[PATCH 00/16] denzil pull request 4

[PATCH 00/16] denzil pull request 4

[Scott Garman]

Hello,

This is a pull request for denzil, it includes a number of security
fixes and a few important bugfixes. The poky-based tree has been run
through the autobuilder as follows:

nightly-x86: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-x86/builds/824

nightly-x86-lsb: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-x86-lsb/builds/153

nightly-x86-64: Sanity test failure
http://autobuilder.yoctoproject.org:8010/builders/nightly-x86-64/builds/747

Qemu apparently failed to shutdown cleanly. My impression is that this is
likely a sporadic error and does not appear to be reproducible. 

nightly-x86-64-lsb: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-x86-64-lsb/builds/148

nightly-arm: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-arm/builds/753

nightly-arm-lsb: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-arm-lsb/builds/146

nightly-mips: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-mips/builds/724

nightly-mips-lsb: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-mips-lsb/builds/151

nightly-ppc: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-ppc/builds/704

nightly-ppc-lsb: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-ppc-lsb/builds/153

nightly-non-gpl3: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-non-gpl3/builds/382

nightly-multilib: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-multilib/builds/375

nightly-tiny: Green
http://autobuilder.yoctoproject.org:8010/builders/nightly-tiny/builds/359

build-appliance: Failed
http://autobuilder.yoctoproject.org:8010/builders/build-appliance/builds/156

Failure was due to the fact that I didn't set up a special additional commit
for things to build on the autobuilder. 

eclipse-plugin: Green
http://autobuilder.yoctoproject.org:8010/builders/eclipse-plugin/builds/678

crownbay: Failed
http://autobuilder.yoctoproject.org:8010/builders/crownbay/builds/246

Failed configuring gst-plugins-good, bug tracked here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=3536

crownbay-noemgd: Green
http://autobuilder.yoctoproject.org:8010/builders/crownbay-noemgd/builds/247

emenlow: Green
http://autobuilder.yoctoproject.org:8010/builders/emenlow/builds/232

n450: Green
http://autobuilder.yoctoproject.org:8010/builders/n450/builds/236

jasperforest: Green
http://autobuilder.yoctoproject.org:8010/builders/jasperforest/builds/231

sugarbay: Failed
http://autobuilder.yoctoproject.org:8010/builders/sugarbay/builds/242

Failed configuring gst-plugins-good, bug tracked here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=3536

fri2-noemgd: Green
http://autobuilder.yoctoproject.org:8010/builders/fri2-noemgd/builds/244

fri2: Failed
http://autobuilder.yoctoproject.org:8010/builders/fri2/builds/259

Failed configuring gst-plugins-good, bug tracked here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=3536

romley: Green
http://autobuilder.yoctoproject.org:8010/builders/romley/builds/206

cedartrail: Failed
http://autobuilder.yoctoproject.org:8010/builders/cedartrail/builds/211

Failed configuring gst-plugins-good, bug tracked here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=3536

sys940x: Failed
http://autobuilder.yoctoproject.org:8010/builders/sys940x/builds/106

Failed configuring gst-plugins-good, bug tracked here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=3536

sys940x-noemgd: Green
http://autobuilder.yoctoproject.org:8010/builders/sys940x-noemgd/builds/105

p1022ds: Failed
http://autobuilder.yoctoproject.org:8010/builders/p1022ds/builds/156

Failed due to a bbappend version mismatch, bug tracked here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=3535

The following changes since commit c15fae372cf75403facc28cf76f973b1279425dd:

  openssl: add deprecated and unmaintained find.pl from perl-5.14 to fix perlpath.pl (2012-10-04 09:08:16 -0700)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib sgarman/denzil-next-pull4
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=sgarman/denzil-next-pull4

Andrei Gherzan (1):
  opkg-utils: Add needed python modules as RDEPENDS

Joe Slater (1):
  gettext: install libgettextlib.a before removing it

Marcin Juszkiewicz (1):
  libxml: disable lzma

Martin Jansa (1):
  opkg-utils: bump SRCREV to latest

Nitin A Kamble (1):
  libxml2: fix build with automake 1.12

Paul Eggleton (1):
  classes/qmake_base: support linux-gnuspe/linux-uclibcspe TARGET_OS

Phil Blundell (1):
  openssl: Use ${CFLAGS} not ${FULL_OPTIMIZATION}

Richard Purdie (1):
  libxml2/libxslt: Don't depend on ansidecl.h header

Robert Yang (2):
  package_rpm.bbclass: Fix incremental rpm image generation
  rootfs_rpm.bbclass: save rpmlib rather than remove it

Ross Burton (1):
  gst-plugins-good: disable (uninstalled) examples

Roy.Li (1):
  bitbake: compile tar-replacement firstly

Saul Wold (1):
  libxml2: Update to 2.8.0

Scott Garman (1):
  openssl: upgrade to 1.0.0j

yanjun.zhu (2):
  libproxy: Fix for CVE-2012-4504
  squashfs: fix for CVE-2012-4024

