poky: subtree update:81f9e815d3..03d4d9d68f

Adrian Bunk (1):
      json-c: Don't --enable-rdrand

Alessio Igor Bogani (2):
      wic: Using the right rootfs size during prepare_rootfs
      rootfs-postcommands: Avoid use of an hard-coded value

Alexander Kanavin (1):
      binutils: drop UPSTREAM_VERSION_UNKNOWN

Alexandre Bard (1):
      systemd: Expose resolv-conf alternative only when resolved is built

Andre McCurdy (1):
      ffmpeg: enable more verbose build logs

André Draszik (4):
      ruby: drop long-merged CVE patches
      ruby: configure mis-detects isnan/isinf on musl
      ruby: fix non-IPv6 support
      packagegroup: fix a comment regarding PACKAGE_ARCH

Bruce Ashfield (6):
      linux-yocto/5.2: update to v5.2.13
      linux-yocto/4.19: update to v4.19.72
      linux-yocto/5.2: update to v5.2.14
      linux-yocto/5.2: update to v5.2.16
      linux-yocto/5.2: update to v5.2.17
      yocto-bsps: update to v5.2.17

Böszörményi Zoltán via Openembedded-core (1):
      classes/image-live.bbclass: Don't hardcode cpio.gz

Changqing Li (2):
      devtool.py: change to do clean before remove-layer
      devtool.py: fix buildclean test

Chen Qi (1):
      systemd: fix NFS regression

Dan Tran (1):
      unzip: Fix CVE-2019-13232

David Reyna (2):
      bitbake: toaster: issues in import layer when clicking 'add layer'
      bitbake: toaster: improve warnings when adding dependency to packages

Diego Rondini (2):
      initramfs-framework: fix var name
      initramfs-framework: support PARTLABEL option

Douglas Royds (1):
      icecc: Don't use icecc when INHIBIT_DEFAULT_DEPS is set

He Zhe (1):
      ltp: Fix hang of cve test cases

Heiko Schocher (1):
      kernel.fitimage.bbclass: remove ramdisk_ctype

Jacob Kroon (1):
      bitbake: tests/data: Test combinations of _append together with override

Joe Slater (1):
      bash-completion: add image feature

Jonathan Marler (1):
      package: Multiple shlib_providers for the same file should error

Joshua Watt (8):
      classes/reproducible_build: Move SDE deploy to another directory
      oeqa: Test multiconfig parsing
      bitbake: cookerdata: Add mc conffiles hashes to cache hash
      bitbake: hashserve: Add missing import
      bitbake: siggen: Fix attribute error when hashserver fails
      bitbake: hashserv: Don't daemonize server process
      local.conf.sample: Add Hash Equivalence
      classes/reproducible_build: Create SDE destination

Khem Raj (7):
      musl: Fix riscv64 CAS functions
      qemuriscv: Do not blacklist clang anymore
      sdk: Install nativesdk locales for all TCLIBC variants
      strace: Upgrade to 5.3
      packagegroups: All groups are not allarch
      musl: Fix __riscv_mc* containers to match glibc
      core-image-sato-sdk-ptest: Remove valgrind ptests for riscv

Konrad Scherer (1):
      gen-lockedsig-cache: Replace glob lookup with hash to filename lookup

Lei Maohui (1):
      bluez5: update patch to fix do_patch error when PATCHTOOL = "patch".

Li Zhou (1):
      shadow: use relaxed usernames for all

Limeng (1):
      u-boot: add CVE patches for u-boot

Nathan Rossi (2):
      oeqa/core/utils/concurrencytest.py: Handle exceptions and details
      oeqa/core/case.py: Encode binary data of log

Niclas Svensson (1):
      devtool: finish: Keep patches ordered when updating bbappend

Otavio Salvador (1):
      mesa: Add freedreno PACKAGECONFIG option

Peter Kjellerstedt (3):
      systemd: Make it build with hwdb disabled
      devtool: finish: Add suppport for the --no-clean option
      lib/oe/lsb: Make sure the distro ID is always lowercased

