10 files changed, 152 insertions, 3 deletions
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross b/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross
index 8420f9874..b5df40072 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross
@@ -4,3 +4,6 @@ have_c99_snprintf = true
 have_unix98_printf = true
 va_val_copy = true
 growing_stack = false
+
+[binaries]
+env = "/usr/bin/env"
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
index f4ade098e..bb77294e1 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
@@ -16,10 +16,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
            file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
            file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
-           file://glib-meson.cross \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"
+SRC_URI_append_class-target = " file://glib-meson.cross"
 
 SRC_URI[md5sum] = "112a850caa8d2c21e24d4c9844e8b1fe"
 SRC_URI[sha256sum] = "04ab0d560d45790d055f50db2d69974eab8b693a77390075462c56e652b760b9"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.6.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.6.bb
new file mode 100644
index 000000000..ebc4648a1
--- /dev/null
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.6.bb
@@ -0,0 +1,18 @@
+#
+# This provides libcrypto.so.1 which contains obsolete APIs, needed for uninative in particular
+#
+
+require libxcrypt_${PV}.bb
+
+PROVIDES = ""
+AUTO_LIBNAME_PKGS = ""
+EXCLUDE_FROM_WORLD = "1"
+
+API = "--enable-obsolete-api"
+
+do_install_append () {
+	rm -rf ${D}${includedir}
+	rm -rf ${D}${libdir}/pkgconfig
+	rm -rf ${D}${datadir}
+}
+
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb
index 637c0e6ff..893f5e737 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb
@@ -29,4 +29,7 @@ BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
 TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir} -Wno-error=missing-attributes"
 CPPFLAGS_append_class-nativesdk = " -Wno-error=missing-attributes"
 
