Rocko refresh

poky: 0ec241873367e18f5371a3ad9aca1e2801dcd4ee
meta-openembbeded: dacfa2b1920e285531bec55cd2f08743390aaf57
meta-virtualization: bd77388f31929f38e7d4cc9c711f0f83f563007e
meta-raspberrypi: b58ccfc696e4fa6b680ae5ca79960312676d7af9

Tested: Built witherspoon, palmetto and qemu images
Change-Id: I934ff48674042bb5ce6b7d75642e7adb9668a409
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

12 files changed, 208 insertions, 327 deletions

diff --git a/import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb
new file mode 100644
index 000000000..a83620e85
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb
@@ -0,0 +1,32 @@
+SUMMARY = "inittab configuration for BusyBox"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+SRC_URI = "file://inittab"
+
+S = "${WORKDIR}"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_compile() {
+	:
+}
+
+do_install() {
+    install -d ${D}${sysconfdir}
+    install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
+    tmp="${SERIAL_CONSOLES}"
+    for i in $tmp
+    do
+            j=`echo ${i} | sed s/\;/\ /g`
+            id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'`
+            echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
+    done
+}
+
+# SERIAL_CONSOLES is generally defined by the MACHINE .conf.
+# Set PACKAGE_ARCH appropriately.
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+FILES_${PN} = "${sysconfdir}/inittab"
+CONFFILES_${PN} = "${sysconfdir}/inittab"
diff --git a/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc
index 48910ca33..a6bfd46b6 100644
--- a/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc
+++ b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc
@@ -48,6 +48,8 @@ CONFFILES_${PN}-mdev = "${sysconfdir}/mdev.conf"
 
 RRECOMMENDS_${PN} = "${PN}-syslog ${PN}-udhcpc"
 
+RDEPENDS_${PN} = "${@["", "busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]}"
+
 inherit cml1 systemd update-rc.d ptest
 
 # internal helper
@@ -292,16 +294,6 @@ do_install () {
                 install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS
                 install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK
                 install -D -m 0755 ${WORKDIR}/runlevel ${D}${base_sbindir}/runlevel
-                if grep "CONFIG_FEATURE_USE_INITTAB=y" ${B}/.config; then
-                        install -D -m 0777 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
-                        tmp="${SERIAL_CONSOLES}"
-                        for i in $tmp
-                        do
-                                j=`echo ${i} | sed s/\;/\ /g`
-                                id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'`
-                                echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
-                        done
-                fi
         fi
 
     if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb b/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
index fc5d70dbb..744085f41 100644
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
@@ -21,7 +21,7 @@ SRCBRANCH ?= "release/${PV}/master"
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)"
 
-SRCREV_glibc ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369"
+SRCREV_glibc ?= "d300041c533a3d837c9f37a099bcc95466860e98"
 SRCREV_localedef ?= "dfb4afe551c6c6e94f9cc85417bd1f582168c843"
 
 SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
@@ -35,6 +35,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0021-eglibc-Install-PIC-archives.patch \
            file://0022-eglibc-Forward-port-cross-locale-generation-support.patch \
            file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+           file://archive-path.patch \
 "
 # Makes for a rather long rev (22 characters), but...
 #
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc
index df3db2cc4..b6d80745c 100644
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc
@@ -113,15 +113,15 @@ do_install_append () {
 }
 
