Browse Source

Merge remote-tracking branch 'upstream/dora' into dora

set-pr-number
Holger Hans Peter Freyther 7 years ago
parent
commit
e12cf92023
  1. 4
      bitbake/lib/bb/fetch2/__init__.py
  2. 4
      bitbake/lib/bb/fetch2/git.py
  3. 10
      documentation/adt-manual/adt-manual.xml
  4. 10
      documentation/bsp-guide/bsp-guide.xml
  5. 173
      documentation/dev-manual/dev-manual-common-tasks.xml
  6. 3
      documentation/dev-manual/dev-manual-model.xml
  7. 10
      documentation/dev-manual/dev-manual.xml
  8. 10
      documentation/kernel-dev/kernel-dev.xml
  9. 10
      documentation/poky.ent
  10. 2
      documentation/profile-manual/profile-manual-intro.xml
  11. 10
      documentation/profile-manual/profile-manual.xml
  12. 16
      documentation/ref-manual/introduction.xml
  13. 10
      documentation/ref-manual/ref-manual.xml
  14. 17
      documentation/tools/mega-manual.sed
  15. 4
      meta-yocto/conf/distro/poky.conf
  16. 2
      meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend
  17. 2
      meta/classes/image.bbclass
  18. 7
      meta/classes/kernel.bbclass
  19. 2
      meta/lib/oe/buildhistory_analysis.py
  20. 6
      meta/lib/oe/sstatesig.py
  21. 81
      meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
  22. 31
      meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
  23. 33
      meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
  24. 118
      meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
  25. 40
      meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch
  26. 38
      meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
  27. 38
      meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
  28. 103
      meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
  29. 31
      meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch
  30. 24
      meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch
  31. 12
      meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
  32. 227
      meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch
  33. 1
      meta/recipes-core/eglibc/eglibc_2.18.bb
  34. 2
      meta/recipes-core/images/build-appliance-image_8.0.bb
  35. 2
      meta/recipes-devtools/binutils/binutils-2.23.2.inc
  36. 31
      meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch
  37. 188
      meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch
  38. 86
      meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh
  39. 2
      meta/recipes-devtools/libtool/libtool-cross_2.4.2.bb
  40. 1
      meta/recipes-devtools/libtool/libtool-native_2.4.2.bb
  41. 24
      meta/recipes-devtools/make/files/doc-make.texi-fix-itemx-must-follow-item.patch
  42. 1
      meta/recipes-devtools/make/make.inc
  43. 1
      meta/recipes-devtools/opkg/opkg.inc
  44. 2
      meta/recipes-devtools/prelink/prelink_git.bb
  45. 22
      meta/recipes-devtools/rpm/rpm/rpm-verify-files.patch
  46. 1
      meta/recipes-devtools/rpm/rpm_5.4.9.bb
  47. 41
      meta/recipes-graphics/mesa/mesa/0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch
  48. 359
      meta/recipes-graphics/mesa/mesa/0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch
  49. 12
      meta/recipes-graphics/mesa/mesa_9.1.6.bb
  50. 12
      meta/recipes-graphics/mesa/mesa_git.bb
  51. 28
      meta/recipes-kernel/perf/perf.bb
  52. 2
      meta/recipes-multimedia/x264/x264_git.bb
  53. 6
      meta/recipes-support/consolekit/consolekit_0.4.6.bb
  54. 30
      meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
  55. 1
      meta/recipes-support/gnutls/gnutls_2.12.23.bb

4
bitbake/lib/bb/fetch2/__init__.py

@ -807,9 +807,9 @@ def try_mirror_url(newuri, origud, ud, ld, check = False):
os.symlink(ud.localpath, dest)
if not os.path.exists(origud.donestamp) or origud.method.need_update(origud.url, origud, ld):
origud.method.download(origud.url, origud, ld)
if hasattr(ud.method,"build_mirror_data"):
if hasattr(origud.method,"build_mirror_data"):
origud.method.build_mirror_data(origud.url, origud, ld)
return None
return ud.localpath
# Otherwise the result is a local file:// and we symlink to it
if not os.path.exists(origud.localpath):
if os.path.islink(origud.localpath):

4
bitbake/lib/bb/fetch2/git.py

@ -305,8 +305,8 @@ class Git(FetchMethod):
username = ""
basecmd = data.getVar("FETCHCMD_git", d, True) or "git"
cmd = "%s ls-remote %s://%s%s%s %s" % \
(basecmd, ud.proto, username, ud.host, ud.path, ud.branches[name])
cmd = "%s ls-remote %s://%s%s%s refs/heads/%s refs/tags/%s" % \
(basecmd, ud.proto, username, ud.host, ud.path, ud.branches[name], ud.branches[name])
if ud.proto.lower() != 'file':
bb.fetch2.check_network_access(d, cmd)
output = runfetchcmd(cmd, d, True)

10
documentation/adt-manual/adt-manual.xml

@ -71,6 +71,16 @@
<date>January 2014</date>
<revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.2</revnumber>
<date>May 2014</date>
<revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.3</revnumber>
<date>July 2014</date>
<revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
</revision>
</revhistory>
<copyright>

10
documentation/bsp-guide/bsp-guide.xml

@ -83,6 +83,16 @@
<date>January 2014</date>
<revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.2</revnumber>
<date>May 2014</date>
<revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.3</revnumber>
<date>July 2014</date>
<revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
</revision>
</revhistory>
<copyright>