Randy MacLeod (1):
      ffmpeg: update from 4.2 to 4.2.1

Richard Purdie (17):
      Revert "meta-extsdk: Either an sstate task is a proper task or it isn't"
      sstatesig: Fix hash equivlanency locked signature issues
      oeqa/selftest/signing: Fix for hash equivlance server
      lib/sstatesig: Fix class inheritance problems
      populate_sdk_ext: Fix for hash equiv
      bitbake: runqueue: Fix task migration problems
      bitbake: siggen: Ensure setscenetasks list is available to worker context
      bitbake: runqueue: Change task migration behaviour for rerunning setscene tasks
      bitbake: siggen/runqueue: Fix signature mismatch issues
      bitbake: siggen: Avoid writing misleading sigdata files
      bitbake: runqueue: Save unihashes more frequently
      bitbake: runqueue: Small performance optimisation
      bitbake: siggen: Remove full path from unitaskhashes keys
      bitbake: tests/runqueue: Fix hashserve shutdown race
      base: Improve module import error message
      sanity.conf: Bump minimum bitbake version
      bitbake: bitbake: Bump verison 1.43.1 -> 1.43.2

Robert Yang (6):
      cases/bbtests.py: test_bitbake_g(): Check base-files rather than busybox
      expect: Fix configure error for nativesdk
      net-tools: Fix installed-vs-shipped for nativesdk
      expect: Fix buffer overflow error when build in long path
      apr: Check for libtoolize rather than libtool
      lttng-ust: Fix for --enable-python-agent

Ross Burton (12):
      oeqa/selftest/reproducible: test ipkgs too
      distcc: clean up the UI install logic
      distcc: use --enable-tcp-insecure instead of --make-me-a-botnet
      distcc: split into client and server packages
      json-c: clean up recipe
      json-c: use GitHub for upstream release checking
      bitbake: fetch2/git: refactor check for git-lfs command
      bitbake: tests/fetch: add test case for git-lfs handling
      python3: move runpy to core
      pango: fix the failing testiter test case
      opkg: remove redundant systemd inherit
      lttng-ust: update patch Signed-off-by

Trevor Gamblin (5):
      python3-subunit: ensure runtime dependencies are present
      python3-pip: ensure pickle is installed
      lighttpd: remove fam as a PACKAGECONFIG option
      tiff: fix CVE-2019-14973
      opkg: remove pathfinder PACKAGECONFIG option

Wang Quanyang (1):
      kexec-tools: fix arm kexec failure for __NR_kexec_file_load

Yi Zhao (1):
      python: add tk-lib as runtime dependency for python-tkinter

Change-Id: I0570125d49f7e4bc3bbf70508cbfd7e10bdbc032
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb
index 72990d0..2e83c82 100644
--- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb
+++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb
@@ -39,14 +39,13 @@
 PACKAGECONFIG[pcre] = "--with-pcre,--without-pcre,libpcre"
 PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib"
 PACKAGECONFIG[bzip2] = "--with-bzip2,--without-bzip2,bzip2"
-PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin"
 PACKAGECONFIG[webdav-props] = "--with-webdav-props,--without-webdav-props,libxml2 sqlite3"
 PACKAGECONFIG[webdav-locks] = "--with-webdav-locks,--without-webdav-locks,util-linux"
 PACKAGECONFIG[gdbm] = "--with-gdbm,--without-gdbm,gdbm"
 PACKAGECONFIG[memcache] = "--with-memcached,--without-memcached,libmemcached"
 PACKAGECONFIG[lua] = "--with-lua,--without-lua,lua"
 
