /* rt_sigreturn trampoline:
+--- branches/gcc-6-branch/libgcc/config/sh/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/sh/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -180,7 +180,7 @@
+ {
+ struct rt_sigframe {
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *rt_ = context->cfa;
+ /* The void * cast is necessary to avoid an aliasing warning.
+ The aliasing warning is correct, but should not be a problem
+--- branches/gcc-6-branch/libgcc/config/tilepro/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/tilepro/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -61,7 +61,7 @@
+ struct rt_sigframe {
+ unsigned char save_area[C_ABI_SAVE_AREA_SIZE];
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *rt_;
+
+ /* Return if this is not a signal handler. */
+--- branches/gcc-6-branch/libgcc/config/xtensa/linux-unwind.h 2017/07/04 10:22:56 249956
+--- b/libgcc/config/xtensa/linux-unwind.h 2017/07/04 10:23:57 249957
+@@ -67,7 +67,7 @@
+
+ struct rt_sigframe {
+ siginfo_t info;
+- struct ucontext uc;
++ ucontext_t uc;
+ } *rt_;
+
+ /* movi a2, __NR_rt_sigreturn; syscall */
diff --git a/meta/recipes-devtools/gdb/gdb-7.12.1.inc b/meta/recipes-devtools/gdb/gdb-7.12.1.inc
index b15a2b5..634756c 100644
--- a/meta/recipes-devtools/gdb/gdb-7.12.1.inc
+++ b/meta/recipes-devtools/gdb/gdb-7.12.1.inc
@@ -15,6 +15,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \
file://0008-Use-exorted-definitions-of-SIGRTMIN.patch \
file://0009-Change-order-of-CFLAGS.patch \
file://0010-resolve-restrict-keyword-conflict.patch \
+ file://package_devel_gdb_patches_120-sigprocmask-invalid-call.patch \
"
SRC_URI[md5sum] = "193453347ddced7acb6b1cd2ee8f2e4b"
SRC_URI[sha256sum] = "4607680b973d3ec92c30ad029f1b7dbde3876869e6b3a117d8a7e90081113186"
diff --git a/meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch b/meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch
new file mode 100644
index 0000000..c5484f7
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch
@@ -0,0 +1,45 @@
+From 56893a61aa4f0270fa8d1197b9848247f90fce0d Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Fri, 24 Mar 2017 10:36:03 +0800
+Subject: [PATCH] Fix invalid sigprocmask call
+
+The POSIX document says
+
+ The pthread_sigmask() and sigprocmask() functions shall fail if:
+
+ [EINVAL]
+ The value of the how argument is not equal to one of the defined values.
+
+and this is how musl-libc is currently doing. Fix the call to be safe
+and correct
+
+ [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_sigmask.html
+
+gdb/ChangeLog:
+2017-03-24 Yousong Zhou <yszhou4tech@gmail.com>
+
+ * common/signals-state-save-restore.c (save_original_signals_state):
+ Fix invalid sigprocmask call.
+---
+Upstream-Status: Pending [not author, cherry-picked from LEDE https://bugs.lede-project.org/index.php?do=details&task_id=637&openedfrom=-1%2Bweek]
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+ gdb/ChangeLog | 5 +++++
+ gdb/common/signals-state-save-restore.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/gdb/common/signals-state-save-restore.c b/gdb/common/signals-state-save-restore.c
+index d11a9ae..734335c 100644
+--- a/gdb/common/signals-state-save-restore.c
++++ b/gdb/common/signals-state-save-restore.c
+@@ -41,7 +41,7 @@ save_original_signals_state (void)
+ int i;
+ int res;
+
+- res = sigprocmask (0, NULL, &original_signal_mask);
++ res = sigprocmask (SIG_BLOCK, NULL, &original_signal_mask);
+ if (res == -1)
+ perror_with_name (("sigprocmask"));
+
+--
+2.6.4
+
diff --git a/meta/recipes-devtools/json-c/json-c/0001-Add-FALLTHRU-comment-to-handle-GCC7-warnings.patch b/meta/recipes-devtools/json-c/json-c/0001-Add-FALLTHRU-comment-to-handle-GCC7-warnings.patch
new file mode 100644
index 0000000..df3b600
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/0001-Add-FALLTHRU-comment-to-handle-GCC7-warnings.patch
@@ -0,0 +1,77 @@
+From 9522ac8e5d5b20a472f3ffc356d388d36f7f582c Mon Sep 17 00:00:00 2001
+From: marxin <mliska@suse.cz>
+Date: Tue, 21 Mar 2017 08:42:11 +0100
+Subject: [PATCH] Add FALLTHRU comment to handle GCC7 warnings.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+Upstream-Status: Backport [https://github.com/json-c/json-c/commit/014924ba899f659917bb64392bbff7d3c803afc2]
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+
+ json_object.c | 1 +
+ json_tokener.c | 1 +
+ linkhash.c | 22 +++++++++++-----------
+ 3 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/json_object.c b/json_object.c
+index 6cc73bc..77e8b21 100644
+--- a/json_object.c
++++ b/json_object.c
+@@ -552,6 +552,7 @@ int64_t json_object_get_int64(struct json_object *jso)
+ return jso->o.c_boolean;
+ case json_type_string:
+ if (json_parse_int64(jso->o.c_string.str, &cint) == 0) return cint;
++ /* FALLTHRU */
+ default:
+ return 0;
+ }
+diff --git a/json_tokener.c b/json_tokener.c
+index 7fa32ae..b32d657 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -306,6 +306,7 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+ tok->err = json_tokener_error_parse_unexpected;
+ goto out;
+ }
++ /* FALLTHRU */
+ case '"':
+ state = json_tokener_state_string;
+ printbuf_reset(tok->pb);
+diff --git a/linkhash.c b/linkhash.c
+index 712c387..74e3b0f 100644
+--- a/linkhash.c
++++ b/linkhash.c
+@@ -376,17 +376,17 @@ static uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
+ /*-------------------------------- last block: affect all 32 bits of (c) */
+ switch(length) /* all the case statements fall through */
+ {
+- case 12: c+=((uint32_t)k[11])<<24;
+- case 11: c+=((uint32_t)k[10])<<16;
+- case 10: c+=((uint32_t)k[9])<<8;
+- case 9 : c+=k[8];
+- case 8 : b+=((uint32_t)k[7])<<24;
+- case 7 : b+=((uint32_t)k[6])<<16;
+- case 6 : b+=((uint32_t)k[5])<<8;
+- case 5 : b+=k[4];
+- case 4 : a+=((uint32_t)k[3])<<24;
+- case 3 : a+=((uint32_t)k[2])<<16;
+- case 2 : a+=((uint32_t)k[1])<<8;
++ case 12: c+=((uint32_t)k[11])<<24; /* FALLTHRU */
++ case 11: c+=((uint32_t)k[10])<<16; /* FALLTHRU */
++ case 10: c+=((uint32_t)k[9])<<8; /* FALLTHRU */
++ case 9 : c+=k[8]; /* FALLTHRU */
++ case 8 : b+=((uint32_t)k[7])<<24; /* FALLTHRU */
++ case 7 : b+=((uint32_t)k[6])<<16; /* FALLTHRU */
++ case 6 : b+=((uint32_t)k[5])<<8; /* FALLTHRU */
++ case 5 : b+=k[4]; /* FALLTHRU */
++ case 4 : a+=((uint32_t)k[3])<<24; /* FALLTHRU */
++ case 3 : a+=((uint32_t)k[2])<<16; /* FALLTHRU */
++ case 2 : a+=((uint32_t)k[1])<<8; /* FALLTHRU */
+ case 1 : a+=k[0];
+ break;
+ case 0 : return c;
+--
+2.14.1
+
diff --git a/meta/recipes-devtools/json-c/json-c_0.12.bb b/meta/recipes-devtools/json-c/json-c_0.12.bb
index a15455c..072c092 100644
--- a/meta/recipes-devtools/json-c/json-c_0.12.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.12.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
file://0001-json_tokener-requires-INF-and-NAN.patch \
file://0001-Link-against-libm-when-needed.patch \
+ file://0001-Add-FALLTHRU-comment-to-handle-GCC7-warnings.patch \
"
SRC_URI[md5sum] = "3ca4bbb881dfc4017e8021b5e0a8c491"
diff --git a/meta/recipes-devtools/perl/liburi-perl_1.71.bb b/meta/recipes-devtools/perl/liburi-perl_1.71.bb
index a800198..432803c 100644
--- a/meta/recipes-devtools/perl/liburi-perl_1.71.bb
+++ b/meta/recipes-devtools/perl/liburi-perl_1.71.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c453e94fae672800f83bc1bd7a38b53f"
DEPENDS += "perl"
-SRC_URI = "http://www.cpan.org/authors/id/E/ET/ETHER/URI-${PV}.tar.gz"
+SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/URI-${PV}.tar.gz"
SRC_URI[md5sum] = "247c3da29a794f72730e01aa5a715daf"
SRC_URI[sha256sum] = "9c8eca0d7f39e74bbc14706293e653b699238eeb1a7690cc9c136fb8c2644115"
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
new file mode 100644
index 0000000..700d1bc
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
@@ -0,0 +1,353 @@
+From d86d283fcb35d1442a121b92030884523908a331 Mon Sep 17 00:00:00 2001
+From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Sat, 22 Apr 2017 07:29:01 +0000
+Subject: [PATCH] merge revision(s) 58323,58324:
+
+ Merge json-2.0.4.
+
+ * https://github.com/flori/json/releases/tag/v2.0.4
+ * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
+ Use `assert_raise` instead of `assert_raises`.
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58445 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+
+Upstream-Status: Backport
+CVE: CVE-2017-14064
+
+Signed-off-by: Armin Kuster <akuster@mvisa.com>
+
+---
+ ext/json/fbuffer/fbuffer.h | 3 ---
+ ext/json/generator/generator.c | 12 +++++-----
+ ext/json/generator/generator.h | 1 -
+ ext/json/json.gemspec | Bin 5473 -> 5474 bytes
+ ext/json/lib/json/version.rb | 2 +-
+ ext/json/parser/parser.c | 48 +++++++++++++++++++++++----------------
+ ext/json/parser/parser.rl | 14 +++++++++---
+ test/json/json_encoding_test.rb | 2 ++
+ test/json/json_generator_test.rb | 0
+ version.h | 2 +-
+ 10 files changed, 49 insertions(+), 35 deletions(-)
+ mode change 100755 => 100644 test/json/json_generator_test.rb
+
+Index: ruby-2.4.0/ext/json/fbuffer/fbuffer.h
+===================================================================
+--- ruby-2.4.0.orig/ext/json/fbuffer/fbuffer.h
++++ ruby-2.4.0/ext/json/fbuffer/fbuffer.h
+@@ -12,9 +12,6 @@
+ #define RFLOAT_VALUE(val) (RFLOAT(val)->value)
+ #endif
+
+-#ifndef RARRAY_PTR
+-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
+-#endif
+ #ifndef RARRAY_LEN
+ #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
+ #endif
+Index: ruby-2.4.0/ext/json/generator/generator.c
+===================================================================
+--- ruby-2.4.0.orig/ext/json/generator/generator.c
++++ ruby-2.4.0/ext/json/generator/generator.c
+@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, u
+ char *result;
+ if (len <= 0) return NULL;
+ result = ALLOC_N(char, len);
+- memccpy(result, ptr, 0, len);
++ memcpy(result, ptr, len);
+ return result;
+ }
+
+@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE sel
+ }
+ } else {
+ if (state->indent) ruby_xfree(state->indent);
+- state->indent = strdup(RSTRING_PTR(indent));
++ state->indent = fstrndup(RSTRING_PTR(indent), len);
+ state->indent_len = len;
+ }
+ return Qnil;
+@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self
+ }
+ } else {
+ if (state->space) ruby_xfree(state->space);
+- state->space = strdup(RSTRING_PTR(space));
++ state->space = fstrndup(RSTRING_PTR(space), len);
+ state->space_len = len;
+ }
+ return Qnil;
+@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VAL
+ }
+ } else {
+ if (state->space_before) ruby_xfree(state->space_before);
+- state->space_before = strdup(RSTRING_PTR(space_before));
++ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
+ state->space_before_len = len;
+ }
+ return Qnil;
+@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE
+ }
+ } else {
+ if (state->object_nl) ruby_xfree(state->object_nl);
+- state->object_nl = strdup(RSTRING_PTR(object_nl));
++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
+ state->object_nl_len = len;
+ }
+ return Qnil;
+@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE s
+ }
+ } else {
+ if (state->array_nl) ruby_xfree(state->array_nl);
+- state->array_nl = strdup(RSTRING_PTR(array_nl));
++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
+ state->array_nl_len = len;
+ }
+ return Qnil;
+Index: ruby-2.4.0/ext/json/generator/generator.h
+===================================================================
+--- ruby-2.4.0.orig/ext/json/generator/generator.h
++++ ruby-2.4.0/ext/json/generator/generator.h
+@@ -1,7 +1,6 @@
+ #ifndef _GENERATOR_H_
+ #define _GENERATOR_H_
+
+-#include <string.h>
+ #include <math.h>
+ #include <ctype.h>
+
+Index: ruby-2.4.0/ext/json/lib/json/version.rb
+===================================================================
+--- ruby-2.4.0.orig/ext/json/lib/json/version.rb
++++ ruby-2.4.0/ext/json/lib/json/version.rb
+@@ -1,7 +1,7 @@
+ # frozen_string_literal: false
+ module JSON
+ # JSON version
+- VERSION = '2.0.2'
++ VERSION = '2.0.4'
+ VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
+ VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
+ VERSION_MINOR = VERSION_ARRAY[1] # :nodoc:
+Index: ruby-2.4.0/ext/json/parser/parser.c
+===================================================================
+--- ruby-2.4.0.orig/ext/json/parser/parser.c
++++ ruby-2.4.0/ext/json/parser/parser.c
+@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE
+ break;
+ case 'u':
+ if (pe > stringEnd - 4) {
+- return Qnil;
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
++ );
+ } else {
+ UTF32 ch = unescape_unicode((unsigned char *) ++pe);
+ pe += 3;
+ if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
+ pe++;
+- if (pe > stringEnd - 6) return Qnil;
++ if (pe > stringEnd - 6) {
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete surrogate pair at '%s'", __LINE__, p
++ );
++ }
+ if (pe[0] == '\\' && pe[1] == 'u') {
+ UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
+ ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
+@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE
+ }
+
+
+-#line 1475 "parser.c"
++#line 1483 "parser.c"
+ enum {JSON_string_start = 1};
+ enum {JSON_string_first_final = 8};
+ enum {JSON_string_error = 0};
+@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
+ enum {JSON_string_en_main = 1};
+
+
+-#line 504 "parser.rl"
++#line 512 "parser.rl"
+
+
+ static int
+@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Pars
+
+ *result = rb_str_buf_new(0);
+
+-#line 1505 "parser.c"
++#line 1513 "parser.c"
+ {
+ cs = JSON_string_start;
+ }
+
+-#line 525 "parser.rl"
++#line 533 "parser.rl"
+ json->memo = p;
+
+-#line 1513 "parser.c"
++#line 1521 "parser.c"
+ {
+ if ( p == pe )
+ goto _test_eof;
+@@ -1534,7 +1542,7 @@ case 2:
+ goto st0;
+ goto st2;
+ tr2:
+-#line 490 "parser.rl"
++#line 498 "parser.rl"
+ {
+ *result = json_string_unescape(*result, json->memo + 1, p);
+ if (NIL_P(*result)) {
+@@ -1545,14 +1553,14 @@ tr2:
+ {p = (( p + 1))-1;}
+ }
+ }
+-#line 501 "parser.rl"
++#line 509 "parser.rl"
+ { p--; {p++; cs = 8; goto _out;} }
+ goto st8;
+ st8:
+ if ( ++p == pe )
+ goto _test_eof8;
+ case 8:
+-#line 1556 "parser.c"
++#line 1564 "parser.c"
+ goto st0;
+ st3:
+ if ( ++p == pe )
+@@ -1628,7 +1636,7 @@ case 7:
+ _out: {}
+ }
+
+-#line 527 "parser.rl"
++#line 535 "parser.rl"
+
+ if (json->create_additions && RTEST(match_string = json->match_string)) {
+ VALUE klass;
+@@ -1675,7 +1683,7 @@ static VALUE convert_encoding(VALUE sour
+ }
+ FORCE_UTF8(source);
+ } else {
+- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
++ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
+ }
+ #endif
+ return source;
+@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc
+ }
+
+
+-#line 1812 "parser.c"
++#line 1820 "parser.c"