 do_install_append_aarch64 () {
-	if [ "${base_libdir}" != "/lib" ] ; then
+	if [ "${base_libdir}" != "${nonarch_base_libdir}" ]; then
 		# The aarch64 ABI says the dynamic linker -must- be /lib/ld-linux-aarch64[_be].so.1
-		install -d ${D}/lib
+		install -d ${D}${nonarch_base_libdir}
 		if [ -e ${D}${base_libdir}/ld-linux-aarch64.so.1 ]; then
-			ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64.so.1 \
-				${D}/lib/ld-linux-aarch64.so.1
+			ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64.so.1 \
+				${D}${nonarch_base_libdir}/ld-linux-aarch64.so.1
 		elif [ -e ${D}${base_libdir}/ld-linux-aarch64_be.so.1 ]; then
-			ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \
-				${D}/lib/ld-linux-aarch64_be.so.1
+			ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \
+				${D}${nonarch_base_libdir}/ld-linux-aarch64_be.so.1
 		fi
 	fi
 	do_install_armmultilib
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch
new file mode 100644
index 000000000..436c84778
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch
@@ -0,0 +1,69 @@
+From af3054b3856379d353a779801678f330e1b58c9a Mon Sep 17 00:00:00 2001
+Message-Id: <af3054b3856379d353a779801678f330e1b58c9a.1490183611.git.panand@redhat.com>
+From: Pratyush Anand <panand@redhat.com>
+Date: Wed, 22 Mar 2017 17:02:38 +0530
+Subject: [PATCH] bits/siginfo-consts.h: enum definition for TRAP_HWBKPT is missing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compile following linux kernel test code with latest glibc:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c
+
+and we get following error:
+breakpoint_test_arm64.c: In function ‘run_test’:
+breakpoint_test_arm64.c:171:25: error: ‘TRAP_HWBKPT’ undeclared (first use in this function)
+  if (siginfo.si_code != TRAP_HWBKPT) {
+                         ^
+I can compile test code by modifying my local
+/usr/include/bits/siginfo.h and test works great. Therefore, this patch
+will be needed in upstream glibc so that issue is fixed there as well.
+
+Signed-off-by: Pratyush Anand <panand@redhat.com>
+
+Upstream-Status: Submitted [https://sourceware.org/bugzilla/show_bug.cgi?id=21286]
+---
+ bits/siginfo-consts.h                         | 6 +++++-
+ sysdeps/unix/sysv/linux/bits/siginfo-consts.h | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/bits/siginfo-consts.h b/bits/siginfo-consts.h
+index a58ac4b..8448fac 100644
+--- a/bits/siginfo-consts.h
++++ b/bits/siginfo-consts.h
+@@ -106,8 +106,12 @@ enum
+ {
+   TRAP_BRKPT = 1,		/* Process breakpoint.  */
+ #  define TRAP_BRKPT	TRAP_BRKPT
+-  TRAP_TRACE			/* Process trace trap.  */
++  TRAP_TRACE,			/* Process trace trap.  */
+ #  define TRAP_TRACE	TRAP_TRACE
++  TRAP_BRANCH,			/* Process branch trap. */
++# define TRAP_BRANCH	TRAP_BRANCH
++  TRAP_HWBKPT			/* hardware breakpoint/watchpoint  */
++# define TRAP_HWBKPT	TRAP_HWBKPT
+ };
+ # endif
+ 
+diff --git a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
+index 525840c..57a9edb 100644
+--- a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
++++ b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
+@@ -137,8 +137,12 @@ enum
+ {
+   TRAP_BRKPT = 1,		/* Process breakpoint.  */
+ #  define TRAP_BRKPT	TRAP_BRKPT
+-  TRAP_TRACE			/* Process trace trap.  */
++  TRAP_TRACE,			/* Process trace trap.  */
+ #  define TRAP_TRACE	TRAP_TRACE
++  TRAP_BRANCH,			/* Process branch trap. */
++# define TRAP_BRANCH	TRAP_BRANCH
++  TRAP_HWBKPT			/* hardware breakpoint/watchpoint  */
++# define TRAP_HWBKPT	TRAP_HWBKPT
+ };
+ # endif
+ 
+-- 
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
deleted file mode 100644
index 35692820d..000000000
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Sun, 22 Oct 2017 10:00:57 +0200
-Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
- #22332]
-
-(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
-
-Upstream-Status: Backport
-CVE: CVE-2017-15671
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog    | 6 ++++++
- NEWS         | 4 ++++
- posix/glob.c | 4 ++--
- 3 files changed, 12 insertions(+), 2 deletions(-)
-
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -211,6 +211,10 @@ Security related changes:
-   on the stack or the heap, depending on the length of the user name).
-   Reported by Tim Rühsen.
- 
-+  The glob function, when invoked with GLOB_TILDE and without
-+  GLOB_NOESCAPE, could write past the end of a buffer while
-+  unescaping user names.  Reported by Tim Rühsen.
-+
- The following bugs are resolved with this release:
- 
-   [984] network: Respond to changed resolv.conf in gethostbyname
-Index: git/posix/glob.c
-===================================================================
---- git.orig/posix/glob.c
-+++ git/posix/glob.c
-@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
- 		  char *p = mempcpy (newp, dirname + 1,
- 				     unescape - dirname - 1);
- 		  char *q = unescape;
--		  while (*q != '\0')
-+		  while (q != end_name)
- 		    {
- 		      if (*q == '\\')
- 			{
--			  if (q[1] == '\0')
-+			  if (q + 1 == end_name)
- 			    {
- 			      /* "~fo\\o\\" unescape to user_name "foo\\",
- 				 but "~fo\\o\\/" unescape to user_name
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,5 +1,10 @@
-+
- 2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
- 
-+       [BZ #22332]
-+       * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
-+       unescaping.
-+
-        [BZ #22320]
-        CVE-2017-15670
-        * posix/glob.c (__glob): Fix one-byte overflow.
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch
deleted file mode 100644
index 38731e412..000000000
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From 4ebd0c4191c6073cc8a7c5fdcf1d182c4719bcbb Mon Sep 17 00:00:00 2001
-From: Aurelien Jarno <aurelien@aurel32.net>
-Date: Sat, 30 Dec 2017 10:54:23 +0100
-Subject: [PATCH] elf: Check for empty tokens before dynamic string token