 meta/classes/image.bbclass                         |    6 ++
 meta/classes/package_rpm.bbclass                   |   20 +++---
 meta/classes/qmake_base.bbclass                    |    2 +-
 meta/classes/rootfs_rpm.bbclass                    |    6 +-
 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../{openssl-1.0.0i => openssl-1.0.0j}/find.pl     |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    2 +-
 .../{openssl_1.0.0i.bb => openssl_1.0.0j.bb}       |    4 +-
 .../gettext/gettext-0.18.1.1/parallel.patch        |   34 +++++++++
 meta/recipes-core/gettext/gettext_0.18.1.1.bb      |    3 +-
 meta/recipes-core/libxml/libxml2.inc               |   15 ++--
 .../libxml/libxml2/fix_version_info.patch          |   23 -------
 meta/recipes-core/libxml/libxml2_2.7.8.bb          |    8 ---
 meta/recipes-core/libxml/libxml2_2.8.0.bb          |    6 ++
 meta/recipes-devtools/opkg-utils/opkg-utils_git.bb |    5 +-
 .../patches/squashfs-4.2-fix-CVE-2012-4024.patch   |   72 ++++++++++++++++++++
 .../squashfs-tools/squashfs-tools_4.2.bb           |    3 +
 .../gstreamer/gst-plugins-good_0.10.31.bb          |    6 +-
 .../libproxy/libproxy-0.4.7-CVE-2012-4504.patch    |   29 ++++++++
 meta/recipes-support/libproxy/libproxy_0.4.7.bb    |    1 +
 meta/recipes-support/libxslt/libxslt_1.1.26.bb     |    7 +-
 scripts/bitbake                                    |    7 +-
 37 files changed, 197 insertions(+), 62 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/find.pl (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0i.bb => openssl_1.0.0j.bb} (90%)
 create mode 100644 meta/recipes-core/gettext/gettext-0.18.1.1/parallel.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2/fix_version_info.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2_2.7.8.bb
 create mode 100644 meta/recipes-core/libxml/libxml2_2.8.0.bb
 create mode 100644 meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch
 create mode 100644 meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch

-- 
1.7.9.5

[PATCH 01/16] gst-plugins-good: disable (uninstalled) examples

[Scott Garman]

From: Ross Burton <ross.burton@intel.com>

The examples pull in a GTK+ build dependency, so remove that too.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../gstreamer/gst-plugins-good_0.10.31.bb          |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-multimedia/gstreamer/gst-plugins-good_0.10.31.bb b/meta/recipes-multimedia/gstreamer/gst-plugins-good_0.10.31.bb
index e0eaf7b..e4c54bf 100644
--- a/meta/recipes-multimedia/gstreamer/gst-plugins-good_0.10.31.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-plugins-good_0.10.31.bb
@@ -5,14 +5,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 \
                     file://common/coverage/coverage-report.pl;beginline=2;endline=17;md5=622921ffad8cb18ab906c56052788a3f \
                     file://gst/replaygain/rganalysis.c;beginline=1;endline=23;md5=b60ebefd5b2f5a8e0cab6bfee391a5fe"
 
-DEPENDS += "gst-plugins-base gconf cairo jpeg libpng gtk+ zlib libid3tag flac \
+DEPENDS += "gst-plugins-base gconf cairo jpeg libpng zlib libid3tag flac \
 	    speex libsoup-2.4 pulseaudio"
-PR = "r1"
+PR = "r2"
 
 inherit gettext gconf
 
 EXTRA_OECONF += "--disable-aalib --disable-esd --disable-shout2 --disable-libcaca --disable-hal --without-check \
-                 --disable-orc"
+                 --disable-orc --disable-examples"
 
 do_configure_prepend() {
 	# This m4 file contains nastiness which conflicts with libtool 2.2.2
-- 
1.7.9.5

[PATCH 02/16] classes/qmake_base: support linux-gnuspe/linux-uclibcspe TARGET_OS

[Scott Garman]

From: Paul Eggleton <paul.eggleton@linux.intel.com>

Fix borrowed from OE-Classic. This should fix build failures during
do_configure of Qt applications with the p1022ds machine from
meta-fsl-ppc, for example.

(From OE-Core rev: a19fc8e19a6cc6885a1e0616b1f42cc49c8f2c9f)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/qmake_base.bbclass |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/qmake_base.bbclass b/meta/classes/qmake_base.bbclass
index d1008b6..fa1b5f0 100644
--- a/meta/classes/qmake_base.bbclass
+++ b/meta/classes/qmake_base.bbclass
@@ -48,7 +48,7 @@ addtask generate_qt_config_file after do_patch before do_configure
 
 qmake_base_do_configure() {
 	case ${QMAKESPEC} in
-	*linux-oe-g++|*linux-uclibc-oe-g++|*linux-gnueabi-oe-g++|*linux-uclibceabi-oe-g++)
+	*linux-oe-g++|*linux-uclibc-oe-g++|*linux-gnueabi-oe-g++|*linux-uclibceabi-oe-g++|*linux-gnuspe-oe-g++|*linux-uclibcspe-oe-g++)
 		;;
 	*-oe-g++)
 		die Unsupported target ${TARGET_OS} for oe-g++ qmake spec
-- 
1.7.9.5

[PATCH 03/16] gettext: install libgettextlib.a before removing it

[Scott Garman]

From: Joe Slater <jslater@windriver.com>

In a multiple job build, Makefile can simultaneously
be installing and removing libgettextlib.a.  We serialize
the operations.

(From OE-Core rev: 2750546b2152eecdbb37e963a2495383f6944184)

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../gettext/gettext-0.18.1.1/parallel.patch        |   34 ++++++++++++++++++++
 meta/recipes-core/gettext/gettext_0.18.1.1.bb      |    3 +-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/gettext/gettext-0.18.1.1/parallel.patch