+ enum {JSON_start = 1};
+ enum {JSON_first_final = 10};
+ enum {JSON_error = 0};
+@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
+ enum {JSON_en_main = 1};
+
+
+-#line 720 "parser.rl"
++#line 728 "parser.rl"
+
+
+ /*
+@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
+ GET_PARSER;
+
+
+-#line 1837 "parser.c"
++#line 1845 "parser.c"
+ {
+ cs = JSON_start;
+ }
+
+-#line 736 "parser.rl"
++#line 744 "parser.rl"
+ p = json->source;
+ pe = p + json->len;
+
+-#line 1846 "parser.c"
++#line 1854 "parser.c"
+ {
+ if ( p == pe )
+ goto _test_eof;
+@@ -1876,7 +1884,7 @@ st0:
+ cs = 0;
+ goto _out;
+ tr2:
+-#line 712 "parser.rl"
++#line 720 "parser.rl"
+ {
+ char *np = JSON_parse_value(json, p, pe, &result, 0);
+ if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
+@@ -1886,7 +1894,7 @@ st10:
+ if ( ++p == pe )
+ goto _test_eof10;
+ case 10:
+-#line 1890 "parser.c"
++#line 1898 "parser.c"
+ switch( (*p) ) {
+ case 13: goto st10;
+ case 32: goto st10;
+@@ -1975,7 +1983,7 @@ case 9:
+ _out: {}
+ }
+
+-#line 739 "parser.rl"
++#line 747 "parser.rl"
+
+ if (cs >= JSON_first_final && p == pe) {
+ return result;
+Index: ruby-2.4.0/ext/json/parser/parser.rl
+===================================================================
+--- ruby-2.4.0.orig/ext/json/parser/parser.rl
++++ ruby-2.4.0/ext/json/parser/parser.rl
+@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE
+ break;
+ case 'u':
+ if (pe > stringEnd - 4) {
+- return Qnil;
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
++ );
+ } else {
+ UTF32 ch = unescape_unicode((unsigned char *) ++pe);
+ pe += 3;
+ if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
+ pe++;
+- if (pe > stringEnd - 6) return Qnil;
++ if (pe > stringEnd - 6) {
++ rb_enc_raise(
++ EXC_ENCODING eParserError,
++ "%u: incomplete surrogate pair at '%s'", __LINE__, p
++ );
++ }
+ if (pe[0] == '\\' && pe[1] == 'u') {
+ UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
+ ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
+@@ -570,7 +578,7 @@ static VALUE convert_encoding(VALUE sour
+ }
+ FORCE_UTF8(source);
+ } else {
+- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
++ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
+ }
+ #endif
+ return source;
+Index: ruby-2.4.0/test/json/json_encoding_test.rb
+===================================================================
+--- ruby-2.4.0.orig/test/json/json_encoding_test.rb
++++ ruby-2.4.0/test/json/json_encoding_test.rb
+@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::Tes
+ json = '["\ud840\udc01"]'
+ assert_equal json, generate(utf8, :ascii_only => true)
+ assert_equal utf8, parse(json)
++ assert_raise(JSON::ParserError) { parse('"\u"') }
++ assert_raise(JSON::ParserError) { parse('"\ud800"') }
+ end
+
+ def test_chars
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
index f1bd828..8cc52d6 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.0.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
@@ -6,6 +6,7 @@ SRC_URI += " \
file://ruby-CVE-2017-9227.patch \
file://ruby-CVE-2017-9228.patch \
file://ruby-CVE-2017-9229.patch \
+ file://CVE-2017-14064.patch \
"
SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"
diff --git a/meta/recipes-devtools/valgrind/valgrind_3.12.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.12.0.bb
index 62a9635..4f8cd3f 100644
--- a/meta/recipes-devtools/valgrind/valgrind_3.12.0.bb
+++ b/meta/recipes-devtools/valgrind/valgrind_3.12.0.bb
@@ -41,9 +41,7 @@ COMPATIBLE_HOST_armv6 = 'null'
COMPATIBLE_HOST_linux-gnux32 = 'null'
# Disable for some MIPS variants
-COMPATIBLE_HOST_mipsarcho32 = "${@bb.utils.contains("TARGET_FPU", "soft", "null", ".*-linux", d)}"
COMPATIBLE_HOST_mipsarchn32 = 'null'
-COMPATIBLE_HOST_mipsarchn64 = "${@bb.utils.contains("TARGET_FPU", "soft", "null", ".*-linux", d)}"
COMPATIBLE_HOST_mipsarchr6 = 'null'
inherit autotools ptest
diff --git a/meta/recipes-graphics/waffle/waffle_1.5.2.bb b/meta/recipes-graphics/waffle/waffle_1.5.2.bb
index 9d6b0e0..a5179db 100644
--- a/meta/recipes-graphics/waffle/waffle_1.5.2.bb
+++ b/meta/recipes-graphics/waffle/waffle_1.5.2.bb
@@ -21,20 +21,20 @@ PACKAGECONFIG ??= "glx"
REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('PACKAGECONFIG', 'glx', 'x11', '', d)}"
# virtual/libgl requires opengl in DISTRO_FEATURES.
-REQUIRED_DISTRO_FEATURES += "${@bb.utils.contains('DEPENDS', 'virtual/libgl', 'opengl', '', d)}"
+REQUIRED_DISTRO_FEATURES += "${@bb.utils.contains('DEPENDS', 'virtual/${MLPREFIX}libgl', 'opengl', '', d)}"
# I say virtual/libgl, actually wants gl.pc
-PACKAGECONFIG[glx] = "-Dwaffle_has_glx=1,-Dwaffle_has_glx=0,virtual/libgl libx11"
+PACKAGECONFIG[glx] = "-Dwaffle_has_glx=1,-Dwaffle_has_glx=0,virtual/${MLPREFIX}libgl libx11"
# I say virtual/libgl, actually wants wayland-egl.pc, egl.pc, and the wayland
# DISTRO_FEATURE.
-PACKAGECONFIG[wayland] = "-Dwaffle_has_wayland=1,-Dwaffle_has_wayland=0,virtual/libgl wayland"
+PACKAGECONFIG[wayland] = "-Dwaffle_has_wayland=1,-Dwaffle_has_wayland=0,virtual/${MLPREFIX}libgl wayland"
# I say virtual/libgl, actually wants gbm.pc egl.pc
-PACKAGECONFIG[gbm] = "-Dwaffle_has_gbm=1,-Dwaffle_has_gbm=0,virtual/libgl udev"
+PACKAGECONFIG[gbm] = "-Dwaffle_has_gbm=1,-Dwaffle_has_gbm=0,virtual/${MLPREFIX}libgl udev"
# I say virtual/libgl, actually wants egl.pc
-PACKAGECONFIG[x11-egl] = "-Dwaffle_has_x11_egl=1,-Dwaffle_has_x11_egl=0,virtual/libgl libxcb"
+PACKAGECONFIG[x11-egl] = "-Dwaffle_has_x11_egl=1,-Dwaffle_has_x11_egl=0,virtual/${MLPREFIX}libgl libxcb"
FILES_${PN}-dev += "${datadir}/cmake/Modules/FindWaffle.cmake \
${libdir}/cmake/Waffle/"
diff --git a/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch b/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch
new file mode 100644
index 0000000..c188018
--- /dev/null
+++ b/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch
@@ -0,0 +1,55 @@
+Multi-plane sub-sampled textures have partial width/height, e.g.
+YUV420/I420 has a full-size Y plane, followed by a half-width/height U
+plane, and a half-width/height V plane.
+
+zwp_linux_dmabuf_v1 allows clients to pass an explicit pitch for each
+plane, but for wl_shm this must be inferred. gl-renderer was correctly
+accounting for the width and height when subsampling, but the pitch was
+being taken as the pitch for the first plane.
+
+This does not match the requirements for GStreamer's waylandsink, in
+particular, as well as other clients. Fix the SHM upload path to
+correctly set the pitch for each plane, according to subsampling.
+
+Tested with:
+ $ gst-launch-1.0 videotestsrc ! waylandsink
+
+Upstream-Status: Backport [https://patchwork.freedesktop.org/patch/180767/]
+
+Signed-off-by: Daniel Stone <daniels@collabora.com>
+Fixes: fdeefe42418 ("gl-renderer: add support of WL_SHM_FORMAT_YUV420")
+Reported-by: Fabien Lahoudere <fabien.lahoudere@collabora.co.uk>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103063
+
+---
+ libweston/gl-renderer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libweston/gl-renderer.c b/libweston/gl-renderer.c
+index 244ce309..40bf0bb6 100644
+--- a/libweston/gl-renderer.c
++++ b/libweston/gl-renderer.c
+@@ -1285,14 +1285,13 @@ gl_renderer_flush_damage(struct weston_surface *surface)
+ goto done;
+ }
+
+- glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch);
+-
+ if (gs->needs_full_upload) {
+ glPixelStorei(GL_UNPACK_SKIP_PIXELS_EXT, 0);
+ glPixelStorei(GL_UNPACK_SKIP_ROWS_EXT, 0);
+ wl_shm_buffer_begin_access(buffer->shm_buffer);
+ for (j = 0; j < gs->num_textures; j++) {
+ glBindTexture(GL_TEXTURE_2D, gs->textures[j]);
++ glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch / gs->hsub[j]);
+ glTexImage2D(GL_TEXTURE_2D, 0,
+ gs->gl_format[j],
+ gs->pitch / gs->hsub[j],
+@@ -1317,6 +1316,7 @@ gl_renderer_flush_damage(struct weston_surface *surface)
+ glPixelStorei(GL_UNPACK_SKIP_ROWS_EXT, r.y1);
+ for (j = 0; j < gs->num_textures; j++) {
+ glBindTexture(GL_TEXTURE_2D, gs->textures[j]);
++ glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch / gs->hsub[j]);
+ glTexSubImage2D(GL_TEXTURE_2D, 0,
+ r.x1 / gs->hsub[j],
+ r.y1 / gs->vsub[j],
diff --git a/meta/recipes-graphics/wayland/weston_2.0.0.bb b/meta/recipes-graphics/wayland/weston_2.0.0.bb
index 54b07bd..063494c 100644
--- a/meta/recipes-graphics/wayland/weston_2.0.0.bb
+++ b/meta/recipes-graphics/wayland/weston_2.0.0.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \
file://0001-configure.ac-Fix-wayland-protocols-path.patch \
file://xwayland.weston-start \
file://0001-weston-launch-Provide-a-default-version-that-doesn-t.patch \
+ file://weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch \
"
SRC_URI[md5sum] = "15f38945942bf2a91fe2687145fb4c7d"
SRC_URI[sha256sum] = "b4e446ac27f118196f1609dab89bb3cb3e81652d981414ad860e733b355365d8"
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
index 7abb378..c17afc9 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
@@ -178,12 +178,6 @@ PV = "0.0+git${SRCPV}"
SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
-# Some devices need a specific version, not the latest
-SRC_URI += "https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/linux-firmware.git/plain/iwlwifi-8000C-19.ucode;name=iwlwifi-19"
-
-SRC_URI[iwlwifi-19.md5sum] = "132fbaee36beec5e98714f0bd66f7a1d"
-SRC_URI[iwlwifi-19.sha256sum] = "2034470df64d323b827c4f2d4d0d55be2846b7360179b5574aa28ff77b6c9471"
-
S = "${WORKDIR}/git"
inherit allarch
@@ -217,9 +211,6 @@ do_install() {
# fixup wl12xx location, after 2.6.37 the kernel searches a different location for it
( cd ${D}${nonarch_base_libdir}/firmware ; ln -sf ti-connectivity/* . )
- # Copy the iwlwifi ucode
- cp ${WORKDIR}/iwlwifi-8000C-19.ucode ${D}${nonarch_base_libdir}/firmware/
-
# TODO: Remove netronome firmware until RPM packaging issue is resolved
rm -r ${D}${nonarch_base_libdir}/firmware/netronome/
}
@@ -244,7 +235,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \
${PN}-iwlwifi-7260 \
${PN}-iwlwifi-7265 \
- ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \
+ ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8265 \
${PN}-iwlwifi-misc \
${PN}-i915-license ${PN}-i915 \
${PN}-adsp-sst-license ${PN}-adsp-sst \
@@ -537,7 +528,6 @@ FILES_${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.uco
FILES_${PN}-iwlwifi-7260 = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode"
FILES_${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode"
FILES_${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode"
-FILES_${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode"
FILES_${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode"
FILES_${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb
index c12b403..c82468a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "091d8c17b1ba75344ed88a909ead563139de68b3"
+SRCREV_machine ?= "8cc62ac3f26bd6dde68ad2d86026a252fe7add44"
SRCREV_meta ?= "9f9c9a66ef3452343586adf150137967e955d71a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.1;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.1.42"
+LINUX_VERSION ?= "4.1.43"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb
index 17d8191..f93d953 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb
@@ -11,8 +11,8 @@ python () {
raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_meta ?= "ba11a3e8f1bc465c9de3cf00e8e60437db60e886"
+SRCREV_machine ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_meta ?= "40ee48ac099c04f60d2c132031d9625a4e0c4c9e"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.10.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
index b797dff..25d8883 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "1ac44e48420edba265d0fa18e4040e6d975776e6"
-SRCREV_meta ?= "8e9afd032ff3be672506a0e5ed51cde9dc45031f"
+SRCREV_machine ?= "1e691db7af642fff0222a1f1d1e9043c172699d5"
+SRCREV_meta ?= "804d2b3164ec25ed519fd695de9aa0908460c92e"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.4.85"
+LINUX_VERSION ?= "4.4.87"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb
index 22e478e..6734dc0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "d3aea9ac7fa726757720afe20286c375bf7eefbc"
-SRCREV_meta ?= "f16cac53436be696fa055bc4a139f3f1dc39a9ce"
+SRCREV_machine ?= "0817a7b3a853d1bdd3b87a2654ed2ee62f624806"
+SRCREV_meta ?= "6acae6f7200af17b3c2be5ecab2cffdc59a02b35"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.9.46"
+LINUX_VERSION ?= "4.9.49"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb
index 44e6816..537efb1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb
@@ -4,12 +4,12 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.1.42"
+LINUX_VERSION ?= "4.1.43"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "f905fdd5da150ea809f847f00f3476220606c0ff"
+SRCREV_machine ?= "782133d8166ac71ef1ffaba58b7cf81ec9e532a1"
SRCREV_meta ?= "9f9c9a66ef3452343586adf150137967e955d71a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb
index 7730da6..31396ab 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb
@@ -9,8 +9,8 @@ LINUX_VERSION ?= "4.10.17"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_meta ?= "ba11a3e8f1bc465c9de3cf00e8e60437db60e886"
+SRCREV_machine ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_meta ?= "40ee48ac099c04f60d2c132031d9625a4e0c4c9e"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
index d10803a..50b9a56 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.4.85"
+LINUX_VERSION ?= "4.4.87"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "0327f8213797c4885f86aec26cf55aeef5834180"
-SRCREV_meta ?= "8e9afd032ff3be672506a0e5ed51cde9dc45031f"
+SRCREV_machine ?= "b71c7b786aed26c0a1e4eca66f1d874ec017d699"
+SRCREV_meta ?= "804d2b3164ec25ed519fd695de9aa0908460c92e"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb
index 364930b..e0c5236 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.9.46"
+LINUX_VERSION ?= "4.9.49"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "cf9a7dd9f41a32c10d19a51497463d6ec2991107"
-SRCREV_meta ?= "f16cac53436be696fa055bc4a139f3f1dc39a9ce"
+SRCREV_machine ?= "480ee599fb8df712c10dcf4b7aa6398b79f7d404"
+SRCREV_meta ?= "6acae6f7200af17b3c2be5ecab2cffdc59a02b35"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.1.bb b/meta/recipes-kernel/linux/linux-yocto_4.1.bb
index 4e85a3e..316bc32 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.1.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "b7334672abf08f9dc9e277969e9266785580fa80"
-SRCREV_machine_qemuarm64 ?= "f905fdd5da150ea809f847f00f3476220606c0ff"
-SRCREV_machine_qemumips ?= "664fb3764bc804bfc9fd8ff582b374299e1fc016"
-SRCREV_machine_qemuppc ?= "7392e713c9eb1c67e9e6f8f2d14cae44467c1fbe"
-SRCREV_machine_qemux86 ?= "f905fdd5da150ea809f847f00f3476220606c0ff"
-SRCREV_machine_qemux86-64 ?= "f905fdd5da150ea809f847f00f3476220606c0ff"
