poky: subtree update:52a625582e..7035b4b21e
Adrian Bunk (9):
squashfs-tools: Upgrade to 4.4
screen: Upgrade 4.6.2 -> 4.7.0
stress-ng: Upgrade 0.10.00 -> 0.10.08
nspr: Upgrade 4.21 -> 4.23
gcc: Remove stale gcc 8 patchfile
gnu-efi: Upgrade 3.0.9 -> 3.0.10
python3-numpy: Stop shipping manual config files
coreutils: Move stdbuf into an own package coreutils-stdbuf
gnu-efi: Upgrade 3.0.10 -> 3.0.11
Alessio Igor Bogani (1):
systemtap: support usrmerge
Alexander Hirsch (1):
libksba: Fix license specification
Alexander Kanavin (6):
gcr: update to 3.34.0
btrfs-tools: update to 5.3
libmodulemd-v1: update to 1.8.16
selftest: skip virgl test on centos 7 entirely
nfs-utils: do not depend on bash unnecessarily
selftest: add a test for gpl3-free images
Alistair Francis (4):
opensbi: Bump from 0.4 to 0.5
u-boot: Bump from 2019.07 to 2019.10
qemuriscv64: Build smode U-Boot
libsdl2: Fix build failure when using mesa 19.2.1
Andreas Müller (4):
adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
libical: add PACKAGECONFIG glib and enable it by default
André Draszik (10):
testimage.bbclass: support hardware-controlled targets
testimage.bbclass: enable ssh agent forwarding
oeqa/runtime/df: don't fail on long device names
oeqa/core/decorator: add skipIfFeature
oeqa/runtime/opkg: skip install on read-only-rootfs
oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
ruby: update to v2.6.4
ruby: some ptest fixes
oeqa/runtime/context.py: ignore more files when loading controllers
connman: mark connman-wait-online as SYSTEMD_PACKAGE
Bruce Ashfield (6):
linux-yocto/4.19: update to v4.19.78
linux-yocto/5.2: update to v5.2.20
perf: fix v5.4+ builds
perf: create directories before copying single files
perf: add 'cap' PACKAGECONFIG
perf: drop 'include' copy
Carlos Rafael Giani (12):
gstreamer1.0: upgrade to version 1.16.1
gstreamer1.0-plugins-base: upgrade to version 1.16.1
gstreamer1.0-plugins-good: upgrade to version 1.16.1
gstreamer1.0-plugins-bad: upgrade to version 1.16.1
gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
gstreamer1.0-libav: upgrade to version 1.16.1
gstreamer1.0-vaapi: upgrade to version 1.16.1
gstreamer1.0-omx: upgrade to version 1.16.1
gstreamer1.0-python: upgrade to version 1.16.1
gstreamer1.0-rtsp-server: upgrade to version 1.16.1
gst-validate: upgrade to version 1.16.1
gstreamer: Change SRC_URI to use HTTPS access instead of HTTP
Changqing Li (4):
qemu: Fix CVE-2019-12068
python: Fix CVE-2019-10160
sudo: fix CVE-2019-14287
mdadm: fix do_package failed when changed local.conf but not cleaned
Chee Yang Lee (2):
wic/help: change 'wic write' help description
wic/engine: use 'linux-swap' for swap file system
Chen Qi (3):
go: fix CVE-2019-16276
python3: fix CVE-2019-16935
python: fix CVE-2019-16935
Chris Laplante via bitbake-devel (2):
bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'
Christopher Larson (2):
bitbake: fetch2/git: fetch shallow revs when needed
bitbake: tests/fetch: add test for fetching shallow revs
Dan Callaghan (1):
elfutils: add PACKAGECONFIG for compression algorithms
Douglas Royds via Openembedded-core (1):
icecc: Export ICECC_CC and friends via wrapper-script
Eduardo Abinader (1):
devtool: add ssh key option to deploy-target param
Eugene Smirnov (1):
wic/rawcopy: Support files in sub-directories
Ferry Toth (1):
sudo: Fix fetching sources
Frazer Leslie Clews (2):
makedevs: fix format strings in makedevs.c in print statements
makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf
George McCollister (1):
openssl: make OPENSSL_ENGINES match install path
Haiqing Bai (1):
unfs3: fixed the issue that unfsd consumes 100% CPU
He Zhe (1):
ltp: Fix overcommit_memory failure
Hongxu Jia (1):
openssh: fix CVE-2019-16905
Joe Slater (2):
libtiff: fix CVE-2019-17546
libxslt: fix CVE-2019-18197
Kai Kang (1):
bind: fix CVE-2019-6471 and CVE-2018-5743
Liwei Song (1):
util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]
Mattias Hansson (1):
base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
Max Tomago (1):
python-native: Remove debug.patch
Maxime Roussin-Bélanger (2):
meta: update and add missing homepage/bugtracker links
meta: add missing description in recipes-gnome
Michael Ho (1):
cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH
Mike Crowe (2):
kernel-fitimage: Cope with non-standard kernel deploy subdirectory
kernel-devicetree: Cope with non-standard kernel deploy subdirectory
Mikko Rapeli (1):
systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}