-EXTRA_OECONF += "--enable-lfs"
+EXTRA_OECONF += "--enable-lfs --without-fam"
 
 inherit autotools pkgconfig update-rc.d gettext systemd
 
diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch b/poky/meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch
new file mode 100644
index 0000000..cc40081
--- /dev/null
+++ b/poky/meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch
@@ -0,0 +1,64 @@
+From e3a8502d0a4f8a44ddd02ca4b2efc097133fb9f7 Mon Sep 17 00:00:00 2001
+From: Mathias Fiedler <mathias.fiedler@aox-tech.de>
+Date: Fri, 23 Aug 2019 12:46:48 +0200
+Subject: [PATCH] cve-2017-17052: Avoid unsafe exits in threads
+
+According to manpage exit(3) calling exit is not thread-safe.
+And with glibc 2.28 (and probably also with glibc >=2.27) sometimes
+child processes created in fork_thread can get stuck on process exit in
+glibc's __run_exit_handlers trying to acquire some lock which was in
+locked state while the fork was created. This can happen when exit is
+called in mmap_thread concurrently to the fork.
+While the main process will still return with PASSED some of its
+children are left behind.
+
+Comparing the source code with the original program as described in the
+commit 2b7e8665b4ff51c034c55df3cff76518d1a9ee3a of linux kernel >=4.13
+the exits in mmap_thread and fork_thread should not be necessary to
+trigger the original bug.
+
+Therefore those exit calls are removed. The mmap_thread and fork_thread
+should still exit when their corresponding main thread in do_test_fork
+calls exit_group. The remaining exit in do_test_fork will be called in
+the main thread without any concurrent thread in the same process.
+
+Signed-off-by: Mathias Fiedler <mathias.fiedler@aox-tech.de>
+Acked-by: Cyril Hrubis <chrubis@suse.cz>
+Acked-by: Jan Stancek <jstancek@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/linux-test-project/ltp/commit/9f0b452c1af4bcb54da35711eb3fa77334a350b4]
+
+CVE: CVE-2017-17052
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ testcases/cve/cve-2017-17052.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/testcases/cve/cve-2017-17052.c b/testcases/cve/cve-2017-17052.c
+index d7da7e919..18cd2a6d7 100644
+--- a/testcases/cve/cve-2017-17052.c
++++ b/testcases/cve/cve-2017-17052.c
+@@ -58,8 +58,6 @@ static void *mmap_thread(void *arg)
+ 	for (;;) {
+ 		SAFE_MMAP(NULL, 0x1000000, PROT_READ,
+ 				MAP_POPULATE|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+-		if (*do_exit)
+-			exit(0);
+ 	}
+ 
+ 	return arg;
+@@ -67,9 +65,6 @@ static void *mmap_thread(void *arg)
+ 
+ static void *fork_thread(void *arg)
+ {
+-	if (*do_exit)
+-		exit(0);
+-
+ 	usleep(rand() % 10000);
+ 	SAFE_FORK();
+ 
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-extended/ltp/ltp_20190517.bb b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
index e9a588f..4650715 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20190517.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
@@ -48,6 +48,7 @@
            file://0001-cve-meltdown.c-Fix-kernel-symbol-finding.patch \
            file://0001-testcases-use-python3-everywhere-to-run-python-scrip.patch \
            file://0001-syscall-rt_sigtimedwait01-Fix-wrong-sigset-length-fo.patch \
+           file://0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-extended/net-tools/net-tools_1.60-26.bb b/poky/meta/recipes-extended/net-tools/net-tools_1.60-26.bb
index b565fd0..5a376e7 100644
--- a/poky/meta/recipes-extended/net-tools/net-tools_1.60-26.bb
+++ b/poky/meta/recipes-extended/net-tools/net-tools_1.60-26.bb
@@ -95,7 +95,7 @@
 
 do_install() {
 	# We don't need COPTS or LOPTS, but let's be consistent.
-	oe_runmake COPTS="$CFLAGS" LOPTS="$LDFLAGS" 'BASEDIR=${D}' install
+	oe_runmake COPTS="$CFLAGS" LOPTS="$LDFLAGS" BASEDIR=${D} INSTALLNLSDIR=${D}${datadir}/locale mandir=${mandir} install
 
 	if [ "${base_bindir}" != "/bin" ]; then
 		mkdir -p ${D}/${base_bindir}
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 7f8ee78..af38b91 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -14,12 +14,12 @@
            file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch  \
            file://0001-configure.ac-fix-configure-error-with-dash.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://shadow-relaxed-usernames.patch \
            "
 
