subtree updates
poky: 67266331b0..835f7eac06:
Adrian Bunk (9):
valgrind: Remove dependency on libx11
bluez5: Remove obsolete dependency on dbus-glib
python3-dbus: Remove obsolete dependency on dbus-glib
cups: Remove unnecessary dependency on dbus-glib
libnotify: Remove obsolete dependency on dbus-glib
unfs3: Switch to new upstream location
i2c-tools: Add alternative for i2ctransfer
meta: Remove remnants of bluez4 support
e2fsprogs: Remove patch that disabled 64bit for ext4 by default
Adrian Freihofer (1):
yocto-bsp: runqemu runs beaglebone-yocto
Adrian Ratiu (1):
opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIR
Alejandro del Castillo (1):
opkg: upgrade to version 0.4.1
Alexander Kanavin (3):
rt-tests: exclude 1.4 version from upstream check as well
gtk-doc: correct the style.css permissions
mobile-broadband-provider-info: upgrade 20190116 -> 20190618
Alistair Francis (7):
mesa: Add support for the lima PACKAGECONFIG
u-boot: Update to 2019.07
packagegroup-core-sdk: Set blank sanitiser for RISC-V 32
opensbi: Update from 0.3 to 0.4
opensbi: Fix installed-vs-shipped warning
qemurunner.py: Be more verbose about problems
package_manager: Ensure the base-feed directory exists
Andrej Valek (2):
busybox: 1.30.1 -> 1.31.0
oe/copy_buildsystem: move layer into layers directory
Anuj Mittal (25):
gstreamer1.0-plugins-bad: depend on vulkan-loader now
vulkan-demos: depend on vulkan-loader
vulkan: remove
binutils: fix CVE-2019-12972 CVE-2019-9071
gnupg: upgrade 2.2.16 -> 2.2.17
libxslt: fix CVE-2019-13117 CVE-2019-13118
libva: upgrade 2.4.1 -> 2.5.0
libva-utils: upgrade 2.4.0 -> 2.5.0
nasm: fix CVE-2018-19755
python: fix CVE-2019-9740
python3: upgrade 3.7.3 -> 3.7.4
binutils: CVE-2019-9070 is same as CVE-2019-9071
qemu: fix CVE-2019-12155
bzip2: upgrade 1.0.7 -> 1.0.8
glib-2.0: upgrade 2.60.4 -> 2.60.5
vte: upgrade 0.56.1 -> 0.56.3
openssl: set CVE vendor to openssl
curl: upgrade 7.65.1 -> 7.65.2
rsync: fix CVEs for included zlib
glibc: CVE-2018-20796 is same as CVE-2019-9169
unzip: fix CVE-2019-13232
python: include CVE patches for python-native as well
gdb: fix CVE-2017-9778
iptables: upgrade 1.8.2 -> 1.8.3
piglit: fix SRC_URI
Armin Kuster (1):
timezone: update to 2019b
Bonnans, Laurent (1):
openssl: fix valgrind errors on v1.1.1c
Bruce Ashfield (5):
linux-yocto/5.0: bsp: add basic xilinx zynqmp support
linux-yocto/5.0: make scsi-debug include scsi core configs
linux-yocto: bsp/beaglebone: support qemu -machine virt
linux-yocto/4.19: update to 4.19.57 and -rt22
package: check PKG_ variables before executing ontarget postinst
CHerzig@Gauselmann.de (1):
bitbake: fetch2/clearcase: Fix class import errors
Changqing Li (5):
quilt: run-ptest remove Interactive Input
mdadm: fix systemd service start up failure
mdam: fix mdmonitor start up failure
opkg: make ptest output format align with common style
mdadm: make ptest output format align with common style
Chee Yang Lee (1):
wic: add support for kernel with initramfs bundled
Chen Qi (13):
target-sdk-provides-dummy: add libperl.so.5 64bit
devtool: warn user about multiple layer having the same base name
image.bbclass: fix systemd_preset_all
devtool.py: track to clean devtool.conf in test_create_workspace
grub-efi.bbclass: take into consideration of multilib
sysstat: use service file from source codes
xmlcatalog: hold libxml2-native dependency
oeqa/runtime/rpm: ensure no user process running before deleting user
oeqa/runtime/rpm: Move test_rpm_query_nonroot test case to RpmBasicTest
qemurunner.py: fix race condition at qemu startup
msmtp: use alternatives to manage /usr/lib/sendmail
runtime_test.py: use track_for_cleanup for temp dir
devtool: remove temp dir in upgrade
Fabio Berton (1):
mesa: Update 19.1.0 -> 19.1.1
Haiqing Bai (1):
sysstat: Use sysstat.service in source for cron with systemd
He Zhe (1):
ltp: file01: Fix in was not recognized
Hongzhi.Song (3):
ltp: fix shmctl01 failure when executed.