Nicola Lunghi (1):
ofono: tidy up the recipe
Ola x Nilsson (10):
oeqa/selftest/recipetool: Use with to control file handle lifetime
oe.types.path: Use with to control file handle lifetime
lib/oe/packagedata: Use with to control file handle lifetime
lib/oe/package_manager: Use with to control file handle lifetime
report-error.bbclass: Use with to control file handle lifetime
package.bbclass: Use with to manage file handle lifetimes
devtool-source.bbclass: Use with to manage file handle lifetime
libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
bitbake: bitbake: prserv/serv: Use with while reading pidfile
bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime
Oleksandr Kravchuk (4):
ell: update to 0.23
ell: update to 0.25
ell: update to 0.26
ofono: update to 1.31
Ricardo Ribalda Delgado (1):
i2c-tools: Add missing RDEPEND
Richard Leitner (1):
kernel-fitimage: introduce FIT_SIGN_ALG
Richard Purdie (4):
tinderclient: Drop obsolete class
meson: Backport fix to assist meta-oe breakage
nfs-utils: Improve handling when no exported fileysystems
qemu: Avoid potential build configuration contamination
Robert Yang (1):
bluez5: Fix for --enable-btpclient
Ross Burton (29):
sanity: check the format of SDK_VENDOR
file: explicitly disable seccomp
python3: -dev should depend on distutils
gawk: add PACKAGECONFIG for readline
python3: alternative name is python3-config not python-config
python3: ensure that all forms of python3-config are in python3-dev
oeqa/selftest: use specialist assert* methods
bluez5: refresh upstreamed patches
xorgproto: fix summary
libx11: upgrade to 1.6.9
xorgproto: upgrade to 2019.2
llvm: add missing Upstream-Status tags
buildhistory-analysis: filter out -src changes by default
squashfs-tools: remove redundant source checksums
squashfs-tools: clean up compile/install tasks
wpa-supplicant: fix CVE-2019-16275
gcr: remove intltool-native
elfutils: disable bzip
cve-check: ensure all known CVEs are in the report
git: some tools are no longer perl, so move to main recipe
git: cleanup man install
qemu-helper-native: add missing option to getopt() call
qemu-helper-native: showing help shouldn't be an error
qemu-helper-native: pass compiler flags
oeqa/selftest: add test for oe-run-native
cve-check: failure to parse versions should be more visible
gst-examples: rename so PV is in filename
sanity: check for more bits of Python
recipeutils-test: use a small dependency in the dummy recipe
Sai Hari Chandana Kalluri (1):
devtool: Add --remove-work option for devtool reset command
Scott Rifenbark (9):
ref-manual: First pass of 2.8 migration changes (WIP)
poky.ent: Updated the release date to October 2019
dev-manual: Added info to "Selecting an Initialization Manager"
ref-manual: 2nd pass 3.0 migration
documenation: Changed "2.8" to "3.0".
ref-manual: Removed deprecated link to ref-classes-bluetooth
ref-manual, dev-manual: Clean up of a commit
ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
ref-manual, dev-manual: Added CMake toolchain files.
Stefan Agner (1):
uninative: check .done file instead of tarball
Tom Benn (1):
dbus: update dbus-1.init to reflect new PID file
Trevor Gamblin (5):
aspell: upgrade from 0.60.7 to 0.60.8
binutils: fix CVE-2019-17450
binutils: fix CVE-2019-17451
ncurses: fix CVE-2019-17594, CVE-2019-17595
libgcrypt: upgrade 1.8.4 -> 1.8.5
Trevor Woerner (1):
libcap-ng: undefined reference to `pthread_atfork'
Wenlin Kang (1):
sysstat: fix CVE-2019-16167
Yann Dirson (1):
mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG
Yeoh Ee Peng (1):
scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages
Yi Zhao (2):
libsdl2: fix CVE-2019-13616
libgcrypt: fix CVE-2019-12904
Zang Ruochen (6):
bison:upgrade 3.4.1 -> 3.4.2
e2fsprogs:upgrade 1.45.3 -> 1.45.4
libxvmc:upgrade 1.0.11 -> 1.0.12
python3-pip:upgrade 19.2.3 -> 19.3.1
python-setuptools:upgrade 41.2.0 -> 41.4.0
libcap-ng:upgrade 0.7.9 -> 0.7.10
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b
diff --git a/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch b/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
new file mode 100644
index 0000000..032cfb8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
@@ -0,0 +1,278 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
+Date: Thu, 17 Jan 2019 15:53:38 +0100
+Subject: [PATCH 3/6] use reference counter for pipeline groups (v3)
+
+Track pipeline groups using a shared reference counter
+instead of a linked list.