 SRC_URI_append_class-target = " \
            file://login_defs_pam.sed \
            file://shadow-update-pam-conf.patch \
-           file://shadow-relaxed-usernames.patch \
            "
 
 SRC_URI_append_class-native = " \
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
new file mode 100644
index 0000000..d485a1b
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
@@ -0,0 +1,33 @@
+From 080d52c3c9416c731f637f9c6e003961ef43f079 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Mon, 27 May 2019 08:20:32 -0700
+Subject: [PATCH 1/3] Fix bug in undefer_input() that misplaced the input
+ state.
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ fileio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fileio.c b/fileio.c
+index 7605a29..14460f3 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -532,8 +532,10 @@ void undefer_input(__G)
+          * This condition was checked when G.incnt_leftover was set > 0 in
+          * defer_leftover_input(), and it is NOT allowed to touch G.csize
+          * before calling undefer_input() when (G.incnt_leftover > 0)
+-         * (single exception: see read_byte()'s  "G.csize <= 0" handling) !!
++         * (single exception: see readbyte()'s  "G.csize <= 0" handling) !!
+          */
++        if (G.csize < 0L)
++            G.csize = 0L;
+         G.incnt = G.incnt_leftover + (int)G.csize;
+         G.inptr = G.inptr_leftover - (int)G.csize;
+         G.incnt_leftover = 0;
+-- 
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
new file mode 100644
index 0000000..41037a8
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
@@ -0,0 +1,356 @@
+From 1aae47fa8935654a84403768f32c03ecbb1be470 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Tue, 11 Jun 2019 22:01:18 -0700
+Subject: [PATCH 2/3] Detect and reject a zip bomb using overlapped entries.
+
+This detects an invalid zip file that has at least one entry that
+overlaps with another entry or with the central directory to the
+end of the file. A Fifield zip bomb uses overlapped local entries
+to vastly increase the potential inflation ratio. Such an invalid
+zip file is rejected.
+
+See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
+analysis, construction, and examples of such zip bombs.
+
+The detection maintains a list of covered spans of the zip files
+so far, where the central directory to the end of the file and any
+bytes preceding the first entry at zip file offset zero are
+considered covered initially. Then as each entry is decompressed
+or tested, it is considered covered. When a new entry is about to
+be processed, its initial offset is checked to see if it is
+contained by a covered span. If so, the zip file is rejected as
+invalid.
+
+This commit depends on a preceding commit: "Fix bug in
+undefer_input() that misplaced the input state."
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ extract.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ globals.c |   1 +
+ globals.h |   3 +
+ process.c |  10 +++
+ unzip.h   |   1 +
+ 5 files changed, 204 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index 24db2a8..2bb72ba 100644
+--- a/extract.c
++++ b/extract.c
+@@ -321,6 +321,125 @@ static ZCONST char Far UnsupportedExtraField[] =
+   "\nerror:  unsupported extra-field compression type (%u)--skipping\n";
+ static ZCONST char Far BadExtraFieldCRC[] =
+   "error [%s]:  bad extra-field CRC %08lx (should be %08lx)\n";
++static ZCONST char Far NotEnoughMemCover[] =
++  "error: not enough memory for bomb detection\n";
++static ZCONST char Far OverlappedComponents[] =
++  "error: invalid zip file with overlapped components (possible zip bomb)\n";
++
++
++
++
++
++/* A growable list of spans. */
++typedef zoff_t bound_t;
++typedef struct {
++    bound_t beg;        /* start of the span */
++    bound_t end;        /* one past the end of the span */
++} span_t;
++typedef struct {
++    span_t *span;       /* allocated, distinct, and sorted list of spans */
++    size_t num;         /* number of spans in the list */
++    size_t max;         /* allocated number of spans (num <= max) */
++} cover_t;
++
++/*
++ * Return the index of the first span in cover whose beg is greater than val.