ltp: diotest4: Let kernel pick an address when calling mmap
ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32
Jason Wessel (5):
glibc: Fix multilibs + usrmerge builds
psmisc: Fix dependency for USE_NLS=no
glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1"
glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs
glibc / glibc-locale: Fix stash_locale determinism problems
Joe Slater (1):
libtool: remove host information from libtool
Jon Mason (1):
oe_syslog.py: Handle syslogd/klogd restart race
Joshua Watt (5):
python3: Fix .pyc file reproduciblility
oeqa: Test bitbake --skip-setsecene
bitbake: bitbake: Add --skip-setscene option
classes/icecc: Disable remote pre-processing by default
scripts/buildstats-diff: Add option to filter tasks
Joël Esponde (1):
package.bbclass: fix directories setuid and setgid bits
Jun Nie (1):
kernel-fitimage: uboot-sign: fix missing signature
Kai Kang (4):
rng-tools: fix rngd blocks system shutdown
openssl: fix multilib files conflict
webkitgtk: set incomptible with tune mips
defaultsetup.conf: enable select init manager
Khem Raj (10):
efibootmgr: Pass correct flags to compiler from pkg-config
mpeg2dec: Fix PIE build and avoid relocation in text section on ARM
Revert "unzip: fix CVE-2019-13232"
musl: Upgrade to 1.1.23+
mdadm: Include sys/sysmacros.h for major/minor definitions
sysvinit: Include sys/sysmacros.h for major/minor definitions on musl too
pam_systemd: Include missing.h for secure_getenv
musl-obstack: Add recipe
elfutils: Fix eu-* utils builds for musl
maintainers: Account for musl-obstack and libssp-nonshared
Li Zhou (2):
bc: dc: fix exit code of q command
iptables: Security Advisory - iptables - CVE-2019-11360
Luca Boccassi (1):
bitbake: tests/fetch.py: add missing skipIfNoNetwork tags to tests that try to git clone
Matthias Schiffer (1):
systemd: backport patch to fix sysctl warning on boot
Mike Crowe (4):
bitbake.conf: Stop exporting TARGET_ flags variables
image.bbclass: Only append to IMAGE_LINK_NAME if it was already set
rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifest
rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_data
Mikko Rapeli (3):
busybox: enable unicode support
cve-check.bbclass: initialize to_append
freetype: add --tag CC to libtool arguments
Mingli Yu (2):
go.bbclass: separate the ptest logic to go-ptest class
mdadm: fix ptest hang
Oleksandr Kravchuk (34):
mc: update to 4.8.23
encodings: update to 1.0.5
gawk: update to 5.0.1
libinput: update to 1.13.3
libxi: update to 1.7.10
libxt: update to 1.2.0
autoconf-archive: update to 2019.01.06
python3-mako: update to 1.0.12
python3-pbr: update to 5.3.1
python3-pygobject: update to 3.32.2
git: update to 2.22.0
eudev: update to 3.2.8
babeltrace: update to 1.5.7
dpkg: update to 1.19.7
apt: update to 1.2.31
libinput: update to 1.13.4
expat: update to 2.2.7
libsolf: update to 0.7.5
bison: update to 3.4.1
ruby: update to 2.5.5
quilt: update to 0.66
bzip2: update to 1.0.7
python3-mako: update to 1.0.13
ifupdown: update to 0.8.22
libdrm: update to 2.4.99
python3-pbr: update to 5.4.0
linux-firmware: bump to 20190618
iproute2: update to 5.2.0
udev-extraconf: do not mount swap partitions
python3-pbr: update to 5.4.1
xinput: update to 1.6.3
python3-scons: update to 3.1.0
python3-docutils: update to 0.15
python3-mako: update to 1.0.14
Pascal Bach (1):
cmake: 3.14.1 -> 3.14.5
Paul Eggleton (7):
libcap-ng: do not use symlink to share files with libcap-ng-python
scripts/contrib/ddimage: fix typo
scripts/contrib/ddimage: replace blacklist with mount check
scripts/contrib/ddimage: be explicit whether device doesn't exist or isn't writeable