diff --git a/meta/recipes-core/gettext/gettext-0.18.1.1/parallel.patch b/meta/recipes-core/gettext/gettext-0.18.1.1/parallel.patch
new file mode 100644
index 0000000..4ca44cc
--- /dev/null
+++ b/meta/recipes-core/gettext/gettext-0.18.1.1/parallel.patch
@@ -0,0 +1,34 @@
+instal libgettextlib.a before removing it
+
+In a multiple job build, Makefile can simultaneously
+be installing and removing libgettextlib.a.  We serialize
+the operations.
+
+Signed-off-by: Joe Slater <jslater@windriver.com>
+
+--- a/gettext-tools/gnulib-lib/Makefile.am
++++ b/gettext-tools/gnulib-lib/Makefile.am
+@@ -57,6 +57,10 @@ endif
+ # Rules generated and collected by gnulib-tool.
+ include Makefile.gnulib
+ 
++# defined in Makefile.gnulib but missing this dependency
++#
++install-exec-clean: install-libLTLIBRARIES
++
+ # Which classes to export from the shared library.
+ MOOPPFLAGS += --dllexport=styled_ostream
+ 
+--- a/gettext-tools/src/Makefile.am
++++ b/gettext-tools/src/Makefile.am
+@@ -229,8 +229,8 @@ libgettextsrc_la_LDFLAGS += -Wl,--export
+ endif
+ 
+ # No need to install libgettextsrc.a, except on AIX.
+-install-exec-local: install-libLTLIBRARIES install-exec-clean
+-install-exec-clean:
++install-exec-local: install-exec-clean
++install-exec-clean: install-libLTLIBRARIES
+ 	case "@host_os@" in \
+ 	  aix*) ;; \
+ 	  *) $(RM) $(DESTDIR)$(libdir)/libgettextsrc.a ;; \
diff --git a/meta/recipes-core/gettext/gettext_0.18.1.1.bb b/meta/recipes-core/gettext/gettext_0.18.1.1.bb
index 4664751..1e67afb 100644
--- a/meta/recipes-core/gettext/gettext_0.18.1.1.bb
+++ b/meta/recipes-core/gettext/gettext_0.18.1.1.bb
@@ -5,13 +5,14 @@ SECTION = "libs"
 LICENSE = "GPLv3+ & LGPL-2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
-PR = "r11"
+PR = "r12"
 DEPENDS = "libxml2-native gettext-native virtual/libiconv ncurses expat"
 DEPENDS_virtclass-native = "libxml2-native gettext-minimal-native"
 PROVIDES = "virtual/libintl virtual/gettext"
 PROVIDES_virtclass-native = "virtual/gettext-native"
 CONFLICTS_${PN} = "proxy-libintl"
 SRC_URI = "${GNU_MIRROR}/gettext/gettext-${PV}.tar.gz \
+	   file://parallel.patch \
           "
 
 SRC_URI_append_libc-uclibc = " file://wchar-uclibc.patch \
-- 
1.7.9.5

[PATCH 04/16] bitbake: compile tar-replacement firstly

[Scott Garman]

From: "Roy.Li" <rongqing.li@windriver.com>

Compiling tar-replacement or not is decided by version of host tar,
if the host tar version is lower than 1.23, Compiling tar-replacement
is needed.

When doing popoluate tar-replacement sysroot to write the tar to
sysroot, but writing is not finished. other packages probably
use the being written tar to unzip file, which will lead to failure
and report the below error:
"bitbake_build/tmp/sysroots/x86_64-linux/usr/bin/tar: Text file busy"

Now we compile tar-replacement firstly to ensure that a being written
tar command will not be used.

(From OE-Core rev: 3c1c4719fc96f6f1fbb257413d6baf3d91fdf4e8)

Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 scripts/bitbake |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/bitbake b/scripts/bitbake
index 3772d82..c52d5d2 100755
--- a/scripts/bitbake
+++ b/scripts/bitbake
@@ -134,7 +134,12 @@ if [ $buildpseudo -gt 0 ]; then
             fi
         done
     done
-    bitbake pseudo-native $TARTARGET $additionalopts -c populate_sysroot
+
+    if [ $needtar = "1" ]; then
+	bitbake $TARTARGET -c populate_sysroot
+    fi
+
+    bitbake pseudo-native $additionalopts -c populate_sysroot
     ret=$?
     if [ "$ret" != "0" ]; then
         exit 1
-- 
1.7.9.5

[PATCH 05/16] package_rpm.bbclass: Fix incremental rpm image generation

[Scott Garman]

From: Robert Yang <liezhi.yang@windriver.com>

Fix the incremental rpm image generation, it didn't work since the code
has been changed.

The btmanifest should have a ".manifest" suffix, so that it can be moved
to ${T} by rootfs_rpm.bbclass:
mv ${IMAGE_ROOTFS}/install/*.manifest ${T}/

Note: The locale pkgs would always be re-installed.

[YOCTO #2690]

(From OE-Core rev: 5149630746626c6d416f26ab9dd1c7213fcd8c50)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/package_rpm.bbclass |   20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index ffe3b31..e2bec2d 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -168,28 +168,24 @@ rpm_common_comand () {
 rpm_update_pkg () {
 
     manifest=$1
-    btmanifest=$manifest.bt
+    btmanifest=$manifest.bt.manifest
+    pre_btmanifest=${T}/${btmanifest##/*/}
     local target_rootfs="${INSTALL_ROOTFS_RPM}"
 
     # Save the rpm's build time for incremental image generation, and the file
     # would be moved to ${T}
-    rm -f $btmanifest
     for i in `cat $manifest`; do
         # Use "rpm" rather than "${RPM}" here, since we don't need the
         # '--dbpath' option
-        echo "$i `rpm -qp --qf '%{BUILDTIME}\n' $i`" >> $btmanifest
-    done
+        echo "$i `rpm -qp --qf '%{BUILDTIME}\n' $i`"
+    done | sort -u > $btmanifest
 
     # Only install the different pkgs if incremental image generation is set
-    if [ "${INC_RPM_IMAGE_GEN}" = "1" -a -f ${T}/total_solution_bt.manifest -a \
+    if [ "${INC_RPM_IMAGE_GEN}" = "1" -a -f "$pre_btmanifest" -a \
         "${IMAGE_PKGTYPE}" = "rpm" ]; then
-        cur_list="$btmanifest"
-        pre_list="${T}/total_solution_bt.manifest"
-        sort -u $cur_list -o $cur_list
-        sort -u $pre_list -o $pre_list
-        comm -1 -3 $cur_list $pre_list | sed 's#.*/\(.*\)\.rpm .*#\1#' > \
+        comm -1 -3 $btmanifest $pre_btmanifest | sed 's#.*/\(.*\)\.rpm .*#\1#' > \
             ${target_rootfs}/install/remove.manifest
-        comm -2 -3 $cur_list $pre_list | awk '{print $1}' > \
+        comm -2 -3 $btmanifest $pre_btmanifest | awk '{print $1}' > \
             ${target_rootfs}/install/incremental.manifest
 
