Verify/Backport KRACK usespace fixes

Closing as part of EE RC2

Ok, so Eel is +1 .

For dab branch we can uprev the default.xml manifest in prep of the next stable release anyway.

Please go ahead and bump the revision. Tnx.

==> both a covered then.

Current Eel has a revision of poky that includes the fixes in poky taken from oe-core. Current Dab points to an old version of the morty branch of poky. The current version of the morty branch includes all of the following:
commit 1d92cb1a20135cfffff9f94a6633ec0840518738
Author: Ross Burton <ross.burton@intel.com>
Date: Mon Oct 16 19:53:07 2017 +0100

wpa_supplicant: fix WPA2 key replay security bug

WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.

• CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

• CVE-2017-13078: reinstallation of the group key in the Four-way handshake

• CVE-2017-13079: reinstallation of the integrity group key in the Four-way
  handshake

• CVE-2017-13080: reinstallation of the group key in the Group Key handshake

• CVE-2017-13081: reinstallation of the integrity group key in the Group Key
  handshake

• CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
  Request and reinstalling the pairwise key while processing it

• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
  PeerKey (TPK) key in the TDLS handshake

• CVE-2017-13087: reinstallation of the group key (GTK) when processing a
  Wireless Network Management (WNM) Sleep Mode Response frame

• CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
  processing a Wireless Network Management (WNM) Sleep Mode Response frame

Backport patches from upstream to resolve these CVEs.

(From OE-Core rev: c79b479ab4b129007c6679bb0bdd8e2ec7ecb6ad)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 577c91d706c3b671f0bd009da09ae1dbc5073f32
Author: Armin Kuster <akuster808@gmail.com>
Date: Fri Sep 22 18:21:29 2017 -0700

linux-yotoc/4.1: update to 4.1.43 plus CVE-2017-1000251

(From meta-yocto rev: 95560bdc6414069ad2679f366fbf3a9946815d72)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 21daf5cdc3e09810e80d2cd376effb01cd54cc78
Author: Maxin B. John <maxin.john@intel.com>
Date: Mon Sep 11 14:37:41 2017 +0300

hostap-utils: use w1.fi for SRC_URI

epitest.fi is down and hostap-utils source is now available in
w1.fi. So, move SRC_URI to https://w1.fi

Since hostap-utils is only meant for old Intersil Prism2/2.5/3 wifi cards,
this recipe will be removed from oe-core in future (most likely to
meta-handheld)

[YOCTO #12051]

(From OE-Core rev: 541b14c58132e8460a762617889bd5e3d736c1a4)

(From OE-Core rev: 0bc03289b775fefcb7f03e5463c79e4f96cd0b12)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 46a8c07a843cf39e61707d2232c203a4b7cfdbbd
Author: Armin Kuster <akuster808@gmail.com>
Date: Fri Sep 22 18:28:37 2017 -0700

linux-yotoc/4.8: update to 4.8.25 plus CVE-2017-1000251

(From meta-yocto rev: 3a7bbdd637481afd6da47a4084c2dc7cac5836f4)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 640b9c608022d5e37604ec6c021b3b1b2058ef30
Author: Armin Kuster <akuster808@gmail.com>
Date: Fri Sep 22 18:24:14 2017 -0700

linux-yotoc/4.4: update to 4.4.87 plus CVE-2017-1000251

(From meta-yocto rev: d642307afcc35f1ba01af5e5c3acd0848c93090b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 49ace39866d5774d91185f284bf029935008998a
Author: Ross Burton <ross.burton@intel.com>
Date: Tue Aug 8 11:09:00 2017 +0100

diffstat: use HTTP mirror for SRC_URI

The Invisible Mirror FTP service is currently down, and FTP is horrible, so
switch to the HTTP mirror.

(From OE-Core rev: f31461f8ea11e82dbe14454a1149d9ec2120404d)

(From OE-Core rev: 4839f039036f3d72f9ef114a37500f9b498101df)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 9be3cc6eaaa504ad154385ce9de57dfab54b953f
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Date: Fri Aug 11 12:45:17 2017 +0300

v86d: take tarball from debian

Gentoo is removing the package due to dead upstream;
Debian might carry it for a while longer.

(From OE-Core rev: 5026730a2f0701ebad4ddf57990b1ae3b484ae72)

(From OE-Core rev: ac16b6d3a734de2e2ea3e491d23817774a3e57f6)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 09c7d32f2d82deadaf4a73d0f873f7ef5d2b69d7
Author: Armin Kuster <akuster808@gmail.com>
Date: Fri Sep 29 07:51:24 2017 -0700

libpng: lsb version 1.2.56 url fix

The mirrors are not working so remove them. Simplify the SRC_URI as the archive in only in the older-releases dir.