173
documentation/dev-manual/dev-manual-common-tasks.xml

@ -1940,7 +1940,7 @@
format the device requires.
Should your device require multiple partitions on an SD card, flash,
or an HDD, you can use the OpenEmbedded Image Creator
() to create the properly partitioned image.
to create the properly partitioned image.
</para>
<para>
@ -1949,8 +1949,10 @@
Image generation is driven by partitioning commands contained
in an Openembedded kickstart file (<filename>.wks</filename>)
specified either directly on the command-line or as one of a
selection of canned <filename>.wks</filename> files
(see 'wic list images').
selection of canned <filename>.wks</filename> files as shown
with the <filename>wic list images</filename> command in the
"<link linkend='using-a-provided-kickstart_file'>Using a Provided Kickstart File</link>"
section.
When applied to a given set of build artifacts, the result is an
image or set of images that can be directly written onto media and
used on a particular system.
@ -2003,34 +2005,6 @@
</para>
</section>
<!--
<para>
This section covers the mechanics of invoking and providing help for
the command and sub-commands; it contains hooks for future commits to
connect with the actual functionality, once implemented.
</para>
<para>
Help is integrated into the 'wic' command itself - you can also see
that for details and reminders on usage (simply invoke 'wic' without
any arguments to get started).
</para>
<note>
Just because 'wic' can generate an image does not mean that it
will boot on a given machine. 'wic' tries to spot the most obvious
usages that are likely to cause problems but, as a relatively
low-level tool, it can't in general figure out whether a generated
image is appropriate for a given piece of hardware - it's really up to
you to provide intelligent inputs to the image creation process. If
you suspect that your image is not working as expected due to some bug
or missing feature of the tool, please file a bug report describing
the details.
</note>
-->
<section id='wic-requirements'>
<title>Requirements</title>
@ -2125,20 +2099,71 @@ the details.
command-line arguments.</para></listitem>
<listitem><para><emphasis>Cooked Mode:</emphasis>
The current
<ulink url='&YOCTO_DOCS_REF_URL;var-MACHINE'><filename>MACHINE</filename></ulink>
<ulink url='&YOCTO_DOCS_REF_URL;#var-MACHINE'><filename>MACHINE</filename></ulink>
setting and image name are used to automatically locate
and provide the build artifacts.</para></listitem>
</itemizedlist>
</para>
<para>
Regardless of the mode you use, you need to have the build
artifacts ready and available.
Additionally, the environment must be set up using the
<ulink url='&YOCTO_DOCS_REF_URL;#structure-core-script'><filename>&OE_INIT_FILE;</filename></ulink>
or
<ulink url='&YOCTO_DOCS_REF_URL;#structure-memres-core-script'><filename>oe-init-build-env-memres</filename></ulink>
script found in the
<link linkend='build-directory'>Build Directory</link>.
</para>
<section id='raw-mode'>
<title>Raw Mode</title>
<para>
The general form of the 'wic' command in raw mode is:
<literallayout class='monospaced'>
$ wic create &lt;image_name&gt;.wks -r &lt;rootfs_dir&gt; -b &lt;bootimg_dir&gt; /
-k &lt;kernel_dir&gt; -n &lt;native_sysroot&gt;
$ wic create <replaceable>image_name</replaceable>.wks [<replaceable>options</replaceable>] [...]
Where:
<replaceable>image_name</replaceable>.wks
An an OpenEmbedded kickstart file. You can provide
your own custom file or use a file from a set of
provided files as described by further options.
-o <replaceable>OUTDIR</replaceable>, --outdir=<replaceable>OUTDIR</replaceable>
The name of a directory in which to create image.
-i <replaceable>PROPERTIES_FILE</replaceable>, --infile=<replaceable>PROPERTIES_FILE</replaceable>
The name of a file containing the values for image
properties as a JSON file.
-e <replaceable>IMAGE_NAME</replaceable>, --image-name=<replaceable>IMAGE_NAME</replaceable>
The name of the image from which to use the artifacts
(e.g. <filename>core-image-sato</filename>).
-r <replaceable>ROOTFS_DIR</replaceable>, --rootfs-dir=<replaceable>ROOTFS_DIR</replaceable>
The path to the <filename>/rootfs</filename> directory to use as the
<filename>.wks</filename> rootfs source.
-b <replaceable>BOOTIMG_DIR</replaceable>, --bootimg-dir=<replaceable>BOOTIMG_DIR</replaceable>
The path to the directory containing the boot artifacts
(e.g. <filename>/EFI</filename> or <filename>/syslinux</filename>) to use as the <filename>.wks</filename> bootimg
source.
-k <replaceable>KERNEL_DIR</replaceable>, --kernel-dir=<replaceable>KERNEL_DIR</replaceable>
The path to the directory containing the kernel to use
in the <filename>.wks</filename> boot image.
-n <replaceable>NATIVE_SYSROOT</replaceable>, --native-sysroot=<replaceable>NATIVE_SYSROOT</replaceable>
The path to the native sysroot containing the tools to use
to build the image.
-p, --skip-build-check
Skips the build check.
-D, --debug
Output debug information.
</literallayout>
<note>
You do not need root privileges to run
@ -2147,37 +2172,6 @@ the details.
utility.
</note>
</para>
<para>
Following is a description of the <filename>wic</filename>
parameters and options:
<itemizedlist>
<listitem><para><emphasis><filename>&lt;image_name&gt;.wks</filename>:</emphasis>
An OpenEmbedded kickstart file.
You can provide your own custom file or use a
file from a set of provided files as described
following this list.</para></listitem>
