poky: subtree update:a8544811d7..b5763b2f48
Alexander Kanavin (29):
rpm: upgrade to 4.15.1
libmodulemd: move from 1.x to 2.x version
libdnf: upgrade 0.28.1 -> 0.47.0
dnf: upgrade 4.2.2 -> 4.2.21
dnf: add a patch for base-files installation failures
logrotate: update to 3.16.0
rt-tests: further exclusion of development versions
kmscube: update to latest commit
xcb-proto: update to 1.14
libxcb: update to 1.14
ghostscript: do not hardcode version in SRC_URI
ghostscript: update 9.50 -> 9.52
webkitgtk: update to 2.28.2
python3-gitdb: update to 4.0.4
libevdev: update to 1.9.0
python3-dbusmock: add recipe from meta-oe
mc: update to 4.8.24
coreutils: update to 8.32
glib-2.0: update 2.62.4 -> 2.64.2
glib-networking: update to 2.64.2
gptfdisk: update to 1.0.5
clutter-1.0: update to 1.26.4
diffoscope: update to 143
wpe: update to 1.6.0
vte: update to 0.60.2
libnotify: update to 0.7.9
connman: update to 1.38
xkeyboard-config: update to 2.29
gcr: update to 3.36.0
Andreas M?ller (1):
libsecret: upgrade 0.20.1 -> 0.20.3 / port to meson
Anibal Limon (2):
ptest-runner: Bump to 2.4.0
oeqa/runtime: Use libdir to run ptest-runner
Bartłomiej Burdukiewicz (2):
libva: add PACKAGECONFIG and additonal rules for glx.
libva: removed opengl from REQUIRED_DISTRO_FEATURES.
Benjamin Fair (1):
util-linux: fix build error in kill
Bruce Ashfield (4):
linux-yocto/5.4: update to v5.4.28
linux-yocto/5.4: update to v5.4.32
linux-yocto-dev: bump to v5.7-rc
linux-yocto/5.4: update to v5.4.34
Frazer Clews (2):
bitbake: lib/toaster: fixup codebase so pydocstyle can parse
bitbake: lib/bs4/testing.py: fix bs4 testing
Jan Luebbe (1):
openssl: upgrade 1.1.1f -> 1.1.1g
Joshua Watt (1):
jquery: Upgrade 3.4.1 -> 3.5.0
Khem Raj (2):
dpkg: Add riscv32 CPU support
musl: Remove spurious unused patch
Mingli Yu (1):
iputils: Initialize libgcrypt
Peter Kjellerstedt (1):
libdnf: Use single-quotes around string literals used in SQL statements
Pierre-Jean Texier (3):
timezone: upgrade 2019c -> 2020a
curl: upgrade 7.69.1 -> 7.70.0
curl: support mqtt in PACKAGECONFIG
Richard Purdie (6):
sanity: Require gcc 6 or later
gcc-target: Ensure buildtools-extended-tarball doesn't use arch=native
abi_version/staging: Bump versions to force rebuild after sstate corruption
bitbake: bitdoc: Remove it
utils: Drop FILESPATHPKG usage
utils: Drop is_machine_specific()/machine_paths()
Robert P. J. Day (5):
ref-manual: fix excessive command indentation
ref-manual: IMAGE_TYPES, add tar.zst, delete elf
ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS"
ref-manual: Remove long-dead PACKAGE_GROUP variable
bitbake: docs: delete reference to obsolete recipe-depends.dot
Sakib Sajal (1):
sqlite: backport CVE fixes
Tim Orling (2):
atk: upgrade 2.34.1 -> 2.36.0
at-spi2-core: upgrade 2.34.0 -> 2.36.0
Vyacheslav Yurkov (1):
os-release: sanitize required fields
Wang Mingyu (1):
icu: CVE-2020-10531
Change-Id: Iae5641be5ca6424275d2e0d63ba3a7a5ba90cde2
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch
new file mode 100644
index 0000000..b88a724
--- /dev/null
+++ b/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch
@@ -0,0 +1,70 @@
+From 2d69a520d027eb73eb6da9f2653d23e33b10e8bb Mon Sep 17 00:00:00 2001
+From: Sakib Sajal <sakib.sajal@windriver.com>
+Date: Thu, 30 Apr 2020 10:14:36 -0700
+Subject: [PATCH 1/2] Fix a case when a pointer might be used after
+ being freed in the ALTER TABLE code. Fix for [4722bdab08cb1].
+
+FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906
+Upstream Status: Backport [fb99e388ec7f30fe43e4878236e3695ff24ae58d]
+
+[PATCH 2/2] Do not suppress errors when resolving references in an ORDER
+ BY clause belonging to a compound SELECT within a view or trigger within
+ ALTER TABLE. Fix for ticket [a10a14e9b4ba2].
+
+FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026
+Upstream Status: Backport [4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae]
+
+The two patches were converted to amalgamation format.
+
+CVE: CVE-2020-11656
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ sqlite3.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 64fae04..1df6633 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList(
+ nc.nErr = 0;
+ db = pParse->db;
+ savedSuppErr = db->suppressErr;
+- db->suppressErr = 1;
++ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1;
+ rc = sqlite3ResolveExprNames(&nc, pE);
+ db->suppressErr = savedSuppErr;
+ if( rc ) return 0;
+@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){
+ }
+ }
+
++/*
++** Unmap all tokens in the IdList object passed as the second argument.
++*/
++static void unmapColumnIdlistNames(
++ Parse *pParse,
++ IdList *pIdList
++){
++ if( pIdList ){
++ int ii;
++ for(ii=0; ii<pIdList->nId; ii++){
++ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName);
++ }
++ }
++}
++
+ /*
+ ** Walker callback used by sqlite3RenameExprUnmap().
+ */
+@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){
+ for(i=0; i<pSrc->nSrc; i++){
+ sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName);
+ if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort;
++ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing);
+ }
+ }
+
+--
+2.17.1
+