(From OE-Core rev: 889cc3404255e9ba920909e90fbf3ab846a5d97a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 068c1a2c2240f2e36214546936dd649691ac8ce7
Author: Ross Burton <ross.burton@intel.com>
Date: Mon Jul 24 21:34:49 2017 +0100

libpng: use SourceForge mirror

The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.

Original idea by Maxin B. John <maxin.john@intel.com>.

(From OE-Core rev: 791a3493c88c9c249f21f6d893b2061e1d8a0af6)

(From OE-Core rev: 16af873638830477a435574f1fedc643af2e2661)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Hand applied to work with morty version

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 6ba57ee8b85bfcf075aba18d2e0fca1cc78971bc
Author: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Date: Tue Sep 26 12:36:04 2017 -0700

sign_rpm.bbclass: force rpm serial signing

Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel
so (unfortunately) the signing must be done serially. Once the upstream problem is fixed,
this patch must be reverted, otherwise we loose all the intrinsic parallelism from
bitbake.

[YOCTO #12022]

(From OE-Core rev: 3aced3783b808449cd50f12684c061151861a1a5)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 913b20f799415bb4dddc629c12c0e42ecbf1449e
Author: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Date: Tue Sep 26 12:36:03 2017 -0700

selftest/cases/signing: ignore removal errors when cleaning temporary gpg directory

The high-level method tempfile.TemporaryDirectory give us no way to
ignore erros on removal thus use tempfile.mkdtemp instead. Ignoring possible issues
on removal is neccesary because it contains gpg sockets that are automatically removed
by the system once the process terminates, otherwise the following log is observed:

..
..
File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd
os.unlink(name, dir_fd=topfd)
FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser'

[YOCTO #11821]

(From OE-Core rev: e7f139c5d97a3871215c88c5bfc07ecf4e8fd7f3)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit a0e04be74645ca1fc74597cc54d0128962d8239e
Author: Armin Kuster <akuster808@gmail.com>
Date: Thu Sep 21 16:26:45 2017 -0700

lunux-yocto/4.8: update to 4.8.25 plus bluetooth: CVE-2017-1000251

(From OE-Core rev: fdb9c64f225eaf94c9087dfac52ed6a7779b0744)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit ec31268aea86f1f4ee4927b32b8c6c044dbbffc8
Author: Armin Kuster <akuster808@gmail.com>
Date: Thu Sep 21 16:14:13 2017 -0700

linux-yocto/4.4: update to 4.4.87 plus bluetooth: CVE-2017-1000251

(From OE-Core rev: aadd6461cfd2d296df79efc253b7edbbe80f40f0)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 0582ea3d8ec5e0e847b2444894cbad005be6c481
Author: Armin Kuster <akuster808@gmail.com>
Date: Thu Sep 21 15:48:48 2017 -0700

linux-yocto/4.1: update to 4.1.43 plus bluetooth CVE-2017-1000251

(From OE-Core rev: 2653a523a936a4055fe06418cbe258d82de3e718)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 08e0475d896efe6d8c11c0b640c7eb17a783883f
Author: Bruce Ashfield <bruce.ashfield@windriver.com>
Date: Thu May 18 09:01:00 2017 -0400

linux-yocto/4.1: fix gcc7 compilation and v4.1.39

Porting the mainline commit, to fix gcc7 builds:

474c90156c [give up on gcc ilog2() constant optimizations]

We also integrate the 4.1.39 -stable update to pick up additional
fixes.

(From OE-Core rev: 774e0d3f429d383c55e9f54ab095f13694e1d8e6)

(From OE-Core rev: 7c816700d6f49c0e8fec142912738f36a7b1eb8c)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit f0effea8716faae749a7d15003647d68fa0cabf7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit a73154618283d7b8fd2107f6939834956b77b254
Author: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Date: Wed Sep 13 21:38:20 2017 +0200

kernel.bbclass: fix KERNEL_IMAGETYPE(S) for Image.gz

KERNEL_IMAGETYPES lists all the kernel images that we want to build. in
cb17b6c2a7 (kernel.bbclass: support kernel image type of vmlinux.gz), some logic
was added to support vmlinux.gz which is not a target built by kernel
makefiles (only vmlinux). It is clear that the goal of this logic is only to
support vmlinux.gz and not others compressed format (such as Image.gz) which are
valid target for kernel makefiles.