list-packageconfig-flags: print PN instead of P
recipetool: ignore zero-length setup.py files
devtool: upgrade: fix handling of errors parsing upgraded recipe
Peter Kjellerstedt (4):
glib-2.0: Update to 2.60.4
glibc-package.inc: Do not use bitbake variable syntax for shell variables
meson.bbclass: Remove the MESON_*_ARGS variables
nativesdk-meson: Remove some unused variables
Pierre Le Magourou (10):
cve-update-db: Use std library instead of urllib3
cve-update-db: Manage proxy if needed.
cve-update-db: do_populate_cve_db depends on do_fetch
cve-update-db: Catch request.urlopen errors.
cve-check: Depends on cve-update-db-native
cve-update-db: Use NVD CPE data to populate PRODUCTS table
cve-check: Update unpatched CVE matching
cve-update-db-native: Skip recipe when cve-check class is not loaded.
cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
cve-update-db-native: Remove hash column from database.
Ricardo Ribalda Delgado (4):
nfs-mountd: Add missing dependency on systemd service
systemd: Fix interface bring-up on kernels >= 5.2
wic: Fix (again) partition files UIDs on multi rootfs images
systemd-bootconf: Mark as machine specific
Ricardo Salveti (1):
gcc-9.1: add back GLIBC_DYNAMIC_LINKER riscv changes
Richard Purdie (58):
multilib_global: Fix multilib rebuild issue
multilib_global: Fix KERNEL_VERSION expansion problems
sysklogd: Fix init script races
busybox: Improve syslog restart handling
oeqa/runtime/syslog: Improve test debug messages
oeqa/runtime/oesyslog: systemd syslog restart doesn't change pid
oeqa/runtime/syslog: Add delay to test to avoid failures
busybox: Fix typo in syslog initscript
pigz: Add debug for autobuilder errors
staging: Code cleanup
package: Build pkgdata specific to the current recipe
Revert "pigz: Add debug for autobuilder errors"
grub2: Drop unneeded code
bitbake: event: Clear ui_queue after handling it
bitbake: main: Ensure log messages are printed when no UI starts
bitbake: main: Alter EOFError handling
core-image-sato-sdk-ptest: Reduce image padding size due to bootimg 4GB limit
oeqa/bbtests: Tweak test bitbake output pattern matching
sstate: Add tweak to avoid multiple sstate stats messages
bitbake: siggen: Fix default handler
bitbake: siggen: Use unique hashes for tasks
bitbake: runqueue: Tweak buildable variable handling in scheduler
bitbake: runqueue: Drop unused BB_SETSCENE_VERIFY_FUNCTION2
bitbake: runqueue: Remove now uneeded code
bitbake: runqueue: Move scenequeue data generation to a separate function
bitbake: runqueue: Remove unused function parameter
bitbake: runqueue: Factor out the process_setscene_whitelist checks
bitbake: runqueue: Uniquely namespace the scenequeue functions
bitbake: runqueue: Merge stats handling together for setscene/real tasks
bitbake: runqueue: Merge scenequeue and real task queue code together
bitbake: runqueue: Fix counter/task updating glitch
bitbake: runqueue: Remove RunQueueExecuteScenequeue and RunQueueExecuteTasks
bitbake: runqueue: Simplify _execute_runqueue logic
bitbake: runqueue: Fold remains of the scenequeue setup into RunQueueExecute
bitbake: event/runqueue: Drop StampUpdate event, its pointless/unused
bitbake: runqueue: Add covered_tasks (or 'collated_deps') to scenequeue data
bitbake: runqueue: Simplify scenequeue unskippable calculation
bitbake: runqueue: Tweak comments and debug code
bitbake: runqueue: Code simplification
bitbake: runqueue: Remove pointless variable
bitbake: runqueue: Further scheduler buildable tasks cleanup
bitbake: runqueue: Clarify scenequeue_covered vs. tasks_covered