++ * If there is no such span, then cover->num is returned.
++ */
++static size_t cover_find(cover, val)
++    cover_t *cover;
++    bound_t val;
++{
++    size_t lo = 0, hi = cover->num;
++    while (lo < hi) {
++        size_t mid = (lo + hi) >> 1;
++        if (val < cover->span[mid].beg)
++            hi = mid;
++        else
++            lo = mid + 1;
++    }
++    return hi;
++}
++
++/* Return true if val lies within any one of the spans in cover. */
++static int cover_within(cover, val)
++    cover_t *cover;
++    bound_t val;
++{
++    size_t pos = cover_find(cover, val);
++    return pos > 0 && val < cover->span[pos - 1].end;
++}
++
++/*
++ * Add a new span to the list, but only if the new span does not overlap any
++ * spans already in the list. The new span covers the values beg..end-1. beg
++ * must be less than end.
++ *
++ * Keep the list sorted and merge adjacent spans. Grow the allocated space for
++ * the list as needed. On success, 0 is returned. If the new span overlaps any
++ * existing spans, then 1 is returned and the new span is not added to the
++ * list. If the new span is invalid because beg is greater than or equal to
++ * end, then -1 is returned. If the list needs to be grown but the memory
++ * allocation fails, then -2 is returned.
++ */
++static int cover_add(cover, beg, end)
++    cover_t *cover;
++    bound_t beg;
++    bound_t end;
++{
++    size_t pos;
++    int prec, foll;
++
++    if (beg >= end)
++    /* The new span is invalid. */
++        return -1;
++
++    /* Find where the new span should go, and make sure that it does not
++       overlap with any existing spans. */
++    pos = cover_find(cover, beg);
++    if ((pos > 0 && beg < cover->span[pos - 1].end) ||
++        (pos < cover->num && end > cover->span[pos].beg))
++        return 1;
++
++    /* Check for adjacencies. */
++    prec = pos > 0 && beg == cover->span[pos - 1].end;
++    foll = pos < cover->num && end == cover->span[pos].beg;
++    if (prec && foll) {
++        /* The new span connects the preceding and following spans. Merge the
++           following span into the preceding span, and delete the following
++           span. */
++        cover->span[pos - 1].end = cover->span[pos].end;
++        cover->num--;
++        memmove(cover->span + pos, cover->span + pos + 1,
++                (cover->num - pos) * sizeof(span_t));
++    }
++    else if (prec)
++        /* The new span is adjacent only to the preceding span. Extend the end
++           of the preceding span. */
++        cover->span[pos - 1].end = end;
++    else if (foll)
++        /* The new span is adjacent only to the following span. Extend the
++           beginning of the following span. */
++        cover->span[pos].beg = beg;
++    else {
++        /* The new span has gaps between both the preceding and the following
++           spans. Assure that there is room and insert the span.  */
++        if (cover->num == cover->max) {
++            size_t max = cover->max == 0 ? 16 : cover->max << 1;
++            span_t *span = realloc(cover->span, max * sizeof(span_t));
++            if (span == NULL)
++                return -2;
++            cover->span = span;
++            cover->max = max;
++        }
++        memmove(cover->span + pos + 1, cover->span + pos,
++                (cover->num - pos) * sizeof(span_t));
++        cover->num++;
++        cover->span[pos].beg = beg;
++        cover->span[pos].end = end;
++    }
++    return 0;
++}
+ 
+ 
+ 
+@@ -376,6 +495,29 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+     }
+ #endif /* !SFX || SFX_EXDIR */
+ 
++    /* One more: initialize cover structure for bomb detection. Start with a
++       span that covers the central directory though the end of the file. */
++    if (G.cover == NULL) {
++        G.cover = malloc(sizeof(cover_t));
++        if (G.cover == NULL) {
++            Info(slide, 0x401, ((char *)slide,
++              LoadFarString(NotEnoughMemCover)));
++            return PK_MEM;
++        }
++        ((cover_t *)G.cover)->span = NULL;
++        ((cover_t *)G.cover)->max = 0;
++    }
++    ((cover_t *)G.cover)->num = 0;
++    if ((G.extra_bytes != 0 &&