-SRCREV_machine_qemumips64 ?= "85e973a2366e2a42d5082f5cd57852f8086502f4"
-SRCREV_machine ?= "f905fdd5da150ea809f847f00f3476220606c0ff"
+SRCREV_machine_qemuarm ?= "642e9b95f97f8e00ef819bbfb2f281c1079bfbb1"
+SRCREV_machine_qemuarm64 ?= "782133d8166ac71ef1ffaba58b7cf81ec9e532a1"
+SRCREV_machine_qemumips ?= "54d4575d0df1805e127c5fa59201cd978849fb3f"
+SRCREV_machine_qemuppc ?= "58906f2737c644e67a7c9754b7e36630005a0011"
+SRCREV_machine_qemux86 ?= "782133d8166ac71ef1ffaba58b7cf81ec9e532a1"
+SRCREV_machine_qemux86-64 ?= "782133d8166ac71ef1ffaba58b7cf81ec9e532a1"
+SRCREV_machine_qemumips64 ?= "03f0c0293abfe5226c2fdd22328476854fa0127f"
+SRCREV_machine ?= "782133d8166ac71ef1ffaba58b7cf81ec9e532a1"
SRCREV_meta ?= "9f9c9a66ef3452343586adf150137967e955d71a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.1;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.1.42"
+LINUX_VERSION ?= "4.1.43"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.10.bb b/meta/recipes-kernel/linux/linux-yocto_4.10.bb
index 6e5c726..7fcc753 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.10.bb
@@ -11,15 +11,15 @@ KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "97253eca8592c9cba7c7665277e1118b048b9639"
-SRCREV_machine_qemuarm64 ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_machine_qemumips ?= "52e935b59800868731e7620caf49cc257f1b9946"
-SRCREV_machine_qemuppc ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_machine_qemux86 ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_machine_qemux86-64 ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_machine_qemumips64 ?= "7b6d7feb4b0143d6f9146784f6072ffd171dd7ba"
-SRCREV_machine ?= "f4ba3db6e599ed41d1c676f9086ad8b97fd55046"
-SRCREV_meta ?= "ba11a3e8f1bc465c9de3cf00e8e60437db60e886"
+SRCREV_machine_qemuarm ?= "ae12e19cecc19af66f64a50538909cb1cad185f9"
+SRCREV_machine_qemuarm64 ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_machine_qemumips ?= "b71b80fd679a17dfb4f73b352263c49273f721d4"
+SRCREV_machine_qemuppc ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_machine_qemux86 ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_machine_qemux86-64 ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_machine_qemumips64 ?= "8bb135e71037c46175bbcc7acf387309b2e17133"
+SRCREV_machine ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
+SRCREV_meta ?= "40ee48ac099c04f60d2c132031d9625a4e0c4c9e"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.10.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
index 5634928..d300e69 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "50253831d9b2d3dfb8e910debda66405cb11900a"
-SRCREV_machine_qemuarm64 ?= "0327f8213797c4885f86aec26cf55aeef5834180"
-SRCREV_machine_qemumips ?= "d49ac34e4781b4bcd4c1728338668bb1fd321f7c"
-SRCREV_machine_qemuppc ?= "0327f8213797c4885f86aec26cf55aeef5834180"
-SRCREV_machine_qemux86 ?= "0327f8213797c4885f86aec26cf55aeef5834180"
-SRCREV_machine_qemux86-64 ?= "0327f8213797c4885f86aec26cf55aeef5834180"
-SRCREV_machine_qemumips64 ?= "310df4a803d8938415e761668426391985193398"
-SRCREV_machine ?= "0327f8213797c4885f86aec26cf55aeef5834180"
-SRCREV_meta ?= "8e9afd032ff3be672506a0e5ed51cde9dc45031f"
+SRCREV_machine_qemuarm ?= "840e2c02dde98ee9c584cacdd5bb0812e9dcd016"
+SRCREV_machine_qemuarm64 ?= "b71c7b786aed26c0a1e4eca66f1d874ec017d699"
+SRCREV_machine_qemumips ?= "27a547fe77b05ae63c3b973a029c3933ef62c164"
+SRCREV_machine_qemuppc ?= "b71c7b786aed26c0a1e4eca66f1d874ec017d699"
+SRCREV_machine_qemux86 ?= "b71c7b786aed26c0a1e4eca66f1d874ec017d699"
+SRCREV_machine_qemux86-64 ?= "b71c7b786aed26c0a1e4eca66f1d874ec017d699"
+SRCREV_machine_qemumips64 ?= "7e333c223b568704cc3303b2e922ff85a2a8f7ef"
+SRCREV_machine ?= "b71c7b786aed26c0a1e4eca66f1d874ec017d699"
+SRCREV_meta ?= "804d2b3164ec25ed519fd695de9aa0908460c92e"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.4.85"
+LINUX_VERSION ?= "4.4.87"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.9.bb b/meta/recipes-kernel/linux/linux-yocto_4.9.bb
index c4b601c..dbe40a3 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.9.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.9.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "5c60622f4af68de9d6d9320f7d785156d01c305c"
-SRCREV_machine_qemuarm64 ?= "cf9a7dd9f41a32c10d19a51497463d6ec2991107"
-SRCREV_machine_qemumips ?= "a5673234ab47a8653b7c3629811cc9ca634fcadb"
-SRCREV_machine_qemuppc ?= "cf9a7dd9f41a32c10d19a51497463d6ec2991107"
-SRCREV_machine_qemux86 ?= "cf9a7dd9f41a32c10d19a51497463d6ec2991107"
-SRCREV_machine_qemux86-64 ?= "cf9a7dd9f41a32c10d19a51497463d6ec2991107"
-SRCREV_machine_qemumips64 ?= "7b4d796b512ed9bb1e13af089fc4d20a35187eeb"
-SRCREV_machine ?= "cf9a7dd9f41a32c10d19a51497463d6ec2991107"
-SRCREV_meta ?= "f16cac53436be696fa055bc4a139f3f1dc39a9ce"
+SRCREV_machine_qemuarm ?= "8caa35a74753d45178720933f03d8d5150a8ff17"
+SRCREV_machine_qemuarm64 ?= "480ee599fb8df712c10dcf4b7aa6398b79f7d404"
+SRCREV_machine_qemumips ?= "fc2a3b9f932779fdf053675a5a73e8f9917507a5"
+SRCREV_machine_qemuppc ?= "480ee599fb8df712c10dcf4b7aa6398b79f7d404"
+SRCREV_machine_qemux86 ?= "480ee599fb8df712c10dcf4b7aa6398b79f7d404"
+SRCREV_machine_qemux86-64 ?= "480ee599fb8df712c10dcf4b7aa6398b79f7d404"
+SRCREV_machine_qemumips64 ?= "aee63978005c04ea853099764acaa08130e65554"
+SRCREV_machine ?= "480ee599fb8df712c10dcf4b7aa6398b79f7d404"
+SRCREV_meta ?= "6acae6f7200af17b3c2be5ecab2cffdc59a02b35"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.9.46"
+LINUX_VERSION ?= "4.9.49"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-multimedia/alsa/alsa-utils_1.1.3.bb b/meta/recipes-multimedia/alsa/alsa-utils_1.1.3.bb
index e6dd5b0..f374a17 100644
--- a/meta/recipes-multimedia/alsa/alsa-utils_1.1.3.bb
+++ b/meta/recipes-multimedia/alsa/alsa-utils_1.1.3.bb
@@ -109,7 +109,7 @@ do_install() {
if ${@bb.utils.contains('PACKAGECONFIG', 'udev', 'false', 'true', d)}; then
# This is where alsa-utils will install its rules if we don't tell it anything else.
- rm -rf ${D}/lib/udev
- rmdir --ignore-fail-on-non-empty ${D}/lib
+ rm -rf ${D}${nonarch_base_libdir}/udev
+ rmdir --ignore-fail-on-non-empty ${D}${nonarch_base_libdir}
fi
}
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10093.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10093.patch
new file mode 100644
index 0000000..e09bb7f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10093.patch
@@ -0,0 +1,47 @@
+From 787c0ee906430b772f33ca50b97b8b5ca070faec Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 16:40:01 +0000
+Subject: [PATCH] * tools/tiffcp.c: fix uint32 underflow/overflow that can
+ cause heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2610
+
+Upstream-Status: Backport
+CVE: CVE-2016-10093
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+---
+ ChangeLog | 7 +++++++
+ tools/tiffcp.c | 6 +++---
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+Index: tiff-4.0.7/tools/tiffcp.c
+===================================================================
+--- tiff-4.0.7.orig/tools/tiffcp.c
++++ tiff-4.0.7/tools/tiffcp.c
+@@ -1163,7 +1163,7 @@ bad:
+
+ static void
+ cpStripToTile(uint8* out, uint8* in,
+- uint32 rows, uint32 cols, int outskew, int inskew)
++ uint32 rows, uint32 cols, int outskew, int64 inskew)
+ {
+ while (rows-- > 0) {
+ uint32 j = cols;
+@@ -1320,7 +1320,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe
+ tdata_t tilebuf;
+ uint32 imagew = TIFFScanlineSize(in);
+ uint32 tilew = TIFFTileRowSize(in);
+- int iskew = imagew - tilew;
++ int64 iskew = (int64)imagew - (int64)tilew;
+ uint8* bufp = (uint8*) buf;
+ uint32 tw, tl;
+ uint32 row;
+@@ -1348,7 +1348,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe
+ status = 0;
+ goto done;
+ }
+- if (colb + tilew > imagew) {
++ if (colb > iskew) {
+ uint32 width = imagew - colb;
+ uint32 oskew = tilew - width;
+ cpStripToTile(bufp + colb,
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10266.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10266.patch
new file mode 100644
index 0000000..e1c90c6
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10266.patch
@@ -0,0 +1,60 @@
+From 1855407c4e5a27ade006b26c2dec8a31745c356e Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 21:56:56 +0000
+Subject: [PATCH] * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow
+ in TIFFReadEncodedStrip() that caused an integer division by zero. Reported
+ by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-10266
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+---
+ ChangeLog | 7 +++++++
+ libtiff/tif_read.c | 2 +-
+ libtiff/tiffiop.h | 4 ++++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog
++++ tiff-4.0.7/ChangeLog
+@@ -1,3 +1,10 @@
++2016-12-02 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
++ TIFFReadEncodedStrip() that caused an integer division by zero.
++ Reported by Agostino Sarubbo.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
++
+ 2017-07-15 Even Rouault <even.rouault at spatialys.com>
+
+ * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
+Index: tiff-4.0.7/libtiff/tif_read.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_read.c
++++ tiff-4.0.7/libtiff/tif_read.c
+@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 s
+ rowsperstrip=td->td_rowsperstrip;
+ if (rowsperstrip>td->td_imagelength)
+ rowsperstrip=td->td_imagelength;
+- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
++ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
+ stripinplane=(strip%stripsperplane);
+ plane=(uint16)(strip/stripsperplane);
+ rows=td->td_imagelength-stripinplane*rowsperstrip;
+Index: tiff-4.0.7/libtiff/tiffiop.h
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tiffiop.h
++++ tiff-4.0.7/libtiff/tiffiop.h
+@@ -250,6 +250,10 @@ struct tiff {
+ #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
+ ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
+ 0U)
++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
++#define TIFFhowmany_32_maxuint_compat(x, y) \
++ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
+ #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
+ #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
+ #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10267.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10267.patch
new file mode 100644
index 0000000..f4c5791
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10267.patch
@@ -0,0 +1,70 @@
+From f8203c7ab1dbd7b5c59158576bec7da90191f42f Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:15:18 +0000
+Subject: [PATCH] * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case
+ of failure in OJPEGPreDecode(). This will avoid a divide by zero, and
+ potential other issues. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-10267
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+---
+ ChangeLog | 7 +++++++
+ libtiff/tif_ojpeg.c | 8 ++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7339c1a..66fbcdc 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++2016-12-03 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure in
++ OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues.
++ Reported by Agostino Sarubbo.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611
++
+ 2016-12-02 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index 1ccc3f9..f19e8fd 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -244,6 +244,7 @@ typedef enum {
+
+ typedef struct {
+ TIFF* tif;
++ int decoder_ok;
+ #ifndef LIBJPEG_ENCAP_EXTERNAL
+ JMP_BUF exit_jmpbuf;
+ #endif
+@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
+ }
+ sp->write_curstrile++;
+ }
++ sp->decoder_ok = 1;
+ return(1);
+ }
+
+@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++ static const char module[]="OJPEGDecode";
+ OJPEGState* sp=(OJPEGState*)tif->tif_data;
+ (void)s;
++ if( !sp->decoder_ok )
++ {
++ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++ return 0;
++ }
+ if (sp->libjpeg_jpeg_query_style==0)
+ {
+ if (OJPEGDecodeRaw(tif,buf,cc)==0)
+--
+1.9.1
+
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10268.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10268.patch
new file mode 100644
index 0000000..03b982a
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10268.patch
@@ -0,0 +1,30 @@
+From 5397a417e61258c69209904e652a1f409ec3b9df Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 22:13:32 +0000
+Subject: [PATCH] * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips
+ that can cause various issues, such as buffer overflows in the library.
+ Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2598
+
+Upstream-Status: Backport
+CVE: CVE-2016-10268
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+---
+ ChangeLog | 7 +++++++
+ tools/tiffcp.c | 2 +-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+Index: tiff-4.0.7/tools/tiffcp.c
+===================================================================
+--- tiff-4.0.7.orig/tools/tiffcp.c
++++ tiff-4.0.7/tools/tiffcp.c
+@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
+ tstrip_t s, ns = TIFFNumberOfStrips(in);
+ uint32 row = 0;
+ _TIFFmemset(buf, 0, stripsize);
+- for (s = 0; s < ns; s++) {
++ for (s = 0; s < ns && row < imagelength; s++) {
+ tsize_t cc = (row + rowsperstrip > imagelength) ?
+ TIFFVStripSize(in, imagelength - row) : stripsize;
+ if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10269.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10269.patch
new file mode 100644
index 0000000..d9f4a15
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10269.patch
@@ -0,0 +1,131 @@
+From 10f72dd232849d0142a0688bcc9aa71025f120a3 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 23:05:51 +0000
+Subject: [PATCH 2/4] * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix
+ heap-based buffer overflow on generation of PixarLog / LUV compressed files,
+ with ColorMap, TransferFunction attached and nasty plays with bitspersample.
+ The fix for LUV has not been tested, but suffers from the same kind of issue
+ of PixarLog. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2604
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-10269
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+---
+ ChangeLog | 10 ++++++++++
+ libtiff/tif_luv.c | 18 ++++++++++++++----
+ libtiff/tif_pixarlog.c | 17 +++++++++++++++--
+ 3 files changed, 39 insertions(+), 6 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 2e913b6..0a2c2a7 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,4 +1,14 @@
+ 2016-12-03 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
++ overflow on generation of PixarLog / LUV compressed files, with
++ ColorMap, TransferFunction attached and nasty plays with bitspersample.
++ The fix for LUV has not been tested, but suffers from the same kind
++ of issue of PixarLog.