bitbake: runqueue: Merge the queues and execute setscene and normal tasks in parallel
bitbake: runqueue: Alter setscenewhitelist handling
bitbake: runqueue: Complete the merge of scenequeue and normal task execution
bitbake: tests: Add initial scenario based test for runqueue
bitbake: uihelper: No longer listen to scenequeue task started
bitbake: runqueue: Simplify some convoluted logic
bitbake: runqueue: Whitespace fix
bitbake: runqueue: Abstract hash verification function
bitbake: runqueue: Optimise multiconfig with overlapping setscene
bitbake: tests/runqueue: Allow common sstate tasks to become valid
bitbake: runqueue: Fix non setscene tasks targets being lost
staging: Drop clean_recipe_sysroot
poky-lsb: Drop features already in poky
poky-lsb: Drop libx11 PREFERRED_PROVIDER
distro/include: Add poky-distro-alt-test-config.inc
bitbake: siggen: Fix handling of tainted sig files
Robert Yang (13):
update-alternatives.bbclass: run update-alternatives firstly in postinst script
busybox: make postinst run firstly before update-alternatives
multilib.bbclass: Reduce ALTERNATIVE_PRIORITY for extended recipes
bitbake: bitbake: lib: Cleanup /usr/bin/env python
bitbake: bitbake: toaster:tests: python -> python3
ksum.py: python -> python3
wic: python2 -> python3
ext-sdk-prepare.py: python2 -> python3
oeqa: Cleanup /usr/bin/env python
package_rpm.bbclass: python2 -> python3
bitbake: cache: Remove duplicated lines for provides and rprovides
bitbake: cache: Set packages for skipped recipes
bitbake: cache: Create a symlink for current cachefile
Ross Burton (56):
cve-check: be idiomatic
gtk-icon-cache: rename intercept to update_gtk_icon_cache
fortran-helloworld: add a very dumb Fortran Hello World for testing
oeqa/buildoptions: check that Fortran code actually cross-compiles
buildhistory: write the contents of the sysroot
buildhistory: report sysroot changes
perl: fix Upstream-Status tags
efivar: ensure that target security flags are not used to build native code
multilib_script: fix whitespace
buildhistory_analysis: ignore ownership for sysroot diffs
insane: use clean_path for the host contamination warnings
libsndfile1: disable use of sqlite3 by default
libsndfile1: remove redundant autoconf seeding
buildhistory: don't output ownership for the sysroot
buildhistory: filter out the unexpected prefix for native/cross sysroots
alsa-utils: disable tools using GTK+2
packagegroup-core-lsb: remove GTK+
recipetool: add MD5 hash for the line-wrapped MPL-1.1 license
oeqa/recipetool: change the CMake test to use taglib
gtk+: remove GTK+ 2
gnome-themes-standard: remove
Revert "sysstat: use service file from source codes"
libpsl: update Upstream-Status
grub: build with python 3
qemu: use Python 3 to build
ninja: use Python 3
conf/poky: add debian-10 to the supported distribution list
tiff: remove redundant patch
tiff: fix CVE-2019-6128
tiff: fix CVE-2019-7663
cve-check: remove redundant readline CVE whitelisting
cve-check-tool: remove
glibc: exclude child recipes from CVE scanning
libid3tag: CVE-2017-11551 is the same as CVE-2004-2779
libid3tag: handle unknown encodings (CVE-2017-11550)
subversion: set CVE vendor to Apache
boost: set CVE vendor to Boost
git: set CVE vendor to git-scm
ed: set CVE vendor to avoid false positives
cve-check: allow comparison of Vendor as well as Product
flex: set CVE_PRODUCT to include vendor
cve-update-db-native: use SQL placeholders instead of format strings
xkeyboard-config: remove redundant intltool dependency
piglit: upgrade to latest revision
pkgconf: upgrade 1.6.1 -> 1.6.3
conf/poky: add Fedora 30 and Opensuse Leap 15.1 to supported distributions