<listitem><para><emphasis><filename>-r &lt;rootfs_dir&gt;</filename>:</emphasis>
Specifies the path to the root filesystem directory
to be used and the <filename>.wks</filename>
root filesystem source.</para></listitem>
<listitem><para><emphasis><filename>-b &lt;bootimg_dir&gt;</filename>:</emphasis>
Specifies the path to the directory that contains
the boot artifacts (e.g. the
<filename>EFI</filename> or
<filename>syslinux</filename> directories) to use
as the <filename>.wks</filename> boot image source.
</para></listitem>
<listitem><para><emphasis><filename>-k &lt;kernel_dir&gt;</filename>:</emphasis>
Specifies the path to the dir containing the kernel
to use in the <filename>.wks</filename> boot
image.</para></listitem>
<listitem><para><emphasis><filename>-n &lt;native_sysroot&gt;</filename>:</emphasis>
Specifies the path to the native sysroot
that contains the tools used to build the image.
</para></listitem>
</itemizedlist>
</para>
</section>
<section id='cooked-mode'>
@ -2187,7 +2181,17 @@ the details.
The general form of the <filename>wic</filename> command
using Cooked Mode is:
<literallayout class='monospaced'>
$ wic create &lt;kickstart_file&gt; -e &lt;image_name&gt;
$ wic create <replaceable>kickstart_file</replaceable> -e <replaceable>image_name</replaceable>
Where:
<replaceable>kickstart_file</replaceable>
An OpenEmbedded kickstart file. You can provide your own
custom file or supplied file.
<replaceable>image_name</replaceable>
Specifies the image built using the OpenEmbedded build
system.
</literallayout>
This form is the simplest and most user-friendly, as it
does not require specifying all individual parameters.
@ -2195,20 +2199,6 @@ the details.
<filename>.wks</filename> file or one provided with the
release.
</para>
<para>
Following is a description of the <filename>wic</filename>
parameters and options:
<itemizedlist>
<listitem><para><emphasis><filename>&lt;kickstart&gt;</filename>:</emphasis>
An OpenEmbedded kickstart file.
You can provide your own custom file or supplied
file.</para></listitem>
<listitem><para><emphasis><filename>-e &lt;image_name&gt;</filename>:</emphasis>
Specifies the image built using the OpenEmbedded
build system.</para></listitem>
</itemizedlist>
</para>
</section>
</section>
@ -2222,16 +2212,16 @@ the details.
Use the following command to list the available files:
<literallayout class='monospaced'>
$ wic list images
mkefidisk Create an EFI disk image
directdisk Create a 'pcbios' direct disk image
mkefidisk Create an EFI disk image
</literallayout>
When you use a provided file, you do not have to use the
<filename>.wks</filename> extension.
Here is an example in Raw Mode that uses the
<filename>directdisk</filename> file:
<literallayout class='monospaced'>
$ wic create directdisk -r &lt;rootfs_dir&gt; -b &lt;bootimg_dir&gt; \
-k &lt;kernel_dir&gt; -n &lt;native_sysroot&gt;
$ wic create directdisk -r <replaceable>rootfs_dir</replaceable> -b <replaceable>bootimg_dir</replaceable> \
-k <replaceable>kernel_dir</replaceable> -n <replaceable>native_sysroot</replaceable>
</literallayout>
</para>
@ -2244,13 +2234,13 @@ the details.
# long-description: Creates a partitioned EFI disk image that the user
# can directly dd to boot media.
part /boot --source bootimg --ondisk sda --fstype=efi --label msdos --active --align 1024
part /boot &dash;&dash;source bootimg-efi &dash;&dash;ondisk sda &dash;&dash;fstype=efi &dash;&dash;active
part / --source rootfs --ondisk sda --fstype=ext3 --label platform --align 1024
part / &dash;&dash;source rootfs &dash;&dash;ondisk sda &dash;&dash;fstype=ext3 &dash;&dash;label platform
part swap --ondisk sda --size 44 --label swap1 --fstype=swap
part swap &dash;&dash;ondisk sda &dash;&dash;size 44 &dash;&dash;label swap1 &dash;&dash;fstype=swap
bootloader --timeout=10 --append="rootwait rootfstype=ext3 console=ttyPCH0,115200 console=tty0 vmalloc=256MB snd-hda- intel.enable_msi=0"
bootloader &dash;&dash;timeout=10 &dash;&dash;append="rootwait console=ttyPCH0,115200"
</literallayout>
</para>
</section>
@ -2377,7 +2367,8 @@ the details.
directory and then changing the lines that specify the
target disk from which to boot.
<literallayout class='monospaced'>
$ cp /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisk.wks /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisksdb.wks
$ cp /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisk.wks \
/home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisksdb.wks
</literallayout>
Next, the example modifies the
<filename>directdisksdb.wks</filename> file and changes all
@ -2474,7 +2465,11 @@ the details.
somewhere other than the default
<filename>/var/tmp/wic</filename> directory:
<literallayout class='monospaced'>
$ wic create ~/test.wks -o /home/trz/testwic --rootfs-dir /home/trz/yocto/yocto-image/build/tmp/work/crownbay_noemgd-poky-linux/core-image-minimal/1.0-r0/rootfs --bootimg-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/share --kernel-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/src/kernel --native-sysroot /home/trz/yocto/yocto-image/build/tmp/sysroots/x86_64-linux
$ wic create ~/test.wks -o /home/trz/testwic --rootfs-dir \
/home/trz/yocto/yocto-image/build/tmp/work/crownbay_noemgd-poky-linux/core-image-minimal/1.0-r0/rootfs \
--bootimg-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/share \
--kernel-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/src/kernel \
--native-sysroot /home/trz/yocto/yocto-image/build/tmp/sysroots/x86_64-linux
Creating image(s)...