- expansion [BZ #22625]
-
-The fillin_rpath function in elf/dl-load.c loops over each RPATH or
-RUNPATH tokens and interprets empty tokens as the current directory
-("./"). In practice the check for empty token is done *after* the
-dynamic string token expansion. The expansion process can return an
-empty string for the $ORIGIN token if __libc_enable_secure is set
-or if the path of the binary can not be determined (/proc not mounted).
-
-Fix that by moving the check for empty tokens before the dynamic string
-token expansion. In addition, check for NULL pointer or empty strings
-return by expand_dynamic_string_token.
-
-The above changes highlighted a bug in decompose_rpath, an empty array
-is represented by the first element being NULL at the fillin_rpath
-level, but by using a -1 pointer in decompose_rpath and other functions.
-
-Changelog:
-	[BZ #22625]
-	* elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
-	string token expansion. Check for NULL pointer or empty string possibly
-	returned by expand_dynamic_string_token.
-	(decompose_rpath): Check for empty path after dynamic string
-	token expansion.
-(cherry picked from commit 3e3c904daef69b8bf7d5cc07f793c9f07c3553ef)
-
-Upstream-Status: Backport
-CVE: CVE-2017-16997
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog     | 10 ++++++++++
- NEWS          |  4 ++++
- elf/dl-load.c | 49 +++++++++++++++++++++++++++++++++----------------
- 3 files changed, 47 insertions(+), 16 deletions(-)
-
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -215,6 +215,10 @@ Security related changes:
-   GLOB_NOESCAPE, could write past the end of a buffer while
-   unescaping user names.  Reported by Tim Rühsen.
- 
-+  CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
-+  for AT_SECURE or SUID binaries could be used to load libraries from the
-+  current directory.
-+
- The following bugs are resolved with this release:
- 
-   [984] network: Respond to changed resolv.conf in gethostbyname
-Index: git/elf/dl-load.c
-===================================================================
---- git.orig/elf/dl-load.c
-+++ git/elf/dl-load.c
-@@ -433,32 +433,41 @@ fillin_rpath (char *rpath, struct r_sear
- {
-   char *cp;
-   size_t nelems = 0;
--  char *to_free;
- 
-   while ((cp = __strsep (&rpath, sep)) != NULL)
-     {
-       struct r_search_path_elem *dirp;
-+      char *to_free = NULL;
-+      size_t len = 0;
- 
--      to_free = cp = expand_dynamic_string_token (l, cp, 1);
-+      /* `strsep' can pass an empty string.  */
-+      if (*cp != '\0')
-+	{
-+	  to_free = cp = expand_dynamic_string_token (l, cp, 1);
- 
--      size_t len = strlen (cp);
-+	  /* expand_dynamic_string_token can return NULL in case of empty
-+	     path or memory allocation failure.  */
-+	  if (cp == NULL)
-+	    continue;
-+
-+	  /* Compute the length after dynamic string token expansion and
-+	     ignore empty paths.  */
-+	  len = strlen (cp);
-+	  if (len == 0)
-+	    {
-+	      free (to_free);
-+	      continue;
-+	    }
- 
--      /* `strsep' can pass an empty string.  This has to be
--	 interpreted as `use the current directory'. */
--      if (len == 0)
--	{
--	  static const char curwd[] = "./";
--	  cp = (char *) curwd;
-+	  /* Remove trailing slashes (except for "/").  */
-+	  while (len > 1 && cp[len - 1] == '/')
-+	    --len;
-+
-+	  /* Now add one if there is none so far.  */
-+	  if (len > 0 && cp[len - 1] != '/')
-+	    cp[len++] = '/';
- 	}
- 
--      /* Remove trailing slashes (except for "/").  */
--      while (len > 1 && cp[len - 1] == '/')
--	--len;
--
--      /* Now add one if there is none so far.  */
--      if (len > 0 && cp[len - 1] != '/')
--	cp[len++] = '/';
--
-       /* Make sure we don't use untrusted directories if we run SUID.  */
-       if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
- 	{
-@@ -621,6 +630,14 @@ decompose_rpath (struct r_search_path_st
-      necessary.  */
-   free (copy);
- 
-+  /* There is no path after expansion.  */
-+  if (result[0] == NULL)
-+    {
-+      free (result);
-+      sps->dirs = (struct r_search_path_elem **) -1;
-+      return false;
-+    }
-+
-   sps->dirs = result;
-   /* The caller will change this value if we haven't used a real malloc.  */
-   sps->malloced = 1;
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,12 @@
-+2017-12-30  Aurelien Jarno  <aurelien@aurel32.net>
-+           Dmitry V. Levin  <ldv@altlinux.org>
-+
-+       [BZ #22625]
-+       * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
-+       string token expansion. Check for NULL pointer or empty string possibly
-+       returned by expand_dynamic_string_token.
-+       (decompose_rpath): Check for empty path after dynamic string
-+       token expansion.
- 
- 2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
- 
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch
deleted file mode 100644
index c7d1cb86d..000000000
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From df8c219cb987cfe85c550efa693a1383a11e38aa Mon Sep 17 00:00:00 2001
-From: Arjun Shankar <arjun@redhat.com>
-Date: Thu, 30 Nov 2017 13:31:45 +0100
-Subject: [PATCH] Fix integer overflow in malloc when tcache is enabled [BZ
- #22375]
-
-When the per-thread cache is enabled, __libc_malloc uses request2size (which
-does not perform an overflow check) to calculate the chunk size from the
-requested allocation size. This leads to an integer overflow causing malloc
-to incorrectly return the last successfully allocated block when called with
-a very large size argument (close to SIZE_MAX).
-
-This commit uses checked_request2size instead, removing the overflow.
-
-(cherry picked from commit 34697694e8a93b325b18f25f7dcded55d6baeaf6)
-
-Upstream-Status: Backport
-CVE: CVE-2017-17426
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog       | 7 +++++++
- NEWS            | 6 ++++++