++ Reported by Agostino Sarubbo.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
++
++2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure in
+ OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues.
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index f68a9b1..e6783db 100644
+--- a/libtiff/tif_luv.c
++++ b/libtiff/tif_luv.c
+@@ -158,6 +158,7 @@
+ typedef struct logLuvState LogLuvState;
+
+ struct logLuvState {
++ int encoder_state; /* 1 if encoder correctly initialized */
+ int user_datafmt; /* user data format */
+ int encode_meth; /* encoding method */
+ int pixel_size; /* bytes per pixel */
+@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
+ td->td_photometric, "must be either LogLUV or LogL");
+ break;
+ }
++ sp->encoder_state = 1;
+ return (1);
+ notsupported:
+ TIFFErrorExt(tif->tif_clientdata, module,
+@@ -1563,19 +1565,27 @@ notsupported:
+ static void
+ LogLuvClose(TIFF* tif)
+ {
++ LogLuvState* sp = (LogLuvState*) tif->tif_data;
+ TIFFDirectory *td = &tif->tif_dir;
+
++ assert(sp != 0);
+ /*
+ * For consistency, we always want to write out the same
+ * bitspersample and sampleformat for our TIFF file,
+ * regardless of the data format being used by the application.
+ * Since this routine is called after tags have been set but
+ * before they have been recorded in the file, we reset them here.
++ * Note: this is really a nasty approach. See PixarLogClose
+ */
+- td->td_samplesperpixel =
+- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
+- td->td_bitspersample = 16;
+- td->td_sampleformat = SAMPLEFORMAT_INT;
++ if( sp->encoder_state )
++ {
++ /* See PixarLogClose. Might avoid issues with tags whose size depends
++ * on those below, but not completely sure this is enough. */
++ td->td_samplesperpixel =
++ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
++ td->td_bitspersample = 16;
++ td->td_sampleformat = SAMPLEFORMAT_INT;
++ }
+ }
+
+ static void
+diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
+index d1246c3..aa99bc9 100644
+--- a/libtiff/tif_pixarlog.c
++++ b/libtiff/tif_pixarlog.c
+@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
+ static void
+ PixarLogClose(TIFF* tif)
+ {
++ PixarLogState* sp = (PixarLogState*) tif->tif_data;
+ TIFFDirectory *td = &tif->tif_dir;
+
++ assert(sp != 0);
+ /* In a really sneaky (and really incorrect, and untruthful, and
+ * troublesome, and error-prone) maneuver that completely goes against
+ * the spirit of TIFF, and breaks TIFF, on close, we covertly
+@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
+ * readers that don't know about PixarLog, or how to set
+ * the PIXARLOGDATFMT pseudo-tag.
+ */
+- td->td_bitspersample = 8;
+- td->td_sampleformat = SAMPLEFORMAT_UINT;
++
++ if (sp->state&PLSTATE_INIT) {
++ /* We test the state to avoid an issue such as in
++ * http://bugzilla.maptools.org/show_bug.cgi?id=2604
++ * What appends in that case is that the bitspersample is 1 and
++ * a TransferFunction is set. The size of the TransferFunction
++ * depends on 1<<bitspersample. So if we increase it, an access
++ * out of the buffer will happen at directory flushing.
++ * Another option would be to clear those targs.
++ */
++ td->td_bitspersample = 8;
++ td->td_sampleformat = SAMPLEFORMAT_UINT;
++ }
+ }
+
+ static void
+--
+1.9.1
+
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10270.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10270.patch
new file mode 100644
index 0000000..43ad6ed
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10270.patch
@@ -0,0 +1,134 @@
+From 6e7042c61e300cf9971c645c79d05de974b24308 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:02:15 +0000
+Subject: [PATCH 3/4] * libtiff/tif_dirread.c: modify
+ ChopUpSingleUncompressedStrip() to instanciate compute ntrips as
+ TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on
+ the total size of data. Which is faulty is the total size of data is not
+ sufficient to fill the whole image, and thus results in reading outside of
+ the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported
+ by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
+
+* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
+for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
+the above change is a better fix that makes it unnecessary.
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-10270
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+---
+ ChangeLog | 15 +++++++++++++++
+ libtiff/tif_dirread.c | 22 ++++++++++------------
+ libtiff/tif_strip.c | 9 ---------
+ 3 files changed, 25 insertions(+), 21 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 0a2c2a7..6e30e41 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,20 @@
+ 2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to
++ instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip),
++ instead of a logic based on the total size of data. Which is faulty is
++ the total size of data is not sufficient to fill the whole image, and thus
++ results in reading outside of the StripByCounts/StripOffsets arrays when
++ using TIFFReadScanline().
++ Reported by Agostino Sarubbo.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
++
++ * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
++ for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
++ the above change is a better fix that makes it unnecessary.
++
++2016-12-03 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
+ overflow on generation of PixarLog / LUV compressed files, with
+ ColorMap, TransferFunction attached and nasty plays with bitspersample.
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 3eec79c..570d0c3 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5502,8 +5502,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ uint64 rowblockbytes;
+ uint64 stripbytes;
+ uint32 strip;
+- uint64 nstrips64;
+- uint32 nstrips32;
++ uint32 nstrips;
+ uint32 rowsperstrip;
+ uint64* newcounts;
+ uint64* newoffsets;
+@@ -5534,18 +5533,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ return;
+
+ /*
+- * never increase the number of strips in an image
++ * never increase the number of rows per strip
+ */
+ if (rowsperstrip >= td->td_rowsperstrip)
+ return;
+- nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
+- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
+- return;
+- nstrips32 = (uint32)nstrips64;
++ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
++ if( nstrips == 0 )
++ return;
+
+- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ "for chopped \"StripByteCounts\" array");
+- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ "for chopped \"StripOffsets\" array");
+ if (newcounts == NULL || newoffsets == NULL) {
+ /*
+@@ -5562,18 +5560,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ * Fill the strip information arrays with new bytecounts and offsets
+ * that reflect the broken-up format.
+ */
+- for (strip = 0; strip < nstrips32; strip++) {
++ for (strip = 0; strip < nstrips; strip++) {
+ if (stripbytes > bytecount)
+ stripbytes = bytecount;
+ newcounts[strip] = stripbytes;
+- newoffsets[strip] = offset;
++ newoffsets[strip] = stripbytes ? offset : 0;
+ offset += stripbytes;
+ bytecount -= stripbytes;
+ }
+ /*
+ * Replace old single strip info with multi-strip info.
+ */
+- td->td_stripsperimage = td->td_nstrips = nstrips32;
++ td->td_stripsperimage = td->td_nstrips = nstrips;
+ TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+
+ _TIFFfree(td->td_stripbytecount);
+diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
+index 4c46ecf..1676e47 100644
+--- a/libtiff/tif_strip.c
++++ b/libtiff/tif_strip.c
+@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
+ TIFFDirectory *td = &tif->tif_dir;
+ uint32 nstrips;
+
+- /* If the value was already computed and store in td_nstrips, then return it,
+- since ChopUpSingleUncompressedStrip might have altered and resized the
+- since the td_stripbytecount and td_stripoffset arrays to the new value
+- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
+- tif_dirread.c ~line 3612.
+- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
+- if( td->td_nstrips )
+- return td->td_nstrips;
+-
+ nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
+ TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
+ if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
+--
+1.9.1
+
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch
new file mode 100644
index 0000000..4fe5bcd
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch
@@ -0,0 +1,30 @@
+From 9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:35:56 +0000
+Subject: [PATCH] * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i
+ (ignore) mode so that the output buffer is correctly incremented to avoid
+ write outside bounds. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2620
+
+Upstream-Status: Backport
+CVE: CVE-2016-10271
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+---
+ ChangeLog | 7 +++++++
+ tools/tiffcrop.c | 2 +-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+Index: tiff-4.0.7/tools/tiffcrop.c
+===================================================================
+--- tiff-4.0.7.orig/tools/tiffcrop.c
++++ tiff-4.0.7/tools/tiffcrop.c
+@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T
+ (unsigned long) strip, (unsigned long)rows);
+ return 0;
+ }
+- bufp += bytes_read;
++ bufp += stripsize;
+ }
+
+ return 1;
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7592.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7592.patch
new file mode 100644
index 0000000..5b80445
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7592.patch
@@ -0,0 +1,40 @@
+From 48780b4fcc425cddc4ef8ffdf536f96a0d1b313b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:38:26 +0000
+Subject: [PATCH] * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+avoid UndefinedBehaviorSanitizer warning.
+Patch by Nicolas Pena.
+Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
+
+Upstream-Status: Backport
+CVE: CVE-2017-7592
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-24 14:25:10.143926025 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-24 15:20:21.291839230 +0530
+@@ -1,3 +1,10 @@
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
++ avoid UndefinedBehaviorSanitizer warning.
++ Patch by Nicolas Pena.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
++
+ 2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to
+Index: tiff-4.0.7/libtiff/tif_getimage.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_getimage.c 2016-11-18 08:17:45.000000000 +0530
++++ tiff-4.0.7/libtiff/tif_getimage.c 2017-04-24 15:17:46.671843283 +0530
+@@ -1305,7 +1305,7 @@
+ while (h-- > 0) {
+ for (x = w; x-- > 0;)
+ {
+- *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
++ *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
+ pp += samplesperpixel;
+ }
+ cp += toskew;
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch
new file mode 100644
index 0000000..380dfcb
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch
@@ -0,0 +1,98 @@
+From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 19:02:49 +0000
+Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
+ _TIFFcalloc()
+
+* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
+initialize tif_rawdata.
+Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7593
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-25 19:03:20.584155452 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-26 12:09:41.986866896 +0530
+@@ -44,6 +44,14 @@
+
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tiffiop.h, tif_unix.c, tif_win32.c : add _TIFFcalloc()
++
++ * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
++ initialize tif_rawdata.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
++
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+ avoid UndefinedBehaviorSanitizer warning.
+ Patch by Nicolas Pena.
+Index: tiff-4.0.7/libtiff/tif_read.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_read.c 2017-04-25 19:03:20.584155452 +0530
++++ tiff-4.0.7/libtiff/tif_read.c 2017-04-26 12:11:42.814863729 +0530
+@@ -986,7 +986,9 @@
+ "Invalid buffer size");
+ return (0);
+ }
+- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
++ /* Initialize to zero to avoid uninitialized buffers in case of */
++ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+ tif->tif_flags |= TIFF_MYBUFFER;
+ }
+ if (tif->tif_rawdata == NULL) {
+Index: tiff-4.0.7/libtiff/tif_unix.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_unix.c 2015-08-29 03:46:22.707817041 +0530
++++ tiff-4.0.7/libtiff/tif_unix.c 2017-04-26 12:13:07.442861510 +0530
+@@ -316,6 +316,14 @@
+ return (malloc((size_t) s));
+ }
+
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++ if( nmemb == 0 || siz == 0 )
++ return ((void *) NULL);
++
++ return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+Index: tiff-4.0.7/libtiff/tif_win32.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_win32.c 2015-08-29 03:46:22.730570169 +0530
++++ tiff-4.0.7/libtiff/tif_win32.c 2017-04-26 12:14:12.918859794 +0530
+@@ -360,6 +360,14 @@
+ return (malloc((size_t) s));
+ }
+
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++ if( nmemb == 0 || siz == 0 )
++ return ((void *) NULL);
++
++ return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+Index: tiff-4.0.7/libtiff/tiffio.h
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tiffio.h 2016-01-24 21:09:51.894442042 +0530
++++ tiff-4.0.7/libtiff/tiffio.h 2017-04-26 12:15:55.034857117 +0530
+@@ -293,6 +293,7 @@
+ */
+
+ extern void* _TIFFmalloc(tmsize_t s);
++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
+ extern void* _TIFFrealloc(void* p, tmsize_t s);
+ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch
new file mode 100644
index 0000000..5c7e460
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch
@@ -0,0 +1,43 @@
+rom 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 17:43:25 +0000
+
+* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
+ when read fails.
+ Patch by Nicolas Pena.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7594 #patch1
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-24 16:13:15.000000000 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-24 16:50:26.465897646 +0530
+@@ -1,3 +1,10 @@
++2017-01-12 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
++ when read fails.
++ Patch by Nicolás Peña.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
++
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+Index: tiff-4.0.7/libtiff/tif_ojpeg.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_ojpeg.c 2017-04-24 16:02:29.817973051 +0530
++++ tiff-4.0.7/libtiff/tif_ojpeg.c 2017-04-24 16:52:27.349894477 +0530
+@@ -1918,7 +1918,10 @@
+ rb[sizeof(uint32)+5+n]=o[n];
+ p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ if (p!=q)
++ {
++ _TIFFfree(rb);
+ return(0);
++ }
+ sp->actable[m]=rb;
+ sp->sos_tda[m]=(sp->sos_tda[m]|m);
+ }
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch
new file mode 100644
index 0000000..82a19c6
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch
@@ -0,0 +1,50 @@
+From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 19:23:20 +0000
+Subject: [PATCH 2/2] * libtiff/tif_ojpeg.c: fix leak in
+ OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
+ OJPEGReadHeaderInfoSecTablesAcTable
+
+Upstream-status: Backport
+
+CVE: CVE-2017-7594 #patch2
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-24 16:50:26.465897646 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-24 16:56:20.685888360 +0530
+@@ -1,6 +1,7 @@
+ 2017-01-12 Even Rouault <even.rouault at spatialys.com>
+
+- * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
++ * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
++ OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable
+ when read fails.
+ Patch by Nicolás Peña.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+Index: tiff-4.0.7/libtiff/tif_ojpeg.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_ojpeg.c 2017-04-24 16:52:27.349894477 +0530
++++ tiff-4.0.7/libtiff/tif_ojpeg.c 2017-04-24 16:59:20.001883660 +0530
+@@ -1790,7 +1790,10 @@
+ TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
+ p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+ if (p!=64)
++ {
++ _TIFFfree(ob);
+ return(0);
++ }
+ sp->qtable[m]=ob;
+ sp->sof_tq[m]=m;
+ }
+@@ -1854,7 +1857,10 @@
+ rb[sizeof(uint32)+5+n]=o[n];
+ p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ if (p!=q)
++ {
++ _TIFFfree(rb);
+ return(0);
++ }
+ sp->dctable[m]=rb;
+ sp->sos_tda[m]=(m<<4);
+ }
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch
new file mode 100644
index 0000000..851a37f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch
@@ -0,0 +1,48 @@
+commit 618d490090bfd10e613ac574ecff31a293904b44
+Author: erouault <erouault>
+Date: Wed Jan 11 12:15:01 2017 +0000
+
+ * libtiff/tif_jpeg.c: avoid integer division by zero
+ in JPEGSetupEncode() when horizontal or vertical sampling is set to 0.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7595
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-24 17:31:40.013832807 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-24 18:03:34.769782616 +0530
+@@ -8,6 +8,12 @@
+
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tif_jpeg.c: avoid integer division by zero in
++ JPEGSetupEncode() when horizontal or vertical sampling is set to 0.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
++
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+ avoid UndefinedBehaviorSanitizer warning.
+ Patch by Nicolas Pena.