3
documentation/dev-manual/dev-manual-model.xml

@ -18,8 +18,7 @@
"<ulink url='&YOCTO_DOCS_BSP_URL;#creating-a-new-bsp-layer-using-the-yocto-bsp-script'>Creating a New BSP Layer Using the yocto-bsp Script</ulink>"
section in the Yocto Project Board Support Package (BSP) Developer's Guide.
For more complete information on how to work with the kernel, see the
<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel
Development Manual</ulink>.
<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel Development Manual</ulink>.
</para></listitem>
<listitem><para><emphasis>User Application Development:</emphasis>
User Application Development covers development of applications that you intend

10
documentation/dev-manual/dev-manual.xml

@ -61,6 +61,16 @@
<date>January 2014</date>
<revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.2</revnumber>
<date>May 2014</date>
<revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.3</revnumber>
<date>July 2014</date>
<revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
</revision>
</revhistory>
<copyright>

10
documentation/kernel-dev/kernel-dev.xml

@ -46,6 +46,16 @@
<date>January 2014</date>
<revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.2</revnumber>
<date>May 2014</date>
<revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.3</revnumber>
<date>July 2014</date>
<revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
</revision>
</revhistory>
<copyright>

10
documentation/poky.ent

@ -1,9 +1,9 @@
<!ENTITY DISTRO "1.5.1">
<!ENTITY DISTRO_COMPRESSED "151">
<!ENTITY DISTRO "1.5.3">
<!ENTITY DISTRO_COMPRESSED "153">
<!ENTITY DISTRO_NAME "dora">
<!ENTITY YOCTO_DOC_VERSION "1.5.1">
<!ENTITY POKYVERSION "10.0.1">
<!ENTITY POKYVERSION_COMPRESSED "1001">
<!ENTITY YOCTO_DOC_VERSION "1.5.3">
<!ENTITY POKYVERSION "10.0.3">
<!ENTITY POKYVERSION_COMPRESSED "1003">
<!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
<!ENTITY COPYRIGHT_YEAR "2010-2014">
<!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">

2
documentation/profile-manual/profile-manual-intro.xml

@ -4,7 +4,7 @@
<chapter id='profile-manual-intro'>
<title>Yocto Project Tracing and Profiling Manual</title>
<title>Yocto Project Profiling and Tracing Manual</title>
<section id='intro'>
<title>Introduction</title>

10
documentation/profile-manual/profile-manual.xml

@ -46,6 +46,16 @@
<date>January 2014</date>
<revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.2</revnumber>
<date>May 2014</date>
<revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.3</revnumber>
<date>July 2014</date>
<revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
</revision>
</revhistory>
<copyright>

16
documentation/ref-manual/introduction.xml

@ -285,11 +285,17 @@
<para>
The following list shows the required packages by function
given a supported CentOS Linux distribution:
<note>Depending on the CentOS version you are using, other requirements
and dependencies might exist.
For details, you should look at the CentOS sections on the
<ulink url='https://wiki.yoctoproject.org/wiki/Poky/GettingStarted/Dependencies'>Poky/GettingStarted/Dependencies</ulink>
wiki page.
<note>
For CentOS 6.x, some of the versions of the components
provided by the distribution are too old (e.g. Git, Python,
and tar).
It is recommended that you install the buildtools in order
to provide versions that will work with the OpenEmbedded
build system.
For information on how to install the buildtools tarball,
see the
"<link linkend='required-git-tar-and-python-versions'>Required Git, Tar, and Python Versions</link>"
section.
</note>
<itemizedlist>
<listitem><para><emphasis>Essentials:</emphasis>

10
documentation/ref-manual/ref-manual.xml

@ -77,6 +77,16 @@
<date>January 2014</date>
<revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.2</revnumber>
<date>May 2014</date>
<revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
</revision>
<revision>
<revnumber>1.5.3</revnumber>
<date>July 2014</date>
<revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
</revision>
</revhistory>
<copyright>

17
documentation/tools/mega-manual.sed

@ -1,13 +1,14 @@
# Processes ref-manual and yocto-project-qs manual (<word>-<word>-<word> style)
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
# Processes all other manuals (<word>-<word> style)
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
# Process cases where just an external manual is referenced without an id anchor
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g

4
meta-yocto/conf/distro/poky.conf

@ -1,7 +1,7 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
DISTRO_VERSION = "1.5.1"
DISTRO_CODENAME = "next"
DISTRO_VERSION = "1.5.3"
DISTRO_CODENAME = "dora"
SDK_VENDOR = "-pokysdk"
SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"

2
meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend

@ -1,2 +1,2 @@
FILESEXTRAPATHS_prepend_poky := "${THISDIR}/${P}:"
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"

2
meta/classes/image.bbclass

@ -410,7 +410,7 @@ log_check() {
done
}
MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|"
MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|/lib/modules/[^/]*/modules.*|"
MULTILIB_CHECK_FILE = "${WORKDIR}/multilib_check.py"
MULTILIB_TEMP_ROOTFS = "${WORKDIR}/multilib"

7
meta/classes/kernel.bbclass

@ -337,8 +337,7 @@ ALLOW_EMPTY_kernel-image = "1"
ALLOW_EMPTY_kernel-modules = "1"
DESCRIPTION_kernel-modules = "Kernel modules meta package"
pkg_postinst_kernel-image () {
update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
pkg_postinst_kernel-base () {
if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then
mkdir -p $D/lib/modules/${KERNEL_VERSION}
fi
@ -349,6 +348,10 @@ pkg_postinst_kernel-image () {
fi
}
pkg_postinst_kernel-image () {
update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
}
pkg_postrm_kernel-image () {
update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true
}

2
meta/lib/oe/buildhistory_analysis.py

@ -400,7 +400,7 @@ def process_changes(repopath, revision1, revision2 = 'HEAD', report_all = False)
chg = ChangeRecord(path, filename, d.a_blob.data_stream.read(), d.b_blob.data_stream.read(), True)
changes.append(chg)
elif filename == 'image-info.txt':
changes.extend(compare_dict_blobs(path, d.a_blob, d.b_blob, report_all, report_ver))
changes.extend(compare_dict_blobs(path, d.a_blob, d.b_blob, report_all))
elif '/image-files/' in path:
chg = ChangeRecord(path, filename, d.a_blob.data_stream.read(), d.b_blob.data_stream.read(), True)
changes.append(chg)