cve-update-db-native: use os.path.join instead of +
cve-update-db: actually inherit native
cve-update-db-native: use executemany() to optimise CPE insertion
cve-update-db-native: improve metadata parsing
cve-update-db-native: clean up JSON fetching
freetype: upgrade to 2.10.1
unfs3: set upstream tag regex to avoid false-positives
meson.bbclass: export STRIP=${BUILD_STRIP}
ffmpeg: don't use hardcoded lookup tables
ffmpeg: upgrade to 4.1.4
Sai Hari Chandana Kalluri (3):
devtool/standard.py: Update devtool modify to copy source from work-shared if its already downloaded
devtool/standard.py: Create a copy of kernel source within work-shared if not present
devtool: provide support for devtool menuconfig command
Scott Rifenbark (5):
overview-manual: Fixed manual history table
sdk-manual: Updated devtool to talk about oe-local-files.
dev-manual: Provided proper link title
ref-manual: Fixed typo for BBMULTICONFIG variable.
ref-manual: Removed "python2" mention in example.
Stefan Agner (1):
psplash: create psplash tmpfs mount directory in psplash-init
Tim Orling (3):
vulkan-headers: add recipe
vulkan-loader: add recipe
vulkan-tools: add recipe
Ulrich Ölmann (1):
squashfs-tools: upgrade to commit f95864afe883
William Bourque (2):
wic/plugins: Source that support both EFI and BIOS
meta/lib/oeqa: Test for bootimg-biosplusefi Source
Yi Zhao (2):
debianutils: upgrade 4.8.6.1 -> 4.8.6.3
ltp: upgrade 20190115 -> 20190517
Zang Ruochen (9):
nss: upgrade 3.44 -> 3.44.1
util-linux:upgrade 2.33.2 -> 2.34
librepo:upgrade 1.10.3 -> 1.10.4
sqlite3: Upgrade 3.28.0 -> 3.29.0
nss: Upgrade 3.44.1 -> 3.45
xauth:upgrade 1.0.10 -> 1.1
libice:upgrade 1.0.9 -> 1.0.10
xwininfo:upgrade 1.1.4 -> 1.1.5
libpciaccess:upgrade 0.14 -> 0.16
meta-phosphor: fe8cee7488..601f253a66:
Brad Bishop (1):
meta-phosphor: systemd: remove upstreamed patches
Change-Id: If591144821cd2e5b990a7aa49a1cf426f6a906de
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc
index 9be3717..0330202 100644
--- a/poky/meta/recipes-support/boost/boost.inc
+++ b/poky/meta/recipes-support/boost/boost.inc
@@ -2,6 +2,8 @@
SECTION = "libs"
DEPENDS = "bjam-native zlib bzip2"
+CVE_PRODUCT = "boost:boost"
+
ARM_INSTRUCTION_SET_armv4 = "arm"
ARM_INSTRUCTION_SET_armv5 = "arm"
diff --git a/poky/meta/recipes-support/curl/curl_7.65.1.bb b/poky/meta/recipes-support/curl/curl_7.65.2.bb
similarity index 95%
rename from poky/meta/recipes-support/curl/curl_7.65.1.bb
rename to poky/meta/recipes-support/curl/curl_7.65.2.bb
index e7bfe6c..2fff044 100644
--- a/poky/meta/recipes-support/curl/curl_7.65.1.bb
+++ b/poky/meta/recipes-support/curl/curl_7.65.2.bb
@@ -9,8 +9,8 @@
file://0001-replace-krb5-config-with-pkg-config.patch \
"
-SRC_URI[md5sum] = "03ca3fa53ac4d791be66e30ba75b56ea"
-SRC_URI[sha256sum] = "cbd36df60c49e461011b4f3064cff1184bdc9969a55e9608bf5cadec4686e3f7"
+SRC_URI[md5sum] = "88910bdda3752a98083b6dbe85bafcaa"
+SRC_URI[sha256sum] = "8093398b51e7d8337dac6f8fa6f1f77d562bdd9eca679dff9d9c3b8160ebfd28"
CVE_PRODUCT = "curl libcurl"
inherit autotools pkgconfig binconfig multilib_header
diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb
similarity index 86%
rename from poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb
rename to poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb
index 7cc78a6..a69d01e 100644
--- a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb
+++ b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb
@@ -3,15 +3,13 @@
LICENSE = "GPLv2 & SMAIL_GPL"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=f01a5203d50512fc4830b4332b696a9f"
