[PATCH 00/12] Dizzy 1.7.1 additions

[PATCH 00/12] Dizzy 1.7.1 additions

[Armin Kuster]

please consider this for inclusion for 1.7.1
Many security fixes and kernel update.

The following changes since commit f4d9d7bc206aaf30ea5c72675df139425a2c8d90:

  lbdrm: fix build issue. (2014-12-27 08:43:41 -0800)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib akuster/dizzy_1_7_1
  http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy_1_7_1

Armin Kuster (1):
  binutils: several security fixes

Bruce Ashfield (6):
  linux-yocto/3.10: 8250/8250_dw: fix compile failure due to
    stable/Yocto conflict
  linux-yocto/3.10: update to v3.10.59
  linux-yocto/3.10: update to v3.10.62
  linux-yocto/3.14: update to v3.14.24
  linux-yocto/3.14: update to 3.14.26, integrate ltsi and -rt updates
  lttng-modules: fix mm_compaction_isolate_template build

Jackie Huang (1):
  packagegroup-self-hosted: add git-perltools

Otavio Salvador (1):
  sysvinit-inittab: Disable the carrier detect requirement for serial
    consoles

Richard Purdie (2):
  report-error: Handle the case no logfile exists
  image: Avoid race over directory creation

Sona Sarmadi (1):
  bind: fix for CVE-2014-8500

 meta/classes/image.bbclass                         |   1 +
 meta/classes/report-error.bbclass                  |   9 +-
 .../bind/bind/bind9_9_5-CVE-2014-8500.patch        | 990 +++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.9.5.bb       |   1 +
 .../packagegroups/packagegroup-self-hosted.bb      |   1 +
 .../sysvinit/sysvinit-inittab_2.88dsf.bb           |   2 +-
 meta/recipes-devtools/binutils/binutils-2.24.inc   |   8 +
 .../binutils/binutils/binutils_CVE-2014-8484.patch |  67 ++
 .../binutils/binutils/binutils_CVE-2014-8485.patch | 102 +++
 .../binutils/binutils/binutils_CVE-2014-8501.patch |  60 ++
 .../binutils/binutils/binutils_CVE-2014-8502.patch |  89 ++
 .../binutils/binutils_CVE-2014-8502_1.patch        | 523 +++++++++++
 .../binutils/binutils/binutils_CVE-2014-8503.patch |  47 +
 .../binutils/binutils/binutils_CVE-2014-8504.patch |  75 ++
 .../binutils/binutils/binutils_CVE-2014-8737.patch | 177 ++++
 meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb   |   8 +-
 meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb   |   8 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto_3.10.bb      |  18 +-
 meta/recipes-kernel/linux/linux-yocto_3.14.bb      |  18 +-
 ...-fix-mm_compaction_isolate_template-build.patch |  41 +
 meta/recipes-kernel/lttng/lttng-modules_2.5.0.bb   |   1 +
 23 files changed, 2222 insertions(+), 36 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8484.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502_1.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8503.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/compaction-fix-mm_compaction_isolate_template-build.patch

-- 
1.9.1

[PATCH 01/12] binutils: several security fixes

[Armin Kuster]

CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737

and one supporting patch.

[Yocto # 7084]

(From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/binutils/binutils-2.24.inc   |   8 +
 .../binutils/binutils/binutils_CVE-2014-8484.patch |  67 +++
 .../binutils/binutils/binutils_CVE-2014-8485.patch | 102 ++++
 .../binutils/binutils/binutils_CVE-2014-8501.patch |  60 +++
 .../binutils/binutils/binutils_CVE-2014-8502.patch |  89 ++++
 .../binutils/binutils_CVE-2014-8502_1.patch        | 523 +++++++++++++++++++++
 .../binutils/binutils/binutils_CVE-2014-8503.patch |  47 ++
 .../binutils/binutils/binutils_CVE-2014-8504.patch |  75 +++
 .../binutils/binutils/binutils_CVE-2014-8737.patch | 177 +++++++
 9 files changed, 1148 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8484.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502_1.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8503.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.24.inc b/meta/recipes-devtools/binutils/binutils-2.24.inc
index 8f3216f..63c9287 100644
--- a/meta/recipes-devtools/binutils/binutils-2.24.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.24.inc
@@ -32,6 +32,14 @@ SRC_URI = "\
      file://replace_macros_with_static_inline.patch \
      file://0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch \
      file://binutils-uninitialised-warning.patch \
+     file://binutils_CVE-2014-8484.patch \
+     file://binutils_CVE-2014-8485.patch \
+     file://binutils_CVE-2014-8501.patch \
+     file://binutils_CVE-2014-8502_1.patch \
+     file://binutils_CVE-2014-8502.patch \
+     file://binutils_CVE-2014-8503.patch \
+     file://binutils_CVE-2014-8504.patch \
+     file://binutils_CVE-2014-8737.patch \
      "
 