+Index: tiff-4.0.7/libtiff/tif_jpeg.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_jpeg.c 2016-01-24 21:09:51.781641625 +0530
++++ tiff-4.0.7/libtiff/tif_jpeg.c 2017-04-24 18:05:59.777778815 +0530
+@@ -1626,6 +1626,13 @@
+ case PHOTOMETRIC_YCBCR:
+ sp->h_sampling = td->td_ycbcrsubsampling[0];
+ sp->v_sampling = td->td_ycbcrsubsampling[1];
++ if( sp->h_sampling == 0 || sp->v_sampling == 0 )
++ {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Invalig horizontal/vertical sampling value");
++ return (0);
++ }
++
+ /*
+ * A ReferenceBlackWhite field *must* be present since the
+ * default value is inappropriate for YCbCr. Fill in the
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7596.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7596.patch
new file mode 100644
index 0000000..1945c3d
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7596.patch
@@ -0,0 +1,308 @@
+From 3144e57770c1e4d26520d8abee750f8ac8b75490 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:09:02 +0000
+Subject: [PATCH] * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement
+ various clampings of double to other data types to avoid undefined behaviour
+ if the output range isn't big enough to hold the input value. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2643
+ http://bugzilla.maptools.org/show_bug.cgi?id=2642
+ http://bugzilla.maptools.org/show_bug.cgi?id=2646
+ http://bugzilla.maptools.org/show_bug.cgi?id=2647
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7596
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-25 15:53:40.294592812 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-25 16:02:03.238600641 +0530
+@@ -6,6 +6,16 @@
+ Patch by Nicolás Peña.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings
++ of double to other data types to avoid undefined behaviour if the output range
++ isn't big enough to hold the input value.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
++ http://bugzilla.maptools.org/show_bug.cgi?id=2642
++ http://bugzilla.maptools.org/show_bug.cgi?id=2646
++ http://bugzilla.maptools.org/show_bug.cgi?id=2647
++
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_jpeg.c: avoid integer division by zero in
+Index: tiff-4.0.7/libtiff/tif_dir.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_dir.c 2016-10-30 04:33:18.856598072 +0530
++++ tiff-4.0.7/libtiff/tif_dir.c 2017-04-25 16:02:03.238600641 +0530
+@@ -31,6 +31,7 @@
+ * (and also some miscellaneous stuff)
+ */
+ #include "tiffiop.h"
++#include <float.h>
+
+ /*
+ * These are used in the backwards compatibility code...
+@@ -154,6 +155,15 @@
+ return (0);
+ }
+
++static float TIFFClampDoubleToFloat( double val )
++{
++ if( val > FLT_MAX )
++ return FLT_MAX;
++ if( val < -FLT_MAX )
++ return -FLT_MAX;
++ return (float)val;
++}
++
+ static int
+ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ {
+@@ -312,13 +322,13 @@
+ dblval = va_arg(ap, double);
+ if( dblval < 0 )
+ goto badvaluedouble;
+- td->td_xresolution = (float) dblval;
++ td->td_xresolution = TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_YRESOLUTION:
+ dblval = va_arg(ap, double);
+ if( dblval < 0 )
+ goto badvaluedouble;
+- td->td_yresolution = (float) dblval;
++ td->td_yresolution = TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_PLANARCONFIG:
+ v = (uint16) va_arg(ap, uint16_vap);
+@@ -327,10 +337,10 @@
+ td->td_planarconfig = (uint16) v;
+ break;
+ case TIFFTAG_XPOSITION:
+- td->td_xposition = (float) va_arg(ap, double);
++ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
+ break;
+ case TIFFTAG_YPOSITION:
+- td->td_yposition = (float) va_arg(ap, double);
++ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
+ break;
+ case TIFFTAG_RESOLUTIONUNIT:
+ v = (uint16) va_arg(ap, uint16_vap);
+Index: tiff-4.0.7/libtiff/tif_dirread.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_dirread.c 2017-04-25 15:53:40.134592810 +0530
++++ tiff-4.0.7/libtiff/tif_dirread.c 2017-04-25 16:02:03.242600641 +0530
+@@ -40,6 +40,7 @@
+ */
+
+ #include "tiffiop.h"
++#include <float.h>
+
+ #define IGNORE 0 /* tag placeholder used below */
+ #define FAILED_FII ((uint32) -1)
+@@ -2406,7 +2407,14 @@
+ ma=(double*)origdata;
+ mb=data;
+ for (n=0; n<count; n++)
+- *mb++=(float)(*ma++);
++ {
++ double val = *ma++;
++ if( val > FLT_MAX )
++ val = FLT_MAX;
++ else if( val < -FLT_MAX )
++ val = -FLT_MAX;
++ *mb++=(float)val;
++ }
+ }
+ break;
+ }
+Index: tiff-4.0.7/libtiff/tif_dirwrite.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_dirwrite.c 2016-10-30 04:33:18.876854501 +0530
++++ tiff-4.0.7/libtiff/tif_dirwrite.c 2017-04-25 16:07:48.670606018 +0530
+@@ -30,6 +30,7 @@
+ * Directory Write Support Routines.
+ */
+ #include "tiffiop.h"
++#include <float.h>
+
+ #ifdef HAVE_IEEEFP
+ #define TIFFCvtNativeToIEEEFloat(tif, n, fp)
+@@ -939,6 +940,69 @@
+ return(0);
+ }
+
++static float TIFFClampDoubleToFloat( double val )
++{
++ if( val > FLT_MAX )
++ return FLT_MAX;
++ if( val < -FLT_MAX )
++ return -FLT_MAX;
++ return (float)val;
++}
++
++static int8 TIFFClampDoubleToInt8( double val )
++{
++ if( val > 127 )
++ return 127;
++ if( val < -128 || val != val )
++ return -128;
++ return (int8)val;
++}
++
++static int16 TIFFClampDoubleToInt16( double val )
++{
++ if( val > 32767 )
++ return 32767;
++ if( val < -32768 || val != val )
++ return -32768;
++ return (int16)val;
++}
++
++static int32 TIFFClampDoubleToInt32( double val )
++{
++ if( val > 0x7FFFFFFF )
++ return 0x7FFFFFFF;
++ if( val < -0x7FFFFFFF-1 || val != val )
++ return -0x7FFFFFFF-1;
++ return (int32)val;
++}
++
++static uint8 TIFFClampDoubleToUInt8( double val )
++{
++ if( val < 0 )
++ return 0;
++ if( val > 255 || val != val )
++ return 255;
++ return (uint8)val;
++}
++
++static uint16 TIFFClampDoubleToUInt16( double val )
++{
++ if( val < 0 )
++ return 0;
++ if( val > 65535 || val != val )
++ return 65535;
++ return (uint16)val;
++}
++
++static uint32 TIFFClampDoubleToUInt32( double val )
++{
++ if( val < 0 )
++ return 0;
++ if( val > 0xFFFFFFFFU || val != val )
++ return 0xFFFFFFFFU;
++ return (uint32)val;
++}
++
+ static int
+ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
+ {
+@@ -959,7 +1023,7 @@
+ if (tif->tif_dir.td_bitspersample<=32)
+ {
+ for (i = 0; i < count; ++i)
+- ((float*)conv)[i] = (float)value[i];
++ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
+ ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
+ }
+ else
+@@ -971,19 +1035,19 @@
+ if (tif->tif_dir.td_bitspersample<=8)
+ {
+ for (i = 0; i < count; ++i)
+- ((int8*)conv)[i] = (int8)value[i];
++ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
+ ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
+ }
+ else if (tif->tif_dir.td_bitspersample<=16)
+ {
+ for (i = 0; i < count; ++i)
+- ((int16*)conv)[i] = (int16)value[i];
++ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
+ ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
+ }
+ else
+ {
+ for (i = 0; i < count; ++i)
+- ((int32*)conv)[i] = (int32)value[i];
++ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
+ ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
+ }
+ break;
+@@ -991,19 +1055,19 @@
+ if (tif->tif_dir.td_bitspersample<=8)
+ {
+ for (i = 0; i < count; ++i)
+- ((uint8*)conv)[i] = (uint8)value[i];
++ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
+ ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
+ }
+ else if (tif->tif_dir.td_bitspersample<=16)
+ {
+ for (i = 0; i < count; ++i)
+- ((uint16*)conv)[i] = (uint16)value[i];
++ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
+ ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
+ }
+ else
+ {
+ for (i = 0; i < count; ++i)
+- ((uint32*)conv)[i] = (uint32)value[i];
++ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
+ ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
+ }
+ break;
+@@ -2094,15 +2158,25 @@
+ static int
+ TIFFWriteDirectoryTagCheckedRational(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, double value)
+ {
++ static const char module[] = "TIFFWriteDirectoryTagCheckedRational";
+ uint32 m[2];
+- assert(value>=0.0);
+ assert(sizeof(uint32)==4);
+- if (value<=0.0)
++ if (value<0)
++ {
++ TIFFErrorExt(tif->tif_clientdata,module,"Negative value is illegal");
++ return 0;
++ }
++ else if( value != value )
++ {
++ TIFFErrorExt(tif->tif_clientdata,module,"Not-a-number value is illegal");
++ return 0;
++ }
++ else if (value==0.0)
+ {
+ m[0]=0;
+ m[1]=1;
+- }
+- else if (value==(double)(uint32)value)
++ }
++ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
+ {
+ m[0]=(uint32)value;
+ m[1]=1;
+@@ -2143,7 +2217,7 @@
+ }
+ for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
+ {
+- if (*na<=0.0)
++ if (*na<=0.0 || *na != *na)
+ {
+ nb[0]=0;
+ nb[1]=1;
+@@ -2153,7 +2227,8 @@
+ nb[0]=(uint32)(*na);
+ nb[1]=1;
+ }
+- else if (*na<1.0)
++ else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
++ *na==(float)(uint32)(*na))
+ {
+ nb[0]=(uint32)((double)(*na)*0xFFFFFFFF);
+ nb[1]=0xFFFFFFFF;
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7598.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7598.patch
new file mode 100644
index 0000000..6d082bb
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7598.patch
@@ -0,0 +1,65 @@
+From 3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 13:28:01 +0000
+Subject: [PATCH] * libtiff/tif_dirread.c: avoid division by floating point 0
+ in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
+ and return 0 in that case (instead of infinity as before presumably)
+ Apparently some sanitizers do not like those divisions by zero. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2644
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7598
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-25 16:14:59.858612730 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-25 18:11:36.048107127 +0530
+@@ -1,3 +1,4 @@
++
+ 2017-01-12 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
+@@ -8,6 +9,14 @@
+
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tif_dirread.c: avoid division by floating point 0 in
++ TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
++ and return 0 in that case (instead of infinity as before presumably)
++ Apparently some sanitizers do not like those divisions by zero.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
++
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings
+ of double to other data types to avoid undefined behaviour if the output range
+ isn't big enough to hold the input value.
+Index: tiff-4.0.7/libtiff/tif_dirread.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_dirread.c 2017-04-25 16:14:59.858612730 +0530
++++ tiff-4.0.7/libtiff/tif_dirread.c 2017-04-25 18:16:21.836111576 +0530
+@@ -2880,7 +2880,10 @@
+ m.l = direntry->tdir_offset.toff_long8;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong(m.i,2);
+- if (m.i[0]==0)
++ /* Not completely sure what we should do when m.i[1]==0, but some */
++ /* sanitizers do not like division by 0.0: */
++ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++ if (m.i[0]==0 || m.i[1]==0)
+ *value=0.0;
+ else
+ *value=(double)m.i[0]/(double)m.i[1];
+@@ -2908,7 +2911,10 @@
+ m.l=direntry->tdir_offset.toff_long8;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong(m.i,2);
+- if ((int32)m.i[0]==0)
++ /* Not completely sure what we should do when m.i[1]==0, but some */
++ /* sanitizers do not like division by 0.0: */
++ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++ if ((int32)m.i[0]==0 || m.i[1]==0)
+ *value=0.0;
+ else
+ *value=(double)((int32)m.i[0])/(double)m.i[1];
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7601.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7601.patch
new file mode 100644
index 0000000..1b3c6c8
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7601.patch
@@ -0,0 +1,52 @@
+From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:13:50 +0000
+Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
+ JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
+ exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7601
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-25 18:21:32.856116417 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-25 18:35:31.904129477 +0530
+@@ -1,4 +1,3 @@
+-
+ 2017-01-12 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
+@@ -9,6 +8,12 @@
+
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid
++ undefined behaviour caused by invalid shift exponent.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
++
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_dirread.c: avoid division by floating point 0 in
+ TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
+ and return 0 in that case (instead of infinity as before presumably)
+Index: tiff-4.0.7/libtiff/tif_jpeg.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_jpeg.c 2017-04-25 18:21:32.744116415 +0530
++++ tiff-4.0.7/libtiff/tif_jpeg.c 2017-04-25 18:38:02.200131817 +0530
+@@ -1632,7 +1632,13 @@
+ "Invalig horizontal/vertical sampling value");
+ return (0);
+ }
+-
++ if( td->td_bitspersample > 16 )
++ {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "BitsPerSample %d not allowed for JPEG",
++ td->td_bitspersample);
++ return (0);
++ }
+ /*
+ * A ReferenceBlackWhite field *must* be present since the
+ * default value is inappropriate for YCbCr. Fill in the
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch
new file mode 100644
index 0000000..9ed97e24
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch
@@ -0,0 +1,69 @@
+From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:33:34 +0000
+Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
+ signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2650
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7602
+Signed-off-by: Rajkumar Veer <rveer@mvista.com>
+
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog 2017-04-25 18:42:07.656135638 +0530
++++ tiff-4.0.7/ChangeLog 2017-04-25 18:54:36.812147299 +0530
+@@ -8,6 +8,12 @@
+
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tif_read.c: avoid potential undefined behaviour on signed integer
++ addition in TIFFReadRawStrip1() in isMapped() case.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
++
++2017-01-11 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid
+ undefined behaviour caused by invalid shift exponent.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+Index: tiff-4.0.7/libtiff/tif_read.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_read.c 2017-04-25 18:42:07.132135629 +0530
++++ tiff-4.0.7/libtiff/tif_read.c 2017-04-25 18:58:25.272150855 +0530
+@@ -420,16 +420,26 @@
+ return ((tmsize_t)(-1));
+ }
+ } else {
+- tmsize_t ma,mb;
++ tmsize_t ma;
+ tmsize_t n;
+- ma=(tmsize_t)td->td_stripoffset[strip];
+- mb=ma+size;
+- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
+- n=0;
+- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
+- n=tif->tif_size-ma;
+- else
+- n=size;
++ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
++ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
++ {
++ n=0;
++ }
++ else if( ma > TIFF_TMSIZE_T_MAX - size )
++ {
++ n=0;
++ }
++ else
++ {
++ tmsize_t mb=ma+size;
++ if (mb>tif->tif_size)
++ n=tif->tif_size-ma;
++ else
++ n=size;
++ }
++
+ if (n!=size) {
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ TIFFErrorExt(tif->tif_clientdata, module,
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
index e60cbb5..866e852 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
@@ -11,7 +11,23 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2017-9936.patch \
file://CVE-2017-10688.patch \
file://CVE-2017-11335.patch \
- "
+ file://CVE-2016-10271.patch \
+ file://CVE-2016-10093.patch \
+ file://CVE-2016-10268.patch \
+ file://CVE-2016-10266.patch \
+ file://CVE-2016-10267.patch \
+ file://CVE-2016-10269.patch \
+ file://CVE-2016-10270.patch \
+ file://CVE-2017-7592.patch \
+ file://CVE-2017-7594-p1.patch \
+ file://CVE-2017-7594-p2.patch \
+ file://CVE-2017-7595.patch \
+ file://CVE-2017-7596.patch \
+ file://CVE-2017-7598.patch \
+ file://CVE-2017-7601.patch \
+ file://CVE-2017-7602.patch \
+ file://CVE-2017-7593.patch \
+ "
SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
SRC_URI[sha256sum] = "9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019"
diff --git a/meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch b/meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
deleted file mode 100644
index a4face2..0000000
--- a/meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From 20ee11dd188e1538f8cdd17a289dc6f9c63a011e Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 17 Apr 2016 12:35:41 -0700
-Subject: [PATCH] WebKitMacros: Append to -I and not to -isystem
-
-gcc-6 has now introduced stdlib.h in libstdc++ for better
-compliance and its including the C library stdlib.h using
-include_next which is sensitive to order of system header
-include paths. Its infact better to not tinker with the
-system header include paths at all. Since adding /usr/include
-to -system is redundant and compiler knows about it moreover
-now with gcc6 it interferes with compiler's functioning
-and ends up with compile errors e.g.