- malloc/malloc.c | 3 ++-
- 3 files changed, 15 insertions(+), 1 deletion(-)
-
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -4,6 +4,8 @@ See the end for copying conditions.
- 
- Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
- using `glibc' in the "product" field.
-+
-+[22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426)
- 
- Version 2.26
- 
-@@ -215,6 +217,11 @@ Security related changes:
-   for AT_SECURE or SUID binaries could be used to load libraries from the
-   current directory.
- 
-+  CVE-2017-17426: The malloc function, when called with an object size near
-+  the value SIZE_MAX, would return a pointer to a buffer which is too small,
-+  instead of NULL.  This was a regression introduced with the new malloc
-+  thread cache in glibc 2.26.  Reported by Iain Buclaw.
-+
- The following bugs are resolved with this release:
- 
-   [984] network: Respond to changed resolv.conf in gethostbyname
-Index: git/malloc/malloc.c
-===================================================================
---- git.orig/malloc/malloc.c
-+++ git/malloc/malloc.c
-@@ -3050,7 +3050,8 @@ __libc_malloc (size_t bytes)
-     return (*hook)(bytes, RETURN_ADDRESS (0));
- #if USE_TCACHE
-   /* int_free also calls request2size, be careful to not pad twice.  */
--  size_t tbytes = request2size (bytes);
-+  size_t tbytes;
-+  checked_request2size (bytes, tbytes);
-   size_t tc_idx = csize2tidx (tbytes);
- 
-   MAYBE_INIT_TCACHE ();
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,10 @@
-+2017-11-30  Arjun Shankar  <arjun@redhat.com>
-+
-+       [BZ #22375]
-+       CVE-2017-17426
-+       * malloc/malloc.c (__libc_malloc): Use checked_request2size
-+       instead of request2size.
-+
- 2017-12-30  Aurelien Jarno  <aurelien@aurel32.net>
-            Dmitry V. Levin  <ldv@altlinux.org>
- 
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch
new file mode 100644
index 000000000..b0d3158cf
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch
@@ -0,0 +1,39 @@
+localedef --add-to-archive uses a hard-coded locale path which doesn't exist in
+normal use, and there's no way to pass an alternative filename.
+
+Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
+index ca332a34..6b7ba9b2 100644
+--- a/locale/programs/locarchive.c
++++ b/locale/programs/locarchive.c
+@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly)
+   /* If ah has a non-NULL fname open that otherwise open the default.  */
+   if (archivefname == NULL)
+     {
+-      archivefname = default_fname;
+-      if (output_prefix)
+-        memcpy (default_fname, output_prefix, prefix_len);
+-      strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      archivefname = getenv("LOCALEARCHIVE");
++      if (archivefname == NULL) {
++              archivefname = default_fname;
++              if (output_prefix)
++                memcpy (default_fname, output_prefix, prefix_len);
++              strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      }
+     }
+ 
+   while (1)
+@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly)
+ 	     the default locale archive we ignore the failure and
+ 	     list an empty archive, otherwise we print an error
+ 	     and exit.  */
+-	  if (errno == ENOENT && archivefname == default_fname)
++	  if (errno == ENOENT)
+ 	    {
+ 	      if (readonly)
+ 		{
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch
new file mode 100644
index 000000000..2aea37f5c
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch
@@ -0,0 +1,55 @@
+The glibc locale path is hard-coded to the install prefix, but in SDKs we need
+to be able to relocate the binaries.  Expand the strings to 4K and put them in a
+magic segment that we can relocate at install time.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/findlocale.c b/locale/findlocale.c
+index 872cadb5..da14fa39 100644
+--- a/locale/findlocale.c
++++ b/locale/findlocale.c
+@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden =
+    which are somehow addressed.  */
+ struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST];
+ 
+-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR;
++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR;
+ 
+ /* Checks if the name is actually present, that is, not NULL and not
+    empty.  */
+@@ -167,7 +167,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
+ 
+       /* Nothing in the archive.  Set the default path to search below.  */
+       locale_path = _nl_default_locale_path;
+-      locale_path_len = sizeof _nl_default_locale_path;
++      locale_path_len = strlen(locale_path) + 1;
+     }
+   else
+     /* We really have to load some data.  First see whether the name is
+diff --git a/locale/localeinfo.h b/locale/localeinfo.h
+index 68822a63..537bc351 100644
+--- a/locale/localeinfo.h
++++ b/locale/localeinfo.h
+@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int category, int item)
+ }
+ 
+ /* Default search path if no LOCPATH environment variable.  */
+-extern const char _nl_default_locale_path[] attribute_hidden;
++extern char _nl_default_locale_path[4096] attribute_hidden;
+ 
+ /* Load the locale data for CATEGORY from the file specified by *NAME.
+    If *NAME is "", use environment variables as specified by POSIX, and
+diff --git a/locale/loadarchive.c b/locale/loadarchive.c
+index 516d30d8..792b37fb 100644
+--- a/locale/loadarchive.c
++++ b/locale/loadarchive.c
+@@ -42,7 +43,7 @@
+ 
+ 
+ /* Name of the locale archive file.  */
+-static const char archfname[] = COMPLOCALEDIR "/locale-archive";
++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive";
+ 
+ /* Size of initial mapping window, optimal if large enough to
+    cover the header plus the initial locale.  */
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb
index 8c0eb98af..9d1e636bb 100644
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
 
