meta-tizen: conf/layer.conf: Minor cleanup

(From meta-tizen rev: 8f9887dd445d15592d728c781424ef4b3d56d3eb)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: oe-core overrides

Cleanup image, package_manager and smack pythong components

(From meta-tizen rev: 3e1dae2116b526e3241b4f5064ec77d84b60ad3d)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: recipes-tizen: Remove 'ssh' protocol to avoid problems

(From meta-tizen rev: 2522b13d181c6e09f455df42b6f30cfe5e93fc07)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: peudo: Upgrade to the latest seebs/xattr experimental version

Enables xattr support.

Change-Id: Ie83f6e6b1d09595fb6ff20cb5d8228fb8ebcbf6b
(From meta-tizen rev: 7531a3f67bbf2343665648090b0176ceecc0ee61)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ronan Le Martret <ronan@fridu.net>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: update README

Change-Id: I5a3dc2eeb489112e25c82f3a8b5ca54f9e9f8788
(From meta-tizen rev: 5f1cd8ec459f665a2df267d3c5060bea1411f2c4)

Signed-off-by: Ronan Le Martret <ronan@fridu.net>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Add dev image with connman.

Change-Id: I3cb9609ba8ae0f00cba0882204ff5dfd39d2ef50
(From meta-tizen rev: d14b3ef2a373950053fda31fd7d9e814b281b4f5)

Signed-off-by: Ronan Le Martret <ronan@fridu.net>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Add busybox Term to weston

Change-Id: Ie8b339aefb7fd17f26382195195c7213059d91f6
(From meta-tizen rev: 1e5b86d78a346dc0bdf4b75a87f846e41f34845d)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Solve systemd boot

Change-Id: Ie5cb22477c52e6b0806cfde9c96591f9a574b442
(From meta-tizen rev: 8de95a662ffd0602324d74c7b666f1e5f579854c)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Enable xattr in created images

Adding the xattr in the rootfs before creating the image doesn't work
(xattr are not copied by "mkfs.ext3). The solution is to mount the
image after its creeation and then, set the xattr.

Note that it seems that adding the xattr in the rootfs before creating
the image seems to be needed. Without this step the xattr are not set,
even after setting them with this solution. I don't know why...

(From meta-tizen rev: a4ec39e3beeafbbc6269a4cd918be4a04e9a8a26)

Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Correct ".debug" bugs in rpm & python-rpm

(From meta-tizen rev: c9519736fb0b03992dcafda41bc05bad99b90e6c)

Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: update readme, add tmp workaround.

Change-Id: I356f82d3523d89d382ffa916bc5507dd1e4d01d3
(From meta-tizen rev: bfe369e5e1236f0b19a8feae7ce17052ec48e5bb)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Fix-use_smack-corrupt-cached-result

Change-Id: Id4666fe61980442e30cd5dd5b8d80517fb46157f
(From meta-tizen rev: 5b93b025d577bc23dee3c40097d4efcad15e1c77)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Remove useless packagegroup-tizen

Change-Id: I023f04ef87a2f22412ff19c76faef1346505deec
(From meta-tizen rev: 4e482739c08c957352ae8f30745a5d1904a16779)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: add smack rules after rootfs creation with external chroot command, this should be temporary.

Change-Id: I1b5cb7c3dc045387e7131d0c389f932f2b9bf4ee
(From meta-tizen rev: 010acf6693c919c124e4845de9ea8344775249b9)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: readd attr to image

Change-Id: If5683681b5fdcf1afc23918365c47baf6b8814db
(From meta-tizen rev: 0d4d54b62ff6cddae0c4551d40714b5558c8b720)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: solve install rpm package

Change-Id: I0fd110e8af1efacd081e5628eea5fc9d8645eb4f
(From meta-tizen rev: 2b658c25d3ab8a303b72b48b98ead185022dff1d)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Convert depend on python-rpm to python-rpm-native.