-SRC_URI = "http://snapshot.debian.org/archive/debian/20190217T160716Z/pool/main/d/${BPN}/${BPN}_${PV}.tar.xz"
+SRC_URI = "http://snapshot.debian.org/archive/debian/20190717T213444Z/pool/main/d/${BPN}/${BPN}_${PV}.tar.xz"
# the package is taken from snapshots.debian.org; that source is static and goes stale
# so we check the latest upstream from a directory that does get updated
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/d/${BPN}/"
-SRC_URI[md5sum] = "80e2e670d8f6c0036770e971237f1f5c"
-SRC_URI[sha256sum] = "099f1e8a7278b26145a2ba2dda84c4118403bfab38c8d7070a6235a7ffcb55ed"
-
-S = "${WORKDIR}/${BPN}"
+SRC_URI[md5sum] = "ca57cc6621275346d7d516ab0b5fa1f5"
+SRC_URI[sha256sum] = "2cc7de3afc6df1cf6d00af9938efac7ee8f739228e548e512ddc186b6a7be221"
inherit autotools update-alternatives
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb
similarity index 92%
rename from poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb
rename to poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb
index cb7c6c5..e5456dd 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb
@@ -19,9 +19,8 @@
SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
-
-SRC_URI[md5sum] = "d90e186df1c06845880ea58a318f070b"
-SRC_URI[sha256sum] = "6cbe8d454bf5dc204621eed3016d721b66298fa95363395bb8eeceb1d2fd14cb"
+SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c"
+SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng b/poky/meta/recipes-support/libcap-ng/libcap-ng
deleted file mode 120000
index fb7744d..0000000
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng
+++ /dev/null
@@ -1 +0,0 @@
-libcap-ng-python
\ No newline at end of file
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb
index e49b445..43f76dc 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb
@@ -1,5 +1,7 @@
require libcap-ng.inc
+FILESEXTRAPATHS_prepend := "${THISDIR}/libcap-ng:"
+
SUMMARY .= " - python"
inherit lib_package autotools python3native
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch b/poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch
similarity index 100%
rename from poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch
rename to poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch
diff --git a/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch b/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch
index 2331a76..c78d6fd 100644
--- a/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch
+++ b/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch
@@ -5,7 +5,7 @@
gtk-doc 1.30 no longer generates the file if the object tree is empty
-Upstream-Status: Submitted [https://github.com/rockdaboot/libpsl/pull/137]
+Upstream-Status: Backport [87d1add318b5e5d09977f7f374e923577b6ff3be]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
docs/libpsl/libpsl-docs.sgml | 4 ----
diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch
new file mode 100644
index 0000000..ef3f270
--- /dev/null
+++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch
@@ -0,0 +1,33 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+
+CVE: CVE-2019-13117
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ tokens->tokens[tokens->nTokens].token = val - 1;
+ ix += len;
+ val = xmlStringCurrentChar(NULL, format+ix, &len);
+- }
++ } else {
++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++ tokens->tokens[tokens->nTokens].width = 1;
++ }
+ } else if ( (val == (xmlChar)'A') ||
+ (val == (xmlChar)'a') ||
+ (val == (xmlChar)'I') ||
+--
+2.21.0
+
diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch
new file mode 100644
index 0000000..595e6c2
--- /dev/null