         # Attempt to remove unwanted pkgs, the scripts(pre, post, etc.) has not
@@ -472,7 +468,7 @@ EOF
 	# probably a feature. The only way to convince rpm to actually run the preinstall scripts 
 	# for base-passwd and shadow first before installing packages that depend on these packages 
 	# is to do two image installs, installing one set of packages, then the other.
-	if [ "${INC_RPM_IMAGE_GEN}" = "1" -a -f ${T}/total_solution_bt.manifest ]; then
+	if [ "${INC_RPM_IMAGE_GEN}" = "1" -a -f "$pre_btmanifest" ]; then
 		echo "Skipping pre install due to exisitng image"
 	else
 		echo "# Initial Install manifest" > ${target_rootfs}/install/initial_install.manifest
-- 
1.7.9.5

[PATCH 06/16] rootfs_rpm.bbclass: save rpmlib rather than remove it

[Scott Garman]

From: Robert Yang <liezhi.yang@windriver.com>

The rpmlib was removed when images that add
"remove_packaging_data_files" to ROOTFS_POSTPROCESS_COMMAND, which would
make the increment rpm image generation doesn't work in the second
build, since list_installed_packages would get incorrect value in the
second build, move the rpmlib to ${T} rather than remove it, and move it
back when INC_RPM_IMAGE_GEN =1.

[YOCTO #2690]

(From OE-Core rev: c30e79510c06701f10f659eedaa0fe785538ac17)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/image.bbclass      |    6 ++++++
 meta/classes/rootfs_rpm.bbclass |    6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 9557433..90a6a9d 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -143,6 +143,12 @@ fakeroot do_rootfs () {
     # When use the rpm incremental image generation, don't remove the rootfs
     if [ "${INC_RPM_IMAGE_GEN}" != "1" -o "${IMAGE_PKGTYPE}" != "rpm" ]; then
         rm -rf ${IMAGE_ROOTFS}
+    elif [ -d ${T}/saved_rpmlib/var/lib/rpm ]; then
+        # Move the rpmlib back
+        if [ ! -d ${IMAGE_ROOTFS}/var/lib/rpm ]; then
+                mkdir -p ${IMAGE_ROOTFS}/var/lib/
+                mv ${T}/saved_rpmlib/var/lib/rpm ${IMAGE_ROOTFS}/var/lib/
+        fi
     fi
 	rm -rf ${MULTILIB_TEMP_ROOTFS}
 	mkdir -p ${IMAGE_ROOTFS}
diff --git a/meta/classes/rootfs_rpm.bbclass b/meta/classes/rootfs_rpm.bbclass
index 9039b21..fbc46c0 100644
--- a/meta/classes/rootfs_rpm.bbclass
+++ b/meta/classes/rootfs_rpm.bbclass
@@ -154,7 +154,11 @@ EOF
 }
 
 remove_packaging_data_files() {
-	rm -rf ${IMAGE_ROOTFS}${rpmlibdir}
+	# Save the rpmlib for increment rpm image generation
+	t="${T}/saved_rpmlib/var/lib"
+	rm -fr $t
+	mkdir -p $t
+	mv ${IMAGE_ROOTFS}${rpmlibdir} $t
 	rm -rf ${IMAGE_ROOTFS}${opkglibdir}
 }
 
-- 
1.7.9.5

[PATCH 07/16] opkg-utils: Add needed python modules as RDEPENDS

[Scott Garman]

From: Andrei Gherzan <andrei@gherzan.ro>

Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 meta/recipes-devtools/opkg-utils/opkg-utils_git.bb |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
index 92e6624..825c927 100644
--- a/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
@@ -4,11 +4,11 @@ HOMEPAGE = "http://wiki.openmoko.org/wiki/Opkg"
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
                     file://opkg.py;beginline=1;endline=18;md5=15917491ad6bf7acc666ca5f7cc1e083"
-RDEPENDS_${PN} = "python"
+RDEPENDS_${PN} = "python python-shell python-io python-math python-crypt python-logging python-fcntl python-subprocess python-pickle python-compression python-textutils python-stringold"
 RDEPENDS_${PN}_virtclass-native = ""
 SRCREV = "49cc783d8e0415059d126ae22c892988717ffda7"
 PV = "0.1.8+git${SRCPV}"
-PR = "r0"
+PR = "r1"
 
 SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=git \
            "
-- 
1.7.9.5

[PATCH 08/16] opkg-utils: bump SRCREV to latest

[Scott Garman]

From: Martin Jansa <martin.jansa@gmail.com>

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/opkg-utils/opkg-utils_git.bb |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
index 825c927..a3c6702 100644
--- a/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
@@ -6,9 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
                     file://opkg.py;beginline=1;endline=18;md5=15917491ad6bf7acc666ca5f7cc1e083"
 RDEPENDS_${PN} = "python python-shell python-io python-math python-crypt python-logging python-fcntl python-subprocess python-pickle python-compression python-textutils python-stringold"
 RDEPENDS_${PN}_virtclass-native = ""
-SRCREV = "49cc783d8e0415059d126ae22c892988717ffda7"
+SRCREV = "f1a9d6701993a6f6b1930b4c2bdb71525aa25320"
 PV = "0.1.8+git${SRCPV}"
-PR = "r1"
 
 SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=git \
            "
-- 
1.7.9.5

[PATCH 09/16] libproxy: Fix for CVE-2012-4504

[Scott Garman]

From: "yanjun.zhu" <yanjun.zhu@windriver.com>

Reference:https://code.google.com/p/libproxy/source/detail?r=853

Stack-based buffer overflow in the url::get_pac function in url.cpp
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
unspecified impact via a large proxy.pac file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504

[YOCTO #3487]