6
meta/lib/oe/sstatesig.py

@ -10,7 +10,9 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache):
return x.startswith("nativesdk-")
def isKernel(fn):
inherits = " ".join(dataCache.inherits[fn])
return inherits.find("module-base.bbclass") != -1 or inherits.find("linux-kernel-base.bbclass") != -1
return inherits.find("/module-base.bbclass") != -1 or inherits.find("/linux-kernel-base.bbclass") != -1
def isImage(fn):
return "/image.bbclass" in " ".join(dataCache.inherits[fn])
# Always include our own inter-task dependencies
if recipename == depname:
@ -32,7 +34,7 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache):
return False
# Exclude well defined machine specific configurations which don't change ABI
if depname in siggen.abisaferecipes:
if depname in siggen.abisaferecipes and not isImage(fn):
return False
# Exclude well defined recipe->dependency

81
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch

@ -0,0 +1,81 @@
From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 20 Dec 2013 15:26:50 +0000
Subject: [PATCH] Fix DTLS retransmission from previous session.
Upstream-Status: Backport
commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
---
ssl/d1_both.c | 6 ++++++
ssl/ssl_locl.h | 2 ++
ssl/t1_enc.c | 17 +++++++++++------
4 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 65ec001..7a5596a 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
+
+ if (frag->msg_header.is_ccs)
+ {
+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+ }
if (frag->fragment) OPENSSL_free(frag->fragment);
if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 96ce9a7..e485907 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
+
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 72015f5..56db834 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
- if (s->enc_write_ctx != NULL)
+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ if (SSL_IS_DTLS(s))
+ {
+ mac_ctx = EVP_MD_CTX_create();
+ if (!mac_ctx)
+ goto err;
+ s->write_hash = mac_ctx;
+ }
+ else
+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
--
1.7.5.4

31
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch

@ -0,0 +1,31 @@
From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 6 Jan 2014 14:35:04 +0000
Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
Upstream-Status: Backport
commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream
ssl/s3_both.c | 6 +++++-
3 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 1e5dcab..53b9390 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
{
const char *sender;
int slen;
-
+ /* If no new cipher setup return immediately: other functions will
+ * set the appropriate error.
+ */
+ if (s->s3->tmp.new_cipher == NULL)
+ return;
if (s->state & SSL_ST_CONNECT)
{
sender=s->method->ssl3_enc->server_finished_label;
--
1.7.5.4

33
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch

@ -0,0 +1,33 @@
From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 19 Dec 2013 14:37:39 +0000
Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
Upstream-Status: Backport
commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
---
ssl/s3_lib.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bf832bb..c4ef273 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+ if (s->method->version == TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;
--
1.7.5.4

118
meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch

@ -0,0 +1,118 @@
From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 6 Apr 2014 00:51:06 +0100
Subject: [PATCH] Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
Patch (tweaked version of upstream fix without CHANGES change) borrowed
from Debian.
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
ssl/d1_both.c | 26 ++++++++++++++++++--------
ssl/t1_lib.c | 14 +++++++++-----
3 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7a5596a..2e8cf68 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
+ unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
int r;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+ buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
/* Random padding */
RAND_pseudo_bytes(bp, padding);
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
if (r >= 0 && s->msg_callback)
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
- buffer, 3 + payload + padding,
+ buffer, write_length,
s, s->msg_callback_arg);
OPENSSL_free(buffer);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b82fada..bddffd9 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
--
1.9.1

40
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch

@ -0,0 +1,40 @@
commit 208d54db20d58c9a5e45e856a0650caadd7d9612
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Tue May 13 18:48:31 2014 +0100
Fix for CVE-2014-0195
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Fixed by adding consistency check for DTLS fragments.
Thanks to Jüri Aedla for reporting this issue.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2e8cf68..07f67f8 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
frag->msg_header.frag_off = 0;
}
else
+ {
frag = (hm_fragment*) item->data;
+ if (frag->msg_header.msg_len != msg_hdr->msg_len)
+ {
+ item = NULL;
+ frag = NULL;
+ goto err;
+ }
+ }
+
/* If message is already reassembled, this must be a
* retransmit and can be dropped.

38
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch

@ -0,0 +1,38 @@
From: Matt Caswell <matt@openssl.org>
Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
Subject: Fixed NULL pointer dereference. See PR#3321
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
Fixed NULL pointer dereference. See PR#3321
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 40eb0dd..d961d12 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_BUFFER *wb=&(s->s3->wbuf);
SSL_SESSION *sess;
- if (wb->buf == NULL)
- if (!ssl3_setup_write_buffer(s))
- return -1;
/* first check if there is a SSL3_BUFFER still being written
* out. This will happen with non blocking IO */
@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* if it went, fall through and send more stuff */
}
+ if (wb->buf == NULL)
+ if (!ssl3_setup_write_buffer(s))
+ return -1;
+
if (len == 0 && !create_empty_fragment)
return 0;

38
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch

@ -0,0 +1,38 @@
commit d30e582446b027868cdabd0994681643682045a4
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri May 16 13:00:45 2014 +0100
Fix CVE-2014-0221
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 07f67f8..4c2fd03 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
int i,al;
struct hm_header_st msg_hdr;
+ redo:
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
s->msg_callback_arg);
s->init_num = 0;
- return dtls1_get_message_fragment(s, st1, stn,
- max, ok);
+ goto redo;
}
else /* Incorrectly formated Hello request */
{