++         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
++        cover_add((cover_t *)G.cover,
++                  G.extra_bytes + G.ecrec.offset_start_central_directory,
++                  G.ziplen) != 0) {
++        Info(slide, 0x401, ((char *)slide,
++          LoadFarString(NotEnoughMemCover)));
++        return PK_MEM;
++    }
++
+ /*---------------------------------------------------------------------------
+     The basic idea of this function is as follows.  Since the central di-
+     rectory lies at the end of the zipfile and the member files lie at the
+@@ -593,7 +735,8 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+             if (error > error_in_archive)
+                 error_in_archive = error;
+             /* ...and keep going (unless disk full or user break) */
+-            if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) {
++            if (G.disk_full > 1 || error_in_archive == IZ_CTRLC ||
++                error == PK_BOMB) {
+                 /* clear reached_end to signal premature stop ... */
+                 reached_end = FALSE;
+                 /* ... and cancel scanning the central directory */
+@@ -1062,6 +1205,11 @@ static int extract_or_test_entrylist(__G__ numchunk,
+ 
+         /* seek_zipf(__G__ pInfo->offset);  */
+         request = G.pInfo->offset + G.extra_bytes;
++        if (cover_within((cover_t *)G.cover, request)) {
++            Info(slide, 0x401, ((char *)slide,
++              LoadFarString(OverlappedComponents)));
++            return PK_BOMB;
++        }
+         inbuf_offset = request % INBUFSIZ;
+         bufstart = request - inbuf_offset;
+ 
+@@ -1593,6 +1741,18 @@ reprompt:
+             return IZ_CTRLC;        /* cancel operation by user request */
+         }
+ #endif
++        error = cover_add((cover_t *)G.cover, request,
++                          G.cur_zipfile_bufstart + (G.inptr - G.inbuf));
++        if (error < 0) {
++            Info(slide, 0x401, ((char *)slide,
++              LoadFarString(NotEnoughMemCover)));
++            return PK_MEM;
++        }
++        if (error != 0) {
++            Info(slide, 0x401, ((char *)slide,
++              LoadFarString(OverlappedComponents)));
++            return PK_BOMB;
++        }
+ #ifdef MACOS  /* MacOS is no preemptive OS, thus call event-handling by hand */
+         UserStop();
+ #endif
+@@ -1994,6 +2154,34 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
+     }
+ 
+     undefer_input(__G);
++
++    if ((G.lrec.general_purpose_bit_flag & 8) != 0) {
++        /* skip over data descriptor (harder than it sounds, due to signature
++         * ambiguity)
++         */
++#       define SIG 0x08074b50
++#       define LOW 0xffffffff
++        uch buf[12];
++        unsigned shy = 12 - readbuf((char *)buf, 12);
++        ulg crc = shy ? 0 : makelong(buf);
++        ulg clen = shy ? 0 : makelong(buf + 4);
++        ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */
++        if (crc == SIG &&                       /* if not SIG, no signature */
++            (G.lrec.crc32 != SIG ||             /* if not SIG, have signature */
++             (clen == SIG &&                    /* if not SIG, no signature */
++              ((G.lrec.csize & LOW) != SIG ||   /* if not SIG, have signature */
++               (ulen == SIG &&                  /* if not SIG, no signature */
++                (G.zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
++                                                /* if not SIG, have signature */
++                )))))
++                   /* skip four more bytes to account for signature */
++                   shy += 4 - readbuf((char *)buf, 4);
++        if (G.zip64)
++            shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
++        if (shy)
++            error = PK_ERR;
++    }
++
+     return error;
+ 
+ } /* end function extract_or_test_member() */
+diff --git a/globals.c b/globals.c
+index fa8cca5..1e0f608 100644
+--- a/globals.c
++++ b/globals.c
+@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor()
+ # if (!defined(NO_TIMESTAMPS))
+     uO.D_flag=1;    /* default to '-D', no restoration of dir timestamps */
+ # endif