Fixes denzil [YOCTO #3511]

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
 .../libproxy/libproxy-0.4.7-CVE-2012-4504.patch    |   29 ++++++++++++++++++++
 meta/recipes-support/libproxy/libproxy_0.4.7.bb    |    1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch

diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
new file mode 100644
index 0000000..7f2d93a
--- /dev/null
+++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+libproxy - CVE-2012-4504:
+
+Reference:https://code.google.com/p/libproxy/source/detail?r=853
+
+Stack-based buffer overflow in the url::get_pac function in url.cpp
+in libproxy 0.4.x before 0.4.9 allows remote servers to have an
+unspecified impact via a large proxy.pac file.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+
+diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
+--- a/libproxy/url.cpp	2012-11-26 10:08:47.000000000 +0800
++++ b/libproxy/url.cpp	2012-11-26 10:05:54.000000000 +0800
+@@ -472,9 +472,10 @@ char* url::get_pac() {
+ 				// Add this chunk to our content length,
+ 				// ensuring that we aren't over our max size
+ 				content_length += chunk_length;
+-				if (content_length >= PAC_MAX_SIZE) break;
+ 			}
+ 
++			if (content_length >= PAC_MAX_SIZE) break;
++
+ 			while (recvd != content_length) {
+ 				int r = recv(sock, buffer + recvd, content_length - recvd, 0);
+ 				if (r < 0) break;
diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
index e3721a8..fc32f57 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
@@ -13,6 +13,7 @@ PR = "r4"
 SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
            file://g++-namepace.patch \
            file://libproxy_fix_for_gcc4.7.patch \
+           file://libproxy-0.4.7-CVE-2012-4504.patch \
           "
 
 SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
-- 
1.7.9.5

[PATCH 10/16] openssl: upgrade to 1.0.0j

[Scott Garman]

Addresses CVE-2012-2333

Fixes [YOCTO #2682]

Fixes denzil [YOCTO #2701]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../{openssl-1.0.0i => openssl-1.0.0j}/find.pl     |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 .../{openssl_1.0.0i.bb => openssl_1.0.0j.bb}       |    4 ++--
 18 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/find.pl (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0i.bb => openssl_1.0.0j.bb} (90%)

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/configure-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/configure-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/configure-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/c_rehash-compat.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/c_rehash-compat.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/c_rehash-compat.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/ca.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/ca.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/debian-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/debian-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/debian-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/make-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/make-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/make-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/man-dir.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-dir.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/man-dir.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/man-section.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-section.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/man-section.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/no-rpath.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-rpath.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/no-rpath.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/no-symbolic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-symbolic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/no-symbolic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/pic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/pic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/pic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/version-script.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/version-script.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/debian/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/engines-install-in-libdir-ssl.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/engines-install-in-libdir-ssl.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/find.pl b/meta/recipes-connectivity/openssl/openssl-1.0.0j/find.pl
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/find.pl
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/find.pl
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/oe-ldflags.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/oe-ldflags.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/oe-ldflags.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl-fix-link.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/openssl-fix-link.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl-fix-link.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/openssl-fix-link.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/openssl_fix_for_x32.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl_fix_for_x32.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/openssl_fix_for_x32.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0j/shared-libs.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0i/shared-libs.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0j/shared-libs.patch
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.0i.bb b/meta/recipes-connectivity/openssl/openssl_1.0.0j.bb
similarity index 90%
rename from meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.0j.bb
index c233ba1..7dac79c 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.0j.bb
@@ -32,8 +32,8 @@ SRC_URI += "file://configure-targets.patch \
             file://find.pl \
            "
 
-SRC_URI[md5sum] = "b4df9c11af454fd68178c85a1d5f328f"
-SRC_URI[sha256sum] = "548262d15777c504be1ab9bb8fabef1e14a3de54837a6593c8f403dd843d5e57"
+SRC_URI[md5sum] = "cbe4ac0d8f598680f68a951e04b0996b"
+SRC_URI[sha256sum] = "626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af"
 
 PACKAGES =+ " \
 	${PN}-engines \
-- 
1.7.9.5

[PATCH 11/16] openssl: Use ${CFLAGS} not ${FULL_OPTIMIZATION}

[Scott Garman]

From: Phil Blundell <philb@gnu.org>

The latter variable is only applicable for target builds and could
result in passing incompatible options (and/or failing to pass
required options) to ${BUILD_CC} for a virtclass-native build.

Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/openssl/openssl.inc |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 78cf272..8687bf7 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -18,7 +18,7 @@ S = "${WORKDIR}/openssl-${PV}"
 
 AR_append = " r"
 CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-	-DTERMIO ${FULL_OPTIMIZATION} -Wall"
+	-DTERMIO ${CFLAGS} -Wall"
 
 # Avoid binaries being marked as requiring an executable stack (which causes 
 # issues with SELinux on the host)
-- 
1.7.9.5

[PATCH 12/16] libxml2: fix build with automake 1.12

[Scott Garman]

From: Nitin A Kamble <nitin.a.kamble@intel.com>

Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
---
 .../libxml2/libxml2_fix_for_automake_1.12.patch    |   23 ++++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.7.8.bb          |    5 +++--
 2 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch

diff --git a/meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch b/meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch
new file mode 100644
index 0000000..5c25882
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch
@@ -0,0 +1,23 @@
+Upstream-Status: Pending
+
+automake 1.12 has decpricated automatic de-ANSI-fication support
+
+this patch fixes this build issue:
+
+| configure.in:67: error: automatic de-ANSI-fication support has been removed
+Signed-Off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
+2012/05/02
+
+Index: libxml2-2.7.8/configure.in
+===================================================================
+--- libxml2-2.7.8.orig/configure.in
++++ libxml2-2.7.8/configure.in
+@@ -63,8 +63,6 @@ AC_PATH_PROG(WGET, wget, /usr/bin/wget)
+ AC_PATH_PROG(XMLLINT, xmllint, /usr/bin/xmllint)
+ AC_PATH_PROG(XSLTPROC, xsltproc, /usr/bin/xsltproc)
+ 
+-dnl Make sure we have an ANSI compiler
+-AM_C_PROTOTYPES
+ test "x$U" != "x" && AC_MSG_ERROR(Compiler not ANSI compliant)
+ 
+ AC_LIBTOOL_WIN32_DLL
diff --git a/meta/recipes-core/libxml/libxml2_2.7.8.bb b/meta/recipes-core/libxml/libxml2_2.7.8.bb
index 1de73da..9111120 100644
--- a/meta/recipes-core/libxml/libxml2_2.7.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.7.8.bb
@@ -1,8 +1,9 @@
 require libxml2.inc
 