For Image.gz we should rely on the kernel makefiles and not do the compression
in kernel class.

This patch updates the logic used to filter out non supported kernel target from
KERNEL_IMAGETYPES, and make vmlinux.gz a 'special case', instead of *.gz. If
more special cases are needed in the future, we could add them in a similar way.

This patch should be a no-op for anyone using vmlinux or vmlinux.gz, and on top
of that it is fixing the build for Image.gz which was not working until now.

(From OE-Core rev: 241cc3083f873743ac3551237acc62e55abbbf05)

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cfc0c897656fe67e81a6a5dcd936dff785529f41)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 064ddc1652ab8b73dc454ba24c3ed363508954d0
Author: Ross Burton <ross.burton@intel.com>
Date: Thu Sep 14 13:27:53 2017 +0100

bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
information disclosure vulnerability which allows remote attackers to obtain
sensitive information from the bluetoothd process memory. This vulnerability
lies in the processing of SDP search attribute requests.

(From OE-Core rev: 8878d599cbc48b700f393d94657fe39db06fd533)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 493b1c9aeaeb60440085bb3692e9362a87553bce
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue Oct 10 11:01:38 2017 +0100

bitbake: toaster/highlight.pack.js: Fix corrupted file

The newly added file in the last commit was corrupted, fix it.

(Bitbake rev: 7c9370f7fafc98e4c836255e72ff8acff1138997)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit cb44402f979c47b1c57044a12ed34f9090ca4ec6
Author: David Reyna <David.Reyna@windriver.com>
Date: Mon Oct 9 20:31:40 2017 -0700

bitbake: toaster: Remove prettify

Remove "prettify.js" and "prettify.css" due to license issues with Apache2.
Replace with "highlight.pack.js" with its BSD3 License.

[YOCTO #12206]

(Bitbake rev: 5732046a48779be5f42616ec08b32ae53b33b230)

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Brian Avery <brian.avery@intel.com>
Signed-off-by: David Reyna <david.reyna@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit e2fcc721c2af8e2785a91eaceea1d81f503ea2ec
Author: libertad <libertad.cruz@intel.com>
Date: Mon Sep 25 14:50:18 2017 -0500

devtool.py: update testcase Ids in morty

eSDK testcases Ids were modified on testopia, hence there needs to be a change in the devtool script.

[YOCTO #11603]

(From OE-Core rev: b835e9bf9da6ebc8fd5728b4587470e9a57d5966)

Signed-off-by: libertad <libertad.cruz@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 4b1974d57c997840f7134244145b51c6790c795a
Author: Gerson Fernando Budke <nandojve@gmail.com>
Date: Fri Sep 22 07:30:06 2017 -0300

image.bbclass: Sorted ctypes to avoid basehash error

When selected multiple subimages a similar error could happend:
Variable do_image_cpio[subimages] value changed \ from 'cpio.gz.u-boot cpio.gz' to 'cpio.gz cpio.gz.u-boot'
To avoid this, 'ctypes' should be sorted at 'gen_conversion_cmds'.

This garantee that 'CONVERSION_CMD_xxx' are always written in tha same
order and consequently 'do_image_cpio' have the same hash.

(From OE-Core rev: 271f1a5f65b8685a1e3645026876251122ef3974)

(From OE-Core rev: 7401ef4d816030bd6844e2e1f1910ac86cdcbe70)

Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit dc51e92b001bf6615f6836a8774bf3afb9ad449a
Author: Martin Jansa <martin.jansa@gmail.com>
Date: Wed Sep 13 17:49:02 2017 +0200

glibc-locale: add runtime dependency on glibc

• the libc.so.6 dependency is detected always:
  $ grep FILERDEPENDS BUILD-*/pkgdata/qemux86/runtime/localedef
  BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef
  BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6
  BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef
  BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6

• but in some builds the glibc dependency isn't built soon enough:
  $ diff uNr BUILD*/pkgdata/qemux86/runtime/localedef

  •  

    • BUILD-bad/pkgdata/qemux86/runtime/localedef 2017-09-02 21:17:50.000000000 +0000
      +++ BUILD-ok/pkgdata/qemux86/runtime/localedef 2017-09-11 10:15:49.954381592 +0000
      @@ -6,6 +6,7 @@
      LICENSE: GPLv2 & LGPLv2.1
      DESCRIPTION_localedef: glibc: compile locale definition files
      SUMMARY: Locale data from glibc
      +RDEPENDS_localedef: glibc (>= 2.26)
      SECTION: base
      PKG_localedef: localedef
      FILES_localedef: /usr/bin/localedef
      and the build fails with QA issues:
      http://errors.yoctoproject.org/Errors/Details/155529/

ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.0), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.15), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.3), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.2), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.1), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6, but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA run found fatal errors. Please consider fixing them.