 SRC_URI[md5sum] = "e0f71a7b2ddab0f8612336ac81d9636b"
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8484.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8484.patch
new file mode 100644
index 0000000..e789499
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8484.patch
@@ -0,0 +1,67 @@
+Upstream-Status: Backport
+
+CVE-2014-8484 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From bd25671c6f202c4a5108883caa2adb24ff6f361f Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 29 Aug 2014 10:36:29 +0930
+Subject: [PATCH] Report an error for S-records with less than the miniumum
+ size
+
+	* srec.c (srec_scan): Revert last change.  Report an error for
+	S-records with less than the miniumum byte count.
+---
+ bfd/ChangeLog |  5 +++++
+ bfd/srec.c    | 18 +++++++++++++++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+Index: binutils-2.24/bfd/srec.c
+===================================================================
+--- binutils-2.24.orig/bfd/srec.c
++++ binutils-2.24/bfd/srec.c
+@@ -455,7 +455,7 @@ srec_scan (bfd *abfd)
+ 	  {
+ 	    file_ptr pos;
+ 	    char hdr[3];
+-	    unsigned int bytes;
++	    unsigned int bytes, min_bytes;
+ 	    bfd_vma address;
+ 	    bfd_byte *data;
+ 	    unsigned char check_sum;
+@@ -478,6 +478,19 @@ srec_scan (bfd *abfd)
+ 	      }
+ 
+ 	    check_sum = bytes = HEX (hdr + 1);
++	    min_bytes = 3;
++	    if (hdr[0] == '2' || hdr[0] == '8')
++	      min_bytes = 4;
++	    else if (hdr[0] == '3' || hdr[0] == '7')
++	      min_bytes = 5;
++	    if (bytes < min_bytes)
++	      {
++		(*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"),
++				       abfd, lineno, bytes);
++		bfd_set_error (bfd_error_bad_value);
++		goto error_return;
++	      }
++
+ 	    if (bytes * 2 > bufsize)
+ 	      {
+ 		if (buf != NULL)
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2014-08-29  Alan Modra  <amodra@gmail.com>
++
++       * srec.c (srec_scan): Revert last change.  Report an error for
++       S-records with less than the miniumum byte count.
++
+ 2013-12-02  Tristan Gingold  <gingold@adacore.com>
+ 
+ 	* configure.in: Bump version to 2.24
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
new file mode 100644
index 0000000..ec3308b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
@@ -0,0 +1,102 @@
+Upstream-Status: Backport
+
+CVE-2014-8485 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 493a33860c71cac998f1a56d6d87d6faa801fbaa Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Oct 2014 12:43:16 +0000
+Subject: [PATCH] This patch closes a potential security hole in applications
+ that use the bfd library to parse binaries containing maliciously corrupt
+ section group headers.
+
+	PR binutils/17510
+	* elf.c (setup_group): Improve handling of corrupt group
+	sections.
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/elf.c     | 34 ++++++++++++++++++++++++++++++----
+ 2 files changed, 36 insertions(+), 4 deletions(-)
+
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
++++ binutils-2.24/bfd/elf.c
+@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+ 		  if (shdr->contents == NULL)
+ 		    {
+ 		      _bfd_error_handler
+-			(_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
++			(_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+ 		      bfd_set_error (bfd_error_bad_value);
+-		      return FALSE;
++		      -- num_group;
++		      continue;
+ 		    }
+ 
+ 		  memset (shdr->contents, 0, amt);
+@@ -618,7 +619,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+ 		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+ 		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+ 			  != shdr->sh_size))
+-		    return FALSE;
++		    {
++		      _bfd_error_handler
++			(_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
++		      bfd_set_error (bfd_error_bad_value);
++		      -- num_group;
++		      /* PR 17510: If the group contents are even partially
++			 corrupt, do not allow any of the contents to be used.  */
++		      memset (shdr->contents, 0, amt);
++		      continue;
++		    }
+ 
+ 		  /* Translate raw contents, a flag word followed by an
+ 		     array of elf section indices all in target byte order,
+@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+ 		    }
+ 		}
+ 	    }
++
++	  /* PR 17510: Corrupt binaries might contain invalid groups.  */
++	  if (num_group != (unsigned) elf_tdata (abfd)->num_group)
++	    {
++	      elf_tdata (abfd)->num_group = num_group;
++
++	      /* If all groups are invalid then fail.  */
++	      if (num_group == 0)
++		{
++		  elf_tdata (abfd)->group_sect_ptr = NULL;
++		  elf_tdata (abfd)->num_group = num_group = -1;
++		  (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
++		  bfd_set_error (bfd_error_bad_value);
++		}
++	    }
+ 	}
+     }
+ 
+@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+     {
+       (*_bfd_error_handler) (_("%B: no group info for section %A"),
+ 			     abfd, newsect);
++      return FALSE;
+     }
+   return TRUE;
+ }
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2014-10-27  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/17510
++       * elf.c (setup_group): Improve handling of corrupt group
++       sections.
++
+ 2014-08-29  Alan Modra  <amodra@gmail.com>
+ 
+        * srec.c (srec_scan): Revert last change.  Report an error for
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
new file mode 100644
index 0000000..a48fe9b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
@@ -0,0 +1,60 @@
+Upstream-Status: Backport
+
+CVE-2014-8501 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 7e1e19887abd24aeb15066b141cdff5541e0ec8e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Oct 2014 14:45:06 +0000
+Subject: [PATCH] Fix a seg-fault in strings and other binutuils when parsing a
+ corrupt PE executable with an invalid value in the NumberOfRvaAndSizes field
+ of the AOUT header.
+
+	PR binutils/17512
+	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
+	with an invalid value for NumberOfRvaAndSizes.
+---
+ bfd/ChangeLog  |  4 ++++
+ bfd/peXXigen.c | 12 ++++++++++++
+ 2 files changed, 16 insertions(+)
+
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -460,6 +460,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
+   {
+     int idx;
+ 
++    /* PR 17512: Corrupt PE binaries can cause seg-faults.  */
++    if (a->NumberOfRvaAndSizes > 16)
++      {
++	(*_bfd_error_handler)
++	  (_("%B: aout header specifies an invalid number of data-directory entries: %d"),
++	   abfd, a->NumberOfRvaAndSizes);
++	/* Paranoia: If the number is corrupt, then assume that the
++	   actual entries themselves might be corrupt as well.  */
++	a->NumberOfRvaAndSizes = 0;
++      }
++
++
+     for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
+       {
+         /* If data directory is empty, rva also should be 0.  */
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2014-10-27  Nick Clifton  <nickc@redhat.com>
+ 
++       PR binutils/17512
++       * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
++       with an invalid value for NumberOfRvaAndSizes.
++
+        PR binutils/17510
+        * elf.c (setup_group): Improve handling of corrupt group
+        sections.
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
new file mode 100644
index 0000000..05af65b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
@@ -0,0 +1,89 @@
+Upstream-Status: Backport
+
+CVE-2014-8502 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Oct 2014 15:42:56 +0000
+Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
+
+	PR binutils/17512
+	* elf.c (bfd_section_from_shdr): Allocate and free the recursion
+	detection table on a per-bfd basis.
+	* peXXigen.c (pe_print_edata): Handle binaries with a truncated
+	export table.
+---
+ bfd/ChangeLog  |  8 ++++++++
+ bfd/elf.c      | 16 +++++++++++++---
+ bfd/peXXigen.c |  9 +++++++++
+ 3 files changed, 30 insertions(+), 3 deletions(-)
+
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
+ 	}
+     }
+ 
++  /* PR 17512: Handle corrupt PE binaries.  */
++  if (datasize < 36)
++    {
++      fprintf (file,
++	       _("\nThere is an export table in %s, but it is too small (%d)\n"),
++	       section->name, (int) datasize);
++      return TRUE;
++    }
++
+   fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
+ 	   section->name, (unsigned long) addr);
+ 
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
++++ binutils-2.24/bfd/elf.c
+@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   const char *name;
+   bfd_boolean ret = TRUE;
+   static bfd_boolean * sections_being_created = NULL;
++  static bfd * sections_being_created_abfd = NULL;
+   static unsigned int nesting = 0;
+ 
+   if (shindex >= elf_numsections (abfd))
+@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	 loop.  Detect this here, by refusing to load a section that we are
+ 	 already in the process of loading.  We only trigger this test if
+ 	 we have nested at least three sections deep as normal ELF binaries
+-	 can expect to recurse at least once.  */
++	 can expect to recurse at least once.  
++     
++     FIXME: It would be better if this array was attached to the bfd,
++     rather than being held in a static pointer.  */
++     
++      if (sections_being_created_abfd != abfd)
++        sections_being_created = NULL;
+       
+       if (sections_being_created == NULL)
+ 	{
+ 	  /* FIXME: It would be more efficient to attach this array to the bfd somehow.  */
+ 	  sections_being_created = (bfd_boolean *)
+ 	    bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
++        sections_being_created_abfd = abfd;
+ 	}
+       if (sections_being_created [shindex])
+ 	{
+@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   if (sections_being_created)
+     sections_being_created [shindex] = FALSE;
+   if (-- nesting == 0)
++  {
+     sections_being_created = NULL;
++    sections_being_created_abfd = abfd;
++  }
+   return ret;
+ }
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502_1.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502_1.patch
new file mode 100644
index 0000000..9e0c9c8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502_1.patch
@@ -0,0 +1,523 @@
+Upstream-Status: Backport
+
+CVE-2014-8502 supporting patch.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From bf67003b4567600ed3022a439207ac8f26454f91 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Oct 2014 18:05:37 +0000
+Subject: [PATCH] This fixes more seg-faults in tools like "strings" and
+ "objdump" when presented with corrupt binaries.
+
+	PR binutils/17512
+	* elf.c (bfd_section_from_shdr): Detect and warn about ELF
+	binaries with a group of sections linked by the string table
+	indicies.
+	* peXXigen.c (pe_print_edata): Detect out of range rvas and
+	entry counts for the Export Address table, Name Pointer table
+	 and Ordinal table.
+---
+ bfd/ChangeLog  |   5 ++
+ bfd/elf.c      | 194 ++++++++++++++++++++++++++++++++++++++-------------------
+ bfd/peXXigen.c |  18 +++++-
+ 3 files changed, 150 insertions(+), 67 deletions(-)
+
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
++++ binutils-2.24/bfd/elf.c
+@@ -1574,38 +1574,67 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   Elf_Internal_Ehdr *ehdr;
+   const struct elf_backend_data *bed;
+   const char *name;
++  bfd_boolean ret = TRUE;
++  static bfd_boolean * sections_being_created = NULL;
++  static unsigned int nesting = 0;
+ 
+   if (shindex >= elf_numsections (abfd))
+     return FALSE;
+ 
++  if (++ nesting > 3)
++    {
++      /* PR17512: A corrupt ELF binary might contain a recursive group of
++	 sections, each the string indicies pointing to the next in the
++	 loop.  Detect this here, by refusing to load a section that we are
++	 already in the process of loading.  We only trigger this test if
++	 we have nested at least three sections deep as normal ELF binaries
++	 can expect to recurse at least once.  */
++      
++      if (sections_being_created == NULL)
++	{
++	  /* FIXME: It would be more efficient to attach this array to the bfd somehow.  */
++	  sections_being_created = (bfd_boolean *)
++	    bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
++	}
++      if (sections_being_created [shindex])
++	{
++	  (*_bfd_error_handler)
++	    (_("%B: warning: loop in section dependencies detected"), abfd);
++	  return FALSE;
++	}
++      sections_being_created [shindex] = TRUE;
++    }
++
+   hdr = elf_elfsections (abfd)[shindex];
+   ehdr = elf_elfheader (abfd);
+   name = bfd_elf_string_from_elf_section (abfd, ehdr->e_shstrndx,
+ 					  hdr->sh_name);
+   if (name == NULL)
+-    return FALSE;
++    goto fail;
+ 
+   bed = get_elf_backend_data (abfd);
+   switch (hdr->sh_type)
+     {
+     case SHT_NULL:
+       /* Inactive section. Throw it away.  */
+-      return TRUE;
++      goto success;
+ 
+-    case SHT_PROGBITS:	/* Normal section with contents.  */
+-    case SHT_NOBITS:	/* .bss section.  */
+-    case SHT_HASH:	/* .hash section.  */
+-    case SHT_NOTE:	/* .note section.  */
++    case SHT_PROGBITS:		/* Normal section with contents.  */
++    case SHT_NOBITS:		/* .bss section.  */
++    case SHT_HASH:		/* .hash section.  */
++    case SHT_NOTE:		/* .note section.  */
+     case SHT_INIT_ARRAY:	/* .init_array section.  */
+     case SHT_FINI_ARRAY:	/* .fini_array section.  */
+     case SHT_PREINIT_ARRAY:	/* .preinit_array section.  */
+     case SHT_GNU_LIBLIST:	/* .gnu.liblist section.  */
+     case SHT_GNU_HASH:		/* .gnu.hash section.  */
+-      return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      goto success;
+ 
+     case SHT_DYNAMIC:	/* Dynamic linking information.  */
+       if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex))
+-	return FALSE;
++	goto fail;
++
+       if (hdr->sh_link > elf_numsections (abfd))
+ 	{
+ 	  /* PR 10478: Accept Solaris binaries with a sh_link
+@@ -1619,11 +1648,11 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		break;
+ 	      /* Otherwise fall through.  */
+ 	    default:
+-	      return FALSE;
++	      goto fail;
+ 	    }
+ 	}
+       else if (elf_elfsections (abfd)[hdr->sh_link] == NULL)
+-	return FALSE;
++	goto fail;
+       else if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != SHT_STRTAB)
+ 	{
+ 	  Elf_Internal_Shdr *dynsymhdr;
+@@ -1652,24 +1681,26 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		}
+ 	    }
+ 	}
+-      break;
++      goto success;
+ 
+-    case SHT_SYMTAB:		/* A symbol table */
++    case SHT_SYMTAB:		/* A symbol table.  */
+       if (elf_onesymtab (abfd) == shindex)
+-	return TRUE;
++	goto success;
+ 
+       if (hdr->sh_entsize != bed->s->sizeof_sym)
+-	return FALSE;
++	goto fail;
++
+       if (hdr->sh_info * hdr->sh_entsize > hdr->sh_size)
+ 	{
+ 	  if (hdr->sh_size != 0)
+-	    return FALSE;
++	    goto fail;
+ 	  /* Some assemblers erroneously set sh_info to one with a
+ 	     zero sh_size.  ld sees this as a global symbol count
+ 	     of (unsigned) -1.  Fix it here.  */
+ 	  hdr->sh_info = 0;
+-	  return TRUE;
++	  goto success;
+ 	}
++
+       BFD_ASSERT (elf_onesymtab (abfd) == 0);
+       elf_onesymtab (abfd) = shindex;
+       elf_tdata (abfd)->symtab_hdr = *hdr;
+@@ -1686,7 +1717,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	  && (abfd->flags & DYNAMIC) != 0
+ 	  && ! _bfd_elf_make_section_from_shdr (abfd, hdr, name,
+ 						shindex))
+-	return FALSE;
++	goto fail;
+ 
+       /* Go looking for SHT_SYMTAB_SHNDX too, since if there is one we
+ 	 can't read symbols without that section loaded as well.  It
+@@ -1712,26 +1743,29 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		  break;
+ 	      }
+ 	  if (i != shindex)
+-	    return bfd_section_from_shdr (abfd, i);
++	    ret = bfd_section_from_shdr (abfd, i);
+ 	}
+-      return TRUE;
++      goto success;
+ 
+-    case SHT_DYNSYM:		/* A dynamic symbol table */
++    case SHT_DYNSYM:		/* A dynamic symbol table.  */
+       if (elf_dynsymtab (abfd) == shindex)
+-	return TRUE;
++	goto success;
+ 
+       if (hdr->sh_entsize != bed->s->sizeof_sym)
+-	return FALSE;
++	goto fail;
++
+       if (hdr->sh_info * hdr->sh_entsize > hdr->sh_size)
+ 	{
+ 	  if (hdr->sh_size != 0)
+-	    return FALSE;
++	    goto fail;
++
+ 	  /* Some linkers erroneously set sh_info to one with a
+ 	     zero sh_size.  ld sees this as a global symbol count
+ 	     of (unsigned) -1.  Fix it here.  */
+ 	  hdr->sh_info = 0;
+-	  return TRUE;
++	  goto success;
+ 	}
++
+       BFD_ASSERT (elf_dynsymtab (abfd) == 0);
+       elf_dynsymtab (abfd) = shindex;
+       elf_tdata (abfd)->dynsymtab_hdr = *hdr;
+@@ -1740,34 +1774,38 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 
+       /* Besides being a symbol table, we also treat this as a regular
+ 	 section, so that objcopy can handle it.  */
+-      return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      goto success;
+ 
+-    case SHT_SYMTAB_SHNDX:	/* Symbol section indices when >64k sections */
++    case SHT_SYMTAB_SHNDX:	/* Symbol section indices when >64k sections.  */
+       if (elf_symtab_shndx (abfd) == shindex)
+-	return TRUE;
++	goto success;
+ 
+       BFD_ASSERT (elf_symtab_shndx (abfd) == 0);
+       elf_symtab_shndx (abfd) = shindex;
+       elf_tdata (abfd)->symtab_shndx_hdr = *hdr;
+       elf_elfsections (abfd)[shindex] = &elf_tdata (abfd)->symtab_shndx_hdr;
+-      return TRUE;
++      goto success;
+ 
+-    case SHT_STRTAB:		/* A string table */
++    case SHT_STRTAB:		/* A string table.  */
+       if (hdr->bfd_section != NULL)
+-	return TRUE;
++	goto success;
++
+       if (ehdr->e_shstrndx == shindex)
+ 	{
+ 	  elf_tdata (abfd)->shstrtab_hdr = *hdr;
+ 	  elf_elfsections (abfd)[shindex] = &elf_tdata (abfd)->shstrtab_hdr;
+-	  return TRUE;
++	  goto success;
+ 	}
++
+       if (elf_elfsections (abfd)[elf_onesymtab (abfd)]->sh_link == shindex)
+ 	{
+ 	symtab_strtab:
+ 	  elf_tdata (abfd)->strtab_hdr = *hdr;
+ 	  elf_elfsections (abfd)[shindex] = &elf_tdata (abfd)->strtab_hdr;
+-	  return TRUE;
++	  goto success;
+ 	}
++
+       if (elf_elfsections (abfd)[elf_dynsymtab (abfd)]->sh_link == shindex)
+ 	{
+ 	dynsymtab_strtab:
+@@ -1776,8 +1814,9 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	  elf_elfsections (abfd)[shindex] = hdr;
+ 	  /* We also treat this as a regular section, so that objcopy
+ 	     can handle it.  */
+-	  return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
+-						  shindex);
++	  ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name,
++						 shindex);
++	  goto success;
+ 	}
+ 