+
+(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91)
+(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb)
+---
+ bin/named/client.c | 171 ++++++++++++++++++++-----------
+ bin/named/include/named/client.h | 2 +-
+ 2 files changed, 110 insertions(+), 63 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index a7b49a0f71..277656cef0 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+ }
+ }
+
++/*%
++ * Allocate a reference counter that will track the number of client structures
++ * using the TCP connection that 'client' called accept() for. This counter
++ * will be shared between all client structures associated with this TCP
++ * connection.
++ */
++static void
++pipeline_init(ns_client_t *client) {
++ isc_refcount_t *refs;
++
++ REQUIRE(client->pipeline_refs == NULL);
++
++ /*
++ * A global memory context is used for the allocation as different
++ * client structures may have different memory contexts assigned and a
++ * reference counter allocated here might need to be freed by a
++ * different client. The performance impact caused by memory context
++ * contention here is expected to be negligible, given that this code
++ * is only executed for TCP connections.
++ */
++ refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
++ isc_refcount_init(refs, 1);
++ client->pipeline_refs = refs;
++}
++
++/*%
++ * Increase the count of client structures using the TCP connection that
++ * 'source' is associated with and put a pointer to that count in 'target',
++ * thus associating it with the same TCP connection.
++ */
++static void
++pipeline_attach(ns_client_t *source, ns_client_t *target) {
++ int old_refs;
++
++ REQUIRE(source->pipeline_refs != NULL);
++ REQUIRE(target->pipeline_refs == NULL);
++
++ old_refs = isc_refcount_increment(source->pipeline_refs);
++ INSIST(old_refs > 0);
++ target->pipeline_refs = source->pipeline_refs;
++}
++
++/*%
++ * Decrease the count of client structures using the TCP connection that
++ * 'client' is associated with. If this is the last client using this TCP
++ * connection, free the reference counter and return true; otherwise, return
++ * false.
++ */
++static bool
++pipeline_detach(ns_client_t *client) {
++ isc_refcount_t *refs;
++ int old_refs;
++
++ REQUIRE(client->pipeline_refs != NULL);
++
++ refs = client->pipeline_refs;
++ client->pipeline_refs = NULL;
++
++ old_refs = isc_refcount_decrement(refs);
++ INSIST(old_refs > 0);
++
++ if (old_refs == 1) {
++ isc_mem_free(client->sctx->mctx, refs);
++ return (true);
++ }
++
++ return (false);
++}
++
+ /*%
+ * Check for a deactivation or shutdown request and take appropriate
+ * action. Returns true if either is in progress; in this case
+@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) {
+ client->tcpmsg_valid = false;
+ }
+
++ if (client->tcpquota != NULL) {
++ if (client->pipeline_refs == NULL ||
++ pipeline_detach(client))
++ {
++ /*
++ * Only detach from the TCP client quota if
++ * there are no more client structures using
++ * this TCP connection.
++ *
++ * Note that we check 'pipeline_refs' and not
++ * 'pipelined' because in some cases (e.g.
++ * after receiving a request with an opcode
++ * different than QUERY) 'pipelined' is set to
++ * false after the reference counter gets
++ * allocated in pipeline_init() and we must
++ * still drop our reference as failing to do so
++ * would prevent the reference counter itself
++ * from being freed.
++ */
++ isc_quota_detach(&client->tcpquota);
++ } else {
++ /*
++ * There are other client structures using this
++ * TCP connection, so we cannot detach from the
++ * TCP client quota to prevent excess TCP
++ * connections from being accepted. However,
++ * this client structure might later be reused
++ * for accepting new connections and thus must
++ * have its 'tcpquota' field set to NULL.