• reproducible with Yocto 2.2 Morty as well, with slightly different
  error message:
  ERROR: glibc-locale-2.24-r0 do_package_qa: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.4), but no providers found in RDEPENDS_localedef? [file-rdeps]

• cherry-picked from master 2d2b4d7383c93174fe8eeb72440e81345df71295

(From OE-Core rev: 6c6a06bb806ecd496bb1c3ad723f074ccb454076)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit a94a0c6402240ed02f364c87a5405f138634e46e
Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date: Fri Sep 8 18:41:00 2017 -0700

neard: Fix parallel build issue

This only started showing up now for some reason but it does seem like
a legitimate bug in Makefile.am.

(From OE-Core rev: f43290f6e302dbacf5581d1fe1c6c991dd387779)

(From OE-Core rev: 56eae27b3a7bd938d6959e5b671fc48ea2ab80c7)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit a17d574f092287267e08ae9548d4444673ddf610
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Wed Mar 1 15:16:44 2017 +0000

oeqa/selftest: Drop http sstate sharing

Using httpServer from python for sharing sstate is known to be buggy, it can't
cope with the number/type of requests coming from bitbake and quietly fails
to share files.

This causes intermittent build failures which are hard to debug. We can
use a file:// url for the sstate mirror instead, removing the need for
the http server.

The sdk-update test is simply dropped since the SDK is never published
to this location and hence it would never have any update. Its equiavalent
to pointing at an empty web server. There is a better eSDK update test in
testsdk so rather than improve this one, lets drop it and concentrate on
the one there.

(From OE-Core rev: 7606f05e48ad2e31650e3a56bfcd04b4fbfad1e3)

(From OE-Core rev: 840a317e8a5518dbd1a025381441e13e906519ff)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit ce4016c070ffc81267b0d071bbc738fb688fb902
Author: Mariano Lopez <mariano.lopez@linux.intel.com>
Date: Wed Feb 22 13:12:55 2017 +0000

selftest/eSDK.py: Cleanup when there is an error in setUpClass

Lately autobuilders are experiencing hangs with selftest,
it seems it is cause if an error happens in setUpClass
method of oeSDKExtSelfTest class because HTTP server
keeps running in background.

This patch will ensure tearDownClass will be run if there
is an error in setUpClass.

(From OE-Core rev: eb1383949f76c6eb36f86c051057f761a71016a3)

(From OE-Core rev: 5dc68a378d9f4ec2c313ac395e91225a02e5b2c7)

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit 4ff1c8ddbadfbcaef969fb97fb4caab92d4fa519
Author: Francisco Pedraza <francisco.j.pedraza.gonzalez@intel.com>
Date: Tue Jan 17 20:09:02 2017 -0600

oeqa/selftest: Adds test case for sdk-update eSDK

1. Test case adds perl recipe before build eSDK.
2. After this added recipe, the script verifies the update:

${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.sh
oe-publish-sdk [esdk] [path-to-http]
CORE_IMAGE_EXTRA_INSTALL = "perl"
bitbake -c populate-sdk-ext [some-image]
devtool sdk-update

This should fix [YOCTO #9369]

(From OE-Core rev: 21bd406bf89e9ceafe1a807877406be817cacca6)

(From OE-Core rev: 7824ca273e7e4b25d4efe5461c0402833f535d06)

Signed-off-by: Francisco Pedraza <francisco.j.pedraza.gonzalez@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

commit ffaf0ea56502612505cdcb46573e1452f43231bf
Author: Chen Qi <Qi.Chen@windriver.com>
Date: Thu Jan 5 13:03:28 2017 +0800

selftest/eSDK.py: fix sstate dir not found error

Fix the error below when SSTATE_DIR is not "${BUILDDIR}/sstate-cache".

FileNotFoundError: [Errno 2] No such file or directory: '/xxx/../sstate-cache'

(From OE-Core rev: 785f0343d04c1684363b5289a3012cf7e1caa95f)

(From OE-Core rev: 9d04fe3a0ce7eb418cd48438e1699825904e2dfb)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Taking all of these bug fixes (and security fixes) would require updating the manifest. Otherwise we would need to re-work the top commit as a bbappends.

@Scott Murray or @Tom Rini or /myself ... whoever is first with free cycles: pick it up and run.

Rocko has fixes,

• wpa_supplicant: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 (KRACK)