+       /* If the string table isn't one of the above, then treat it as a
+@@ -1795,9 +1834,9 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		{
+ 		  /* Prevent endless recursion on broken objects.  */
+ 		  if (i == shindex)
+-		    return FALSE;
++		    goto fail;
+ 		  if (! bfd_section_from_shdr (abfd, i))
+-		    return FALSE;
++		    goto fail;
+ 		  if (elf_onesymtab (abfd) == i)
+ 		    goto symtab_strtab;
+ 		  if (elf_dynsymtab (abfd) == i)
+@@ -1805,7 +1844,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		}
+ 	    }
+ 	}
+-      return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      goto success;
+ 
+     case SHT_REL:
+     case SHT_RELA:
+@@ -1820,7 +1860,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	if (hdr->sh_entsize
+ 	    != (bfd_size_type) (hdr->sh_type == SHT_REL
+ 				? bed->s->sizeof_rel : bed->s->sizeof_rela))
+-	  return FALSE;
++	  goto fail;
+ 
+ 	/* Check for a bogus link to avoid crashing.  */
+ 	if (hdr->sh_link >= num_sec)
+@@ -1828,8 +1868,9 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	    ((*_bfd_error_handler)
+ 	     (_("%B: invalid link %lu for reloc section %s (index %u)"),
+ 	      abfd, hdr->sh_link, name, shindex));
+-	    return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
+-						    shindex);
++	    ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name,
++						   shindex);
++	    goto success;
+ 	  }
+ 
+ 	/* For some incomprehensible reason Oracle distributes
+@@ -1870,7 +1911,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	if ((elf_elfsections (abfd)[hdr->sh_link]->sh_type == SHT_SYMTAB
+ 	     || elf_elfsections (abfd)[hdr->sh_link]->sh_type == SHT_DYNSYM)
+ 	    && ! bfd_section_from_shdr (abfd, hdr->sh_link))
+-	  return FALSE;
++	  goto fail;
+ 
+ 	/* If this reloc section does not use the main symbol table we
+ 	   don't treat it as a reloc section.  BFD can't adequately
+@@ -1885,14 +1926,18 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	    || hdr->sh_info >= num_sec
+ 	    || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
+ 	    || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
+-	  return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
+-						  shindex);
++	  {
++	    ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name,
++						   shindex);
++	    goto success;
++	  }
+ 
+ 	if (! bfd_section_from_shdr (abfd, hdr->sh_info))
+-	  return FALSE;
++	  goto fail;
++
+ 	target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info);
+ 	if (target_sect == NULL)
+-	  return FALSE;
++	  goto fail;
+ 
+ 	esdt = elf_section_data (target_sect);
+ 	if (hdr->sh_type == SHT_RELA)
+@@ -1904,7 +1949,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	amt = sizeof (*hdr2);
+ 	hdr2 = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
+ 	if (hdr2 == NULL)
+-	  return FALSE;
++	  goto fail;
+ 	*hdr2 = *hdr;
+ 	*p_hdr = hdr2;
+ 	elf_elfsections (abfd)[shindex] = hdr2;
+@@ -1920,34 +1965,40 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	      target_sect->use_rela_p = 1;
+ 	  }
+ 	abfd->flags |= HAS_RELOC;
+-	return TRUE;
++	goto success;
+       }
+ 
+     case SHT_GNU_verdef:
+       elf_dynverdef (abfd) = shindex;
+       elf_tdata (abfd)->dynverdef_hdr = *hdr;
+-      return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      goto success;
+ 
+     case SHT_GNU_versym:
+       if (hdr->sh_entsize != sizeof (Elf_External_Versym))
+-	return FALSE;
++	goto fail;
++
+       elf_dynversym (abfd) = shindex;
+       elf_tdata (abfd)->dynversym_hdr = *hdr;
+-      return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      goto success;
+ 
+     case SHT_GNU_verneed:
+       elf_dynverref (abfd) = shindex;
+       elf_tdata (abfd)->dynverref_hdr = *hdr;
+-      return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++      goto success;
+ 
+     case SHT_SHLIB:
+-      return TRUE;
++      goto success;
+ 
+     case SHT_GROUP:
+       if (! IS_VALID_GROUP_SECTION_HEADER (hdr, GRP_ENTRY_SIZE))
+-	return FALSE;
++	goto fail;
++
+       if (!_bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex))
+-	return FALSE;
++	goto fail;
++
+       if (hdr->contents != NULL)
+ 	{
+ 	  Elf_Internal_Group *idx = (Elf_Internal_Group *) hdr->contents;
+@@ -1973,7 +2024,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		}
+ 	    }
+ 	}
+-      break;
++      goto success;
+ 
+     default:
+       /* Possibly an attributes section.  */
+@@ -1981,14 +2032,14 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	  || hdr->sh_type == bed->obj_attrs_section_type)
+ 	{
+ 	  if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex))
+-	    return FALSE;
++	    goto fail;
+ 	  _bfd_elf_parse_attributes (abfd, hdr);
+-	  return TRUE;
++	  goto success;
+ 	}
+ 
+       /* Check for any processor-specific section types.  */
+       if (bed->elf_backend_section_from_shdr (abfd, hdr, name, shindex))
+-	return TRUE;
++	goto success;
+ 
+       if (hdr->sh_type >= SHT_LOUSER && hdr->sh_type <= SHT_HIUSER)
+ 	{
+@@ -2000,9 +2051,12 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		 "specific section `%s' [0x%8x]"),
+ 	       abfd, name, hdr->sh_type);
+ 	  else
+-	    /* Allow sections reserved for applications.  */
+-	    return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
+-						    shindex);
++	    {
++	      /* Allow sections reserved for applications.  */
++	      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name,
++						     shindex);
++	      goto success;
++	    }
+ 	}
+       else if (hdr->sh_type >= SHT_LOPROC
+ 	       && hdr->sh_type <= SHT_HIPROC)
+@@ -2023,8 +2077,11 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 		 "`%s' [0x%8x]"),
+ 	       abfd, name, hdr->sh_type);
+ 	  else
+-	    /* Otherwise it should be processed.  */
+-	    return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++	    {
++	      /* Otherwise it should be processed.  */
++	      ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
++	      goto success;
++	    }
+ 	}
+       else
+ 	/* FIXME: We should handle this section.  */
+@@ -2032,10 +2089,17 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ 	  (_("%B: don't know how to handle section `%s' [0x%8x]"),
+ 	   abfd, name, hdr->sh_type);
+ 
+-      return FALSE;
++      goto fail;
+     }
+ 
+-  return TRUE;
++ fail:
++  ret = FALSE;
++ success:
++  if (sections_being_created)
++    sections_being_created [shindex] = FALSE;
++  if (-- nesting == 0)
++    sections_being_created = NULL;
++  return ret;
+ }
+ 
+ /* Return the local symbol specified by ABFD, R_SYMNDX.  */
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -1528,7 +1528,12 @@ pe_print_edata (bfd * abfd, void * vfile
+ 	  _("\nExport Address Table -- Ordinal Base %ld\n"),
+ 	  edt.base);
+ 
+-  for (i = 0; i < edt.num_functions; ++i)
++  /* PR 17512: Handle corrupt PE binaries.  */
++  if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize)
++    fprintf (file, _("\tInvalid Export Address Table rva (0x%lx) or entry count (0x%lx)\n"),
++	     (long) edt.eat_addr,
++	     (long) edt.num_functions);
++  else for (i = 0; i < edt.num_functions; ++i)
+     {
+       bfd_vma eat_member = bfd_get_32 (abfd,
+ 				       data + edt.eat_addr + (i * 4) - adj);
+@@ -1564,7 +1569,16 @@ pe_print_edata (bfd * abfd, void * vfile
+   fprintf (file,
+ 	   _("\n[Ordinal/Name Pointer] Table\n"));
+ 
+-  for (i = 0; i < edt.num_names; ++i)
++  /* PR 17512: Handle corrupt PE binaries.  */
++  if (edt.npt_addr + (edt.num_names * 4) - adj >= datasize)
++    fprintf (file, _("\tInvalid Name Pointer Table rva (0x%lx) or entry count (0x%lx)\n"),
++	     (long) edt.npt_addr,
++	     (long) edt.num_names);
++  else if (edt.ot_addr + (edt.num_names * 2) - adj >= datasize)
++    fprintf (file, _("\tInvalid Ordinal Table rva (0x%lx) or entry count (0x%lx)\n"),
++	     (long) edt.ot_addr,
++	     (long) edt.num_names);
++  else for (i = 0; i < edt.num_names; ++i)
+     {
+       bfd_vma name_ptr = bfd_get_32 (abfd,
+ 				    data +
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,8 +1,13 @@
+ 2014-10-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/17512
++       * elf.c (bfd_section_from_shdr): Detect and warn about ELF
++       binaries with a group of sections linked by the string table
++       indicies.
+        * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
+        with an invalid value for NumberOfRvaAndSizes.
++       (pe_print_edata): Detect out of range rvas and entry counts for
++       the Export Address table, Name Pointer table and Ordinal table.
+ 
+        PR binutils/17510
+        * elf.c (setup_group): Improve handling of corrupt group
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8503.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8503.patch
new file mode 100644
index 0000000..2dd3354
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8503.patch
@@ -0,0 +1,47 @@
+Upstream-Status: Backport
+
+CVE-2014-8503 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 0102ea8cec5fc509bba6c91df61b7ce23a799d32 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 30 Oct 2014 17:16:17 +0000
+Subject: [PATCH] Fixes a seg-fault in the ihex parser when it encounters a
+ malformed ihex file.
+
+	PR binutils/17512
+	* ihex.c (ihex_scan): Fix typo in invocation of ihex_bad_byte.
+---
+ bfd/ChangeLog | 1 +
+ bfd/ihex.c    | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+Index: binutils-2.24/bfd/ihex.c
+===================================================================
+--- binutils-2.24.orig/bfd/ihex.c
++++ binutils-2.24/bfd/ihex.c
+@@ -322,7 +322,7 @@ ihex_scan (bfd *abfd)
+ 	    {
+ 	      if (! ISHEX (buf[i]))
+ 		{
+-		  ihex_bad_byte (abfd, lineno, hdr[i], error);
++		  ihex_bad_byte (abfd, lineno, buf[i], error);
+ 		  goto error_return;
+ 		}
+ 	    }
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2014-10-30  Nick Clifton  <nickc@redhat.com>
++
++    PR binutils/17512
++    * ihex.c (ihex_scan): Fix typo in invocation of ihex_bad_byte.
++
+ 2014-10-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/17512
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
new file mode 100644
index 0000000..b4d1d1f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
@@ -0,0 +1,75 @@
+Upstream-Status: Backport
+
+CVE-2014-8504 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 708d7d0d11f0f2d776171979aa3479e8e12a38a0 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Oct 2014 10:48:14 +0000
+Subject: [PATCH] This patch fixes a flaw in the SREC parser which could cause
+ a stack overflow and potential secuiryt breach.
+
+	PR binutils/17510
+	* srec.c (srec_bad_byte): Increase size of buf to allow for
+	negative values.
+	(srec_scan): Use an unsigned char buffer to hold header bytes.
+---
+ bfd/ChangeLog  | 8 ++++++++
+ bfd/elf.c      | 2 +-
+ bfd/peXXigen.c | 1 -
+ bfd/srec.c     | 4 ++--
+ 4 files changed, 11 insertions(+), 4 deletions(-)
+
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2014-10-28  Andreas Schwab  <schwab@suse.de>
++       Nick Clifton  <nickc@redhat.com>
++
++   PR binutils/17510
++   * srec.c (srec_bad_byte): Increase size of buf to allow for
++   negative values.
++   (srec_scan): Use an unsigned char buffer to hold header bytes.
++
+ 2014-10-30  Nick Clifton  <nickc@redhat.com>
+ 
+     PR binutils/17512
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -471,7 +471,6 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
+ 	a->NumberOfRvaAndSizes = 0;
+       }
+ 
+-
+     for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
+       {
+         /* If data directory is empty, rva also should be 0.  */
+Index: binutils-2.24/bfd/srec.c
+===================================================================
+--- binutils-2.24.orig/bfd/srec.c
++++ binutils-2.24/bfd/srec.c
+@@ -248,7 +248,7 @@ srec_bad_byte (bfd *abfd,
+     }
+   else
+     {
+-      char buf[10];
++      char buf[40];
+ 
+       if (! ISPRINT (c))
+ 	sprintf (buf, "\\%03o", (unsigned int) c);
+@@ -454,7 +454,7 @@ srec_scan (bfd *abfd)
+ 	case 'S':
+ 	  {
+ 	    file_ptr pos;
+-	    char hdr[3];
++	    unsigned char hdr[3];
+ 	    unsigned int bytes, min_bytes;
+ 	    bfd_vma address;
+ 	    bfd_byte *data;
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch
new file mode 100644
index 0000000..4a84562
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch
@@ -0,0 +1,177 @@
+Upstream-Status: Backport
+
+CVE-2014-8737 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From dd9b91de2149ee81d47f708e7b0bbf57da10ad42 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 6 Nov 2014 14:49:10 +0000
+Subject: [PATCH] Prevent archive memebers with illegal pathnames from being
+ extracted from an archive.
+
+	PR binutils/17552, binutils/17533
+	* bucomm.c (is_valid_archive_path): New function.  Returns false
+	for absolute pathnames and pathnames that include /../.
+	* bucomm.h (is_valid_archive_path): Add prototype.
+	* ar.c (extract_file): Use new function to check for valid
+	pathnames when extracting files from an archive.
+	* objcopy.c (copy_archive): Likewise.
+	* doc/binutils.texi: Update documentation to mention the
+	limitation on pathname of archive members.
+---
+ binutils/ChangeLog         | 16 ++++++++++++++--
+ binutils/ar.c              |  9 +++++++++
+ binutils/bucomm.c          | 26 ++++++++++++++++++++++++++
+ binutils/bucomm.h          | 12 ++++++++----
+ binutils/doc/binutils.texi |  3 ++-
+ binutils/objcopy.c         |  6 ++++++
+ 6 files changed, 65 insertions(+), 7 deletions(-)
+
+Index: binutils-2.24/binutils/ar.c
+===================================================================
+--- binutils-2.24.orig/binutils/ar.c
++++ binutils-2.24/binutils/ar.c
+@@ -1031,6 +1031,15 @@ extract_file (bfd *abfd)
+   bfd_size_type size;
+   struct stat buf;
+ 
++  /* PR binutils/17533: Do not allow directory traversal
++     outside of the current directory tree.  */
++  if (! is_valid_archive_path (bfd_get_filename (abfd)))
++    {
++      non_fatal (_("illegal pathname found in archive member: %s"),
++		 bfd_get_filename (abfd));
++      return;
++    }
++
+   if (bfd_stat_arch_elt (abfd, &buf) != 0)
+     /* xgettext:c-format */
+     fatal (_("internal stat error on %s"), bfd_get_filename (abfd));
+Index: binutils-2.24/binutils/bucomm.c
+===================================================================
+--- binutils-2.24.orig/binutils/bucomm.c
++++ binutils-2.24/binutils/bucomm.c
+@@ -624,3 +624,29 @@ bfd_get_archive_filename (const bfd *abf
+ 	   bfd_get_filename (abfd));
+   return buf;
+ }
++
++/* Returns TRUE iff PATHNAME, a filename of an archive member,
++   is valid for writing.  For security reasons absolute paths
++   and paths containing /../ are not allowed.  See PR 17533.  */
++
++bfd_boolean
++is_valid_archive_path (char const * pathname)
++{
++  const char * n = pathname;
++
++  if (IS_ABSOLUTE_PATH (n))
++    return FALSE;
++
++  while (*n)
++    {
++      if (*n == '.' && *++n == '.' && ( ! *++n || IS_DIR_SEPARATOR (*n)))
++	return FALSE;
++
++      while (*n && ! IS_DIR_SEPARATOR (*n))
++	n++;
++      while (IS_DIR_SEPARATOR (*n))
++	n++;
++    }
++
++  return TRUE;
++}
+Index: binutils-2.24/binutils/bucomm.h
+===================================================================
+--- binutils-2.24.orig/binutils/bucomm.h
++++ binutils-2.24/binutils/bucomm.h
+@@ -23,6 +23,8 @@
+ #ifndef _BUCOMM_H
+ #define _BUCOMM_H
+ 
++/* In bucomm.c.  */
++
+ /* Return the filename in a static buffer.  */
+ const char *bfd_get_archive_filename (const bfd *);
+ 
+@@ -58,20 +60,22 @@ bfd_vma parse_vma (const char *, const c
+ 
+ off_t get_file_size (const char *);
+ 
++bfd_boolean is_valid_archive_path (char const *);
++
+ extern char *program_name;
+ 
+-/* filemode.c */
++/* In filemode.c.  */
+ void mode_string (unsigned long, char *);
+ 
+-/* version.c */
++/* In version.c.  */
+ extern void print_version (const char *);
+ 
+-/* rename.c */
++/* In rename.c.  */
+ extern void set_times (const char *, const struct stat *);
+ 
+ extern int smart_rename (const char *, const char *, int);
+ 
+-/* libiberty.  */
++/* In libiberty.  */
+ void *xmalloc (size_t);
+ 
+ void *xrealloc (void *, size_t);
+Index: binutils-2.24/binutils/doc/binutils.texi
+===================================================================
+--- binutils-2.24.orig/binutils/doc/binutils.texi
++++ binutils-2.24/binutils/doc/binutils.texi
+@@ -234,7 +234,8 @@ a normal archive.  Instead the elements
+ individually to the second archive.
+ 
+ The paths to the elements of the archive are stored relative to the
+-archive itself.
++archive itself.  For security reasons absolute paths and paths with a
++@code{/../} component are not allowed.
+ 
+ @cindex compatibility, @command{ar}
+ @cindex @command{ar} compatibility
+Index: binutils-2.24/binutils/objcopy.c
+===================================================================
+--- binutils-2.24.orig/binutils/objcopy.c
++++ binutils-2.24/binutils/objcopy.c
+@@ -2206,6 +2206,12 @@ copy_archive (bfd *ibfd, bfd *obfd, cons
+       bfd_boolean del = TRUE;
+       bfd_boolean ok_object;
+ 
++      /* PR binutils/17533: Do not allow directory traversal
++	 outside of the current directory tree by archive members.  */
++      if (! is_valid_archive_path (bfd_get_filename (this_element)))
++	fatal (_("illegal pathname found in archive member: %s"),
++	       bfd_get_filename (this_element));
++
+       /* Create an output file for this member.  */
+       output_name = concat (dir, "/",
+ 			    bfd_get_filename (this_element), (char *) 0);
+Index: binutils-2.24/binutils/ChangeLog
+===================================================================
+--- binutils-2.24.orig/binutils/ChangeLog
++++ binutils-2.24/binutils/ChangeLog
+@@ -1,3 +1,15 @@
++2014-11-06  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/17552, binutils/17533
++       * bucomm.c (is_valid_archive_path): New function.  Returns false
++       for absolute pathnames and pathnames that include /../.
++       * bucomm.h (is_valid_archive_path): Add prototype.
++       * ar.c (extract_file): Use new function to check for valid
++       pathnames when extracting files from an archive.
++       * objcopy.c (copy_archive): Likewise.
++       * doc/binutils.texi: Update documentation to mention the
++       limitation on pathname of archive members.
++
+ 2013-11-22  Cory Fields  <cory@coryfields.com>
+ 
+ 	* windres.c (define_resource): Use zero for timestamp, making
-- 
1.9.1