Change-Id: I8e6a9701f406936e76c96a0f2d69f44e1f4ec39d
(From meta-tizen rev: f555715213c326b01b4983cceebfff0e81c07b6e)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: clean nss packaging

Change-Id: I557586ae3671a6b30d417c4e4165cdedaa6790d4
(From meta-tizen rev: 49f32f89dacd2a942d421c64439f9e410368777a)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Add systemd

Change-Id: Ic4b09ba24151c79498556a0f0569e43c42483e63
(From meta-tizen rev: 8352ec2ec0584b1162d33ccfacd3a04c6237143f)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Corrects build errors in nss

Corrects errors: "QA Issue: non debug package contains .debug
directory: nss path /work/corei7-64-poky-linux/nss/3.15.1-r0/
packages-split/nss/usr/bin/.debug/...".

(From meta-tizen rev: 7b2c3df575dfa67c6d7d4cccf08e61b872a13a6c)

Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: add pkg for image creation

Change-Id: Idf0ef4f394df95b733f78ef9ffac6af8227af4a6
(From meta-tizen rev: 902af89b5639405f232e91107fa57d677fece6ae)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: tmp change meta funct

Change-Id: Icd9fa150866c9bc9f33fef43c53fd632824667af
(From meta-tizen rev: b3c4b8589faa3e3b0182bfd78cf18aeb8f4c5fb8)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Add kernel 3.14

Change-Id: I7c2927c0e0dbddb982a08d8f877e781684782003
(From meta-tizen rev: 3c276a8095a2a20e38828b31debbc707b67ef324)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Update README.md

(From meta-tizen rev: 987910e636eeef1b3152edbe32c8caa2ad842677)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Add README.md

(From meta-tizen rev: d40f331714f94297b0e8a780a84e7c9ff694dc51)

Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Correct conflict between rpm and rpm-native

Remove rpm-native_git.bb and add BBCLASSEXTEND = "native" to rpm_git.bb
to replace rpm-native.

(From meta-tizen rev: 66793a266c9074e1fedc2e1a4463f2a887877aa9)

Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Remove recipes for old Tizen images

(From meta-tizen rev: 81d4fdd49c46b4debbdbb10a2cf3bce042d00bad)

Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: test extra file

Change-Id: I1e6a579f8327a8f880a63a4bd9d51388ad595c28
(From meta-tizen rev: 39c08ac3e4692b801dac85fa6e71f989bb41e0a3)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: test image rc1

Change-Id: I29081ab3cbfeb666c0ba7a9275a7ae2539994bab
(From meta-tizen rev: 181a6f1bf7b92e7bafd970310cf0093d1667aeb4)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: Big clean-up for project relaunch.

Change-Id: Ia709058f1b30ec8d58b30ba2e73d03e05143bb76
(From meta-tizen rev: c50f53d8c8940396a899e6f1b75ff86a0ef1a9f1)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-tizen: first commit

Change-Id: Iab079591ad1df187e9ccab8b4cb882894bcce467
(From meta-tizen rev: df785cb304e2bbc08076cf6fe2e58036f2277917)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-openembedded: update to latest rev from "dizzy" branch

We cannot match tizen-distro 0.9 for the meta-openembedded
component because 0.9 incorrectly included revision f2833950
from the master branch.

ntp: fix several security issues

* CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296.
  For more details please see:
  https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A

(From meta-openembedded rev: 200f6cafc878d4c26871fc56d21ecc8eaa9aa61b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

mplayer2: cleanup empty directories

The mplayer "make install" phase leaves an empty
/usr/lib directory seemingly regardless of the setting
of libdir.  Remove it to avoid a packaging warning.

(From meta-openembedded rev: f9f2548e1833de07716c450312810e45d1377f11)

Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

mplayer2: use autotools-brokensep (B = S)

The mplayer2 package does not support out of tree builds
and the do_configure step also tries to find the configure
script in the same build directory while the script lies in
the src directory.
This patch updates the builddir to point to the srcdir in
order to cope with the above issues.

(From meta-openembedded rev: c9b69b16dbdfc9ddc6253498329b78220c3e1634)

Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

PNBLACKLIST: use weak assignments

* this makes it easier to unblacklist it from local.conf which
  is parsed before the recipes

(From meta-openembedded rev: 4bf3c443a56749f332913d3435f1850ab8207a8e)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

rfkill: fix the SRC_URI

It has been changed to:
http://www.kernel.org/pub/software/network/rfkill/

(From meta-openembedded rev: 80c4c5c4ae30716dd2b4e05651ab5536e528f2c8)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

enca: fix broken automake

The added patch fixes the usage of AM_ICONV macro and
comes straight from the Buildroot source tree.