++    G.cover = NULL;     /* not allocated yet */
+ #endif
+ 
+     uO.lflag=(-1);
+diff --git a/globals.h b/globals.h
+index 11b7215..2bdcdeb 100644
+--- a/globals.h
++++ b/globals.h
+@@ -260,12 +260,15 @@ typedef struct Globals {
+     ecdir_rec       ecrec;         /* used in unzip.c, extract.c */
+     z_stat   statbuf;              /* used by main, mapname, check_for_newer */
+ 
++    int zip64;                     /* true if Zip64 info in extra field */
++
+     int      mem_mode;
+     uch      *outbufptr;           /* extract.c static */
+     ulg      outsize;              /* extract.c static */
+     int      reported_backslash;   /* extract.c static */
+     int      disk_full;
+     int      newfile;
++    void     **cover;              /* used in extract.c for bomb detection */
+ 
+     int      didCRlast;            /* fileio static */
+     ulg      numlines;             /* fileio static: number of lines printed */
+diff --git a/process.c b/process.c
+index a3c1a4d..208619c 100644
+--- a/process.c
++++ b/process.c
+@@ -637,6 +637,13 @@ void free_G_buffers(__G)     /* releases all memory allocated in global vars */
+     }
+ #endif
+ 
++    /* Free the cover span list and the cover structure. */
++    if (G.cover != NULL) {
++        free(*(G.cover));
++        free(G.cover);
++        G.cover = NULL;
++    }
++
+ } /* end function free_G_buffers() */
+ 
+ 
+@@ -1905,6 +1912,7 @@ int getZip64Data(__G__ ef_buf, ef_len)
+ 
+ #define Z64FLGS 0xffff
+ #define Z64FLGL 0xffffffff
++    G.zip64 = FALSE;
+ 
+     if (ef_len == 0 || ef_buf == NULL)
+         return PK_COOL;
+@@ -1964,6 +1972,8 @@ int getZip64Data(__G__ ef_buf, ef_len)
+             G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+             offset += 4;
+           }
++
++          G.zip64 = TRUE;
+ #if 0
+           break;                /* Expect only one EF_PKSZ64 block. */
+ #endif /* 0 */
+diff --git a/unzip.h b/unzip.h
+index 5b2a326..ed24a5b 100644
+--- a/unzip.h
++++ b/unzip.h
+@@ -645,6 +645,7 @@ typedef struct _Uzp_cdir_Rec {
+ #define PK_NOZIP           9   /* zipfile not found */
+ #define PK_PARAM          10   /* bad or illegal parameters specified */
+ #define PK_FIND           11   /* no files found */
++#define PK_BOMB           12   /* likely zip bomb */
+ #define PK_DISK           50   /* disk full */
+ #define PK_EOF            51   /* unexpected EOF */
+ 
+-- 
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch
new file mode 100644
index 0000000..fd26fdd
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch
@@ -0,0 +1,121 @@
+From be88aa4811af47ca06d8b7dcda294f899eba70ea Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Thu, 25 Jul 2019 20:43:17 -0700
+Subject: [PATCH 3/3] Do not raise a zip bomb alert for a misplaced central
+ directory.
+
+There is a zip-like file in the Firefox distribution, omni.ja,
+which is a zip container with the central directory placed at the
+start of the file instead of after the local entries as required
+by the zip standard. This commit marks the actual location of the
+central directory, as well as the end of central directory records,
+as disallowed locations. This now permits such containers to not
+raise a zip bomb alert, where in fact there are no overlaps.
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/6d351831be705cc26d897db44f878a978f4138fc]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ extract.c | 25 +++++++++++++++++++------
+ process.c |  6 ++++++
+ unzpriv.h | 10 ++++++++++
+ 3 files changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index 2bb72ba..a9dcca8 100644
+--- a/extract.c
++++ b/extract.c
+@@ -495,8 +495,11 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+     }
+ #endif /* !SFX || SFX_EXDIR */
+ 
+-    /* One more: initialize cover structure for bomb detection. Start with a
+-       span that covers the central directory though the end of the file. */
++    /* One more: initialize cover structure for bomb detection. Start with
++       spans that cover any extra bytes at the start, the central directory,
++       the end of central directory record (including the Zip64 end of central
++       directory locator, if present), and the Zip64 end of central directory