 DEPENDS += "gperf-native bison-native"
 
-SRCREV ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369"
+SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98"
 
 SRCBRANCH ?= "release/${PV}/master"
 
@@ -40,14 +40,9 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
            file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
            file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \
-           file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \
            file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
            file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
-           file://CVE-2017-15670.patch \
-           file://CVE-2017-15671.patch \
-           file://0029-assert-Support-types-without-operator-int-BZ-21972.patch \
-           file://CVE-2017-16997.patch \
-           file://CVE-2017-17426.patch \
+           file://0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
 "
 
 NATIVESDKFIXES ?= ""
@@ -56,6 +51,7 @@ NATIVESDKFIXES_class-nativesdk = "\
            file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
            file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
            file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
+           file://relocate-locales.patch \
 "
 
 S = "${WORKDIR}/git"
@@ -143,12 +139,6 @@ do_compile () {
 
 }
 
-# Use the host locale archive when built for nativesdk so that we don't need to
-# ship a complete (100MB) locale set.
-do_compile_prepend_class-nativesdk() {
-    echo "complocaledir=/usr/lib/locale" >> ${S}/configparms
-}
-
 require glibc-package.inc
 
 BBCLASSEXTEND = "nativesdk"
diff --git a/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb b/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb
index be37c4421..d98a9c901 100644
--- a/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -21,7 +21,6 @@ TOOLCHAIN_HOST_TASK ?= "\
     nativesdk-wget \
     nativesdk-ca-certificates \
     nativesdk-texinfo \
-    nativesdk-locale-base-en-us \
     "
 
 MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"