-
-/usr/include/c++/6.0.0/cstdlib:75:25: fatal error: stdlib.h: No such file or directory
-
-This is also an issue with clang (when using libstdc++ >= 6)
-
-Upstream bug: https://bugs.webkit.org/show_bug.cgi?id=161697
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
----
- Source/JavaScriptCore/shell/CMakeLists.txt | 2 +-
- Source/WebCore/PlatformGTK.cmake | 6 +++---
- Source/WebKit2/PlatformGTK.cmake | 2 +-
- Source/cmake/WebKitMacros.cmake | 2 +-
- Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt | 2 +-
- Tools/ImageDiff/CMakeLists.txt | 2 +-
- Tools/MiniBrowser/gtk/CMakeLists.txt | 2 +-
- Tools/TestWebKitAPI/PlatformGTK.cmake | 2 +-
- Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt | 2 +-
- Tools/WebKitTestRunner/CMakeLists.txt | 2 +-
- 10 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/Source/JavaScriptCore/shell/CMakeLists.txt b/Source/JavaScriptCore/shell/CMakeLists.txt
-index 155c797..80fe22b 100644
---- a/Source/JavaScriptCore/shell/CMakeLists.txt
-+++ b/Source/JavaScriptCore/shell/CMakeLists.txt
-@@ -20,7 +20,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- WEBKIT_WRAP_SOURCELIST(${JSC_SOURCES})
- include_directories(./ ${JavaScriptCore_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(jsc ${JSC_SOURCES})
- target_link_libraries(jsc ${JSC_LIBRARIES})
-
-diff --git a/Source/WebCore/PlatformGTK.cmake b/Source/WebCore/PlatformGTK.cmake
-index 567bd79..1fabea8 100644
---- a/Source/WebCore/PlatformGTK.cmake
-+++ b/Source/WebCore/PlatformGTK.cmake
-@@ -340,7 +340,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
- ${GTK2_INCLUDE_DIRS}
- ${GDK2_INCLUDE_DIRS}
- )
-- target_include_directories(WebCorePlatformGTK2 SYSTEM PRIVATE
-+ target_include_directories(WebCorePlatformGTK2 PRIVATE
- ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
- )
- target_link_libraries(WebCorePlatformGTK2
-@@ -365,7 +365,7 @@ WEBKIT_SET_EXTRA_COMPILER_FLAGS(WebCorePlatformGTK)
- target_include_directories(WebCorePlatformGTK PRIVATE
- ${WebCore_INCLUDE_DIRECTORIES}
- )
--target_include_directories(WebCorePlatformGTK SYSTEM PRIVATE
-+target_include_directories(WebCorePlatformGTK PRIVATE
- ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
- ${GTK_INCLUDE_DIRS}
- ${GDK_INCLUDE_DIRS}
-@@ -383,7 +383,7 @@ include_directories(
- "${DERIVED_SOURCES_GOBJECT_DOM_BINDINGS_DIR}"
- )
-
--include_directories(SYSTEM
-+include_directories(
- ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
- )
-
-diff --git a/Source/WebKit2/PlatformGTK.cmake b/Source/WebKit2/PlatformGTK.cmake
-index e4805a4..c57df5d 100644
---- a/Source/WebKit2/PlatformGTK.cmake
-+++ b/Source/WebKit2/PlatformGTK.cmake
-@@ -822,7 +822,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
- target_include_directories(WebKitPluginProcess2 PRIVATE
- ${WebKit2CommonIncludeDirectories}
- )
-- target_include_directories(WebKitPluginProcess2 SYSTEM PRIVATE
-+ target_include_directories(WebKitPluginProcess2 PRIVATE
- ${WebKit2CommonSystemIncludeDirectories}
- ${GTK2_INCLUDE_DIRS}
- ${GDK2_INCLUDE_DIRS}
-diff --git a/Source/cmake/WebKitMacros.cmake b/Source/cmake/WebKitMacros.cmake
-index 043e78e..8b3b642 100644
---- a/Source/cmake/WebKitMacros.cmake
-+++ b/Source/cmake/WebKitMacros.cmake
-@@ -224,7 +224,7 @@ endmacro()
-
- macro(WEBKIT_FRAMEWORK _target)
- include_directories(${${_target}_INCLUDE_DIRECTORIES})
-- include_directories(SYSTEM ${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
-+ include_directories(${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
- add_library(${_target} ${${_target}_LIBRARY_TYPE}
- ${${_target}_HEADERS}
- ${${_target}_SOURCES}
-diff --git a/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt b/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-index c431667..6dff244 100644
---- a/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-+++ b/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-@@ -42,7 +42,7 @@ set(WebKitTestNetscapePlugin_SYSTEM_INCLUDE_DIRECTORIES
- )
-
- include_directories(${WebKitTestNetscapePlugin_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKitTestNetscapePlugin_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKitTestNetscapePlugin_SYSTEM_INCLUDE_DIRECTORIES})
-
- set(WebKitTestNetscapePlugin_LIBRARIES
- ${X11_LIBRARIES}
-diff --git a/Tools/ImageDiff/CMakeLists.txt b/Tools/ImageDiff/CMakeLists.txt
-index b15443f..87e03bf 100644
---- a/Tools/ImageDiff/CMakeLists.txt
-+++ b/Tools/ImageDiff/CMakeLists.txt
-@@ -14,6 +14,6 @@ set(IMAGE_DIFF_LIBRARIES
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- include_directories(${IMAGE_DIFF_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${IMAGE_DIFF_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${IMAGE_DIFF_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(ImageDiff ${IMAGE_DIFF_SOURCES})
- target_link_libraries(ImageDiff ${IMAGE_DIFF_LIBRARIES})
-diff --git a/Tools/MiniBrowser/gtk/CMakeLists.txt b/Tools/MiniBrowser/gtk/CMakeLists.txt
-index 0704bc6..619e5a5 100644
---- a/Tools/MiniBrowser/gtk/CMakeLists.txt
-+++ b/Tools/MiniBrowser/gtk/CMakeLists.txt
-@@ -58,7 +58,7 @@ endif ()
- add_definitions(-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_6)
-
- include_directories(${MiniBrowser_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(MiniBrowser ${MiniBrowser_SOURCES})
- target_link_libraries(MiniBrowser ${MiniBrowser_LIBRARIES})
-
-diff --git a/Tools/TestWebKitAPI/PlatformGTK.cmake b/Tools/TestWebKitAPI/PlatformGTK.cmake
-index 7552cc2..2eb44d5 100644
---- a/Tools/TestWebKitAPI/PlatformGTK.cmake
-+++ b/Tools/TestWebKitAPI/PlatformGTK.cmake
-@@ -20,7 +20,7 @@ include_directories(
- ${WEBKIT2_DIR}/UIProcess/API/gtk
- )
-
--include_directories(SYSTEM
-+include_directories(
- ${GDK3_INCLUDE_DIRS}
- ${GLIB_INCLUDE_DIRS}
- ${GTK3_INCLUDE_DIRS}
-diff --git a/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt b/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-index b0b4739..434e4ca 100644
---- a/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-+++ b/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-@@ -23,7 +23,7 @@ include_directories(
- ${TOOLS_DIR}/TestWebKitAPI/gtk/WebKit2Gtk
- )
-
--include_directories(SYSTEM
-+include_directories(
- ${ATSPI_INCLUDE_DIRS}
- ${GLIB_INCLUDE_DIRS}
- ${GSTREAMER_INCLUDE_DIRS}
-diff --git a/Tools/WebKitTestRunner/CMakeLists.txt b/Tools/WebKitTestRunner/CMakeLists.txt
-index 7db90f2..a4f917f 100644
---- a/Tools/WebKitTestRunner/CMakeLists.txt
-+++ b/Tools/WebKitTestRunner/CMakeLists.txt
-@@ -116,7 +116,7 @@ GENERATE_BINDINGS(WebKitTestRunner_SOURCES
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
-
- include_directories(${WebKitTestRunner_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKitTestRunner_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKitTestRunner_SYSTEM_INCLUDE_DIRECTORIES})
-
- add_library(TestRunnerInjectedBundle SHARED ${WebKitTestRunnerInjectedBundle_SOURCES})
- target_link_libraries(TestRunnerInjectedBundle ${WebKitTestRunner_LIBRARIES})
---
-2.9.3
-
diff --git a/meta/recipes-sato/webkit/files/musl-fixes.patch b/meta/recipes-sato/webkit/files/musl-fixes.patch
deleted file mode 100644
index 4fdd56f..0000000
--- a/meta/recipes-sato/webkit/files/musl-fixes.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Replace __GLIBC__ with __linux__ since musl also supports it
-so checking __linux__ is more accomodating
-
-See http://git.alpinelinux.org/cgit/aports/tree/community/webkit2gtk/musl-fixes.patch?id=219435d86d7e8fac9474344a7431c62bd2525184
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: webkitgtk-2.12.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-===================================================================
---- webkitgtk-2.12.1.orig/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-+++ webkitgtk-2.12.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-@@ -566,7 +566,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__) && ENABLE(JIT)
-+#elif defined(__linux__) && ENABLE(JIT)
-
- #if CPU(X86)
- return reinterpret_cast<void*>((uintptr_t) regs.machineContext.gregs[REG_ESP]);
-@@ -665,7 +665,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -747,7 +747,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -838,7 +838,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
-
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
diff --git a/meta/recipes-sato/webkit/files/ppc-musl-fix.patch b/meta/recipes-sato/webkit/files/ppc-musl-fix.patch
deleted file mode 100644
index 5f58e49..0000000
--- a/meta/recipes-sato/webkit/files/ppc-musl-fix.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-ucontext structure is different between musl and glibc for ppc
-therefore its not enough just to check for arch alone, we also
-need to check for libc type.
-
-Fixes errors like
-
-Source/JavaScriptCore/heap/MachineStackMarker.cpp:90:65: error: 'struct mcontext_t' has no member named 'uc_regs'; did you mean 'gregs'?
- thread->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: webkitgtk-2.12.3/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-===================================================================
---- webkitgtk-2.12.3.orig/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-+++ webkitgtk-2.12.3/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-@@ -86,7 +86,7 @@ static void pthreadSignalHandlerSuspendR
- }
-
- ucontext_t* userContext = static_cast<ucontext_t*>(ucontext);
--#if CPU(PPC)
-+#if CPU(PPC) && defined(__GLIBC__)
- thread->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
- #else
- thread->suspendedMachineContext = userContext->uc_mcontext;
diff --git a/meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
index fae3b0b..fae3b0b 100644
--- a/meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
new file mode 100644
index 0000000..7cc4514
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
@@ -0,0 +1,77 @@
+From 415e31bd5444fa360af58b069f1b9db6607fca7d Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 6 Oct 2017 17:00:08 +0300
+Subject: [PATCH] Fix build with musl
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Source/JavaScriptCore/runtime/MachineContext.h | 10 +++++-----
+ Source/WTF/wtf/Platform.h | 2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/Source/JavaScriptCore/runtime/MachineContext.h b/Source/JavaScriptCore/runtime/MachineContext.h
+index 95080b9..2bb689c 100644
+--- a/Source/JavaScriptCore/runtime/MachineContext.h
++++ b/Source/JavaScriptCore/runtime/MachineContext.h
+@@ -146,7 +146,7 @@ inline void*& stackPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ #if CPU(X86)
+ return reinterpret_cast<void*&>((uintptr_t&) machineContext.gregs[REG_ESP]);
+@@ -251,7 +251,7 @@ inline void*& framePointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -354,7 +354,7 @@ inline void*& instructionPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -466,7 +466,7 @@ inline void*& argumentPointer<1>(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -583,7 +583,7 @@ inline void*& llintInstructionPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
+index 5a2863b..b36c3ff 100644
+--- a/Source/WTF/wtf/Platform.h
++++ b/Source/WTF/wtf/Platform.h
+@@ -680,7 +680,7 @@
+ #define HAVE_CFNETWORK_STORAGE_PARTITIONING 1
+ #endif
+
+-#if OS(DARWIN) || ((OS(FREEBSD) || defined(__GLIBC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
++#if OS(DARWIN) || ((OS(FREEBSD) || defined(__linux__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
+ #define HAVE_MACHINE_CONTEXT 1
+ #endif
+
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
index 615fe4f..896890b 100644
--- a/meta/recipes-sato/webkit/files/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
@@ -1,19 +1,20 @@
-From 5760d346b42807b596f479c81f7a6b42eb36065e Mon Sep 17 00:00:00 2001
+From b7f40eceef0f23bf88090789d4c5845c35f048ae Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 29 Aug 2016 16:38:11 +0300
-Subject: [PATCH] Fix racy parallel build of WebKit2-4.0.gir
+Subject: [PATCH 4/9] Fix racy parallel build of WebKit2-4.0.gir
Upstream-Status: Pending
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
- Source/WebKit2/PlatformGTK.cmake | 9 +++++----
+ Source/WebKit/PlatformGTK.cmake | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
-diff --git a/Source/WebKit2/PlatformGTK.cmake b/Source/WebKit2/PlatformGTK.cmake
-index adaa010..f18cf8a 100644
---- a/Source/WebKit2/PlatformGTK.cmake
-+++ b/Source/WebKit2/PlatformGTK.cmake
-@@ -906,8 +906,9 @@ endif ()
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index a33c6a86..d83a2e77 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1122,8 +1122,9 @@ endif ()
string(REGEX MATCHALL "-L[^ ]*"
INTROSPECTION_ADDITIONAL_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}")
@@ -25,7 +26,7 @@ index adaa010..f18cf8a 100644
DEPENDS WebKit2
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS} LDFLAGS=
-@@ -950,7 +951,7 @@ add_custom_command(
+@@ -1168,7 +1169,7 @@ add_custom_command(
add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
@@ -34,7 +35,7 @@ index adaa010..f18cf8a 100644
COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS}
LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
-@@ -1004,7 +1005,7 @@ add_custom_command(
+@@ -1225,7 +1226,7 @@ add_custom_command(
add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.typelib
@@ -44,5 +45,5 @@ index adaa010..f18cf8a 100644
)
--
-2.9.3
+2.14.1
diff --git a/meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch b/meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch
index 93a69c0..93a69c0 100644
--- a/meta/recipes-sato/webkit/files/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch
diff --git a/meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
index 586dd23..83fd512 100644
--- a/meta/recipes-sato/webkit/files/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
@@ -1,8 +1,8 @@
-From 4eeeaec775e190cf3f5885d7c6717acebd0201a8 Mon Sep 17 00:00:00 2001
+From 9b09974003097c9a408bbeea568996768efe705b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Thu, 11 Aug 2016 17:13:51 +0300
-Subject: [PATCH] Tweak gtkdoc settings so that gtkdoc generation works under
- OpenEmbedded build system
+Subject: [PATCH 05/10] Tweak gtkdoc settings so that gtkdoc generation works
+ under OpenEmbedded build system
This requires setting a few environment variables so that the transient
binary is build and linked correctly, and disabling the tweaks to RUN
@@ -10,26 +10,27 @@ variable from gtkdoc.py script so that our qemu wrapper is taken into use.