[PATCH 02/12] sysvinit-inittab: Disable the carrier detect requirement for serial consoles

[Armin Kuster]

From: Otavio Salvador <otavio@ossystems.com.br>

This aligns the params of getty with the ones used in Debian. From the
getty(8) manpage:

,----[ getty(8) manpage ]
|  -L, --local-line
|
|    Force the line to be a local line with no need for carrier
| 	 detect. This can be useful when you have a locally attached
| 	 terminal where the serial line does not set the carrier detect
| 	 signal.
`----

Reported-by: Craig McQueen <craig.mcqueen@beamcommunications.com>
(From OE-Core rev: a899c362be71cb7b94bd318c57702446b017005c)

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Tested-by: Craig McQueen <craig.mcqueen@beamcommunications.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
index c3244b4..657ef02 100644
--- a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
@@ -23,7 +23,7 @@ do_install() {
     do
 	j=`echo ${i} | sed s/\;/\ /g`
 	label=`echo ${i} | sed -e 's/^.*;tty//' -e 's/;.*//'`
-	echo "$label:12345:respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
+	echo "$label:12345:respawn:${base_sbindir}/getty -L ${j}" >> ${D}${sysconfdir}/inittab
     done
 
     if [ "${USE_VT}" = "1" ]; then
-- 
1.9.1

[PATCH 03/12] report-error: Handle the case no logfile exists

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

If the task fails early, no error log may exist. Currently we crash in
that case, this handles the situation more gracefully.

(From OE-Core rev: 1e6bfcab47f532677f87683ba2f5e5fb905e9ba5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/report-error.bbclass | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta/classes/report-error.bbclass b/meta/classes/report-error.bbclass
index 5fe2355..8b30422 100644
--- a/meta/classes/report-error.bbclass
+++ b/meta/classes/report-error.bbclass
@@ -44,11 +44,14 @@ python errorreport_handler () {
             task = e.task
             taskdata={}
             log = e.data.getVar('BB_LOGFILE', True)
-            logFile = open(log, 'r')
             taskdata['package'] = e.data.expand("${PF}")
             taskdata['task'] = task
-            taskdata['log'] = logFile.read()
-            logFile.close()
+            if log:
+                logFile = open(log, 'r')
+                taskdata['log'] = logFile.read()
+                logFile.close()
+            else:
+                taskdata['log'] = "No Log"
             jsondata = json.loads(errorreport_getdata(e))
             jsondata['failures'].append(taskdata)
             errorreport_savedata(e, jsondata, "error-report.txt")
-- 
1.9.1

[PATCH 04/12] image: Avoid race over directory creation

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

There is a race over the do_package_qa task and the do_rootfs task
since rootfs recreates a directory. This patch disables the task
(which isn't used for images) to avoid the race:

NOTE: recipe core-image-minimal-1.0-r0: task do_package_qa: Started
NOTE: recipe core-image-minimal-1.0-r0: task do_rootfs: Started
ERROR: Build of do_package_qa failed
ERROR: Traceback (most recent call last):
  File "/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-mips/build/bitbake/lib/bb/build.py", line 497, in exec_task
    return _exec_task(fn, task, d, quieterr)
  File "/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-mips/build/bitbake/lib/bb/build.py", line 440, in _exec_task
    exec_func(func, localdata)
  File "/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-mips/build/bitbake/lib/bb/build.py", line 212, in exec_func
    exec_func_python(func, d, runfile, cwd=adir)
  File "/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-mips/build/bitbake/lib/bb/build.py", line 237, in exec_func_python
    os.chdir(cwd)
OSError: [Errno 2] No such file or directory: '/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-mips/build/build/tmp/work/qemumips-poky-linux/core-image-minimal/1.0-r0/core-image-minimal-1.0'

(From OE-Core rev: 0550d112ad9c2ca9f8167dcae35200210923f2c5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/image.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 6bbfaf8..326fa9b 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -410,6 +410,7 @@ do_compile[noexec] = "1"
 do_install[noexec] = "1"
 do_populate_sysroot[noexec] = "1"
 do_package[noexec] = "1"
+do_package_qa[noexec] = "1"
 do_packagedata[noexec] = "1"
 do_package_write_ipk[noexec] = "1"
 do_package_write_deb[noexec] = "1"
-- 
1.9.1

[PATCH 05/12] linux-yocto/3.10: 8250/8250_dw: fix compile failure due to stable/Yocto conflict

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@windriver.com>

Updating the SRCREVs for the following fix:

   8250/8250_dw: fix compile failure due to stable/Yocto conflict

    As of merge 60a9d9fc565e4503dbb8705803e83d906afc4ad2, "Merge
    tag 'v3.10.48' into standard/base" the 8250_dw.c fails to
    compile due to an undeclared variable.

    This happens because stable brought in:

     -------------------------
     commit 6d5e79331417886196cb3a733bdb6645ba85bc42
     Author: Tim Kryger <tim.kryger@linaro.org>
     Date:   Tue Oct 1 10:18:08 2013 -0700

        serial: 8250_dw: Improve unwritable LCR workaround

        commit c49436b657d0a56a6ad90d14a7c3041add7cf64d upstream.

     [...]

        [wangnan: backport to 3.10.43:
          - adjust context
          - remove unneeded local var]
        Signed-off-by: Wang Nan <wangnan0@huawei.com>
        Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
     ------------------------

    ...which deletes the p->private_data declaration since it became
    unused at that point, however in Yocto, we also have this:

     -----------------------
     commit 0e02b050c3cafbcbf9952125089a27e02d6ecea9
     Author: David Daney <david.daney@cavium.com>
     Date:   Wed Jun 19 20:37:27 2013 +0000

        tty/8250_dw: Add support for OCTEON UARTS.

     [...]

        Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
        (cherry picked from commit d5f1af7ece96cf52e0b110c72210ac15c2f65438)
        Signed-off-by: Darren Hart <dvhart@linux.intel.com>
     -----------------------

    ...which _adds_ another user of the p->private_data.

    Here we restore the declaration in order that 8250_dw compiles.

    Signed-off-by: Ong Boon Leong <boon.leong.ong@intel.com>
    [PG: add root cause info to commit log.]
    Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

(From OE-Core rev: 4b4d1f38ea54ef8545e726ac9e181da08a2bad05)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb   |  4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb |  2 +-
 meta/recipes-kernel/linux/linux-yocto_3.10.bb      | 14 +++++++-------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
index 1075972..ad55a2e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
@@ -3,8 +3,8 @@ KBRANCH_qemuppc ?= "standard/preempt-rt/qemuppc"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-SRCREV_machine ?= "0abce5181274dbf37788ab8d2c62e135defd9956"
-SRCREV_machine_qemuppc ?= "c31f38edf5dec2c295632199dbfe3f5a221f7c16"
+SRCREV_machine ?= "cbaa8c8b83a7da70b94cc6cc1a25090071af4c3f"
+SRCREV_machine_qemuppc ?= "41338ab2a1c19435e24bbd162ff6b3f8b90d7afa"
 SRCREV_meta ?= "f79a00265eefbe2fffc2cdb03f67235497a9a87e"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.10.git;bareclone=1;branch=${KBRANCH},meta;name=machine,meta"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
index a53ce54..9e33aa6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
@@ -9,7 +9,7 @@ LINUX_VERSION ?= "3.10.55"
 
 KMETA = "meta"
 
-SRCREV_machine ?= "8e055f3b669c65e83ba7128c248c632eedafad72"
+SRCREV_machine ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
 SRCREV_meta ?= "f79a00265eefbe2fffc2cdb03f67235497a9a87e"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_3.10.bb b/meta/recipes-kernel/linux/linux-yocto_3.10.bb
index ea69856..e612d36 100644
--- a/meta/recipes-kernel/linux/linux-yocto_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_3.10.bb
@@ -10,13 +10,13 @@ KBRANCH_qemux86  ?= "standard/common-pc/base"
 KBRANCH_qemux86-64  ?= "standard/common-pc-64/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "a4195791d27ef50feb454765149ea34621ef8ed7"
-SRCREV_machine_qemumips ?= "ff747b3dff7dfa643b3447a348b901cacc5b6a16"
-SRCREV_machine_qemuppc ?= "46e30d608f4268b0ea77362398aae91f1d410ee3"
-SRCREV_machine_qemux86 ?= "8e055f3b669c65e83ba7128c248c632eedafad72"
-SRCREV_machine_qemux86-64 ?= "8e055f3b669c65e83ba7128c248c632eedafad72"
-SRCREV_machine_qemumips64 ?= "42457c568170cb11a9011382ebca4677f22b35c1"
-SRCREV_machine ?= "8e055f3b669c65e83ba7128c248c632eedafad72"
+SRCREV_machine_qemuarm ?= "9c8da40f662806406940decf972841c1b86895a5"
+SRCREV_machine_qemumips ?= "96adff9ce54c009ba90c3ddcaa6d16beb7a9c2b3"
+SRCREV_machine_qemuppc ?= "cf3a9a021e2abb3b19807b2ba3c29c1d0918730b"
+SRCREV_machine_qemux86 ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
+SRCREV_machine_qemux86-64 ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
+SRCREV_machine_qemumips64 ?= "89ab3082e01c4d98f9d14630aa904dba641c5373"
+SRCREV_machine ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
 SRCREV_meta ?= "f79a00265eefbe2fffc2cdb03f67235497a9a87e"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.10.git;bareclone=1;branch=${KBRANCH},${KMETA};name=machine,meta"
-- 
1.9.1

[PATCH 06/12] linux-yocto/3.10: update to v3.10.59

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@windriver.com>

Updating to the latest 3.10 -korg stable update. We also bring in a meta
change for the valley island IO configuration.

(From OE-Core rev: 22d5ac7e1fc096dc11c766eda91c9e131398c6c5)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb   |  8 ++++----
 meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_3.10.bb      | 18 +++++++++---------
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
index ad55a2e..91b37d3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
@@ -3,13 +3,13 @@ KBRANCH_qemuppc ?= "standard/preempt-rt/qemuppc"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-SRCREV_machine ?= "cbaa8c8b83a7da70b94cc6cc1a25090071af4c3f"
-SRCREV_machine_qemuppc ?= "41338ab2a1c19435e24bbd162ff6b3f8b90d7afa"
-SRCREV_meta ?= "f79a00265eefbe2fffc2cdb03f67235497a9a87e"
+SRCREV_machine ?= "38885f87b7240587194597c3658ba2c0ac5960e7"
+SRCREV_machine_qemuppc ?= "535a7403beabe9c4aa394a1f9efa755eb33966c8"
+SRCREV_meta ?= "8f05306a8e6f5ee422d50c3317acce0cf9e6aada"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.10.git;bareclone=1;branch=${KBRANCH},meta;name=machine,meta"
 
-LINUX_VERSION ?= "3.10.55"
+LINUX_VERSION ?= "3.10.59"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
index 9e33aa6..cc70388 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
@@ -5,12 +5,12 @@ require recipes-kernel/linux/linux-yocto.inc
 LINUX_KERNEL_TYPE = "tiny"
 KCONFIG_MODE = "--allnoconfig"
 
-LINUX_VERSION ?= "3.10.55"
+LINUX_VERSION ?= "3.10.59"
 
 KMETA = "meta"
 
-SRCREV_machine ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
-SRCREV_meta ?= "f79a00265eefbe2fffc2cdb03f67235497a9a87e"
+SRCREV_machine ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
+SRCREV_meta ?= "8f05306a8e6f5ee422d50c3317acce0cf9e6aada"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_3.10.bb b/meta/recipes-kernel/linux/linux-yocto_3.10.bb
index e612d36..043f2e0 100644
--- a/meta/recipes-kernel/linux/linux-yocto_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_3.10.bb
@@ -10,18 +10,18 @@ KBRANCH_qemux86  ?= "standard/common-pc/base"
 KBRANCH_qemux86-64  ?= "standard/common-pc-64/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "9c8da40f662806406940decf972841c1b86895a5"
-SRCREV_machine_qemumips ?= "96adff9ce54c009ba90c3ddcaa6d16beb7a9c2b3"
-SRCREV_machine_qemuppc ?= "cf3a9a021e2abb3b19807b2ba3c29c1d0918730b"
-SRCREV_machine_qemux86 ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
-SRCREV_machine_qemux86-64 ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
-SRCREV_machine_qemumips64 ?= "89ab3082e01c4d98f9d14630aa904dba641c5373"
-SRCREV_machine ?= "3677ea7f9476458aa6dec440243de3a6fb1343a9"
-SRCREV_meta ?= "f79a00265eefbe2fffc2cdb03f67235497a9a87e"
+SRCREV_machine_qemuarm ?= "896f87d1003331d7a307c9f855cdbb78c9a2a033"
+SRCREV_machine_qemumips ?= "9e616945464ab97a050da96a025d88c809d05144"
+SRCREV_machine_qemuppc ?= "692b2de590668de2e15461879cf9301a0e6fedf6"
+SRCREV_machine_qemux86 ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
+SRCREV_machine_qemux86-64 ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
+SRCREV_machine_qemumips64 ?= "d237cab9f483ea512ded4ea311902763c1a3ae68"
+SRCREV_machine ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
+SRCREV_meta ?= "8f05306a8e6f5ee422d50c3317acce0cf9e6aada"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.10.git;bareclone=1;branch=${KBRANCH},${KMETA};name=machine,meta"
 
-LINUX_VERSION ?= "3.10.55"
+LINUX_VERSION ?= "3.10.59"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
1.9.1

[PATCH 07/12] linux-yocto/3.10: update to v3.10.62

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@windriver.com>

Updating to the latest korg -stable update for the 3.10 series. Minor
merge conflict resolution was done with the standard/ltsi and
standard/preempt-rt branches.