(From meta-openembedded rev: ca118b8054149441e6c956891e59126f2da195e8)

Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

obex-data-server: conflict with bluez5

Although this package builds with bluez5, it was removed from Fedora 20
[1] and is not used in bluez5-based GNOME [2], suggesting the bluez5
obexd is to be used instead.

[1] http://pkgs.fedoraproject.org/cgit/obex-data-server.git/log/?h=f20
[2] http://www.hadess.net/2013/11/bluetooth-file-sharing-obexpush-in.html

(From meta-openembedded rev: 551b484a7dd8621f45b3cef7acccf1cf64781ac9)

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

obexd: conflict with bluez5

obexd was integrated into bluez5 and is no longer a separate package.

(From meta-openembedded rev: 06090d792d817261bee3ce453f73d8875e5c7fdb)

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libhugetlbfs: Fix page size & text offset for arm arches

Fixed computation of page size and text segment offset for various arm
architectures - including both LE and BE variants of armv7 as well as
aarch64

Upstream Status: Accepted at libhugetlbfs project

(From meta-openembedded rev: 8d8b0f1cc843e6df6f44d16360d712a7a44d17d7)

Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libhugetlbfs: Make cross-devel recognize all ix86 arches

In a non-native cross-development scenario, the Makefile
only recognized i386 or x86_64 PC architectures.
Extended this to also recognize i486, i586, and i686

Upstream Status: Accepted but not yet applied by libhugetlbfs project

(From meta-openembedded rev: 2b524c31f7b1750e7976284b099f24c9c196c876)

Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-gnome: fix typo of directory name

Fix typo of directory name 'recipe-devtools' in meta-gnome. It should
recipes-devtools.

(From meta-openembedded rev: 1b01b3c6288df09160f0a8d28c0ab56d4eb17be1)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libnet-ssleay-perl: avoid host contamination

Check the configure log, libnet-ssleay-perl uses host's openssl:

*** Found OpenSSL-1.0.1 installed in /usr

Export OPENSSL_PREFIX to find the native openssl to use.

Replace library pathes '/lib', '/usr/lib' and header path with correct
staging pathes at same time.

(From meta-openembedded rev: 3cac29682c1b0a7aa51ebb26fd87d4747292d2d4)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libcanberra: fix installed-vs-shipped warning

When build libcanberra for powerpc64 bsp, it shows warning:

WARNING: QA Issue: libcanberra: Files/directories were installed but not shipped
  /lib
  /lib/systemd
  /lib/systemd/system
  /lib/systemd/system/canberra-system-shutdown.service
  /lib/systemd/system/canberra-system-shutdown-reboot.service
  /lib/systemd/system/canberra-system-bootup.service [installed-vs-shipped]

Update FILES_${PN}-systemd to fix it.

(From meta-openembedded rev: 7c58d49071052b1acb6128024029d0279cade876)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

xserver-common: disable TCP connections

For security reasons disable TCP connections to the xserver.

(From meta-openembedded rev: 988092c0c21b8a016932a6f787b1ac966645c344)

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

sethdlc: fix host contamination

* Clean INCLUDES to fix the host contamination errors:

  In file included from /usr/src/linux/include/linux/posix_types.h:47:0,
  from /usr/src/linux/include/linux/types.h:17,
  from /usr/src/linux/include/linux/if.h:22,
  from sethdlc.c:23:
  /usr/src/linux/include/asm-generic/posix_types.h:91:3: \
    error: conflicting types for '__kernel_fsid_t'
  } __kernel_fsid_t;
  ^
  .../tmp/sysroots/qemumips/usr/include/asm/posix_types.h:26:3: \
    note: previous declaration of '__kernel_fsid_t' was here
  } __kernel_fsid_t;
  ^

* Correct LIC_FILES_CHKSUM to checkout license infos from sethdl.c
  instead of Makefile.

(From meta-openembedded rev: 1721c79c955a70c51d71516a9fd379ac4ab01dee)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

iotop: Drop python-distutils from RDEPENDS

* nothing in iotop is using that for normal function

(From meta-openembedded rev: 6db21347aab2dccd6f205aa6f60b273f70c8e331)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

lvm2: add lvm.con to CONFFILES

* Files will be over written when updating using rpm.