103
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch

@ -0,0 +1,103 @@
Fix for CVE-2014-0224
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200
+++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200
@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+#define SSL3_FLAGS_CCS_OK 0x0080
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200
@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0) goto end;
@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
}
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit=1;
}
else /* a miss or crap from the other end */
diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200
+++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200
@@ -1298,6 +1298,15 @@ start:
goto f_err;
}
+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
rr->length=0;
if (s->msg_callback)
@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL)
+ if (s->session == NULL || s->session->master_key_length == 0)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200
+++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200
@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen)
+ {
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
+ }
else
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#endif

31
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch

@ -0,0 +1,31 @@
commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Thu May 29 15:00:05 2014 +0100
Fix CVE-2014-3470
Check session_cert is not NULL before dereferencing it.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d35376d..4324f8d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
int ecdh_clnt_cert = 0;
int field_size = 0;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
/* Did we send out the client's
* ECDH share for use in premaster
* computation as part of client certificate?

24
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch

@ -0,0 +1,24 @@
openssl fix for CVE-2010-5298
Upstream-Status: Backport
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1013,7 +1013,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}

12
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb

@ -6,7 +6,7 @@ DEPENDS += "ocf-linux"
CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
PR = "${INC_PR}.0"
PR = "${INC_PR}.2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
@ -34,6 +34,16 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
file://find.pl \
file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
file://CVE-2014-0160.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
file://openssl-1.0.1e-cve-2014-0221.patch \
file://openssl-1.0.1e-cve-2014-0224.patch \
file://openssl-1.0.1e-cve-2014-3470.patch \
file://openssl-CVE-2010-5298.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"