+++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch
@@ -0,0 +1,76 @@
+From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Jun 2019 13:14:45 +0200
+Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
+
+The character type in xsltFormatNumberConversion was too narrow and
+an invalid character/length combination could be passed to
+xsltNumberFormatDecimal, resulting in an uninitialized read.
+
+Found by OSS-Fuzz.
+
+CVE: CVE-2019-13118
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ libxslt/numbers.c | 5 +++--
+ tests/docs/bug-222.xml | 1 +
+ tests/general/bug-222.out | 2 ++
+ tests/general/bug-222.xsl | 6 ++++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+ create mode 100644 tests/docs/bug-222.xml
+ create mode 100644 tests/general/bug-222.out
+ create mode 100644 tests/general/bug-222.xsl
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index f1ed8846..20b99d5a 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
+ number = floor((scale * number + 0.5)) / scale;
+ if ((self->grouping != NULL) &&
+ (self->grouping[0] != 0)) {
++ int gchar;
+
+ len = xmlStrlen(self->grouping);
+- pchar = xsltGetUTF8Char(self->grouping, &len);
++ gchar = xsltGetUTF8Char(self->grouping, &len);
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+ format_info.group,
+- pchar, len);
++ gchar, len);
+ } else
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
+new file mode 100644
+index 00000000..69d62f2c
+--- /dev/null
++++ b/tests/docs/bug-222.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
+new file mode 100644
+index 00000000..e3139698
+--- /dev/null
++++ b/tests/general/bug-222.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++1⠢0
+diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
+new file mode 100644
+index 00000000..e32dc473
+--- /dev/null
++++ b/tests/general/bug-222.xsl
+@@ -0,0 +1,6 @@
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++ <xsl:decimal-format name="f" grouping-separator="⠢"/>
++ <xsl:template match="/">
++ <xsl:value-of select="format-number(10,'#⠢0','f')"/>
++ </xsl:template>
++</xsl:stylesheet>
+--
+2.21.0
+
diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb
index 6320a82..abc00a0 100644
--- a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb
+++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb
@@ -10,6 +10,8 @@
SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
file://0001-Fix-security-framework-bypass.patch \
+ file://CVE-2019-13117.patch \
+ file://CVE-2019-13118.patch \
"
SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f"
diff --git a/poky/meta/recipes-support/nss/nss_3.44.bb b/poky/meta/recipes-support/nss/nss_3.45.bb
similarity index 98%
rename from poky/meta/recipes-support/nss/nss_3.44.bb
rename to poky/meta/recipes-support/nss/nss_3.45.bb
index 4205d79..e89e7d6 100644
--- a/poky/meta/recipes-support/nss/nss_3.44.bb
+++ b/poky/meta/recipes-support/nss/nss_3.45.bb
@@ -33,8 +33,8 @@
file://system-pkcs11.txt \
"
-SRC_URI[md5sum] = "e9222b9573452b9f4e6ff4915d6407c2"
-SRC_URI[sha256sum] = "a5620e59b6eeedfd5a12c9298b50ad92e9898b223e214eb675e36f4ffb5b6aff"
+SRC_URI[md5sum] = "f1752d7223ee9d910d551e57264bafa8"
+SRC_URI[sha256sum] = "112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b"
UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch b/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch
deleted file mode 100644
index 58cf3f9..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-It fails to stop rngd. It just shows warnings when stop rngd such as by:
-
-$ systemctl stop rngd.service
-
-but stalls shutdown untill daemon rngd is killed.