* If there is no %config micro before the file in the spec file,
  this file will be over-written after updating this package
  using rpm. This will make our settings lost.

(From meta-openembedded rev: c46d487b35f71ff4a9ecbc02ab17fde4ddd0a506)

Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

hostapd: several fixes for init script

* restart: The stop may delay a few seconds according to different wireless
  devices, on debian/ubuntu, the init script directly sleep 8 seconds
  to wait the stop complete, here we add a delay function (sleep in a loop)
  to ensure the stop is completed before start.
* add status command.
* add --oknodo for stop so it will not break restart if there is no
  running process.

(From meta-openembedded rev: ad4734201b02f7acec08ad4571571e125d05b975)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

glibmm: add perl to RDEPENDS_{PN}-dev

QA Issue: glibmm-dev requires /usr/bin/perl, but no providers in its RDEPENDS [file-rdeps]

(From meta-openembedded rev: eaf285dc302e5fce489b63c918bc085cf370fb5a)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

rrdtool: add missing dependency on groff-native

rrdtool needs groff-native to format the documentation.

(From meta-openembedded rev: 29d4fc8895056ecc24195b8136b6cf464987c80d)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

rrdtool: inherit cpan-base to help build perl modules

It's incorrect to use -I for nativeperl to specify @INC/#include
directory to target build perl, which cause error like:
| temp/do_configure/run.do_configure.20749: line 112: 20256 Illegal instruction (core dumped)
| perl -I/path/to/tmp/sysroots/intel-haswell-64/usr/lib64/perl/$perl_version Makefile.PL

Inherit cpan-base and set related env vars to fix this and
avoid using sed to hack Makefile when build perl modules.

(From meta-openembedded rev: a88ed1d7a836b21c5af7320f95d72249e3ca2fcc)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

dfu-util: Point to gitorious.org repository as gnumonks.org is down

(From meta-openembedded rev: 4534f363651b332e611f1f3cd170e0e9379cfb52)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Chris Morgan <chmorgan@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

samba: fix error messages when startup samba service

This solves the following error messages when startup samba:

  Unable to open new log file '/var/log/samba/log.smbd': No such file or directory

(From meta-openembedded rev: e324dd37cfc2f89eb9d392dac700416cd281db2c)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

samba: add winbind.service to winbind package

This solves the following warning:

lib32-samba-3.6.24: lib32-samba: Files/directories were installed but not shipped
  /lib/systemd/system/winbind.service [installed-vs-shipped]

(From meta-openembedded rev: 80f3a32d734bab595ee88ef5aed718b4dc0b0c3c)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postfix.inc: Remove references to buildmachine paths in target makedefs.out

Fixed the buildpaths QA issue:
ERROR: QA Issue: File
/work/core2-64-wrs-linux/postfix/2.11.1-r0/packages-split/postfix/etc/postfix/makedefs.out
in package contained reference to tmpdir [buildpaths]

(From meta-openembedded rev: bbb3ee05cb1aedd820f38424c339cda4e43e5977)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

polarssl: add dependency openssl

polarssl compiles with openssl to build unit test cases. If openssl
doesn't exist, native libssl.so will be used. Then causes error:

| .../bitbake_build/tmp/sysroots/x86_64-linux/usr/lib/libssl.so: error adding symbols: File in wrong format

Add dependency openssl for polarssl to fix it.

(From meta-openembedded rev: 3d563139b0ff4c29ecfdd6bb026fc1e84167b03d)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

imagemagick: update URI to allow fetching current and previous releases

The only version available at the original URI is patch 9.  All releases
are available at the /releases sub-path.

(From meta-openembedded rev: 82ce460437189e773308d3d81667938df0207d5a)

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

krb5: fix CVE-2014-5351

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c
in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a
response to a -randkey -keepold request, which allows remote authentic-
ated users to forge tickets by leveraging administrative access.

This back-ported patch fixes CVE-2014-5351.