(From OE-Core rev: a87bf5d3d435d333f5ee9d15b8c641b03ff4bb9c)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb   |  8 ++++----
 meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_3.10.bb      | 18 +++++++++---------
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
index 91b37d3..8acbd2e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_3.10.bb
@@ -3,13 +3,13 @@ KBRANCH_qemuppc ?= "standard/preempt-rt/qemuppc"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-SRCREV_machine ?= "38885f87b7240587194597c3658ba2c0ac5960e7"
-SRCREV_machine_qemuppc ?= "535a7403beabe9c4aa394a1f9efa755eb33966c8"
-SRCREV_meta ?= "8f05306a8e6f5ee422d50c3317acce0cf9e6aada"
+SRCREV_machine ?= "94a79d98e40b51466600fb3375ad2908c38dd192"
+SRCREV_machine_qemuppc ?= "c1dcbac7751652784f180fdb91f87bc37fba8c52"
+SRCREV_meta ?= "f4ab00d96a3d8e443d7f7744ad996e184eac03b5"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.10.git;bareclone=1;branch=${KBRANCH},meta;name=machine,meta"
 
-LINUX_VERSION ?= "3.10.59"
+LINUX_VERSION ?= "3.10.62"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
index cc70388..9ea81b8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_3.10.bb
@@ -5,12 +5,12 @@ require recipes-kernel/linux/linux-yocto.inc
 LINUX_KERNEL_TYPE = "tiny"
 KCONFIG_MODE = "--allnoconfig"
 
-LINUX_VERSION ?= "3.10.59"
+LINUX_VERSION ?= "3.10.62"
 
 KMETA = "meta"
 
-SRCREV_machine ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
-SRCREV_meta ?= "8f05306a8e6f5ee422d50c3317acce0cf9e6aada"
+SRCREV_machine ?= "b2ac933df119a3444a32fcccf5e4ad453f5ac89d"
+SRCREV_meta ?= "f4ab00d96a3d8e443d7f7744ad996e184eac03b5"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_3.10.bb b/meta/recipes-kernel/linux/linux-yocto_3.10.bb
index 043f2e0..978775a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_3.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_3.10.bb
@@ -10,18 +10,18 @@ KBRANCH_qemux86  ?= "standard/common-pc/base"
 KBRANCH_qemux86-64  ?= "standard/common-pc-64/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "896f87d1003331d7a307c9f855cdbb78c9a2a033"
-SRCREV_machine_qemumips ?= "9e616945464ab97a050da96a025d88c809d05144"
-SRCREV_machine_qemuppc ?= "692b2de590668de2e15461879cf9301a0e6fedf6"
-SRCREV_machine_qemux86 ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
-SRCREV_machine_qemux86-64 ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
-SRCREV_machine_qemumips64 ?= "d237cab9f483ea512ded4ea311902763c1a3ae68"
-SRCREV_machine ?= "747e1cbd12b15db8bc2ae86e2359c1b113f120d6"
-SRCREV_meta ?= "8f05306a8e6f5ee422d50c3317acce0cf9e6aada"
+SRCREV_machine_qemuarm ?= "f6b075991c91b7c2bb641b389757863e2fd34b8c"
+SRCREV_machine_qemumips ?= "48afdc632312b6cc26fe7bca151cfb66b2ebc308"
+SRCREV_machine_qemuppc ?= "cf35ea9ac92153858dadd2f4ab71cccd3a1fa26b"
+SRCREV_machine_qemux86 ?= "b2ac933df119a3444a32fcccf5e4ad453f5ac89d"
+SRCREV_machine_qemux86-64 ?= "b2ac933df119a3444a32fcccf5e4ad453f5ac89d"
+SRCREV_machine_qemumips64 ?= "ebdb374ca5130ef456d0baf75b6fe7a242932d0d"
+SRCREV_machine ?= "b2ac933df119a3444a32fcccf5e4ad453f5ac89d"
+SRCREV_meta ?= "f4ab00d96a3d8e443d7f7744ad996e184eac03b5"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.10.git;bareclone=1;branch=${KBRANCH},${KMETA};name=machine,meta"
 
-LINUX_VERSION ?= "3.10.59"
+LINUX_VERSION ?= "3.10.62"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
1.9.1

[PATCH 08/12] linux-yocto/3.14: update to v3.14.24

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@windriver.com>

(From OE-Core rev: e2c2960ae79953b5ef69444d91f2e784a35bfefd)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb   |  8 ++++----
 meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_3.14.bb      | 18 +++++++++---------
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb b/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb
index b2ad078..fc86725 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb
@@ -3,13 +3,13 @@ KBRANCH_qemuppc ?= "standard/preempt-rt/qemuppc"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-SRCREV_machine ?= "0a875ce52aa7a42ddabdb87038074381bb268e77"
-SRCREV_machine_qemuppc ?= "b993661d41f08846daa28b14f89c8ae3e94225bd"
-SRCREV_meta ?= "fb6271a942b57bdc40c6e49f0203be153699f81c"
+SRCREV_machine ?= "baad552ea168dc31db31f0be188edefaa28a4aec"
+SRCREV_machine_qemuppc ?= "db4221ed2e1c6c617ad07d3374f630bbb59cf8b5"
+SRCREV_meta ?= "fba2d0cdb745e0f807ce134fd9d1524b7bed9742"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.14.git;bareclone=1;branch=${KBRANCH},meta;name=machine,meta"
 
-LINUX_VERSION ?= "3.14.19"
+LINUX_VERSION ?= "3.14.24"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb
index 79bd693..d168a2a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb
@@ -4,12 +4,12 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "3.14.19"
+LINUX_VERSION ?= "3.14.24"
 
 KMETA = "meta"
 
-SRCREV_machine ?= "902f34d36102a4b2008b776ecae686f80d307e12"
-SRCREV_meta ?= "fb6271a942b57bdc40c6e49f0203be153699f81c"
+SRCREV_machine ?= "c100e8665052051487a17169748c457829d3f88c"
+SRCREV_meta ?= "fba2d0cdb745e0f807ce134fd9d1524b7bed9742"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_3.14.bb b/meta/recipes-kernel/linux/linux-yocto_3.14.bb
index a2f4b4d..c30227e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_3.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_3.14.bb
@@ -10,18 +10,18 @@ KBRANCH_qemux86  ?= "standard/common-pc/base"
 KBRANCH_qemux86-64 ?= "standard/common-pc-64/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "127b621f2a4d3b1111e24423c12fac001e047c1c"
-SRCREV_machine_qemumips ?= "c3b9f1b2397f0847ab4844d1cdb8e02574434d78"
-SRCREV_machine_qemuppc ?= "73e2411cdd91764d0601c0869857f53381c2a177"
-SRCREV_machine_qemux86 ?= "e19a1b40de44e756defdfb40349342d8037609bd"
-SRCREV_machine_qemux86-64 ?= "902f34d36102a4b2008b776ecae686f80d307e12"
-SRCREV_machine_qemumips64 ?= "1c4d70272dde4b695697dd8705a031420480f712"
-SRCREV_machine ?= "902f34d36102a4b2008b776ecae686f80d307e12"
-SRCREV_meta ?= "fb6271a942b57bdc40c6e49f0203be153699f81c"
+SRCREV_machine_qemuarm ?= "b768ebfe28a20b65aba734b9f6646a3fa0adc89b"
+SRCREV_machine_qemumips ?= "c76146e6c8a015c1225141fc55d867a3e47453c6"
+SRCREV_machine_qemuppc ?= "e54ab8451c482b695ff7a0c580ef2fb1be605299"
+SRCREV_machine_qemux86 ?= "146fcb1dd7b3c5547d67f04d50b082f0723741e9"
+SRCREV_machine_qemux86-64 ?= "c100e8665052051487a17169748c457829d3f88c"
+SRCREV_machine_qemumips64 ?= "71621ee758600abd3cf7187d7a8e7d51f4052c53"
+SRCREV_machine ?= "c100e8665052051487a17169748c457829d3f88c"
+SRCREV_meta ?= "fba2d0cdb745e0f807ce134fd9d1524b7bed9742"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.14.git;bareclone=1;branch=${KBRANCH},${KMETA};name=machine,meta"
 
-LINUX_VERSION ?= "3.14.19"
+LINUX_VERSION ?= "3.14.24"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
1.9.1

[PATCH 09/12] linux-yocto/3.14: update to 3.14.26, integrate ltsi and -rt updates

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@windriver.com>

Updating the 3.14 tree to the latest korg 3.14.26, as well as
integrating 3.14 LTSI content, and refreshing preempt-rt. Minor
conflict resolutions were performed between ltsi, stable and -rt

(From OE-Core rev: 8c30cec8233605cbec334fcc5c2b9ef5cf8f6482)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb   |  6 +++---
 meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb |  4 ++--
 meta/recipes-kernel/linux/linux-yocto_3.14.bb      | 16 ++++++++--------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb b/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb
index fc86725..7dbf82c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb
@@ -3,9 +3,9 @@ KBRANCH_qemuppc ?= "standard/preempt-rt/qemuppc"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-SRCREV_machine ?= "baad552ea168dc31db31f0be188edefaa28a4aec"
-SRCREV_machine_qemuppc ?= "db4221ed2e1c6c617ad07d3374f630bbb59cf8b5"
-SRCREV_meta ?= "fba2d0cdb745e0f807ce134fd9d1524b7bed9742"
+SRCREV_machine ?= "7f0712d10247ffca8e48e944f49707bcf9117ead"
+SRCREV_machine_qemuppc ?= "8bed2a975d491c963cff56496f7e35f5bcff926f"
+SRCREV_meta ?= "a227f20eff056e511d504b2e490f3774ab260d6f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.14.git;bareclone=1;branch=${KBRANCH},meta;name=machine,meta"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb
index d168a2a..67bf462 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb
@@ -8,8 +8,8 @@ LINUX_VERSION ?= "3.14.24"
 
 KMETA = "meta"
 
-SRCREV_machine ?= "c100e8665052051487a17169748c457829d3f88c"
-SRCREV_meta ?= "fba2d0cdb745e0f807ce134fd9d1524b7bed9742"
+SRCREV_machine ?= "02120556b0ebc20c30374ccf211e8e4ceac2bb1c"
+SRCREV_meta ?= "a227f20eff056e511d504b2e490f3774ab260d6f"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_3.14.bb b/meta/recipes-kernel/linux/linux-yocto_3.14.bb
index c30227e..706cb7c 100644
--- a/meta/recipes-kernel/linux/linux-yocto_3.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_3.14.bb
@@ -10,14 +10,14 @@ KBRANCH_qemux86  ?= "standard/common-pc/base"
 KBRANCH_qemux86-64 ?= "standard/common-pc-64/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "b768ebfe28a20b65aba734b9f6646a3fa0adc89b"
-SRCREV_machine_qemumips ?= "c76146e6c8a015c1225141fc55d867a3e47453c6"
-SRCREV_machine_qemuppc ?= "e54ab8451c482b695ff7a0c580ef2fb1be605299"
-SRCREV_machine_qemux86 ?= "146fcb1dd7b3c5547d67f04d50b082f0723741e9"
-SRCREV_machine_qemux86-64 ?= "c100e8665052051487a17169748c457829d3f88c"
-SRCREV_machine_qemumips64 ?= "71621ee758600abd3cf7187d7a8e7d51f4052c53"
-SRCREV_machine ?= "c100e8665052051487a17169748c457829d3f88c"
-SRCREV_meta ?= "fba2d0cdb745e0f807ce134fd9d1524b7bed9742"
+SRCREV_machine_qemuarm ?= "6166316d47b859aa38bfecc61f4808828af03937"
+SRCREV_machine_qemumips ?= "4ececcc09c6550a0896728163907e729d817c2fd"
+SRCREV_machine_qemuppc ?= "1cc5b09f8bb7f40b289d149d370c62dcc8109501"
+SRCREV_machine_qemux86 ?= "38cd560d5022ed2dbd1ab0dca9642e47c98a0aa1"
+SRCREV_machine_qemux86-64 ?= "02120556b0ebc20c30374ccf211e8e4ceac2bb1c"
+SRCREV_machine_qemumips64 ?= "737272b1dfd361d9ea19812a9717e2798e3c4576"
+SRCREV_machine ?= "02120556b0ebc20c30374ccf211e8e4ceac2bb1c"
+SRCREV_meta ?= "a227f20eff056e511d504b2e490f3774ab260d6f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.14.git;bareclone=1;branch=${KBRANCH},${KMETA};name=machine,meta"
 
-- 
1.9.1

[PATCH 10/12] lttng-modules: fix mm_compaction_isolate_template build

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@windriver.com>

linux-stable integrated the 3.16 commit f8c9301fa5a2a [mm/compaction: do
not count migratepages when unnecessary] with the 3.14.25 update.