-
-Backport patch to fix the issue.
-
-Upstream-Status: Backport [https://bugzilla.redhat.com/show_bug.cgi?id=1690364#c8]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
-diff --git a/rngd_jitter.c b/rngd_jitter.c
-index 54070ae..7a69bf9 100644
---- a/rngd_jitter.c
-+++ b/rngd_jitter.c
-@@ -280,7 +280,7 @@ static void *thread_entropy_task(void *data)
-
- /* Write to pipe */
- written = 0;
-- while(written != me->buf_sz) {
-+ while(me->active && written != me->buf_sz) {
- message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n");
- ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written);
- message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service
index b1a7852..49d5de2 100644
--- a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service
+++ b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service
@@ -1,8 +1,5 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Daemon
-DefaultDependencies=no
-After=systemd-udev-settle.service
-Before=sysinit.target
[Service]
EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb
index aeb558b..b4e453f 100644
--- a/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb
+++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb
@@ -10,7 +10,6 @@
SRC_URI = "\
git://github.com/nhorman/rng-tools.git \
- file://fix-rngd-fail-to-stop.patch \
file://init \
file://default \
file://rngd.service \
@@ -46,8 +45,8 @@
install -Dm 0644 ${WORKDIR}/rngd.service \
${D}${systemd_system_unitdir}/rngd.service
sed -i \
- -e 's,@SYSCONFDIR@,${sysconfdir},' \
- -e 's,@SBINDIR@,${sbindir},' \
+ -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
${D}${sysconfdir}/init.d/rng-tools \
${D}${systemd_system_unitdir}/rngd.service
}
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb
deleted file mode 100644
index 438a4ea..0000000
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require sqlite3.inc
-
-LICENSE = "PD"
-LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
-
-SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[md5sum] = "3c68eb400f8354605736cd55400e1572"
-SRC_URI[sha256sum] = "d61b5286f062adfce5125eaf544d495300656908e61fca143517afcc0a89b7c3"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
new file mode 100644
index 0000000..07e36be
--- /dev/null
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
@@ -0,0 +1,8 @@
+require sqlite3.inc
+
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
+
+SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc"
+SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b"
diff --git a/poky/meta/recipes-support/vte/vte_0.56.1.bb b/poky/meta/recipes-support/vte/vte_0.56.3.bb
similarity index 92%
rename from poky/meta/recipes-support/vte/vte_0.56.1.bb
rename to poky/meta/recipes-support/vte/vte_0.56.3.bb
index 702436b..0deee17 100644
--- a/poky/meta/recipes-support/vte/vte_0.56.1.bb
+++ b/poky/meta/recipes-support/vte/vte_0.56.3.bb
@@ -19,8 +19,8 @@
file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \
file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \
"
-SRC_URI[archive.md5sum] = "a8984cd5a101dbff0b0c875d1de3f692"
-SRC_URI[archive.sha256sum] = "02fa8ecc02a9332e47f486795494527b5687b3bd448e73e6b67285f2f326dc7c"
+SRC_URI[archive.md5sum] = "adf341807861a5dad9f98e5c701c0769"
+SRC_URI[archive.sha256sum] = "17a1d4bc8848f1d2acfa4c20aaa24b9bac49f057b8909c56d3dafec2e2332648"
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"