(From meta-openembedded rev: 510b7a9d8d5dda07120df5866507742a626478c1)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wireshark: update to 1.12.2

The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
  SigComp UDVM buffer overflow. (Bug 10662)
  CVE-2014-8710
* wnpa-sec-2014-21
  AMQP crash. (Bug 10582)
  CVE-2014-8711
* wnpa-sec-2014-22
  NCP crashes. (Bug 10552, Bug 10628)
  CVE-2014-8712, CVE-2014-8713
* wnpa-sec-2014-23
  TN5250 infinite loops. (Bug 10596)
  CVE-2014-8714

Reference:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html

(From meta-openembedded rev: f6faa7b431368e277849916ab0c692ab829e8138)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

syslog-ng: Fix memory leak when udp connection is used [ LIN7-1379 ]

When udp connection is used, there are several memory leaks happen
after run a long time.

(From meta-openembedded rev: ac82cbf88da083cfb717628e30faab3c0cc3a0c7)

Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

gvfs: replace deprecated g_memmove by memmove

* g_memmove was deprecated ib glib-2.0 2.40
* opening a remote connection created by gigolo with thunar failed with:
  | thunar: symbol lookup error: /usr/lib/modules/libgvfsdbus.so: undefined symbol: g_memmove
* further tests showed that browsing in windows networks is fixed now

(From meta-openembedded rev: e927c88d6f83c30eec9ad973a0dbcd05f01b5a69)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

xfce4-weather-plugin: make work properly after met.no API change

see [1] for more information

https://bugzilla.xfce.org/show_bug.cgi?id=10916

(From meta-openembedded rev: 26a6160c49294ceba130d221e14c8f1fc5c429ad)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libyaml: add fix for CVE-2014-2525 Security Advisory

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
in LibYAML before 0.1.6 allows context-dependent attackers to execute
arbitrary code via a long sequence of percent-encoded characters in a
URI in a YAML file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525

(From meta-openembedded rev: f58ee5acdd436f822c42bed063a319f926854f7d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory

Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a
security issue.  Nonetheless it seems prudent to forestall any risk by
using strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but since
it touches code adjacent to one of the buffer overrun changes, I
included it in this commit to avoid last-minute merge issues.  This
issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066

(From meta-openembedded rev: 21adba175d21e0ae554c258d5d3d084fff355ad5)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0067 Security Advisory

The make check command for the test suites in PostgreSQL 9.3.3 and
earlier does not properly invoke initdb to specify the authentication
requirements for a database cluster to be used for the tests, which
allows local users to gain privileges by leveraging access to this
cluster.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067

(From meta-openembedded rev: 8a118e3db53730626b64f6bf7cd568f77e449a7d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0063 Security Advisory

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x
before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before
9.3.3 allow remote authenticated users to cause a denial of service
(crash) or possibly execute arbitrary code via vectors related to an
incorrect MAXDATELEN constant and datetime values involving (1)
intervals, (2) timestamps, or (3) timezones, a different vulnerability
than CVE-2014-0065.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063

(From meta-openembedded rev: b675ed0eaca83e74ff62d0bf86f7003470999240)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0062 Security Advisory

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE
commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote
authenticated users to create an unauthorized index or read portions of
unauthorized tables by creating or deleting a table with the same name
during the timing window.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062

(From meta-openembedded rev: e569c274230e1bc304f137b2dcad7822b709a140)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0061 Security Advisory

The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061

(From meta-openembedded rev: 9cc023acd7846171644502ac03a64cdd60b45c20)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0060 Security Advisory

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060

(From meta-openembedded rev: 08398ec33330425ad8a1706d92e0eb5055afbb81)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0064 Security Advisory

Multiple integer overflows in the path_in and other unspecified
functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote
authenticated users to have unspecified impact and attack vectors, which
trigger a buffer overflow. NOTE: this identifier has been SPLIT due to
different affected versions; use CVE-2014-2669 for the hstore vector.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064

(From meta-openembedded rev: 62d029bbec465ba54c5e2056dd4ab66d47230489)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

net-snmp: fix for Security Advisory - CVE-2014-3565

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
allows remote attackers to cause a denial of service (snmptrapd crash) via
a crafted SNMP trap message, which triggers a conversion to the variable
type designated in the MIB file, as demonstrated by a NULL type in an ifMtu
trap message.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3565

(From meta-openembedded rev: 2b6d61791f6a3db9367a81acdc58486a1369f38b)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

phpmyadmin: fix for Security Advisory CVE-2014-5274

Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274

(From meta-openembedded rev: 9167cec3d6f2ae63b3a407d70eb5137c19b993a7)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

phpmyadmin: fix for Security Advisory CVE-2014-5273

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273

(From meta-openembedded rev: 59b1d88761ed98a2bd6a4ab4a68962773a473463)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

openvpn: bypass check for /sbin/ip on the host

In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path.  However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host.  Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.