Upstream-Status: Inappropriate [oe-specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
Source/PlatformGTK.cmake | 2 +-
Tools/gtk/gtkdoc.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/Source/PlatformGTK.cmake b/Source/PlatformGTK.cmake
-index af4d2e3..b7b93c7 100644
+index 50b5393..7a31db5 100644
--- a/Source/PlatformGTK.cmake
+++ b/Source/PlatformGTK.cmake
-@@ -25,7 +25,7 @@ macro(ADD_GTKDOC_GENERATOR _stamp_name _extra_args)
+@@ -24,7 +24,7 @@ macro(ADD_GTKDOC_GENERATOR _stamp_name _extra_args)
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/${_stamp_name}"
DEPENDS ${DocumentationDependencies}
-- COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
-+ COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} LD=${CMAKE_C_COMPILER} LDFLAGS=${CMAKE_C_LINK_FLAGS} RUN=${CMAKE_BINARY_DIR}/gtkdoc-qemuwrapper GIR_EXTRA_LIBS_PATH=${CMAKE_BINARY_DIR}/lib ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
+- COMMAND ${CMAKE_COMMAND} -E env "CC=${CMAKE_C_COMPILER}" "CFLAGS=${CMAKE_C_FLAGS} -Wno-unused-parameter" ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
++ COMMAND ${CMAKE_COMMAND} -E env "CC=${CMAKE_C_COMPILER}" "CFLAGS=${CMAKE_C_FLAGS} -Wno-unused-parameter" "LD=${CMAKE_C_COMPILER}" "LDFLAGS=${CMAKE_C_LINK_FLAGS}" "RUN=${CMAKE_BINARY_DIR}/gtkdoc-qemuwrapper" ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc -v ${_extra_args}
COMMAND touch ${_stamp_name}
WORKING_DIRECTORY "${CMAKE_BINARY_DIR}"
- )
+ VERBATIM
diff --git a/Tools/gtk/gtkdoc.py b/Tools/gtk/gtkdoc.py
-index 4c8237b..c0205f0 100644
+index 03c8e8e..34fbaff 100644
--- a/Tools/gtk/gtkdoc.py
+++ b/Tools/gtk/gtkdoc.py
@@ -318,9 +318,9 @@ class GTKDoc(object):
@@ -38,12 +39,12 @@ index 4c8237b..c0205f0 100644
current_ld_library_path = env.get('LD_LIBRARY_PATH')
- if current_ld_library_path:
+ if current_ld_library_path and 'RUN' not in env:
- env['RUN'] = 'LD_LIBRARY_PATH="%s:%s" ' % (self.library_path, current_ld_library_path)
+ env['LD_LIBRARY_PATH'] = '%s:%s' % (self.library_path, current_ld_library_path)
- else:
+ elif 'RUN' not in env:
- env['RUN'] = 'LD_LIBRARY_PATH="%s" ' % self.library_path
+ env['LD_LIBRARY_PATH'] = self.library_path
if ldflags:
--
-2.8.1
+2.15.1
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch b/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
new file mode 100644
index 0000000..dfdc116
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
@@ -0,0 +1,126 @@
+From ef832a115b40861c08df333339b1366da49e5393 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 17 Apr 2016 12:35:41 -0700
+Subject: [PATCH 9/9] WebKitMacros: Append to -I and not to -isystem
+
+gcc-6 has now introduced stdlib.h in libstdc++ for better
+compliance and its including the C library stdlib.h using
+include_next which is sensitive to order of system header
+include paths. Its infact better to not tinker with the
+system header include paths at all. Since adding /usr/include
+to -system is redundant and compiler knows about it moreover
+now with gcc6 it interferes with compiler's functioning
+and ends up with compile errors e.g.
+
+/usr/include/c++/6.0.0/cstdlib:75:25: fatal error: stdlib.h: No such file or directory
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Source/JavaScriptCore/shell/CMakeLists.txt | 2 +-
+ Source/WebCore/PlatformGTK.cmake | 6 +++---
+ Source/WebKit/PlatformGTK.cmake | 2 +-
+ Source/cmake/WebKitMacros.cmake | 2 +-
+ Tools/MiniBrowser/gtk/CMakeLists.txt | 2 +-
+ Tools/TestWebKitAPI/PlatformGTK.cmake | 2 +-
+ 6 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/Source/JavaScriptCore/shell/CMakeLists.txt b/Source/JavaScriptCore/shell/CMakeLists.txt
+index bc37dd31..4e49871f 100644
+--- a/Source/JavaScriptCore/shell/CMakeLists.txt
++++ b/Source/JavaScriptCore/shell/CMakeLists.txt
+@@ -35,7 +35,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
+ WEBKIT_WRAP_SOURCELIST(${JSC_SOURCES})
+ WEBKIT_WRAP_SOURCELIST(${TESTAPI_SOURCES})
+ include_directories(./ ${JavaScriptCore_INCLUDE_DIRECTORIES})
+-include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
++include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
+ add_executable(jsc ${JSC_SOURCES})
+ target_link_libraries(jsc ${JSC_LIBRARIES})
+
+diff --git a/Source/WebCore/PlatformGTK.cmake b/Source/WebCore/PlatformGTK.cmake
+index 73506c74..8eb8b415 100644
+--- a/Source/WebCore/PlatformGTK.cmake
++++ b/Source/WebCore/PlatformGTK.cmake
+@@ -281,7 +281,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
+ ${GTK2_INCLUDE_DIRS}
+ ${GDK2_INCLUDE_DIRS}
+ )
+- target_include_directories(WebCorePlatformGTK2 SYSTEM PRIVATE
++ target_include_directories(WebCorePlatformGTK2 PRIVATE
+ ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
+ )
+ target_link_libraries(WebCorePlatformGTK2
+@@ -305,7 +305,7 @@ add_dependencies(WebCorePlatformGTK WebCore)
+ target_include_directories(WebCorePlatformGTK PRIVATE
+ ${WebCore_INCLUDE_DIRECTORIES}
+ )
+-target_include_directories(WebCorePlatformGTK SYSTEM PRIVATE
++target_include_directories(WebCorePlatformGTK PRIVATE
+ ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
+ ${GTK_INCLUDE_DIRS}
+ ${GDK_INCLUDE_DIRS}
+@@ -321,7 +321,7 @@ include_directories(
+ "${WEBCORE_DIR}/bindings/gobject/"
+ )
+
+-include_directories(SYSTEM
++include_directories(
+ ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
+ )
+
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index d83a2e77..401246f4 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1050,7 +1050,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
+ target_include_directories(WebKitPluginProcess2 PRIVATE
+ ${WebKit2CommonIncludeDirectories}
+ )
+- target_include_directories(WebKitPluginProcess2 SYSTEM PRIVATE
++ target_include_directories(WebKitPluginProcess2 PRIVATE
+ ${WebKit2CommonSystemIncludeDirectories}
+ ${GTK2_INCLUDE_DIRS}
+ ${GDK2_INCLUDE_DIRS}
+diff --git a/Source/cmake/WebKitMacros.cmake b/Source/cmake/WebKitMacros.cmake
+index 7bc89543..d9818fa4 100644
+--- a/Source/cmake/WebKitMacros.cmake
++++ b/Source/cmake/WebKitMacros.cmake
+@@ -78,7 +78,7 @@ macro(WEBKIT_FRAMEWORK_DECLARE _target)
+ endmacro()
+
+ macro(WEBKIT_FRAMEWORK _target)
+- include_directories(SYSTEM ${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
++ include_directories(${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
+ target_sources(${_target} PRIVATE
+ ${${_target}_HEADERS}
+ ${${_target}_SOURCES}
+diff --git a/Tools/MiniBrowser/gtk/CMakeLists.txt b/Tools/MiniBrowser/gtk/CMakeLists.txt
+index e832a86d..ce92c864 100644
+--- a/Tools/MiniBrowser/gtk/CMakeLists.txt
++++ b/Tools/MiniBrowser/gtk/CMakeLists.txt
+@@ -57,7 +57,7 @@ endif ()
+ add_definitions(-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_6)
+
+ include_directories(${MiniBrowser_INCLUDE_DIRECTORIES})
+-include_directories(SYSTEM ${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
++include_directories(${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
+ add_executable(MiniBrowser ${MiniBrowser_SOURCES})
+ target_link_libraries(MiniBrowser ${MiniBrowser_LIBRARIES})
+
+diff --git a/Tools/TestWebKitAPI/PlatformGTK.cmake b/Tools/TestWebKitAPI/PlatformGTK.cmake
+index 1be3dd52..7bdddf37 100644
+--- a/Tools/TestWebKitAPI/PlatformGTK.cmake
++++ b/Tools/TestWebKitAPI/PlatformGTK.cmake
+@@ -20,7 +20,7 @@ include_directories(
+ ${WEBKIT2_DIR}/UIProcess/API/gtk
+ )
+
+-include_directories(SYSTEM
++include_directories(
+ ${GDK3_INCLUDE_DIRS}
+ ${GLIB_INCLUDE_DIRS}
+ ${GTK3_INCLUDE_DIRS}
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch b/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
index 3f71297..fb4c4dc 100644
--- a/meta/recipes-sato/webkit/files/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
@@ -1,23 +1,24 @@
-From bae9f73b2c693b5aa156fed717d6481b60682786 Mon Sep 17 00:00:00 2001
+From 98b1359a0cd87bbdb22cef98ba594440f4c57d92 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 28 Oct 2015 14:18:57 +0200
-Subject: [PATCH] When building introspection files, add CMAKE_C_FLAGS to the
- compiler flags.
+Subject: [PATCH 2/9] When building introspection files, add CMAKE_C_FLAGS to
+ the compiler flags.
g-ir-compiler is using a C compiler internally, so it needs to set
the proper flags for it.
Upstream-Status: Pending [review on oe-core list]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
- Source/WebKit2/PlatformGTK.cmake | 4 ++--
+ Source/WebKit/PlatformGTK.cmake | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
-Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebKit2/PlatformGTK.cmake
-+++ webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-@@ -910,7 +910,7 @@ add_custom_command(
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index 7f92ae72..a33c6a86 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1126,7 +1126,7 @@ add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
DEPENDS WebKit2
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
@@ -26,7 +27,7 @@ Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
${INTROSPECTION_SCANNER}
--quiet
-@@ -951,7 +951,7 @@ add_custom_command(
+@@ -1169,7 +1169,7 @@ add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
@@ -35,3 +36,6 @@ Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
${INTROSPECTION_SCANNER}
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/files/cross-compile.patch b/meta/recipes-sato/webkit/webkitgtk/cross-compile.patch
index 4d1de72..4d1de72 100644
--- a/meta/recipes-sato/webkit/files/cross-compile.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/cross-compile.patch
diff --git a/meta/recipes-sato/webkit/files/detect_atomics.patch b/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
index c4e80a7..c6157e1 100644
--- a/meta/recipes-sato/webkit/files/detect_atomics.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
@@ -1,26 +1,31 @@
-Sourced from https://bugs.webkit.org/show_bug.cgi?id=161900
+From 0b3811771ae6385503f2d949f9433d8f810d2ff9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 17 May 2017 22:34:24 -0700
+Subject: [PATCH 8/9] webkitgtk: Fix build for armv5
-on arm fixes
-
-| /usr/src/debug/libgcc/6.2.0-r0/gcc-6.2.0/build.arm-oe-linux-gnueabi.arm-oe-linux-gnueabi/libgcc/../../../../../../../work-shared/gcc-6.2.0-r0/gcc-6.2.0/libgcc/config/arm/linux-atomic-64bit.c:117: multiple definition of `__sync_sub_and_fetch_8'
+Taken from
+https://bugs.webkit.org/show_bug.cgi?id=161900
+Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Backport
+---
+ Source/WTF/wtf/CMakeLists.txt | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/Source/WTF/wtf/CMakeLists.txt b/Source/WTF/wtf/CMakeLists.txt
-index 867999e..ea69322 100644
+index 6b5e45b9..46ee3c22 100644
--- a/Source/WTF/wtf/CMakeLists.txt
+++ b/Source/WTF/wtf/CMakeLists.txt
-@@ -171,7 +171,6 @@ set(WTF_HEADERS
+@@ -205,7 +205,6 @@ set(WTF_HEADERS
set(WTF_SOURCES
Assertions.cpp
- Atomics.cpp
+ AutomaticThread.cpp
BitVector.cpp
- CompilationThread.cpp
- CrossThreadCopier.cpp
-@@ -276,6 +275,15 @@ if (NOT USE_SYSTEM_MALLOC)
+ CPUTime.cpp
+@@ -336,6 +335,15 @@ if (NOT USE_SYSTEM_MALLOC)
list(APPEND WTF_LIBRARIES bmalloc)
endif ()
@@ -36,3 +41,6 @@ index 867999e..ea69322 100644
list(APPEND WTF_SOURCES
unicode/icu/CollatorICU.cpp
)
+--
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/x32_support.patch b/meta/recipes-sato/webkit/webkitgtk/x32_support.patch
index fea4c27..5f23837 100644
--- a/meta/recipes-sato/webkit/webkitgtk/x32_support.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/x32_support.patch
@@ -3,11 +3,11 @@ Subject: Fix FTBFS in x32
Bug-Debian: https://bugs.debian.org/700795
Upstream-Status: Pending
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Index: webkitgtk/Source/WTF/wtf/Platform.h
+Index: webkitgtk-2.16.1/Source/WTF/wtf/Platform.h
===================================================================
---- webkitgtk.orig/Source/WTF/wtf/Platform.h
-+++ webkitgtk/Source/WTF/wtf/Platform.h
-@@ -182,8 +182,12 @@
+--- webkitgtk-2.16.1.orig/Source/WTF/wtf/Platform.h
++++ webkitgtk-2.16.1/Source/WTF/wtf/Platform.h
+@@ -172,7 +172,11 @@
/* CPU(X86_64) - AMD64 / Intel64 / x86_64 64-bit */
#if defined(__x86_64__) \
|| defined(_M_X64)
@@ -15,8 +15,7 @@ Index: webkitgtk/Source/WTF/wtf/Platform.h
+#define WTF_CPU_X86_64_32 1
+#else
#define WTF_CPU_X86_64 1
- #endif
+#endif
+ #define WTF_CPU_X86_SSE2 1
+ #endif
- /* CPU(ARM64) - Apple */
- #if (defined(__arm64__) && defined(__APPLE__)) || defined(__aarch64__)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.14.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.18.5.bb
index daa17a9..a64aee2 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.14.5.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.18.5.bb
@@ -13,35 +13,29 @@ SRC_URI = "http://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \
file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \
- file://musl-fixes.patch \
- file://ppc-musl-fix.patch \
file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \
file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \
- file://0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch \
- file://detect_atomics.patch \
file://x32_support.patch \
file://cross-compile.patch \
+ file://detect-atomics-during-configure.patch \
+ file://0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch \
+ file://0001-Fix-build-with-musl.patch \
"
-SRC_URI[md5sum] = "7fe3cb2699e64f969b285823c5ae2516"
-SRC_URI[sha256sum] = "3ca8f1c33a9b43d6c753dcac1c0788656930e06382b10fdf5c2805ea8f96369f"
+SRC_URI[md5sum] = "af18c2cfa00cadfd0b4d8db21cab011d"
+SRC_URI[sha256sum] = "0c6d80cc7eb5d32f8063041fa11a1a6f17a29765c2f69c6bc862cd47c2d539b8"
inherit cmake pkgconfig gobject-introspection perlnative distro_features_check upstream-version-is-even gtk-doc
-# We cannot inherit pythonnative because that would conflict with inheriting python3native
-# (which is done by gobject-introspection). But webkit only needs the path to native Python 2.x binary
-# so we simply set it explicitly here.