So we have to update the lttng-module linux version codes to use the
new definition in builds greater than 3.14.24 or 3.16.

(From OE-Core rev: cf76820379746e91fc4cf01895cb98cc56987002)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...-fix-mm_compaction_isolate_template-build.patch | 41 ++++++++++++++++++++++
 meta/recipes-kernel/lttng/lttng-modules_2.5.0.bb   |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/compaction-fix-mm_compaction_isolate_template-build.patch

diff --git a/meta/recipes-kernel/lttng/lttng-modules/compaction-fix-mm_compaction_isolate_template-build.patch b/meta/recipes-kernel/lttng/lttng-modules/compaction-fix-mm_compaction_isolate_template-build.patch
new file mode 100644
index 0000000..a99871a
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/compaction-fix-mm_compaction_isolate_template-build.patch
@@ -0,0 +1,41 @@
+From af48c7b08de4b811d3d974e65e362b86ce8c4a34 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@windriver.com>
+Date: Wed, 10 Dec 2014 03:19:28 -0500
+Subject: [PATCH] compaction: fix mm_compaction_isolate_template build
+
+linux-stable integrated the 3.16 commit f8c9301fa5a2a [mm/compaction: do
+not count migratepages when unnecessary] with the 3.14.25 update.
+
+So we have to update the lttng-module linux version codes to use the
+new definition in builds greater than 3.14.24 or 3.16.
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
+---
+ instrumentation/events/lttng-module/compaction.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/instrumentation/events/lttng-module/compaction.h b/instrumentation/events/lttng-module/compaction.h
+index 22024e9ee582..07afbe06f1a6 100644
+--- a/instrumentation/events/lttng-module/compaction.h
++++ b/instrumentation/events/lttng-module/compaction.h
+@@ -46,7 +46,7 @@ DEFINE_EVENT(mm_compaction_isolate_template, mm_compaction_isolate_freepages,
+ 	TP_ARGS(nr_scanned, nr_taken)
+ )
+ 
+-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,16,0))
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,16,0) || LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,25))
+ TRACE_EVENT(mm_compaction_migratepages,
+ 
+ 	TP_PROTO(unsigned long nr_all,
+@@ -87,7 +87,7 @@ TRACE_EVENT(mm_compaction_migratepages,
+ 		__entry->nr_migrated,
+ 		__entry->nr_failed)
+ )
+-#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,16,0)) */
++#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,16,0) || LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,25)) */
+ TRACE_EVENT(mm_compaction_migratepages,
+ 
+ 	TP_PROTO(unsigned long nr_migrated,
+-- 
+2.1.0
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.5.0.bb b/meta/recipes-kernel/lttng/lttng-modules_2.5.0.bb
index 6ff961a..0f98aa5 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.5.0.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.5.0.bb
@@ -22,6 +22,7 @@ SRC_URI = "git://git.lttng.org/lttng-modules.git;branch=stable-2.5 \
            file://Update-statedump-to-3.17-nsproxy-locking.patch \
            file://Update-kvm-instrumentation-compile-on-3.17-rc1.patch \
            file://fix_build_with_v3.17_kernel.patch \
+           file://compaction-fix-mm_compaction_isolate_template-build.patch \
            "
 
 export INSTALL_MOD_DIR="kernel/lttng-modules"
-- 
1.9.1

[PATCH 11/12] bind: fix for CVE-2014-8500

[Armin Kuster]

From: Sona Sarmadi <sona.sarmadi@enea.com>

[From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce]

[YOCTO #7098]

External References:
===================
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

(From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../bind/bind/bind9_9_5-CVE-2014-8500.patch        | 990 +++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.9.5.bb       |   1 +
 2 files changed, 991 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch

diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch
new file mode 100644
index 0000000..62142d2
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch
@@ -0,0 +1,990 @@
+From 603a0e2637b35a2da820bc807f69bcf09c682dce Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Mon, 17 Nov 2014 23:49:07 -0800
+Subject: [PATCH] [v9_9] limit recursion depth and iterative queries
+
+4006.	[security]	A flaw in delegation handling could be exploited
+			to put named into an infinite loop.  This has
+			been addressed by placing limits on the number
+			of levels of recursion named will allow (default 7),
+			and the number of iterative queries that it will
+			send (default 50) before terminating a recursive
+			query (CVE-2014-8500).
+
+			The recursion depth limit is configured via the
+			"max-recursion-depth" option.  [RT #35780]
+
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ bin/named/config.c                   |  3 +-
+ bin/named/include/named/query.h      |  2 -
+ bin/named/query.c                    |  7 ++-
+ bin/named/server.c                   |  5 ++
+ bin/tests/system/many/clean.sh       |  7 +++
+ bin/tests/system/many/ns1/named.conf | 33 +++++++++++++
+ bin/tests/system/many/ns2/named.conf | 30 ++++++++++++
+ bin/tests/system/many/ns3/named.conf | 32 +++++++++++++
+ bin/tests/system/many/ns4/named.conf | 30 ++++++++++++
+ bin/tests/system/many/ns5/hints.db   |  2 +
+ bin/tests/system/many/ns5/named.conf | 29 ++++++++++++
+ bin/tests/system/many/setup.sh       | 75 ++++++++++++++++++++++++++++++
+ bin/tests/system/many/tests.sh       | 48 +++++++++++++++++++
+ doc/arm/Bv9ARM-book.xml              | 12 +++++
+ lib/dns/adb.c                        | 58 ++++++++++++++++-------
+ lib/dns/include/dns/adb.h            |  8 ++++
+ lib/dns/include/dns/resolver.h       | 25 ++++++++++
+ lib/dns/resolver.c                   | 90 ++++++++++++++++++++++++++++++------
+ lib/isccfg/namedconf.c               |  1 +
+ 20 files changed, 471 insertions(+), 37 deletions(-)
+ create mode 100644 bin/tests/system/many/clean.sh
+ create mode 100644 bin/tests/system/many/ns1/named.conf
+ create mode 100644 bin/tests/system/many/ns2/named.conf
+ create mode 100644 bin/tests/system/many/ns3/named.conf
+ create mode 100644 bin/tests/system/many/ns4/named.conf
+ create mode 100644 bin/tests/system/many/ns5/hints.db
+ create mode 100644 bin/tests/system/many/ns5/named.conf
+ create mode 100644 bin/tests/system/many/setup.sh
+ create mode 100644 bin/tests/system/many/tests.sh
+
+diff --git a/bin/named/config.c b/bin/named/config.c
+index 2782720..5ee8c4e 100644
+--- a/bin/named/config.c
++++ b/bin/named/config.c
+@@ -15,8 +15,6 @@
+  * PERFORMANCE OF THIS SOFTWARE.
+  */
+
+-/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
+-
+ /*! \file */
+
+ #include <config.h>
+@@ -160,6 +158,7 @@ options {\n\
+ 	dnssec-accept-expired no;\n\
+ 	clients-per-query 10;\n\
+ 	max-clients-per-query 100;\n\
++	max-recursion-depth 7;\n\
+ 	zero-no-soa-ttl-cache no;\n\
+ 	nsec3-test-zone no;\n\
+ 	allow-new-zones no;\n\
+diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
+index 3beabb8..b5e3900 100644
+--- a/bin/named/include/named/query.h
++++ b/bin/named/include/named/query.h
+@@ -15,8 +15,6 @@
+  * PERFORMANCE OF THIS SOFTWARE.
+  */
+
+-/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */
+-
+ #ifndef NAMED_QUERY_H
+ #define NAMED_QUERY_H 1
+
+diff --git a/bin/named/query.c b/bin/named/query.c
+index 982f76d..47bfc6a 100644
+--- a/bin/named/query.c
++++ b/bin/named/query.c
+@@ -3877,12 +3877,11 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
+ 		peeraddr = &client->peeraddr;
+ 	else
+ 		peeraddr = NULL;
+-	result = dns_resolver_createfetch2(client->view->resolver,
++	result = dns_resolver_createfetch3(client->view->resolver,
+ 					   qname, qtype, qdomain, nameservers,
+ 					   NULL, peeraddr, client->message->id,
+-					   client->query.fetchoptions,
+-					   client->task,
+-					   query_resume, client,
++					   client->query.fetchoptions, 0,
++					   client->task, query_resume, client,
+ 					   rdataset, sigrdataset,
+ 					   &client->query.fetch);
+ 
+diff --git a/bin/named/server.c b/bin/named/server.c
+index ac015a4..0559977 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -3161,6 +3161,11 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+ 					cfg_obj_asuint32(obj),
+ 					max_clients_per_query);
+ 
++	obj = NULL;
++	result = ns_config_get(maps, "max-recursion-depth", &obj);
++	INSIST(result == ISC_R_SUCCESS);
++	dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj));
++
+ #ifdef ALLOW_FILTER_AAAA_ON_V4
+ 	obj = NULL;
+ 	result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
+diff --git a/bin/tests/system/many/clean.sh b/bin/tests/system/many/clean.sh
+new file mode 100644
+index 0000000..119b1f5
+--- /dev/null
++++ b/bin/tests/system/many/clean.sh
+@@ -0,0 +1,7 @@
++rm -f ns1/[1-9]*example.tld?.db
++rm -f ns2/[1-9]*example.tld?.db
++rm -f ns1/zones.conf
++rm -f ns2/zones.conf
++rm -f */root.db
++rm -f ns3/tld1.db
++rm -f ns4/tld2.db
+diff --git a/bin/tests/system/many/ns1/named.conf b/bin/tests/system/many/ns1/named.conf
+new file mode 100644
+index 0000000..abc9dca
+--- /dev/null
++++ b/bin/tests/system/many/ns1/named.conf
+@@ -0,0 +1,33 @@
++/*
++ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++controls { /* empty */ };
++
++options {
++	query-source address 10.53.0.1;
++	notify-source 10.53.0.1;
++	transfer-source 10.53.0.1;
++	port 5300;
++	pid-file "named.pid";
++	listen-on { 10.53.0.1; };
++	listen-on-v6 { none; };
++	recursion no;
++};
++
++include "zones.conf";
++
++// zone "tld1" { type master; file "tld1.db"; };
++// zone "tld2" { type master; file "tld2.db"; };
+diff --git a/bin/tests/system/many/ns2/named.conf b/bin/tests/system/many/ns2/named.conf
+new file mode 100644
+index 0000000..16266e2
+--- /dev/null
++++ b/bin/tests/system/many/ns2/named.conf
+@@ -0,0 +1,30 @@
++/*
++ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++controls { /* empty */ };
++
++options {
++	query-source address 10.53.0.2;
++	notify-source 10.53.0.2;
++	transfer-source 10.53.0.2;
++	port 5300;
++	pid-file "named.pid";
++	listen-on { 10.53.0.2; };
++	listen-on-v6 { none; };
++	recursion no;
++};
++
++include "zones.conf";
+diff --git a/bin/tests/system/many/ns3/named.conf b/bin/tests/system/many/ns3/named.conf
+new file mode 100644
+index 0000000..b950afe
+--- /dev/null
++++ b/bin/tests/system/many/ns3/named.conf
+@@ -0,0 +1,32 @@
++/*
++ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++controls { /* empty */ };
++
++options {
++	query-source address 10.53.0.3;
++	notify-source 10.53.0.3;
++	transfer-source 10.53.0.3;
++	port 5300;
++	pid-file "named.pid";
++	listen-on { 10.53.0.3; };
++	listen-on-v6 { none; };
++	recursion no;
++};
++
++zone "." { type master; file "root.db"; };
++
++zone "tld1" { type master; file "tld1.db"; };
+diff --git a/bin/tests/system/many/ns4/named.conf b/bin/tests/system/many/ns4/named.conf
+new file mode 100644
+index 0000000..ca9aa6a
+--- /dev/null
++++ b/bin/tests/system/many/ns4/named.conf
+@@ -0,0 +1,30 @@
++/*
++ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++controls { /* empty */ };
++
++options {
++	query-source address 10.53.0.4;
++	notify-source 10.53.0.4;
++	transfer-source 10.53.0.4;
++	port 5300;
++	pid-file "named.pid";
++	listen-on { 10.53.0.4; };
++	listen-on-v6 { none; };
++	recursion no;
++};
++
++zone "tld2" { type master; file "tld2.db"; };
+diff --git a/bin/tests/system/many/ns5/hints.db b/bin/tests/system/many/ns5/hints.db
+new file mode 100644
+index 0000000..c05809b
+--- /dev/null
++++ b/bin/tests/system/many/ns5/hints.db
+@@ -0,0 +1,2 @@
++. 60 in ns ns.nil.
++ns.nil. 60 in A 10.53.0.3
+diff --git a/bin/tests/system/many/ns5/named.conf b/bin/tests/system/many/ns5/named.conf
+new file mode 100644
+index 0000000..fce7d59
+--- /dev/null
++++ b/bin/tests/system/many/ns5/named.conf
+@@ -0,0 +1,29 @@
++/*
++ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++controls { /* empty */ };
++
++options {
++	query-source address 10.53.0.5;
++	notify-source 10.53.0.5;
++	transfer-source 10.53.0.5;
++	port 5300;
++	pid-file "named.pid";
++	listen-on { 10.53.0.5; };
++	listen-on-v6 { none; };
++};
++
++zone "." { type hint; file "hints.db"; };
+diff --git a/bin/tests/system/many/setup.sh b/bin/tests/system/many/setup.sh
+new file mode 100644
+index 0000000..80695b5
+--- /dev/null
++++ b/bin/tests/system/many/setup.sh
+@@ -0,0 +1,75 @@
++i=1
++
++cat > ns3/root.db << EOF
++. 60 in soa ns.nil. hostmaster.ns.nil. 1 0 0 0 0
++. 60 in ns ns.nil.
++ns.nil. 60 in a 10.53.0.3
++tld1. 60 in ns ns.tld1.
++ns.tld1. 60 in a 10.53.0.3
++tld2. 60 in ns ns.tld2.
++ns.tld2. 60 in a 10.53.0.4
++EOF
++
++cat > ns3/tld1.db << EOF
++tld1. 60 in soa ns.tld1. hostmaster.ns.tld1. 1 0 0 0 0
++tld1. 60 in ns ns.tld1.
++ns.tld1. 60 in a 10.53.0.1
++EOF
++
++cat > ns4/tld2.db << EOF
++tld2. 60 in soa ns.tld2. hostmaster.ns.tld4. 1 0 0 0 0
++tld2. 60 in ns ns.tld2.
++ns.tld2. 60 in a 10.53.0.1
++EOF
++
++: > ns1/zones.conf
++: > ns2/zones.conf
++
++while [ $i -lt 1000 ]
++do
++j=`expr $i + 1`
++s=`expr $j % 2 + 1`
++n=`expr $i % 2 + 1`
++t=`expr $s + 2`
++
++# i=1 j=2 s=1 n=2
++# i=2 j=3 s=1 n=2
++# i=3 j=4 s=1 n=2
++
++cat > ns1/${i}example.tld${s}.db << EOF
++${i}example.tld${s}. 60 in soa ns.${j}example.tld${n}. hostmaster 1 0 0 0 0
++${i}example.tld${s}. 60 in ns ns.${j}example.tld${n}.
++ns.${i}example.tld${s}. 60 in a 10.53.0.1
++EOF
++
++cat >> ns1/zones.conf << EOF
++zone "${i}example.tld${s}" { type master; file "${i}example.tld${s}.db"; };
++EOF
++
++cat >> ns${t}/tld${s}.db << EOF
++${i}example.tld${s}. 60 in ns ns.${j}example.tld${n}.
++EOF
++
++i=$j
++
++done
++
++j=`expr $i + 1`
++s=`expr $j % 2 + 1`
++n=`expr $s % 2 + 1`
++t=`expr $s + 2`
++
++cat > ns1/${i}example.tld${s}.db << EOF
++${i}example.tld${s}. 60 in soa ns.${i}example.tld${s}. hostmaster 1 0 0 0 0
++${i}example.tld${s}. 60 in ns ns.${i}example.tld${s}.
++ns.${i}example.tld${s}. 60 in a 10.53.0.1
++EOF
++
++cat >> ns1/zones.conf << EOF
++zone "${i}example.tld${s}" { type master; file "${i}example.tld${s}.db"; };
++EOF
++
++cat >> ns${t}/tld${s}.db << EOF
++${i}example.tld${s}. 60 in ns ns.${i}example.tld${s}.
++ns.${i}example.tld${s}. 60 in a 10.53.0.1
++EOF
+diff --git a/bin/tests/system/many/tests.sh b/bin/tests/system/many/tests.sh
+new file mode 100644
+index 0000000..37964e2
+--- /dev/null
++++ b/bin/tests/system/many/tests.sh
+@@ -0,0 +1,48 @@
++#!/bin/sh
++#
++# Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
++#
++# Permission to use, copy, modify, and/or distribute this software for any
++# purpose with or without fee is hereby granted, provided that the above
++# copyright notice and this permission notice appear in all copies.
++#
++# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
++# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
++# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++# PERFORMANCE OF THIS SOFTWARE.
++
++SYSTEMTESTTOP=..
++. $SYSTEMTESTTOP/conf.sh
++
++status=0
++n=0
++
++n=`expr $n + 1`
++echo "I: attempt lookup 1example.tld2 soa ($n)"
++ret=0
++$DIG +tcp 1example.tld1 soa @10.53.0.5 -p 5300  > dig.out.test$n
++grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
++if [ $ret != 0 ]; then echo "I:failed"; fi
++status=`expr $status + $ret`
++
++n=`expr $n + 1`
++echo "I: attempt lookup 992example.tld2 soa ($n)"
++ret=0
++$DIG +tcp 992example.tld2 soa @10.53.0.5 -p 5300 >  dig.out.test$n
++grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
++if [ $ret != 0 ]; then echo "I:failed"; fi
++status=`expr $status + $ret`
++
++n=`expr $n + 1`
++echo "I: attempt lookup 993example.tld1 soa ($n)"
++ret=0
++$DIG +tcp 993example.tld1 soa @10.53.0.5 -p 5300 >  dig.out.test$n
++grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
++if [ $ret != 0 ]; then echo "I:failed"; fi
++status=`expr $status + $ret`
++
++echo "I:exit status: $status"
++exit $status
+diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
+index 9f7bd38..fff4249 100644
+--- a/doc/arm/Bv9ARM-book.xml
++++ b/doc/arm/Bv9ARM-book.xml
+@@ -4861,6 +4861,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
+     <optional> max-acache-size <replaceable>size_spec</replaceable> ; </optional>
+     <optional> clients-per-query <replaceable>number</replaceable> ; </optional>
+     <optional> max-clients-per-query <replaceable>number</replaceable> ; </optional>
++    <optional> max-recursion-depth <replaceable>number</replaceable> ; </optional>
+     <optional> masterfile-format (<constant>text</constant>|<constant>raw</constant>) ; </optional>
+     <optional> empty-server <replaceable>name</replaceable> ; </optional>
+     <optional> empty-contact <replaceable>name</replaceable> ; </optional>
+@@ -8680,6 +8681,17 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
+ 	      </listitem>
+ 	    </varlistentry>
+ 
++	    <varlistentry id="max-recursion-depth">
++	      <term><command>max-recursion-depth</command></term>
++	      <listitem>
++		<para>
++		  Sets the maximum number of levels of recursion
++		  permitted at any one time while resolving a name.
++		  The default is 7.
++		</para>
++	      </listitem>
++	    </varlistentry>
++
+ 	    <varlistentry>
+ 	      <term><command>notify-delay</command></term>
+ 	      <listitem>
+diff --git a/lib/dns/adb.c b/lib/dns/adb.c
+index 2ccb51e..fe9b3f7 100644
+--- a/lib/dns/adb.c
++++ b/lib/dns/adb.c
+@@ -199,6 +199,7 @@ struct dns_adbfetch {
+ 	unsigned int                    magic;
+ 	dns_fetch_t                    *fetch;
+ 	dns_rdataset_t                  rdataset;
++	unsigned int			depth;
+ };
+ 
+ /*%
+@@ -300,7 +301,7 @@ static inline void violate_locking_hierarchy(isc_mutex_t *, isc_mutex_t *);
+ static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *);
+ static void clean_target(dns_adb_t *, dns_name_t *);
+ static void clean_finds_at_name(dns_adbname_t *, isc_eventtype_t,
+-				unsigned int);
++				isc_uint32_t, unsigned int);
+ static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t);
+ static isc_boolean_t check_expire_entry(dns_adb_t *, dns_adbentry_t **,
+ 					isc_stdtime_t);
+@@ -308,7 +309,7 @@ static void cancel_fetches_at_name(dns_adbname_t *);
+ static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t,
+ 				dns_rdatatype_t);
+ static isc_result_t fetch_name(dns_adbname_t *, isc_boolean_t,
+-			       dns_rdatatype_t);
++			       unsigned int, dns_rdatatype_t);
+ static inline void check_exit(dns_adb_t *);
+ static void destroy(dns_adb_t *);
+ static isc_boolean_t shutdown_names(dns_adb_t *);
+@@ -984,7 +985,7 @@ kill_name(dns_adbname_t **n, isc_eventtype_t ev) {
+ 	 * Clean up the name's various lists.  These two are destructive
+ 	 * in that they will always empty the list.
+ 	 */
+-	clean_finds_at_name(name, ev, DNS_ADBFIND_ADDRESSMASK);
++	clean_finds_at_name(name, ev, 0, DNS_ADBFIND_ADDRESSMASK);
+ 	result4 = clean_namehooks(adb, &name->v4);
+ 	result6 = clean_namehooks(adb, &name->v6);
+ 	clean_target(adb, &name->target);
+@@ -1409,7 +1410,7 @@ event_free(isc_event_t *event) {
+  */
+ static void
+ clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype,
+-		    unsigned int addrs)
++		    isc_uint32_t qtotal, unsigned int addrs)
+ {
+ 	isc_event_t *ev;
+ 	isc_task_t *task;
+@@ -1469,6 +1470,7 @@ clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype,
+ 			ev->ev_sender = find;
+ 			find->result_v4 = find_err_map[name->fetch_err];
+ 			find->result_v6 = find_err_map[name->fetch6_err];
++			find->qtotal += qtotal;
+ 			ev->ev_type = evtype;
+ 			ev->ev_destroy = event_free;
+ 			ev->ev_destroy_arg = find;
+@@ -1827,6 +1829,7 @@ new_adbfind(dns_adb_t *adb) {
+ 	h->flags = 0;
+ 	h->result_v4 = ISC_R_UNEXPECTED;
+ 	h->result_v6 = ISC_R_UNEXPECTED;
++	h->qtotal = 0;
+ 	ISC_LINK_INIT(h, publink);
+ 	ISC_LINK_INIT(h, plink);
+ 	ISC_LIST_INIT(h->list);
+@@ -2799,6 +2802,19 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+ 		   isc_stdtime_t now, dns_name_t *target,
+ 		   in_port_t port, dns_adbfind_t **findp)
+ {
++	return (dns_adb_createfind2(adb, task, action, arg, name,
++				    qname, qtype, options, now,
++				    target, port, 0, findp));
++}
++
++isc_result_t
++dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
++		    void *arg, dns_name_t *name, dns_name_t *qname,
++		    dns_rdatatype_t qtype, unsigned int options,
++		    isc_stdtime_t now, dns_name_t *target,
++		    in_port_t port, unsigned int depth,
++		    dns_adbfind_t **findp)
++{
+ 	dns_adbfind_t *find;
+ 	dns_adbname_t *adbname;
+ 	int bucket;
+@@ -3029,7 +3045,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+ 		 * Start V4.
+ 		 */
+ 		if (WANT_INET(wanted_fetches) &&
+-		    fetch_name(adbname, start_at_zone,
++		    fetch_name(adbname, start_at_zone, depth,
+ 			       dns_rdatatype_a) == ISC_R_SUCCESS) {
+ 			DP(DEF_LEVEL,
+ 			   "dns_adb_createfind: started A fetch for name %p",
+@@ -3040,7 +3056,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+ 		 * Start V6.
+ 		 */
+ 		if (WANT_INET6(wanted_fetches) &&
+-		    fetch_name(adbname, start_at_zone,
++		    fetch_name(adbname, start_at_zone, depth,
+ 			       dns_rdatatype_aaaa) == ISC_R_SUCCESS) {
+ 			DP(DEF_LEVEL,
+ 			   "dns_adb_createfind: "
+@@ -3656,6 +3672,7 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+ 	isc_result_t result;
+ 	unsigned int address_type;
+ 	isc_boolean_t want_check_exit = ISC_FALSE;
++	isc_uint32_t qtotal = 0;
+ 
+ 	UNUSED(task);
+ 
+@@ -3666,6 +3683,8 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+ 	adb = name->adb;
+ 	INSIST(DNS_ADB_VALID(adb));
+ 
++	qtotal = dev->qtotal;
++
+ 	bucket = name->lock_bucket;
+ 	LOCK(&adb->namelocks[bucket]);
+ 
+@@ -3783,6 +3802,12 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+ 		DP(DEF_LEVEL, "adb: fetch of '%s' %s failed: %s",
+ 		   buf, address_type == DNS_ADBFIND_INET ? "A" : "AAAA",
+ 		   dns_result_totext(dev->result));
++		/*
++		 * Don't record a failure unless this is the initial
++		 * fetch of a chain.
++		 */
++		if (fetch->depth > 1)
++			goto out;
+ 		/* XXXMLG Don't pound on bad servers. */
+ 		if (address_type == DNS_ADBFIND_INET) {
+ 			name->expire_v4 = ISC_MIN(name->expire_v4, now + 300);
+@@ -3814,15 +3839,14 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+ 	free_adbfetch(adb, &fetch);
+ 	isc_event_free(&ev);
+ 
+-	clean_finds_at_name(name, ev_status, address_type);
++	clean_finds_at_name(name, ev_status, qtotal, address_type);
+ 
+ 	UNLOCK(&adb->namelocks[bucket]);
+ }
+ 
+ static isc_result_t
+-fetch_name(dns_adbname_t *adbname,
+-	   isc_boolean_t start_at_zone,
+-	   dns_rdatatype_t type)
++fetch_name(dns_adbname_t *adbname, isc_boolean_t start_at_zone,
++	   unsigned int depth, dns_rdatatype_t type)
+ {
+ 	isc_result_t result;
+ 	dns_adbfetch_t *fetch = NULL;
+@@ -3867,12 +3891,14 @@ fetch_name(dns_adbname_t *adbname,
+ 		result = ISC_R_NOMEMORY;
+ 		goto cleanup;
+ 	}
+-
+-	result = dns_resolver_createfetch(adb->view->resolver, &adbname->name,
+-					  type, name, nameservers, NULL,
+-					  options, adb->task, fetch_callback,
+-					  adbname, &fetch->rdataset, NULL,
+-					  &fetch->fetch);
++	fetch->depth = depth;
++
++	result = dns_resolver_createfetch3(adb->view->resolver, &adbname->name,
++					   type, name, nameservers, NULL,
++					   NULL, 0, options, depth, adb->task,
++					   fetch_callback, adbname,
++					   &fetch->rdataset, NULL,
++					   &fetch->fetch);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+ 
+diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h
+index 35350ff..7501f01 100644
+--- a/lib/dns/include/dns/adb.h
++++ b/lib/dns/include/dns/adb.h
+@@ -118,6 +118,8 @@ struct dns_adbfind {
+ 	isc_result_t			result_v6;	/*%< RO: v6 result */
+ 	ISC_LINK(dns_adbfind_t)		publink;	/*%< RW: client use */
+ 
++	isc_uint32_t			qtotal;
++
+ 	/* Private */
+ 	isc_mutex_t			lock;		/* locks all below */
+ 	in_port_t			port;
+@@ -334,6 +336,12 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+ 		   dns_rdatatype_t qtype, unsigned int options,
+ 		   isc_stdtime_t now, dns_name_t *target,
+ 		   in_port_t port, dns_adbfind_t **find);
++isc_result_t
++dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
++		    void *arg, dns_name_t *name, dns_name_t *qname,
++		    dns_rdatatype_t qtype, unsigned int options,
++		    isc_stdtime_t now, dns_name_t *target, in_port_t port,
++		    unsigned int depth, dns_adbfind_t **find);
+ /*%<
+  * Main interface for clients. The adb will look up the name given in
+  * "name" and will build up a list of found addresses, and perhaps start
+diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
+index 4e20eb6..c256049 100644
+--- a/lib/dns/include/dns/resolver.h
++++ b/lib/dns/include/dns/resolver.h
+@@ -82,6 +82,7 @@ typedef struct dns_fetchevent {
+ 	isc_sockaddr_t *		client;
+ 	dns_messageid_t			id;
+ 	isc_result_t			vresult;
++	isc_uint32_t 			qtotal;
+ } dns_fetchevent_t;
+ 
+ /*
+@@ -275,6 +276,18 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ 			  dns_rdataset_t *rdataset,
+ 			  dns_rdataset_t *sigrdataset,
+ 			  dns_fetch_t **fetchp);
++isc_result_t
++dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name,
++			  dns_rdatatype_t type,
++			  dns_name_t *domain, dns_rdataset_t *nameservers,
++			  dns_forwarders_t *forwarders,
++			  isc_sockaddr_t *client, isc_uint16_t id,
++			  unsigned int options, unsigned int depth,
++			  isc_task_t *task,
++			  isc_taskaction_t action, void *arg,
++			  dns_rdataset_t *rdataset,
++			  dns_rdataset_t *sigrdataset,
++			  dns_fetch_t **fetchp);
+ /*%<
+  * Recurse to answer a question.
+  *
+@@ -576,6 +589,18 @@ dns_resolver_printbadcache(dns_resolver_t *resolver, FILE *fp);
+  * \li	resolver to be valid.
+  */
+ 
++void
++dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth);
++unsigned int
++dns_resolver_getmaxdepth(dns_resolver_t *resolver);
++/*%
++ * Get and set how many NS indirections will be followed when looking for
++ * nameserver addresses.
++ *
++ * Requires:
++ * \li	resolver to be valid.
++ */
++
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_RESOLVER_H */
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index e517dad..6a635b2 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -131,6 +131,16 @@
+ #define MAXIMUM_QUERY_TIMEOUT 30 /* The maximum time in seconds for the whole query to live. */
+ #endif
+ 
++/* The default maximum number of recursions to follow before giving up. */
++#ifndef DEFAULT_RECURSION_DEPTH
++#define DEFAULT_RECURSION_DEPTH 7
++#endif
++
++/* The default maximum number of iterative queries to allow before giving up. */
++#ifndef DEFAULT_MAX_QUERIES
++#define DEFAULT_MAX_QUERIES 50
++#endif
++
+ /*%
+  * Maximum EDNS0 input packet size.
+  */
+@@ -297,6 +307,7 @@ struct fetchctx {
+ 	isc_uint64_t			duration;
+ 	isc_boolean_t			logged;
+ 	unsigned int			querysent;
++	unsigned int			totalqueries;
+ 	unsigned int			referrals;
+ 	unsigned int			lamecount;
+ 	unsigned int			neterr;
+@@ -307,6 +318,7 @@ struct fetchctx {
+ 	isc_boolean_t			timeout;
+ 	dns_adbaddrinfo_t 		*addrinfo;
+ 	isc_sockaddr_t			*client;
++	unsigned int			depth;
+ };
+ 
+ #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
+@@ -419,6 +431,7 @@ struct dns_resolver {
+ 	isc_timer_t *			spillattimer;
+ 	isc_boolean_t			zero_no_soa_ttl;
+ 	unsigned int			query_timeout;
++	unsigned int			maxdepth;
+ 
+ 	/* Locked by lock. */
+ 	unsigned int			references;
+@@ -1097,6 +1110,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result, int line) {
+ 			       event->result == DNS_R_NCACHENXRRSET);
+ 		}
+ 
++		event->qtotal = fctx->totalqueries;
+ 		isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
+ 		count++;
+ 	}
+@@ -1537,7 +1551,9 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
+ 		if (result != ISC_R_SUCCESS)
+ 			goto cleanup_dispatch;
+ 	}
++
+ 	fctx->querysent++;
++	fctx->totalqueries++;
+ 
+ 	ISC_LIST_APPEND(fctx->queries, query, link);
+ 	query->fctx->nqueries++;
+@@ -2194,9 +2210,10 @@ fctx_finddone(isc_task_t *task, isc_event_t *event) {
+ 		 */
+ 		INSIST(!SHUTTINGDOWN(fctx));
+ 		fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
+-		if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES)
++		if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) {
+ 			want_try = ISC_TRUE;
+-		else {
++			fctx->totalqueries += find->qtotal;
++		} else {
+ 			fctx->findfail++;
+ 			if (fctx->pending == 0) {
+ 				/*
+@@ -2479,12 +2496,13 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
+ 	 * See what we know about this address.
+ 	 */
+ 	find = NULL;
+-	result = dns_adb_createfind(fctx->adb,
+-				    res->buckets[fctx->bucketnum].task,
+-				    fctx_finddone, fctx, name,
+-				    &fctx->name, fctx->type,
+-				    options, now, NULL,
+-				    res->view->dstport, &find);
++	result = dns_adb_createfind2(fctx->adb,
++				     res->buckets[fctx->bucketnum].task,
++				     fctx_finddone, fctx, name,
++				     &fctx->name, fctx->type,
++				     options, now, NULL,
++				     res->view->dstport,
++				     fctx->depth + 1, &find);
+ 	if (result != ISC_R_SUCCESS) {
+ 		if (result == DNS_R_ALIAS) {
+ 			/*
+@@ -2592,6 +2610,11 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
+ 
+ 	res = fctx->res;
+ 
++	if (fctx->depth > res->maxdepth) {
++		FCTXTRACE("too much NS indirection");
++		return (DNS_R_SERVFAIL);
++	}
++
+ 	/*
+ 	 * Forwarders.
+ 	 */
+@@ -3030,6 +3053,9 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
+ 
+ 	REQUIRE(!ADDRWAIT(fctx));
+ 
++	if (fctx->totalqueries > DEFAULT_MAX_QUERIES)
++		fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
++
+ 	addrinfo = fctx_nextaddress(fctx);
+ 	if (addrinfo == NULL) {
+ 		/*
+@@ -3388,6 +3414,7 @@ fctx_start(isc_task_t *task, isc_event_t *event) {
+ 		 * Normal fctx startup.
+ 		 */
+ 		fctx->state = fetchstate_active;
++		fctx->totalqueries = 0;
+ 		/*
+ 		 * Reset the control event for later use in shutting down
+ 		 * the fctx.
+@@ -3457,6 +3484,7 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client,
+ 	event->fetch = fetch;
+ 	event->client = client;
+ 	event->id = id;
++	event->qtotal = 0;
+ 	dns_fixedname_init(&event->foundname);
+ 
+ 	/*
+@@ -3493,7 +3521,8 @@ log_ns_ttl(fetchctx_t *fctx, const char *where) {
+ static isc_result_t
+ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
+ 	    dns_name_t *domain, dns_rdataset_t *nameservers,
+-	    unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp)
++	    unsigned int options, unsigned int bucketnum, unsigned int depth,
++	    fetchctx_t **fctxp)
+ {
+ 	fetchctx_t *fctx;
+ 	isc_result_t result;
+@@ -3545,6 +3574,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
+ 	fctx->state = fetchstate_init;
+ 	fctx->want_shutdown = ISC_FALSE;
+ 	fctx->cloned = ISC_FALSE;
++	fctx->depth = depth;
+ 	ISC_LIST_INIT(fctx->queries);
+ 	ISC_LIST_INIT(fctx->finds);
+ 	ISC_LIST_INIT(fctx->altfinds);
+@@ -3563,6 +3593,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
+ 	fctx->pending = 0;
+ 	fctx->restarts = 0;
+ 	fctx->querysent = 0;
++	fctx->totalqueries = 0;
+ 	fctx->referrals = 0;
+ 	TIME_NOW(&fctx->start);
+ 	fctx->timeouts = 0;
+@@ -7781,6 +7812,7 @@ dns_resolver_create(dns_view_t *view,
+ 	res->spillattimer = NULL;
+ 	res->zero_no_soa_ttl = ISC_FALSE;
+ 	res->query_timeout = DEFAULT_QUERY_TIMEOUT;
++	res->maxdepth = DEFAULT_RECURSION_DEPTH;
+ 	res->nbuckets = ntasks;
+ 	res->activebuckets = ntasks;
+ 	res->buckets = isc_mem_get(view->mctx,
+@@ -8219,9 +8251,9 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
+ 			 dns_rdataset_t *sigrdataset,
+ 			 dns_fetch_t **fetchp)
+ {
+-	return (dns_resolver_createfetch2(res, name, type, domain,
++	return (dns_resolver_createfetch3(res, name, type, domain,
+ 					  nameservers, forwarders, NULL, 0,
+-					  options, task, action, arg,
++					  options, 0, task, action, arg,
+ 					  rdataset, sigrdataset, fetchp));
+ }
+ 
+@@ -8237,6 +8269,25 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ 			  dns_rdataset_t *sigrdataset,
+ 			  dns_fetch_t **fetchp)
+ {
++	return (dns_resolver_createfetch3(res, name, type, domain,
++					  nameservers, forwarders, client, id,
++					  options, 0, task, action, arg,
++					  rdataset, sigrdataset, fetchp));
++}
++
++isc_result_t
++dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name,
++			  dns_rdatatype_t type,
++			  dns_name_t *domain, dns_rdataset_t *nameservers,
++			  dns_forwarders_t *forwarders,
++			  isc_sockaddr_t *client, dns_messageid_t id,
++			  unsigned int options, unsigned int depth,
++			  isc_task_t *task,
++			  isc_taskaction_t action, void *arg,
++			  dns_rdataset_t *rdataset,
++			  dns_rdataset_t *sigrdataset,
++			  dns_fetch_t **fetchp)
++{
+ 	dns_fetch_t *fetch;
+ 	fetchctx_t *fctx = NULL;
+ 	isc_result_t result = ISC_R_SUCCESS;
+@@ -8325,11 +8376,12 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ 
+ 	if (fctx == NULL) {
+ 		result = fctx_create(res, name, type, domain, nameservers,
+-				     options, bucketnum, &fctx);
++				     options, bucketnum, depth, &fctx);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto unlock;
+ 		new_fctx = ISC_TRUE;
+-	}
++	} else if (fctx->depth > depth)
++		fctx->depth = depth;
+ 
+ 	result = fctx_join(fctx, task, client, id, action, arg,
+ 			   rdataset, sigrdataset, fetch);
+@@ -9101,3 +9153,15 @@ dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds) {
+ 
+ 	resolver->query_timeout = seconds;
+ }
++
++void
++dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth) {
++	REQUIRE(VALID_RESOLVER(resolver));
++	resolver->maxdepth = maxdepth;
++}
++
++unsigned int
++dns_resolver_getmaxdepth(dns_resolver_t *resolver) {
++	REQUIRE(VALID_RESOLVER(resolver));
++	return (resolver->maxdepth);
++}
+diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
+index bfd4bab..5f8b037 100644
+--- a/lib/isccfg/namedconf.c
++++ b/lib/isccfg/namedconf.c
+@@ -1393,6 +1393,7 @@ view_clauses[] = {
+ 	{ "max-cache-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-clients-per-query", &cfg_type_uint32, 0 },
+ 	{ "max-ncache-ttl", &cfg_type_uint32, 0 },
++	{ "max-recursion-depth", &cfg_type_uint32, 0 },
+ 	{ "max-udp-size", &cfg_type_uint32, 0 },
+ 	{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
+ 	{ "minimal-responses", &cfg_type_boolean, 0 },
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 635d277..8e04f8a 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -17,6 +17,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://named.service \
            file://bind9 \
            file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind9_9_5-CVE-2014-8500.patch \
 	   "
 