-PR = "r7"
+PR = "r8"
 
-SRC_URI += "file://fix_version_info.patch"
+SRC_URI += "file://fix_version_info.patch \
+            file://libxml2_fix_for_automake_1.12.patch"
 
 SRC_URI[md5sum] = "8127a65e8c3b08856093099b52599c86"
 SRC_URI[sha256sum] = "cda23bc9ebd26474ca8f3d67e7d1c4a1f1e7106364b690d822e009fdc3c417ec"
-- 
1.7.9.5

[PATCH 13/16] libxml2/libxslt: Don't depend on ansidecl.h header

[Scott Garman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We don't DEPEND on binutils for ansidecl.h so ensure we should never
use the header. This makes builds determinstic and means something like:

bitbake binutils
bitbake libxml2 -c configure
bitbake binutils -c clean
bitbake libxml2

doen't fail to build.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/libxml/libxml2.inc           |    5 +++++
 meta/recipes-support/libxslt/libxslt_1.1.26.bb |    7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 2eecbd3..32d6e8c 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -18,6 +18,11 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz \
 
 inherit autotools pkgconfig binconfig
 
+# We don't DEPEND on binutils for ansidecl.h so ensure we don't use the header
+do_configure_prepend () {
+	sed -i -e '/.*ansidecl.h.*/d' ${S}/configure.in
+}
+
 EXTRA_OECONF = "--without-python --without-debug --without-legacy --without-catalog --without-docbook --with-c14n"
 EXTRA_OECONF_virtclass-native = "--with-python=${STAGING_BINDIR}/python --without-legacy --with-catalog --without-docbook --with-c14n"
 EXTRA_OECONF_virtclass-nativesdk = "--with-python=${STAGING_BINDIR}/python --without-legacy --with-catalog --without-docbook --with-c14n"
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.26.bb b/meta/recipes-support/libxslt/libxslt_1.1.26.bb
index 8986e20..e4cc214 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.26.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.26.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458"
 
 SECTION = "libs"
 DEPENDS = "libxml2"
-PR = "r7"
+PR = "r8"
 
 SRC_URI = "ftp://xmlsoft.org/libxslt//libxslt-${PV}.tar.gz \
            file://pkgconfig_fix.patch"
@@ -18,6 +18,11 @@ S = "${WORKDIR}/libxslt-${PV}"
 
 inherit autotools pkgconfig binconfig lib_package
 
+# We don't DEPEND on binutils for ansidecl.h so ensure we don't use the header
+do_configure_prepend () {
+	sed -i -e 's/ansidecl.h//' ${S}/configure.in
+}
+
 EXTRA_OECONF = "--without-python --without-debug --without-mem-debug --without-crypto"
 # older versions of this recipe had ${PN}-utils
 RPROVIDES_${PN}-bin += "${PN}-utils"
-- 
1.7.9.5

[PATCH 14/16] libxml2: Update to 2.8.0

[Scott Garman]

From: Saul Wold <sgw@linux.intel.com>

removed 2 patches that are now fixed upstream
updated hash.c LIC_FILES_CHKSUM due to updating the date to 2012

Signed-off-by: Saul Wold <sgw@linux.intel.com>

Resolved merge conflicts in denzil branch.

Addresses CVE-2011-1944.

Fixes denzil [YOCTO #2703]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 meta/recipes-core/libxml/libxml2.inc               |    2 +-
 .../libxml/libxml2/fix_version_info.patch          |   23 --------------------
 .../libxml2/libxml2_fix_for_automake_1.12.patch    |   23 --------------------
 meta/recipes-core/libxml/libxml2_2.7.8.bb          |    9 --------
 meta/recipes-core/libxml/libxml2_2.8.0.bb          |    6 +++++
 5 files changed, 7 insertions(+), 56 deletions(-)
 delete mode 100644 meta/recipes-core/libxml/libxml2/fix_version_info.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2_2.7.8.bb
 create mode 100644 meta/recipes-core/libxml/libxml2_2.8.0.bb

diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 32d6e8c..9b14524 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -5,7 +5,7 @@ BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
 SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://Copyright;md5=bb90c48926316d9af6e2d70ca7013ade \
-                    file://hash.c;beginline=6;endline=15;md5=ce702952bfddd7aee22639a2d6b54136 \
+                    file://hash.c;beginline=6;endline=15;md5=96f7296605eae807670fb08947829969 \
                     file://list.c;beginline=4;endline=13;md5=cdbfa3dee51c099edb04e39f762ee907 \
                     file://trio.c;beginline=5;endline=14;md5=6c025753c86d958722ec76e94cae932e"
 