-EXTRANATIVEPATH += "python-native"
-
# depends on libxt
REQUIRED_DISTRO_FEATURES = "x11"
-DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libxt libidn gnutls \
+DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libxt libidn libgcrypt \
gtk+3 gstreamer1.0 gstreamer1.0-plugins-base flex-native gperf-native sqlite3 \
pango icu bison-native gawk intltool-native libwebp \
atk udev harfbuzz jpeg libpng pulseaudio librsvg libtheora libvorbis libxcomposite libxtst \
ruby-native libnotify gstreamer1.0-plugins-bad \
- python-native \
+ gettext-native glib-2.0 glib-2.0-native libtasn1 \
"
PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'wayland' ,d)} \
@@ -58,7 +52,7 @@ PACKAGECONFIG[gtk2] = "-DENABLE_PLUGIN_PROCESS_GTK2=ON,-DENABLE_PLUGIN_PROCESS_G
PACKAGECONFIG[gles2] = "-DENABLE_GLES2=ON,-DENABLE_GLES2=OFF,virtual/libgles2"
PACKAGECONFIG[webgl] = "-DENABLE_WEBGL=ON,-DENABLE_WEBGL=OFF,virtual/libgl"
PACKAGECONFIG[opengl] = "-DENABLE_OPENGL=ON,-DENABLE_OPENGL=OFF,virtual/libgl"
-PACKAGECONFIG[libsecret] = "-DENABLE_CREDENTIAL_STORAGE=ON,-DENABLE_CREDENTIAL_STORAGE=OFF,libsecret"
+PACKAGECONFIG[libsecret] = "-DUSE_LIBSECRET=ON,-DUSE_LIBSECRET=OFF,libsecret"
PACKAGECONFIG[libhyphen] = "-DUSE_LIBHYPHEN=ON,-DUSE_LIBHYPHEN=OFF,libhyphen"
EXTRA_OECMAKE = " \
@@ -67,8 +61,13 @@ EXTRA_OECMAKE = " \
${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_INTROSPECTION=ON', '-DENABLE_INTROSPECTION=OFF', d)} \
${@bb.utils.contains('GTKDOC_ENABLED', 'True', '-DENABLE_GTKDOC=ON', '-DENABLE_GTKDOC=OFF', d)} \
-DENABLE_MINIBROWSER=ON \
+ -DPYTHON_EXECUTABLE=`which python` \
"
+# GL/GLES header clash: both define the same thing, differently, on 32 bit x86
+EXTRA_OECMAKE_append_x86 = " -DUSE_GSTREAMER_GL=OFF "
+EXTRA_OECMAKE_append_x86-x32 = " -DUSE_GSTREAMER_GL=OFF "
+
# Javascript JIT is not supported on powerpc
EXTRA_OECMAKE_append_powerpc = " -DENABLE_JIT=OFF "
EXTRA_OECMAKE_append_powerpc64 = " -DENABLE_JIT=OFF "
@@ -82,6 +81,7 @@ EXTRA_OECMAKE_append_armv4 = " -DENABLE_JIT=OFF "
# https://sourceware.org/bugzilla/show_bug.cgi?id=18430
EXTRA_OECMAKE_append_aarch64 = " -DUSE_LD_GOLD=OFF "
EXTRA_OECMAKE_append_mipsarch = " -DUSE_LD_GOLD=OFF "
+EXTRA_OECMAKE_append_powerpc = " -DUSE_LD_GOLD=OFF "
EXTRA_OECMAKE_append_toolchain-clang = " -DUSE_LD_GOLD=OFF "
EXTRA_OECMAKE_append_aarch64 = " -DWTF_CPU_ARM64_CORTEXA53=ON"
@@ -93,14 +93,14 @@ EXTRA_OECMAKE_append_mipsarch = " -DENABLE_JIT=OFF "
# An attempt was made to upstream JIT support for x32 in
# https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as
# unresolved due to limited X32 adoption.
-EXTRA_OECMAKE_append_linux-gnux32 = " -DENABLE_JIT=OFF"
+EXTRA_OECMAKE_append_x86-x32 = " -DENABLE_JIT=OFF "
SECURITY_CFLAGS_remove_aarch64 = "-fpie"
SECURITY_CFLAGS_append_aarch64 = " -fPIE"
FILES_${PN} += "${libdir}/webkit2gtk-4.0/injected-bundle/libwebkit2gtkinjectedbundle.so"
-RRECOMMENDS_${PN} += "ca-certificates"
+RRECOMMENDS_${PN} += "ca-certificates shared-mime-info"
# http://errors.yoctoproject.org/Errors/Details/20370/
ARM_INSTRUCTION_SET_armv4 = "arm"
@@ -114,3 +114,8 @@ ARM_INSTRUCTION_SET_armv6 = "arm"
ARM_INSTRUCTION_SET_armv7a = "thumb"
ARM_INSTRUCTION_SET_armv7r = "thumb"
ARM_INSTRUCTION_SET_armv7ve = "thumb"
+
+# qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+# Segmentation fault
+GI_DATA_ENABLED_armv7a = "False"
+GI_DATA_ENABLED_armv7ve = "False"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb b/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb
index 42088b9..c282ace 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb
@@ -8,10 +8,11 @@ LICENSE = "GPL-2.0+ & MPL-2.0"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=e7358b9541ccf3029e9705ed8de57968"
# This is needed to ensure we can run the postinst at image creation time
-DEPENDS = "ca-certificates-native"
+DEPENDS = ""
DEPENDS_class-native = "openssl-native"
-DEPENDS_class-nativesdk = "ca-certificates-native openssl-native"
-PACKAGE_WRITE_DEPS += "ca-certificates-native"
+DEPENDS_class-nativesdk = "openssl-native"
+# Need c_rehash from openssl and run-parts from debianutils
+PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
SRCREV = "61b70a1007dc269d56881a0d480fc841daacc77c"
@@ -63,7 +64,7 @@ do_install_append_class-target () {
}
pkg_postinst_${PN} () {
- SYSROOT="$D" update-ca-certificates
+ SYSROOT="$D" $D${sbindir}/update-ca-certificates
}
CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
@@ -71,7 +72,7 @@ CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
do_install_append_class-nativesdk () {
- SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
+ SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
}
do_install_append_class-native () {
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch b/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
new file mode 100644
index 0000000..508df8c
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
@@ -0,0 +1,50 @@
+From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 1 Aug 2017 17:16:46 +0200
+Subject: [PATCH] tftp: reject file name lengths that don't fit
+
+... and thereby avoid telling send() to send off more bytes than the
+size of the buffer!
+
+CVE-2017-1000100
+
+Bug: https://curl.haxx.se/docs/adv_20170809B.html
+Reported-by: Even Rouault
+
+Credit to OSS-Fuzz for the discovery
+
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/358b2b131ad6c095696f20dcfa62b8305263f898
+
+CVE: CVE-2017-1000100
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ lib/tftp.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+Index: curl-7.53.1/lib/tftp.c
+===================================================================
+--- curl-7.53.1.orig/lib/tftp.c
++++ curl-7.53.1/lib/tftp.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -490,6 +490,11 @@ static CURLcode tftp_send_first(tftp_sta
+ if(result)
+ return result;
+
++ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
++ failf(data, "TFTP file name too long\n");
++ return CURLE_TFTP_ILLEGAL; /* too long file name field */
++ }
++
+ snprintf((char *)state->spacket.data+2,
+ state->blksize,
+ "%s%c%s%c", filename, '\0', mode, '\0');
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
new file mode 100644
index 0000000..9eef5e2
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
@@ -0,0 +1,92 @@
+From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 1 Aug 2017 17:16:07 +0200
+Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
+ range
+
+Added test 1289 to verify.
+
+CVE-2017-1000101
+
+Bug: https://curl.haxx.se/docs/adv_20170809A.html
+Reported-by: Brian Carpenter
+
+Upstream-Status: Backport
+CVE: CVE-2017-1000101
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/tool_urlglob.c | 5 ++++-
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++
+ 3 files changed, 40 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1289
+
+Index: curl-7.53.1/src/tool_urlglob.c
+===================================================================
+--- curl-7.53.1.orig/src/tool_urlglob.c
++++ curl-7.53.1/src/tool_urlglob.c
+@@ -269,7 +269,10 @@ static CURLcode glob_range(URLGlob *glob
+ }
+ errno = 0;
+ max_n = strtoul(pattern, &endp, 10);
+- if(errno || (*endp == ':')) {
++ if(errno)
++ /* overflow */
++ endp = NULL;
++ else if(*endp == ':') {
+ pattern = endp+1;
+ errno = 0;
+ step_n = strtoul(pattern, &endp, 10);
+Index: curl-7.53.1/tests/data/Makefile.inc
+===================================================================
+--- curl-7.53.1.orig/tests/data/Makefile.inc
++++ curl-7.53.1/tests/data/Makefile.inc
+@@ -131,6 +131,7 @@ test1244 test1245 test1246 test1247 test
+ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
+ \
+ test1280 test1281 test1282 test1283 test1284 test1285 test1286 \
++test1289 \
+ \
+ test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
+ test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
+Index: curl-7.53.1/tests/data/test1289
+===================================================================
+--- /dev/null
++++ curl-7.53.1/tests/data/test1289
+@@ -0,0 +1,35 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++globbing
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++globbing with overflow and bad syntxx
++</name>
++<command>
++http://ur%20[0-60000000000000000000
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++# curl: (3) [globbing] bad range in column
++<errorcode>
++3
++</errorcode>
++</verify>
++</testcase>
diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb
index bc78ffb..c3e1f89 100644
--- a/meta/recipes-support/curl/curl_7.53.1.bb
+++ b/meta/recipes-support/curl/curl_7.53.1.bb
@@ -12,7 +12,10 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
# curl likes to set -g0 in CFLAGS, so we stop it
# from mucking around with debug options
#
-SRC_URI += " file://configure_ac.patch"
+SRC_URI += " file://configure_ac.patch \
+ file://CVE-2017-1000100.patch \
+ file://CVE-2017-1000101.patch \
+ "
SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542"
SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8"
@@ -20,9 +23,9 @@ SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59b
CVE_PRODUCT = "libcurl"
inherit autotools pkgconfig binconfig multilib_header
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy zlib"
-PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib"
-PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy threaded-resolver zlib"
+PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver zlib"
+PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver zlib"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
@@ -42,6 +45,7 @@ PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
+PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
diff --git a/meta/recipes-support/debianutils/debianutils_4.8.1.bb b/meta/recipes-support/debianutils/debianutils_4.8.1.bb
index 54c345e..12c63ee 100644
--- a/meta/recipes-support/debianutils/debianutils_4.8.1.bb
+++ b/meta/recipes-support/debianutils/debianutils_4.8.1.bb
@@ -34,7 +34,7 @@ PACKAGES =+ "${PN}-run-parts"
FILES_${PN}-run-parts = "${base_bindir}/run-parts.debianutils"
RDEPENDS_${PN} += "${PN}-run-parts"
-
+RDEPENDS_${PN}_class-native = ""
ALTERNATIVE_PRIORITY="30"
ALTERNATIVE_${PN} = "add-shell installkernel remove-shell savelog tempfile which"
@@ -50,3 +50,5 @@ ALTERNATIVE_LINK_NAME[run-parts]="${base_bindir}/run-parts"
ALTERNATIVE_LINK_NAME[savelog]="${bindir}/savelog"
ALTERNATIVE_LINK_NAME[tempfile]="${base_bindir}/tempfile"
ALTERNATIVE_LINK_NAME[which]="${bindir}/which"
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-support/libproxy/libproxy_0.4.14.bb b/meta/recipes-support/libproxy/libproxy_0.4.14.bb
index fcdb82f..62a6a13 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.14.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.14.bb
@@ -8,14 +8,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
DEPENDS = "glib-2.0"
-SRC_URI = "https://github.com/${BPN}/${BPN}/archive/${PV}.tar.gz"
+SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
+SRC_URI[md5sum] = "e7514f78f5432210e17a01b6b618dde2"
+SRC_URI[sha256sum] = "e25d046850346a505c0617646f1e68b660092efadf665548a89c280900262ea6"
UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"
UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"
-SRC_URI[md5sum] = "272dc378efcc3335154cef30d171e84a"
-SRC_URI[sha256sum] = "6220a6cab837a8996116a0568324cadfd09a07ec16b930d2a330e16d5c2e1eb6"
-
inherit cmake pkgconfig
PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gnome', '', d)} gnome3"
diff --git a/meta/recipes-support/libunwind/libunwind.inc b/meta/recipes-support/libunwind/libunwind.inc
index e4ae8df..c8ff836 100644
--- a/meta/recipes-support/libunwind/libunwind.inc
+++ b/meta/recipes-support/libunwind/libunwind.inc
@@ -9,6 +9,7 @@ inherit autotools
PACKAGECONFIG ??= ""
PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
+PACKAGECONFIG[latexdocs] = "--enable-documentaiton, --disable-documentation, latex2man-native"
EXTRA_OECONF_arm = "--enable-debug-frame"
EXTRA_OECONF_aarch64 = "--enable-debug-frame"
diff --git a/scripts/lib/wic/utils/misc.py b/scripts/lib/wic/utils/misc.py
index 4609984..37e0ad6 100644
--- a/scripts/lib/wic/utils/misc.py
+++ b/scripts/lib/wic/utils/misc.py
@@ -153,7 +153,7 @@ class BitbakeVars(defaultdict):
self.default_image = None
self.vars_dir = None
- def _parse_line(self, line, image, matcher=re.compile(r"^(\w+)=(.+)")):
+ def _parse_line(self, line, image, matcher=re.compile(r"^([a-zA-Z0-9\-_+./~]+)=(.*)")):
"""
Parse one line from bitbake -e output or from .env file.
Put result key-value pair into the storage.
diff --git a/scripts/oe-build-perf-report b/scripts/oe-build-perf-report
index ced5ff2..6f0b84f 100755
--- a/scripts/oe-build-perf-report
+++ b/scripts/oe-build-perf-report
@@ -62,11 +62,14 @@ def get_test_runs(repo, tag_name, **kwargs):
log.debug("Found %d tags matching pattern '%s'", len(tags), tag_pattern)
# Parse undefined fields from tag names
- str_fields = dict([(f, r'(?P<{}>[\w\-.]+)'.format(f)) for f in field_names])
+ str_fields = dict([(f, r'(?P<{}>[\w\-.()]+)'.format(f)) for f in field_names])
+ str_fields['branch'] = r'(?P<branch>[\w\-.()/]+)'
str_fields['commit'] = '(?P<commit>[0-9a-f]{7,40})'
str_fields['commit_number'] = '(?P<commit_number>[0-9]{1,7})'
str_fields['tag_number'] = '(?P<tag_number>[0-9]{1,5})'
- str_fields.update(kwargs)
+ # escape parenthesis in fields in order to not messa up the regexp
+ fixed_fields = dict([(k, v.replace('(', r'\(').replace(')', r'\)')) for k, v in kwargs.items()])
+ str_fields.update(fixed_fields)
tag_re = re.compile(tag_name.format(**str_fields))
# Parse fields from tags
@@ -370,7 +373,7 @@ def print_html_report(data, id_comp):
# Chart options
chart_opts = {'haxis': {'min': get_data_item(data[0][0], 'layers.meta.commit_count'),
- 'max': get_data_item(data[0][0], 'layers.meta.commit_count')}
+ 'max': get_data_item(data[-1][0], 'layers.meta.commit_count')}
}
print(html.template.render(metadata=metadata, test_data=tests, chart_opts=chart_opts))
diff --git a/scripts/oe-pkgdata-util b/scripts/oe-pkgdata-util
index 6255662..677effe 100755
--- a/scripts/oe-pkgdata-util
+++ b/scripts/oe-pkgdata-util
@@ -325,8 +325,15 @@ def package_info(args):
recipe_version = recipe_version + "-" + mappings[pkg]['PR']
pkg_size = mappings[pkg]['PKGSIZE']
- items.append("%s %s %s %s %s" %
- (pkg, pkg_version, recipe, recipe_version, pkg_size))
+ line = "%s %s %s %s %s" % (pkg, pkg_version, recipe, recipe_version, pkg_size)
+
+ if args.extra:
+ for var in args.extra:
+ val = mappings[pkg][var].strip()
+ val = re.sub(r'\s+', ' ', val)
+ line += ' "%s"' % val
+
+ items.append(line)
print('\n'.join(items))
def get_recipe_pkgs(pkgdata_dir, recipe, unpackaged):
@@ -530,6 +537,7 @@ def main():
description='Looks up the specified runtime package(s) and display information')
parser_package_info.add_argument('pkg', nargs='*', help='Runtime package name to look up')
parser_package_info.add_argument('-f', '--file', help='Read package names from the specified file (one per line, first field only)')
+ parser_package_info.add_argument('-e', '--extra', help='Extra variables to display, e.g., LICENSE (can be specified multiple times)', action='append')
parser_package_info.set_defaults(func=package_info)
parser_find_path = subparsers.add_parser('find-path',
diff --git a/scripts/runqemu b/scripts/runqemu
index f0ddeea..9b6d330 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -482,6 +482,11 @@ class BaseConfig(object):
if os.access(dev_kvm, os.W_OK|os.R_OK):
self.qemu_opt_script += ' -enable-kvm'
+ if self.get('MACHINE') == "qemux86":
+ # Workaround for broken APIC window on pre 4.15 host kernels which causes boot hangs
+ # See YOCTO #12301
+ # On 64 bit we use x2apic
+ self.kernel_cmdline_script += " clocksource=kvm-clock hpet=disable noapic nolapic"
else:
logger.error("You have no read or write permission on /dev/kvm.")
logger.error("Please change the ownership of this file as described at:")