++       record, if present. */
+     if (G.cover == NULL) {
+         G.cover = malloc(sizeof(cover_t));
+         if (G.cover == NULL) {
+@@ -508,15 +511,25 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+         ((cover_t *)G.cover)->max = 0;
+     }
+     ((cover_t *)G.cover)->num = 0;
+-    if ((G.extra_bytes != 0 &&
+-         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
+-        cover_add((cover_t *)G.cover,
++    if (cover_add((cover_t *)G.cover,
+                   G.extra_bytes + G.ecrec.offset_start_central_directory,
+-                  G.ziplen) != 0) {
++                  G.extra_bytes + G.ecrec.offset_start_central_directory +
++                  G.ecrec.size_central_directory) != 0) {
+         Info(slide, 0x401, ((char *)slide,
+           LoadFarString(NotEnoughMemCover)));
+         return PK_MEM;
+     }
++    if ((G.extra_bytes != 0 &&
++         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
++        (G.ecrec.have_ecr64 &&
++         cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
++                   G.ecrec.ec64_end) != 0) ||
++        cover_add((cover_t *)G.cover, G.ecrec.ec_start,
++                  G.ecrec.ec_end) != 0) {
++        Info(slide, 0x401, ((char *)slide,
++          LoadFarString(OverlappedComponents)));
++        return PK_BOMB;
++    }
+ 
+ /*---------------------------------------------------------------------------
+     The basic idea of this function is as follows.  Since the central di-
+diff --git a/process.c b/process.c
+index 208619c..5f8f6c6 100644
+--- a/process.c
++++ b/process.c
+@@ -1408,6 +1408,10 @@ static int find_ecrec64(__G__ searchlen)         /* return PK-class error */
+ 
+     /* Now, we are (almost) sure that we have a Zip64 archive. */
+     G.ecrec.have_ecr64 = 1;
++    G.ecrec.ec_start -= ECLOC64_SIZE+4;
++    G.ecrec.ec64_start = ecrec64_start_offset;
++    G.ecrec.ec64_end = ecrec64_start_offset +
++                       12 + makeint64(&byterec[ECREC64_LENGTH]);
+ 
+     /* Update the "end-of-central-dir offset" for later checks. */
+     G.real_ecrec_offset = ecrec64_start_offset;
+@@ -1542,6 +1546,8 @@ static int find_ecrec(__G__ searchlen)          /* return PK-class error */
+       makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]);
+     G.ecrec.zipfile_comment_length =
+       makeword(&byterec[ZIPFILE_COMMENT_LENGTH]);
++    G.ecrec.ec_start = G.real_ecrec_offset;
++    G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length;
+ 
+     /* Now, we have to read the archive comment, BEFORE the file pointer
+        is moved away backwards to seek for a Zip64 ECLOC64 structure.
+diff --git a/unzpriv.h b/unzpriv.h
+index c8d3eab..5e177c7 100644
+--- a/unzpriv.h
++++ b/unzpriv.h
+@@ -2185,6 +2185,16 @@ typedef struct VMStimbuf {
+        int have_ecr64;                  /* valid Zip64 ecdir-record exists */
+        int is_zip64_archive;            /* Zip64 ecdir-record is mandatory */
+        ush zipfile_comment_length;
++       zusz_t ec_start, ec_end;         /* offsets of start and end of the
++                                           end of central directory record,
++                                           including if present the Zip64
++                                           end of central directory locator,
++                                           which immediately precedes the
++                                           end of central directory record */
++       zusz_t ec64_start, ec64_end;     /* if have_ecr64 is true, then these
++                                           are the offsets of the start and
++                                           end of the Zip64 end of central
++                                           directory record */
+    } ecdir_rec;
+ 
+ 
+-- 
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index daba722..c1ea0a9 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -22,6 +22,9 @@
 	file://symlink.patch \
 	file://0001-unzip-fix-CVE-2018-1000035.patch \
 	file://CVE-2018-18384.patch \
+	file://CVE-2019-13232_p1.patch \
+	file://CVE-2019-13232_p2.patch \
+	file://CVE-2019-13232_p3.patch \
 "
 UPSTREAM_VERSION_UNKNOWN = "1"