diff --git a/meta/recipes-core/libxml/libxml2/fix_version_info.patch b/meta/recipes-core/libxml/libxml2/fix_version_info.patch
deleted file mode 100644
index 77113ef..0000000
--- a/meta/recipes-core/libxml/libxml2/fix_version_info.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Upstream-Status: Already upstream
-
-From 00819877651b87842ed878898ba17dba489820f0 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 04 Nov 2010 20:53:14 +0000
-Subject: Reactivate the shared library versionning script
-
----
-diff --git a/configure.in b/configure.in
-index 59d0629..a1d2c89 100644
---- a/configure.in
-+++ b/configure.in
-@@ -84,7 +84,7 @@ else
-   esac
- fi
- AC_SUBST(VERSION_SCRIPT_FLAGS)
--AM_CONDITIONAL([USE_VERSION_SCRIPT], [test -z "$VERSION_SCRIPT_FLAGS"])
-+AM_CONDITIONAL([USE_VERSION_SCRIPT], [test -n "$VERSION_SCRIPT_FLAGS"])
- 
- dnl
- dnl We process the AC_ARG_WITH first so that later we can modify
---
-cgit v0.9.0.2
diff --git a/meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch b/meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch
deleted file mode 100644
index 5c25882..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2_fix_for_automake_1.12.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Upstream-Status: Pending
-
-automake 1.12 has decpricated automatic de-ANSI-fication support
-
-this patch fixes this build issue:
-
-| configure.in:67: error: automatic de-ANSI-fication support has been removed
-Signed-Off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
-2012/05/02
-
-Index: libxml2-2.7.8/configure.in
-===================================================================
---- libxml2-2.7.8.orig/configure.in
-+++ libxml2-2.7.8/configure.in
-@@ -63,8 +63,6 @@ AC_PATH_PROG(WGET, wget, /usr/bin/wget)
- AC_PATH_PROG(XMLLINT, xmllint, /usr/bin/xmllint)
- AC_PATH_PROG(XSLTPROC, xsltproc, /usr/bin/xsltproc)
- 
--dnl Make sure we have an ANSI compiler
--AM_C_PROTOTYPES
- test "x$U" != "x" && AC_MSG_ERROR(Compiler not ANSI compliant)
- 
- AC_LIBTOOL_WIN32_DLL
diff --git a/meta/recipes-core/libxml/libxml2_2.7.8.bb b/meta/recipes-core/libxml/libxml2_2.7.8.bb
deleted file mode 100644
index 9111120..0000000
--- a/meta/recipes-core/libxml/libxml2_2.7.8.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require libxml2.inc
-
-PR = "r8"
-
-SRC_URI += "file://fix_version_info.patch \
-            file://libxml2_fix_for_automake_1.12.patch"
-
-SRC_URI[md5sum] = "8127a65e8c3b08856093099b52599c86"
-SRC_URI[sha256sum] = "cda23bc9ebd26474ca8f3d67e7d1c4a1f1e7106364b690d822e009fdc3c417ec"
diff --git a/meta/recipes-core/libxml/libxml2_2.8.0.bb b/meta/recipes-core/libxml/libxml2_2.8.0.bb
new file mode 100644
index 0000000..243789c
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2_2.8.0.bb
@@ -0,0 +1,6 @@
+require libxml2.inc
+
+PR = "r0"
+
+SRC_URI[md5sum] = "c62106f02ee00b6437f0fb9d370c1093"
+SRC_URI[sha256sum] = "f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a"
-- 
1.7.9.5

[PATCH 15/16] libxml: disable lzma

[Scott Garman]

From: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>

On my system libxml-native got linked with host copy of liblzma and as a
result libxslt-native was not linkable:

| x86_64-linux-libtool: link: gcc -isystem/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/include -O2 -pipe -Wall -Wl,-rpath-link -Wl,/home/hrw
/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath-link -Wl,/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-
linux/lib -Wl,-rpath -Wl,/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath -Wl,/home/hrw/HDD/devel/canonical/ci-linaro/oecore/buil
d/tmp-eglibc/sysroots/x86_64-linux/lib -Wl,-O1 -o .libs/xsltproc xsltproc.o  -L/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib -L/home/hrw/
HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/lib ../libxslt/.libs/libxslt.so ../libexslt/.libs/libexslt.so /home/hrw/HDD/devel/canonical/ci-linaro/oecore/
build/tmp-eglibc/work/x86_64-linux/libxslt-native-1.1.26-r8/libxslt-1.1.26/libxslt/.libs/libxslt.so /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux
/usr/lib/libxml2.so -ldl /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/liblzma.so -lrt -lz -lm -pthread -Wl,-rpath -Wl,/home/hrw/HDD/deve
l/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_code@XZ_5.0'
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_auto_decoder@XZ_5.0'
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_end@XZ_5.0'
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_properties_decode@XZ_5.0'
| collect2: error: ld returned 1 exit status
| make[2]: *** [xsltproc] Error 1
| make[2]: Leaving directory `/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/work/x86_64-linux/libxslt-native-1.1.26-r8/libxslt-1.1.26/xsltproc'

Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
---
 meta/recipes-core/libxml/libxml2.inc      |    8 ++++----
 meta/recipes-core/libxml/libxml2_2.8.0.bb |    2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 9b14524..2af1dbf 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -23,10 +23,10 @@ do_configure_prepend () {
 	sed -i -e '/.*ansidecl.h.*/d' ${S}/configure.in
 }
 
-EXTRA_OECONF = "--without-python --without-debug --without-legacy --without-catalog --without-docbook --with-c14n"
-EXTRA_OECONF_virtclass-native = "--with-python=${STAGING_BINDIR}/python --without-legacy --with-catalog --without-docbook --with-c14n"
-EXTRA_OECONF_virtclass-nativesdk = "--with-python=${STAGING_BINDIR}/python --without-legacy --with-catalog --without-docbook --with-c14n"
-EXTRA_OECONF_linuxstdbase = "--without-python --with-debug --with-legacy --with-catalog --with-docbook --with-c14n"
+EXTRA_OECONF = "--without-python --without-debug --without-legacy --without-catalog --without-docbook --with-c14n --without-lzma"
+EXTRA_OECONF_virtclass-native = "--with-python=${STAGING_BINDIR}/python --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma"
+EXTRA_OECONF_virtclass-nativesdk = "--with-python=${STAGING_BINDIR}/python --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma"
+EXTRA_OECONF_linuxstdbase = "--without-python --with-debug --with-legacy --with-catalog --with-docbook --with-c14n --without-lzma"
 