+API = "--disable-obsolete-api"
+EXTRA_OECONF += "${API}"
+
 BBCLASSEXTEND = "nativesdk"
diff --git a/poky/meta/recipes-core/meta/cve-update-db.bb b/poky/meta/recipes-core/meta/cve-update-db.bb
new file mode 100644
index 000000000..522fd2380
--- /dev/null
+++ b/poky/meta/recipes-core/meta/cve-update-db.bb
@@ -0,0 +1,121 @@
+SUMMARY = "Updates the NVD CVE database"
+LICENSE = "MIT"
+
+INHIBIT_DEFAULT_DEPS = "1"
+PACKAGES = ""
+
+inherit nopackages
+
+deltask do_fetch
+deltask do_unpack
+deltask do_patch
+deltask do_configure
+deltask do_compile
+deltask do_install
+deltask do_populate_sysroot
+
+python do_populate_cve_db() {
+    """
+    Update NVD database with json data feed
+    """
+
+    import sqlite3, urllib3, shutil, gzip, re
+    from datetime import date
+
+    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
+    YEAR_START = 2002
+    JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz'
+
+    # Connect to database
+    db_file = d.getVar("CVE_CHECK_DB_FILE")
+    conn = sqlite3.connect(db_file)
+    c = conn.cursor()
+
+    initialize_db(c)
+
+    http = urllib3.PoolManager()
+
+    for year in range(YEAR_START, date.today().year + 1):
+        year_url = BASE_URL + str(year)
+        meta_url = year_url + ".meta"
+        json_url = year_url + ".json.gz"
+
+        # Retrieve meta last modified date
+        with http.request('GET', meta_url, preload_content=False) as r:
+            date_line = str(r.data.splitlines()[0])
+            last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1)
+
+        # Compare with current db last modified date
+        c.execute("select DATE from META where YEAR = '%d'" % year)
+        meta = c.fetchone()
+        if not meta or meta[0] != last_modified:
+            # Update db with current year json file
+            with http.request('GET', json_url, preload_content=False) as r, open(JSON_TMPFILE, 'wb') as tmpfile:
+                shutil.copyfileobj(r, tmpfile)
+            with gzip.open(JSON_TMPFILE, 'rt') as jsonfile:
+                update_db(c, jsonfile)
+            c.execute("insert or replace into META values (?, ?)",
+                    [year, last_modified])
+
+    conn.commit()
+    conn.close()
+
+    with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'):
+        os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None)
+}
+
+# DJB2 hash algorithm
+def hash_djb2(s):
+    hash = 5381
+    for x in s:
+        hash = (( hash << 5) + hash) + ord(x)
+
+    return hash & 0xFFFFFFFF
+
+def initialize_db(c):
+    c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+    c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
+        SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
+        VENDOR TEXT, PRODUCT TEXT, VERSION TEXT, OPERATOR TEXT)")
+    c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_IDX ON PRODUCTS \
+        (PRODUCT, VERSION)")
+
+def update_db(c, json_filename):
+    import json
+    root = json.load(json_filename)
+
+    for elt in root['CVE_Items']:
+        if not elt['impact']:
+            continue
+
+        cveId = elt['cve']['CVE_data_meta']['ID']
+        cveDesc = elt['cve']['description']['description_data'][0]['value']
+        date = elt['lastModifiedDate']
+        accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+        cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+
+        try:
+            cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
+        except:
+            cvssv3 = 0.0
+
+        c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
+                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector])
+
+        for vendor in elt['cve']['affects']['vendor']['vendor_data']:
+            for product in vendor['product']['product_data']:
+                for version in product['version']['version_data']:
+                    product_str = cveId+vendor['vendor_name']+product['product_name']+version['version_value']
+                    hashstr = hash_djb2(product_str)
+                    c.execute("insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?)",
+                            [ hashstr, cveId, vendor['vendor_name'],
+                                product['product_name'], version['version_value'],
+                                version['version_affected']])
+
+
+
+addtask do_populate_cve_db before do_cve_check
+do_populate_cve_db[nostamp] = "1"
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb b/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb
index 50182decf..b5e8c0f03 100644
--- a/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb
+++ b/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb
@@ -46,6 +46,7 @@ DUMMYPROVIDES = "\
     /bin/bash \
     /usr/bin/env \
     /usr/bin/perl \
+    libperl.so.5 \
     pkgconfig \
     pkgconfig-dev \
     pkgconfig-src \
diff --git a/poky/meta/recipes-core/meta/uninative-tarball.bb b/poky/meta/recipes-core/meta/uninative-tarball.bb
index 25635fc2f..39638eb8c 100644
--- a/poky/meta/recipes-core/meta/uninative-tarball.bb
+++ b/poky/meta/recipes-core/meta/uninative-tarball.bb
@@ -16,6 +16,7 @@ TOOLCHAIN_HOST_TASK = "\
     nativesdk-glibc-gconv-libjis \
     nativesdk-patchelf \
     nativesdk-libxcrypt \
+    nativesdk-libxcrypt-compat \
     nativesdk-libnss-nis \
     "
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-base.bb b/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
index cae704aa2..d05403635 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
@@ -271,6 +271,7 @@ RRECOMMENDS_packagegroup-base-ipsec = "\
 SUMMARY_packagegroup-base-wifi = "WiFi support"
 RDEPENDS_packagegroup-base-wifi = "\
     iw \
+    wireless-regdb-static \
     wpa-supplicant"
 
 RRECOMMENDS_packagegroup-base-wifi = "\
diff --git a/poky/meta/recipes-core/systemd/systemd-conf/wired.network b/poky/meta/recipes-core/systemd/systemd-conf/wired.network
index 253aee938..ff807ba31 100644
--- a/poky/meta/recipes-core/systemd/systemd-conf/wired.network
+++ b/poky/meta/recipes-core/systemd/systemd-conf/wired.network
@@ -1,5 +1,6 @@
 [Match]
 Name=en* eth*
+KernelCommandLine=!nfsroot
 
 [Network]
 DHCP=yes
diff --git a/poky/meta/recipes-core/volatile-binds/files/mount-copybind b/poky/meta/recipes-core/volatile-binds/files/mount-copybind
index fddf52005..e32e67530 100755
--- a/poky/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/poky/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -42,14 +42,14 @@ if [ -d "$mountpoint" ]; then
     if ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir" "$mountpoint" > /dev/null 2>&1; then
 
         if [ "$specdir_existed" != "yes" ]; then
-            cp -pPR "$mountpoint"/. "$spec/"
+            cp -aPR "$mountpoint"/. "$spec/"
         fi
 
         mount -o "bind$options" "$spec" "$mountpoint"
     fi
 elif [ -f "$mountpoint" ]; then
     if [ ! -f "$spec" ]; then
-        cp -pP "$mountpoint" "$spec"
+        cp -aP "$mountpoint" "$spec"
     fi
 
     mount -o "bind$options" "$spec" "$mountpoint"