++ */
++ client->tcpquota = NULL;
++ }
++ }
++
+ if (client->tcpsocket != NULL) {
+ CTRACE("closetcp");
+ isc_socket_detach(&client->tcpsocket);
+@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) {
+ }
+ }
+
+- if (client->tcpquota != NULL) {
+- /*
+- * If we are not in a pipeline group, or
+- * we are the last client in the group, detach from
+- * tcpquota; otherwise, transfer the quota to
+- * another client in the same group.
+- */
+- if (!ISC_LINK_LINKED(client, glink) ||
+- (client->glink.next == NULL &&
+- client->glink.prev == NULL))
+- {
+- isc_quota_detach(&client->tcpquota);
+- } else if (client->glink.next != NULL) {
+- INSIST(client->glink.next->tcpquota == NULL);
+- client->glink.next->tcpquota = client->tcpquota;
+- client->tcpquota = NULL;
+- } else {
+- INSIST(client->glink.prev->tcpquota == NULL);
+- client->glink.prev->tcpquota = client->tcpquota;
+- client->tcpquota = NULL;
+- }
+- }
+-
+- /*
+- * Unlink from pipeline group.
+- */
+- if (ISC_LINK_LINKED(client, glink)) {
+- if (client->glink.next != NULL) {
+- client->glink.next->glink.prev =
+- client->glink.prev;
+- }
+- if (client->glink.prev != NULL) {
+- client->glink.prev->glink.next =
+- client->glink.next;
+- }
+- ISC_LINK_INIT(client, glink);
+- }
+-
+ if (client->timerset) {
+ (void)isc_timer_reset(client->timer,
+ isc_timertype_inactive,
+@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ dns_name_init(&client->signername, NULL);
+ client->mortal = false;
+ client->pipelined = false;
++ client->pipeline_refs = NULL;
+ client->tcpquota = NULL;
+ client->recursionquota = NULL;
+ client->interface = NULL;
+@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ client->formerrcache.id = 0;
+ ISC_LINK_INIT(client, link);
+ ISC_LINK_INIT(client, rlink);
+- ISC_LINK_INIT(client, glink);
+ ISC_QLINK_INIT(client, ilink);
+ client->keytag = NULL;
+ client->keytag_len = 0;
+@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ !allowed(&netaddr, NULL, NULL, 0, NULL,
+ ns_g_server->keepresporder)))
+ {
++ pipeline_init(client);
+ client->pipelined = true;
+ }
+
+@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ ns_interface_attach(ifp, &client->interface);
+ client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ INSIST(client->recursionquota == NULL);
+-
+- /*
+- * Transfer TCP quota to the new client.
+- */
+- INSIST(client->tcpquota == NULL);
+- INSIST(oldclient->tcpquota != NULL);
+- client->tcpquota = oldclient->tcpquota;
+- oldclient->tcpquota = NULL;
+-
+- /*
+- * Link to a pipeline group, creating it if needed.
+- */
+- if (!ISC_LINK_LINKED(oldclient, glink)) {
+- oldclient->glink.next = NULL;
+- oldclient->glink.prev = NULL;
+- }
+- client->glink.next = oldclient->glink.next;
+- client->glink.prev = oldclient;
+- if (oldclient->glink.next != NULL) {
+- oldclient->glink.next->glink.prev = client;
+- }
+- oldclient->glink.next = client;
++ client->tcpquota = &client->sctx->tcpquota;
+
+ client->dscp = ifp->dscp;
+
+ client->attributes |= NS_CLIENTATTR_TCP;
+- client->pipelined = true;
+ client->mortal = true;
+
++ pipeline_attach(oldclient, client);
++ client->pipelined = true;
++
+ isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
+ isc_socket_attach(sock, &client->tcpsocket);
+ isc_socket_setname(client->tcpsocket, "worker-tcp", NULL);
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index 1f7973f9c5..aeed9ccdda 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -134,6 +134,7 @@ struct ns_client {
+ dns_name_t *signer; /*%< NULL if not valid sig */
+ bool mortal; /*%< Die after handling request */
+ bool pipelined; /*%< TCP queries not in sequence */
++ isc_refcount_t *pipeline_refs;
+ isc_quota_t *tcpquota;
+ isc_quota_t *recursionquota;
+ ns_interface_t *interface;
+@@ -167,7 +168,6 @@ struct ns_client {
+
+ ISC_LINK(ns_client_t) link;
+ ISC_LINK(ns_client_t) rlink;
+- ISC_LINK(ns_client_t) glink;
+ ISC_QLINK(ns_client_t) ilink;
+ unsigned char cookie[8];
+ uint32_t expire;
+--
+2.20.1
+