(From meta-openembedded rev: 71fa1879f486f8ffb0be03744e8d27e9eaa5d693)

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

openvpn: bypass check for /sbin/ip on the host

In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path.  However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host.  Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.

(From meta-openembedded rev: 9efaed99125b1c4324663d9a1b2d3319c74e7278)

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

update maintainer info in README's for dizzy

* This is the first time meta-python is being taged with a release

Acked-by: Otavio Salvador <otavio@ossystems.com.br>
(From meta-openembedded rev: 3f7b49d039a169be88236e1b3e4bca25c6814284)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

openembedded-core: update to revision used in tizen-distro 0.9

First ran "combo-layer update meta-openembedded-core", then dropped
patches not included yet in tizen-distro 0.9.

buildtools-tarball: package all of Python

Instead of cherry-picking pieces of Python to put into the buildtools tarball,
ship all of it.  We can't predict what bits of Python will be needed in the
future.

(From OE-Core rev: 1cf1edcd28a002291622d04dd2d0ee2c67e329e4)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

babeltrace: Backport fix for unaligned integer

[YOCTO #6464]

(From OE-Core rev: 7c04085a0b5f978d7fd07f83b0799abbeb3b7052)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

xkeyboard-config: Inherit gettext

In a GPLv3-free build we have two different versions of gettext in sysroot due
to GPLv3 restrictions. In this case we need gettext-native too so we can have
the needed macros and avoid errors like:
"error: possibly undefined macro: AM_GNU_GETTEXT"

The needed dependency is added by gettext class which is prefered because it
takes care of NLS flags too.

(From OE-Core rev: 23d8a4d64e9ff126d6460a69e6d086b1c86e87a9)

(From OE-Core rev: 1975981e7777748c2b45b16e47ec704a9c37b56b)

Signed-off-by: Andrei Gherzan <andrei.gherzan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

package_manager: DpkgPM fix populate_sdk

DpkgPM change all_arch_list variable set from PACKAGE_ARCHS to passed
archs variable because is different when is executed from rootfs.py
and sdk.py.

Credits to: Ricardo Ribalda <ricardo.ribalda@gmail.com>

(From OE-Core rev: f6fb8c16f49fd9a2b124ad55f5c4fed82d7e6dca)

(From OE-Core rev: d9612ac36d59eb9e800f06339965d66f27c66ae0)

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

python: Fix CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

This back-ported patch fixes CVE-2014-7185

(From OE-Core rev: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9)

(From OE-Core rev: 3dd696e03e66fa98b58a17b7f34ffe4002ddc9c6)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-devtools/python/python_2.7.3.bb

hand merged bb file since I did not take previous patch.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

shadow-securetty: add ttyAM[0-3] serial ports

Old version of the ARM AMBA serial port driver creates those device nodes.

(From OE-Core rev: fa17b9ea435f5c49e3bea56524152b21d915d464)

(From OE-Core rev: 0956df1596f899337afb3551db01a59bf1c38856)

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Update bootimg-partition to use bootimg_dir

Update bootimg-partition to use bootimg_dir instead of img_deploy_dir,
to match similar usage in other plugins.

As mentioned elsewhere, plugins should use the passed-in value for
bootimg_dir directly if non-null, which corresponds to a user-assigned
value specified via a -b command-line param, and only fetch the value
from bitbake if that value is null.

(From OE-Core rev: 3822f8a7b33da56ecd9144b4bcae50734fb1af81)

(From OE-Core rev: f22bd26627595e3719d3b1f9e3d487d5011c9c42)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Remove special-case bootimg_dir

The first iterations of wic very shortsightedly catered to two
specific use-cases and added special-purpose params for those cases so
that they could be directly given their corresponding boot artifacts.
(hdddir and staging_data_dir).

As more use-cases are added, it becomes rather obvious that such a
scheme doens't scale, and additionally causes confusion for plugin
writers.

This removes those special cases and states explicitly in the help
text that plugins are responsible for locating their own boot
artifacts.