 # required for pythong binding
 export HOST_SYS
diff --git a/meta/recipes-core/libxml/libxml2_2.8.0.bb b/meta/recipes-core/libxml/libxml2_2.8.0.bb
index 243789c..fe9ec05 100644
--- a/meta/recipes-core/libxml/libxml2_2.8.0.bb
+++ b/meta/recipes-core/libxml/libxml2_2.8.0.bb
@@ -1,6 +1,6 @@
 require libxml2.inc
 
-PR = "r0"
+PR = "r1"
 
 SRC_URI[md5sum] = "c62106f02ee00b6437f0fb9d370c1093"
 SRC_URI[sha256sum] = "f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a"
-- 
1.7.9.5

[PATCH 16/16] squashfs: fix for CVE-2012-4024

[Scott Garman]

From: "yanjun.zhu" <yanjun.zhu@windriver.com>

Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123

Fix potential stack overflow in get_component() where an individual
pathname component in an extract file (specified on the command line
or in an extract file) could exceed the 1024 byte sized targname
allocated on the stack.

Fix by dynamically allocating targname rather than storing it as
a fixed size on the stack.

[YOCTO #3513]

Fixes denzil [YOCTO #3520]

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
 .../patches/squashfs-4.2-fix-CVE-2012-4024.patch   |   72 ++++++++++++++++++++
 .../squashfs-tools/squashfs-tools_4.2.bb           |    3 +
 2 files changed, 75 insertions(+)
 create mode 100644 meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch

diff --git a/meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch b/meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch
new file mode 100644
index 0000000..8b9904f
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4024.patch
@@ -0,0 +1,72 @@
+Upstream-Status: Backport
+
+Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
+squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123
+
+Fix potential stack overflow in get_component() where an individual
+pathname component in an extract file (specified on the command line
+or in an extract file) could exceed the 1024 byte sized targname
+allocated on the stack.
+
+Fix by dynamically allocating targname rather than storing it as
+a fixed size on the stack.
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/unsquashfs.c b/unsquashfs.c
+--- a/unsquashfs.c	2012-11-29 17:04:08.000000000 +0800
++++ b/unsquashfs.c	2012-11-29 17:04:25.000000000 +0800
+@@ -1034,15 +1034,18 @@ void squashfs_closedir(struct dir *dir)
+ }
+ 
+ 
+-char *get_component(char *target, char *targname)
++char *get_component(char *target, char **targname)
+ {
++	char *start;
++
+ 	while(*target == '/')
+ 		target ++;
+ 
++	start = target;
+ 	while(*target != '/' && *target!= '\0')
+-		*targname ++ = *target ++;
++		target ++;
+ 
+-	*targname = '\0';
++	*targname = strndup(start, target - start);
+ 
+ 	return target;
+ }
+@@ -1068,12 +1071,12 @@ void free_path(struct pathname *paths)
+ 
+ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
+ {
+-	char targname[1024];
++	char *targname;
+ 	int i, error;
+ 
+ 	TRACE("add_path: adding \"%s\" extract file\n", target);
+ 
+-	target = get_component(target, targname);
++	target = get_component(target, &targname);
+ 
+ 	if(paths == NULL) {
+ 		paths = malloc(sizeof(struct pathname));
+@@ -1097,7 +1100,7 @@ struct pathname *add_path(struct pathnam
+ 			sizeof(struct path_entry));
+ 		if(paths->name == NULL)
+ 			EXIT_UNSQUASH("Out of memory in add_path\n");	
+-		paths->name[i].name = strdup(targname);
++		paths->name[i].name = targname;
+ 		paths->name[i].paths = NULL;
+ 		if(use_regex) {
+ 			paths->name[i].preg = malloc(sizeof(regex_t));
+@@ -1130,6 +1133,8 @@ struct pathname *add_path(struct pathnam
+ 		/*
+ 		 * existing matching entry
+ 		 */
++		free(targname);
++
+ 		if(paths->name[i].paths == NULL) {
+ 			/*
+ 			 * No sub-directory which means this is the leaf
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
index c54081b..9922f1e 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
@@ -3,6 +3,7 @@
 DESCRIPTION = "Tools to manipulate Squashfs filesystems."
 SECTION = "base"
 LICENSE = "GPL-2 & PD"
+FILESEXTRAPATHS_prepend := "${THISDIR}/patches:"
 LIC_FILES_CHKSUM = "file://../COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
                     file://../../7zC.txt;beginline=12;endline=16;md5=2056cd6d919ebc3807602143c7449a7c \
                    "
@@ -12,6 +13,8 @@ PR = "1"
 SRC_URI = "${SOURCEFORGE_MIRROR}/squashfs/squashfs${PV}.tar.gz;name=squashfs \
            http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2;name=lzma \
           "
+SRC_URI += "file://squashfs-4.2-fix-CVE-2012-4024.patch \
+           " 
 SRC_URI[squashfs.md5sum] = "1b7a781fb4cf8938842279bd3e8ee852"
 SRC_URI[squashfs.sha256sum] = "d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96"
 SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759"
-- 
1.7.9.5

Re: [PATCH 00/16] denzil pull request 4

[Richard Purdie]

On Thu, 2012-12-06 at 21:01 -0800, Scott Garman wrote:
> Hello,
> 
> The following changes since commit c15fae372cf75403facc28cf76f973b1279425dd:
> 
>   openssl: add deprecated and unmaintained find.pl from perl-5.14 to fix perlpath.pl (2012-10-04 09:08:16 -0700)
> 
> are available in the git repository at:
> 
>   git://git.openembedded.org/openembedded-core-contrib sgarman/denzil-next-pull4
>   http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=sgarman/denzil-next-pull4

Merged into denzil, thanks.

Richard