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
-- 
1.9.1

[PATCH 12/12] packagegroup-self-hosted: add git-perltools

[Armin Kuster]

From: Jackie Huang <jackie.huang@windriver.com>

git-perltools provides some usefull git tools like:
git-submodule, git-request-pull, git-send-email, git-am, etc.

We should have it added in self-hosted image.

(From OE-Core rev: 4b0cbdc9c94b336f3102d4cce1886842b28ce6d5)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-core/packagegroups/packagegroup-self-hosted.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb b/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
index 65aca7f..f95ce77 100644
--- a/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
@@ -120,6 +120,7 @@ RDEPENDS_packagegroup-self-hosted-extended = "\
     gettext \
     gettext-runtime \
     git \
+    git-perltools \
     grep \
     groff \
     gzip \
-- 
1.9.1

Re: [PATCH 00/12] Dizzy 1.7.1 additions

[Richard Purdie]

On Mon, 2015-01-05 at 12:40 -0800, Armin Kuster wrote:
> please consider this for inclusion for 1.7.1
> Many security fixes and kernel update.
> 
> The following changes since commit f4d9d7bc206aaf30ea5c72675df139425a2c8d90:
> 
>   lbdrm: fix build issue. (2014-12-27 08:43:41 -0800)
> 
> are available in the git repository at:
> 
>   git://git.yoctoproject.org/poky-contrib akuster/dizzy_1_7_1
>   http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy_1_7_1

I've merged this but it was tricky since this isn't based of the current
dizzy branch.

Where a patch is rejected (like the sysroot poison one), please drop it
and please rebase against the current dizzy head in future.

Cheers,

Richard