poky: subtree update:20946c63c2..c17113f1e2
Adrian Bunk (3):
shadow: musl now supports secure_getenv
kmod: Replace dolt hacks with backport of upstream dolt removal
btrfs-tools: Add a PACKAGECONFIG for zstd
Alexander Kanavin (12):
linux-yocto: add drm-bochs support
mesa: fix upstream version check
conf/conf-notes.txt: add a mention of common tools
conf/conf-notes.txt: add a mention of common tools
gtk-doc: upgrade 1.30 -> 1.31
desktop-file-utils: upgrade 0.23 -> 0.24
libdazzle: upgrade 3.32.2 -> 3.32.3
rt-tests: exclude another development version
vala: upgrade 0.44.5 -> 0.44.7
epiphany: upgrade 3.32.3 -> 3.32.4
libmodulemd: depend on target python at build time
createrepo-c: upgrade 0.14.3 -> 0.15.0
Alistair Francis (3):
qemu: Upgrade to version 4.1
scripts/runqemu: Add support for the BIOS variable
qemuriscv64: Specify the firmware as a bios instead of kernel
Anuj Mittal (2):
binutils: fix CVE-2019-14250 CVE-2019-14444
patch: backport fixes
Bruce Ashfield (6):
kernel-devsrc: tweak for v5.3+
kern-tools: Add SPDX license headers to source files
linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
kernel-yocto: import security fragments from meta-security
kconf_check: tweak CONFIG_ regex
linux-yocto/4.19: make drm-bochs feature available
Changqing Li (2):
dbus: disable test-bus
qemumips/qemumips64: move QB_SYSTEM_NAME to corresponding conf
Chen Qi (1):
target-sdk-provides-dummy: extend packages for multilib case
He Zhe (2):
ltp: Fix tgkill03 failure
ltp: Fix ustat02 failure
Hongxu Jia (3):
nfs-utils: decrease RLIMIT_NOFILE to 4k for systemd
distcc: upgrade 3.3.2 -> 3.3.3
ncurses: upgrade 6.1+20181013 -> 6.1+20190803
Jaewon Lee (1):
devtool: build: Also run deploy for devtool build if applicable
Jason Wessel (2):
cross-localedef-native: Add hardlink resolver from util-linux
libc-package.bbclass: Split locale hard link processing into two parts
Jon Mason (1):
resulttool: Prevent multiple results for the same test
Kai Kang (1):
webkitgtk: disable gold on mipsn32
Kevin Hao (1):
psplash: Avoid mount the psplash tmpfs twice
Khem Raj (10):
musl: Update to latest tip
systemd: Drop musl __secure_getenv patch
mesa: Add packageconfigs for vc4 and v3d
util-linux: Make pam specific logic apply to target recipe alone
systemd.bbclass: Limit rm_sysvinit_initddir and rm_systemd_unitdir to target alone
systemd: Refresh patch after removal of __secure_getenv patch
gcc-9: Upgrade to 9.2
gcc: Search in OE specific target gcclibdir
opensbi: Disable SECURITY_CFLAGS since it cant link with libssp
libffi: Upgrade to 3.3-rc0
Lei Maohui (2):
nativesdk-qemu: support aarch64_be.
at: fix a spelling mistake.
Mikko Rapeli (1):
stress-ng: provide stress
Mingli Yu (1):
python3: fix the test_locale output format
Oleksandr Kravchuk (8):
ffmpeg: update to 4.2
python-setuptools: update to 41.1.0
python3-scons: update to 3.1.1
ofono: update to 1.30
bitbake.conf: fix XORG_MIRROR URL
cups: update to 2.2.12
git: update to 2.23.0
python-setuptools: update to 41.2.0
Otavio Salvador (2):
linux-firmware: Upgrade 20190618 -> 20190815
kmscube: Bump revision to f632b23
Philippe Normand (1):
libtasn1: Enable nativesdk support
Ricardo Ribalda Delgado (1):
packagegroup-core-base-utils: Make it machine specific
Richard Purdie (7):
yocto-check-layer: Ensure we use OEBasicHash as the signature handler
package: Fix race between do_package and do_packagedata
bitbake: cookerdata: Delay the setup of the siggen slightly to allow metadata defined siggens
bitbake: runqueue: Small but critical fix
bitbake: runqueue: Optimise holdoff task handling
bitbake: runqueue: Further optimise holdoff tasks
bitbake: runqueue: Optimise build_taskdepdata slightly
Ross Burton (2):
systemd: add PACKAGECONFIG for gnu-efi
pango: upgrade to 1.44.5
Trevor Gamblin (2):
quilt: Export QUILT_PC variable in ptest Makefile
quilt: added less to RDEPENDS list
Wes Lindauer (5):
iw: Fix license field to BSD-2-Clause
openssh: Update LICENSE field with missing values
shadow: Fix BSD license file checksum
sudo: Fix BSD license file checksum
libunwind: Fix MIT license file checksum
Yuan Chao (1):
libnss-nis: upgrade 3.0 -> 3.1
Zang Ruochen (3):
acpid: upgrade 2.0.31 -> 2.0.32
lz4:upgrade 1.9.1 -> 1.9.2
python3-pip:upgrade 19.2.1 -> 19.2.2
Change-Id: I2068692bfdbbf18f892761a12f85e913b8212f3f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
new file mode 100644
index 0000000..d6a219a1
--- /dev/null
+++ b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
@@ -0,0 +1,80 @@
+From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 7 May 2018 15:14:45 +0200
+Subject: Don't leak temporary file on failed multi-file ed-style patch
+
+The previous fix worked fine with single-file ed-style patches, but
+would still leak temporary files in the case of multi-file ed-style
+patch. Fix that case as well, and extend the test case to check for
+it.
+
+* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+ the next file in a patch.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/patch.c | 1 +
+ tests/ed-style | 31 +++++++++++++++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ }
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ }
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+
+ if (! skip_rest_of_patch && ! file_type)
+ {
+diff --git a/tests/ed-style b/tests/ed-style
+index 6b6ef9d..504e6e5 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -38,3 +38,34 @@ EOF
+ check 'cat foo' <<EOF
+ foo
+ EOF
++
++# Test the case where one ed-style patch modifies several files
++
++cat > ed3.diff <<EOF
++--- foo
+++++ foo
++1c
++bar
++.
++--- baz
+++++ baz
++0a
++baz
++.
++EOF
++
++# Apparently we can't create a file with such a patch, while it works fine
++# when the file name is provided on the command line
++cat > baz <<EOF
++EOF
++
++check 'patch -e -i ed3.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++bar
++EOF
++
++check 'cat baz' <<EOF
++baz
++EOF
+--
+cgit v1.0-41-gc330
+