227
meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch

@ -0,0 +1,227 @@
Upstream-Status: Backport
Concatenated fix of PowerPC time related system calls in eglibc 2.18 taken
from upstream glibc. Eglibc 2.17 does not have this issue and the patches are
already part of 2.19.
This compilation includes the following committs:
PowerPC: Fix vDSO missing ODP entries
author Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Thu, 7 Nov 2013 11:34:22 +0000 (05:34 -0600)
This patch fixes the vDSO symbol used directed in IFUNC resolver where
they do not have an associated ODP entry leading to undefined behavior
in some cases. It adds an artificial OPD static entry to such cases
and set its TOC to non 0 to avoid triggering lazy resolutions.
Update copyright notices with scripts/update-copyrights
author Allan McRae <allan@archlinux.org>
Wed, 1 Jan 2014 11:03:15 +0000 (21:03 +1000)
((Only for files otherwise touched by this patch))
PowerPC: Fix ftime gettimeofday internal call returning bogus data
author Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Thu, 16 Jan 2014 12:53:18 +0000 (06:53 -0600)
This patches fixes BZ#16430 by setting a different symbol for internal
GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol
is defined as hidden (which is the case for gettimeofday and time) the
compiler will create local branches (symbol@local) and linker will not
create PLT calls (required for IFUNC). This will leads to internal symbol
calling the IFUNC resolver instead of the resolved symbol.
For PPC64 this behavior does not occur because a call to a function in
another translation unit might use a different toc pointer thus requiring
a PLT call.
PowerPC: Fix gettimeofday ifunc selection
author Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Mon, 20 Jan 2014 18:29:51 +0000 (12:29 -0600)
The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where
__vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal
version used within GLIBC) to use the system call version instead of the vDSO one.
This patch changes the check if vDSO is available to get its value directly
instead of rely on __vdso_gettimeofday.
This patch changes it by getting the vDSO value directly.
It fixes BZ#16431.
---
diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h libc/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h
--- libc.orig/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h
+++ libc/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h
@@ -1,5 +1,5 @@
/* Resolve function pointers to VDSO functions.
- Copyright (C) 2005-2013 Free Software Foundation, Inc.
+ Copyright (C) 2005-2014 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -34,12 +34,32 @@ extern void *__vdso_getcpu;
extern void *__vdso_time;
-/* This macro is needed for PPC64 to return a skeleton OPD entry of a vDSO
- symbol. This works because _dl_vdso_vsym always return the function
- address, and no vDSO symbols use the TOC or chain pointers from the OPD
- so we can allow them to be garbage. */
#if defined(__PPC64__) || defined(__powerpc64__)
-#define VDSO_IFUNC_RET(value) ((void *) &(value))
+/* The correct solution is for _dl_vdso_vsym to return the address of the OPD
+ for the kernel VDSO function. That address would then be stored in the
+ __vdso_* variables and returned as the result of the IFUNC resolver function.
+ Yet, the kernel does not contain any OPD entries for the VDSO functions
+ (incomplete implementation). However, PLT relocations for IFUNCs still expect
+ the address of an OPD to be returned from the IFUNC resolver function (since
+ PLT entries on PPC64 are just copies of OPDs). The solution for now is to
+ create an artificial static OPD for each VDSO function returned by a resolver
+ function. The TOC value is set to a non-zero value to avoid triggering lazy
+ symbol resolution via .glink0/.plt0 for a zero TOC (requires thread-safe PLT
+ sequences) when the dynamic linker isn't prepared for it e.g. RTLD_NOW. None
+ of the kernel VDSO routines use the TOC or AUX values so any non-zero value
+ will work. Note that function pointer comparisons will not use this artificial
+ static OPD since those are resolved via ADDR64 relocations and will point at
+ the non-IFUNC default OPD for the symbol. Lastly, because the IFUNC relocations
+ are processed immediately at startup the resolver functions and this code need
+ not be thread-safe, but if the caller writes to a PLT slot it must do so in a
+ thread-safe manner with all the required barriers. */
+#define VDSO_IFUNC_RET(value) \
+ ({ \
+ static Elf64_FuncDesc vdso_opd = { .fd_toc = ~0x0 }; \
+ vdso_opd.fd_func = (Elf64_Addr)value; \
+ &vdso_opd; \
+ })
+
#else
#define VDSO_IFUNC_RET(value) ((void *) (value))
#endif
diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c libc/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
--- libc.orig/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
+++ libc/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2005-2013 Free Software Foundation, Inc.
+/* Copyright (C) 2005-2014 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -22,6 +22,7 @@
# include <dl-vdso.h>
# include <bits/libc-vdso.h>
+# include <dl-machine.h>
void *gettimeofday_ifunc (void) __asm__ ("__gettimeofday");
@@ -34,17 +35,36 @@ __gettimeofday_syscall (struct timeval *
void *
gettimeofday_ifunc (void)
{
+ PREPARE_VERSION (linux2615, "LINUX_2.6.15", 123718565);
+
/* If the vDSO is not available we fall back syscall. */
- return (__vdso_gettimeofday ? VDSO_IFUNC_RET (__vdso_gettimeofday)
- : __gettimeofday_syscall);
+ void *vdso_gettimeofday = _dl_vdso_vsym ("__kernel_gettimeofday", &linux2615);
+ return (vdso_gettimeofday ? VDSO_IFUNC_RET (vdso_gettimeofday)
+ : (void*)__gettimeofday_syscall);
}
asm (".type __gettimeofday, %gnu_indirect_function");
/* This is doing "libc_hidden_def (__gettimeofday)" but the compiler won't
let us do it in C because it doesn't know we're defining __gettimeofday
here in this file. */
-asm (".globl __GI___gettimeofday\n"
- "__GI___gettimeofday = __gettimeofday");
+asm (".globl __GI___gettimeofday");
+
+/* __GI___gettimeofday is defined as hidden and for ppc32 it enables the
+ compiler make a local call (symbol@local) for internal GLIBC usage. It
+ means the PLT won't be used and the ifunc resolver will be called directly.
+ For ppc64 a call to a function in another translation unit might use a
+ different toc pointer thus disallowing direct branchess and making internal
+ ifuncs calls safe. */
+#ifdef __powerpc64__
+asm ("__GI___gettimeofday = __gettimeofday");
+#else
+int
+__gettimeofday_vsyscall (struct timeval *tv, struct timezone *tz)
+{
+ return INLINE_VSYSCALL (gettimeofday, 2, tv, tz);
+}
+asm ("__GI___gettimeofday = __gettimeofday_vsyscall");
+#endif
#else
diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/time.c libc/sysdeps/unix/sysv/linux/powerpc/time.c
--- libc.orig/sysdeps/unix/sysv/linux/powerpc/time.c
+++ libc/sysdeps/unix/sysv/linux/powerpc/time.c
@@ -1,5 +1,5 @@
/* time system call for Linux/PowerPC.
- Copyright (C) 2013 Free Software Foundation, Inc.
+ Copyright (C) 2013-2014 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -20,7 +20,9 @@
# include <time.h>
# include <sysdep.h>
+# include <dl-vdso.h>
# include <bits/libc-vdso.h>
+# include <dl-machine.h>
void *time_ifunc (void) asm ("time");
@@ -43,17 +45,36 @@ time_syscall (time_t *t)
void *
time_ifunc (void)
{
+ PREPARE_VERSION (linux2615, "LINUX_2.6.15", 123718565);
+
/* If the vDSO is not available we fall back to the syscall. */
- return (__vdso_time ? VDSO_IFUNC_RET (__vdso_time)
- : time_syscall);
+ void *vdso_time = _dl_vdso_vsym ("__kernel_time", &linux2615);
+ return (vdso_time ? VDSO_IFUNC_RET (vdso_time)
+ : (void*)time_syscall);
}
asm (".type time, %gnu_indirect_function");
/* This is doing "libc_hidden_def (time)" but the compiler won't
* let us do it in C because it doesn't know we're defining time
* here in this file. */
-asm (".globl __GI_time\n"
- "__GI_time = time");
+asm (".globl __GI_time");
+
+/* __GI_time is defined as hidden and for ppc32 it enables the
+ compiler make a local call (symbol@local) for internal GLIBC usage. It
+ means the PLT won't be used and the ifunc resolver will be called directly.
+ For ppc64 a call to a function in another translation unit might use a
+ different toc pointer thus disallowing direct branchess and making internal
+ ifuncs calls safe. */
+#ifdef __powerpc64__
+asm ("__GI_time = time");
+#else
+time_t
+__time_vsyscall (time_t *t)
+{
+ return INLINE_VSYSCALL (time, 1, t);
+}
+asm ("__GI_time = __time_vsyscall");
+#endif
#else

1
meta/recipes-core/eglibc/eglibc_2.18.bb

@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr23
file://fix-tibetian-locales.patch \
file://0001-ARM-Pass-dl_hwcap-to-IFUNC-resolver.patch \
file://make-4.patch \
file://ppc-fix-time-related-syscalls.patch \
"
SRC_URI[md5sum] = "b395b021422a027d89884992e91734fc"
SRC_URI[sha256sum] = "15f564b45dc5dd65faf0875579e3447961ae61e876933384ae05d19328539ad4"

2
meta/recipes-core/images/build-appliance-image_8.0.bb

@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk"
inherit core-image
SRCREV ?= "785b7e392922453698dd8b21cae5b229a9352031"
SRCREV ?= "4278b11da97f6fbb5da16dffe46e797923063da9"
SRC_URI = "git://git.yoctoproject.org/poky \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \

2
meta/recipes-devtools/binutils/binutils-2.23.2.inc

@ -30,6 +30,8 @@ SRC_URI = "\
${BACKPORT} \
file://binutils-fix-over-array-bounds-issue.patch \
file://binutils-xlp-support.patch \
file://replace_macros_with_static_inline.patch \
file://0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch \
"
BACKPORT = "\