(From OE-Core rev: 6ba3eb5ff7c47aee6b3419fb3a348a634fe74ac9)

(From OE-Core rev: e7ecb139a215484422652ef35de8282acbf18ed2)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

Revert "wic: set bootimg_dir when using image-name artifacts"

This reverts commit 7ce1dc13f91df70e8a2f420e7c3eba51cbc4bd48.

This patch broke the assumption that a non-null boot_dir means a
user-assigned (-b command-line param) value.

Reverting doesn't break anything, since the case it was added for
doesn't use the boot_dir for anything except debugging anyhow.

Fixes [YOCTO #6290]

(From OE-Core rev: db90f10bf31dec8d7d7bb2d3680d50e133662850)

(From OE-Core rev: 36c93423ee272c4d4aafeb50f83734fd4bb3bb29)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Update the help text to include -D (--debug)

The --debug option is missing from the wic help text; this adds it and
at the same time rearranges the usage into a more logical arrangement.

(From OE-Core rev: cf5144ef241d8f4ccaa3461ae5c9f89c2cf2f8d1)

(From OE-Core rev: e7f18c43f1b368b71acdc507e1a9035179d7e53f)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Don't allow mkfs to fail silently in partition command

The return code from the mkfs command used by the partition creation
command was being ignored, allowing it to silently fail and leaving
users mystified as to why the resulting filesystem was corrupted.

This became obvious when failures occurred when creating large
e.g. sdk filesystems [YOCTO #6863].

(From OE-Core rev: 8cef3b06f7e9f9d922673f430ddb3170d2fac000)

(From OE-Core rev: ac7b2eb0a35613d030eeef0b8df0d69ae0935b43)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

nss: CVE-2014-1568

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
nss ng log:
=====
changeset:   11252:ad411fb64046
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:28:34 2014 +0200
summary:     Fix bug 1064636, patch part 2, r=rrelyea
=====
changeset:   11253:4e90910ad2f9
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:28:45 2014 +0200
summary:     Fix bug    1064636, patch part 3, r=rrelyea
=====
changeset:   11254:fb7208e91ae8
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:28:52 2014 +0200
summary:     Fix bug    1064636, patch part 1, r=rrelyea
=====
changeset:   11255:8dd6c6ac977d
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:39:40 2014 +0200
summary:     Bug 1064636, follow up commit to fix Windows build bustage

(From OE-Core rev: 0ed9070619f959b802dcc4ee8399d252d0349583)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

curl: Fixup line ending merge issues

Somehow the patch line endings got messed up during merge. This restores
the delta.

(From OE-Core rev: 5dee4e241d64e6144d74967cca583d249689773a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

serf: uprev to 1.3.7 for fixing CVE-2014-3504

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504

(From OE-Core rev: 832aa4c5a7989636dae3068f508ab2bff8b4ab23)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

tzdata: update to 2014j

(From OE-Core rev: 3ab9dfb703835fee21fd73c4e5cbad1c34c6a163)

(From OE-Core rev: 06ffe5637f23f6036aaf58b40f7f9a721624cd5b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

tzcode: update to 2014j

(From OE-Core rev: 2f8940e8b2a0537f131a6d5410e85bba07a8c116)

(From OE-Core rev: 429077a21c7753dee64ea869a73309903b659f6a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.

(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)

(From OE-Core rev: db194a3af25a37ff2d6f091ef021894967ca5910)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.

(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)

(From OE-Core rev: 7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

subversion: Security Advisory - subversion - CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528

(From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)

(From OE-Core rev: 4ff3355e4daf841c66fb78e88bf2d6e26d8f9ced)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

subversion: Security Advisory - subversion - CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522

(From OE-Core rev: 06a33cd00ea11abec1ebe9d5883e44778075ccc6)

(From OE-Core rev: 529ce75be949944a6e54151cd4233703e40c6351)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-environment: Fix config-site with a multilib config

[YOCTO #6951]

The TOOLCHAIN_CONFIGSITE_SYSROOTCACHE value was defaulting to the nativesdk
path and not the associated target path.  Set the value in toolchain-scripts
to the target path.

Be sure to set the MLPREFIX within the meta-environment script as multilibs
are processed.

Update the config_site file name to use -BPN- not PN.  Otherwise the
environment processing can't find the correct filename.

(From OE-Core rev: 26a2f98155a867a71217e52d33f761dcc60800ca)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>