31
meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch

@ -0,0 +1,31 @@
Upstream-Status: Backport
From 0a09fb4a09e80c36fa3ef763ae276fd13d272a36 Mon Sep 17 00:00:00 2001
From: Hans-Peter Nilsson <hp@bitrange.com>
Date: Sat, 1 Feb 2014 01:11:28 +0100
Subject: [PATCH] Fix MMIX build breakage from bfd_set_section_vma change.
* emultempl/mmix-elfnmmo.em (mmix_after_allocation): Fix typo in
call to bfd_set_section_vma exposed by recent bfd_set_section_vma
change.
---
ld/ChangeLog | 6 ++++++
ld/emultempl/mmix-elfnmmo.em | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/ld/emultempl/mmix-elfnmmo.em b/ld/emultempl/mmix-elfnmmo.em
index 0059792..5e9781a 100644
--- a/ld/emultempl/mmix-elfnmmo.em
+++ b/ld/emultempl/mmix-elfnmmo.em
@@ -102,7 +102,7 @@ mmix_after_allocation (void)
This section is only present when there are register symbols. */
sec = bfd_get_section_by_name (link_info.output_bfd, MMIX_REG_SECTION_NAME);
if (sec != NULL)
- bfd_set_section_vma (abfd, sec, 0);
+ bfd_set_section_vma (sec->owner, sec, 0);
if (!_bfd_mmix_after_linker_allocation (link_info.output_bfd, &link_info))
{
--
1.7.10.4

188
meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch

@ -0,0 +1,188 @@
Upstream-Status: Backport
From 27b829ee701e29804216b3803fbaeb629be27491 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 29 Jan 2014 13:46:39 +0000
Subject: [PATCH 1/1] Following up on Tom's suggestion I am checking in a patch to replace the various
bfd_xxx_set macros with static inline functions, so that we can avoid compile time
warnings about comma expressions with unused values.
* bfd-in.h (bfd_set_section_vma): Delete.
(bfd_set_section_alignment): Delete.
(bfd_set_section_userdata): Delete.
(bfd_set_cacheable): Delete.
* bfd.c (bfd_set_cacheable): New static inline function.
* section.c (bfd_set_section_userdata): Likewise.
(bfd_set_section_vma): Likewise.
(bfd_set_section_alignment): Likewise.
* bfd-in2.h: Regenerate.
---
bfd/ChangeLog | 12 ++++++++++++
bfd/bfd-in.h | 5 -----
bfd/bfd-in2.h | 41 +++++++++++++++++++++++++++++++++++------
bfd/bfd.c | 8 ++++++++
bfd/section.c | 26 ++++++++++++++++++++++++++
5 files changed, 81 insertions(+), 11 deletions(-)
diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h
index 3afd71b..c7c5a7d 100644
--- a/bfd/bfd-in.h
+++ b/bfd/bfd-in.h
@@ -292,9 +292,6 @@ typedef struct bfd_section *sec_ptr;
#define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE)
-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE)
-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE)
/* Find the address one past the end of SEC. */
#define bfd_get_section_limit(bfd, sec) \
(((bfd)->direction != write_direction && (sec)->rawsize != 0 \
@@ -517,8 +514,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *);
#define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char)
-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE)
-
extern bfd_boolean bfd_cache_close
(bfd *abfd);
/* NB: This declaration should match the autogenerated one in libbfd.h. */
diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
index 71996db..b5aeb40 100644
--- a/bfd/bfd-in2.h
+++ b/bfd/bfd-in2.h
@@ -299,9 +299,6 @@ typedef struct bfd_section *sec_ptr;
#define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE)
-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE)
-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE)
/* Find the address one past the end of SEC. */
#define bfd_get_section_limit(bfd, sec) \
(((bfd)->direction != write_direction && (sec)->rawsize != 0 \
@@ -524,8 +521,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *);
#define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char)
-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE)
-
extern bfd_boolean bfd_cache_close
(bfd *abfd);
/* NB: This declaration should match the autogenerated one in libbfd.h. */
@@ -1029,7 +1024,7 @@ bfd *bfd_openr (const char *filename, const char *target);
bfd *bfd_fdopenr (const char *filename, const char *target, int fd);
-bfd *bfd_openstreamr (const char *, const char *, void *);
+bfd *bfd_openstreamr (const char * filename, const char * target, void * stream);
bfd *bfd_openr_iovec (const char *filename, const char *target,
void *(*open_func) (struct bfd *nbfd,
@@ -1596,6 +1591,32 @@ struct relax_table {
int size;
};
+/* Note: the following are provided as inline functions rather than macros
+ because not all callers use the return value. A macro implementation
+ would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some
+ compilers will complain about comma expressions that have no effect. */
+static inline bfd_boolean
+bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val)
+{
+ ptr->userdata = val;
+ return TRUE;
+}
+
+static inline bfd_boolean
+bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val)
+{
+ ptr->vma = ptr->lma = val;
+ ptr->user_set_vma = TRUE;
+ return TRUE;
+}
+
+static inline bfd_boolean
+bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val)
+{
+ ptr->alignment_power = val;
+ return TRUE;
+}
+
/* These sections are global, and are managed by BFD. The application
and target back end are not permitted to change the values in
these sections. */
@@ -6415,6 +6436,14 @@ struct bfd
unsigned int selective_search : 1;
};
+/* See note beside bfd_set_section_userdata. */
+static inline bfd_boolean
+bfd_set_cacheable (bfd * abfd, bfd_boolean val)
+{
+ abfd->cacheable = val;
+ return TRUE;
+}
+
typedef enum bfd_error
{
bfd_error_no_error = 0,
diff --git a/b