poky: subtree update:ad30a6d470..7231c10430
Akira Shibakawa (3):
License-Update: attr: Add a missing file to LIC_FILES_CHKSUM.
License-Update: kmod: Add a missing file to LIC_FILES_CHKSUM.
License-Update: gdk-pixbuf: Fix LICENSE.
Alejandro Hernandez Samaniego (1):
baremetal-helloworld: Fix install path since S doesnt have a trailing slash
Alexander Kanavin (4):
ncurses: only include upstream releases in version check
python3: fix upstream version check
boost-build-native: fix upstream version check
selftest/virgl: drop the custom 30 sec timeout
Alistair (1):
weston-init: Allow setting idle time to 0
Changqing Li (1):
toolchain-shar-extract.sh: don't print useless info
Charlie Davies (1):
bitbake: bitbake: fetch/git: use shlex.quote() to support spaces in SRC_URI url
Chen Qi (2):
watchdog: use /run instead of /var/run in systemd service file
cups: use /run instead /var/run in systemd's unit file
David Reyna (1):
bitbake: toaster: Enable Gatesgarth branch in place of Zeus
Douglas Royds (1):
externalsrc: No single-task lock if S != B
Joshua Watt (2):
ref-variables: Given example for naming sources
ref-manual: Document wic --offset option
Khairul Rohaizzat Jamaluddin (1):
imagefeatures: New test case, test_empty_image, added
Khem Raj (5):
autotools.bbclass: Order CONFIG_SHELL before CACHED_CONFIGUREVARS
boost: Fix build on 32-bit arches with 64bit time_t only
mesa: Fix build on 32bit arches supporting 64bit time_t only
packagegroup-core-tools-debug: Disable for rv32/glibc as well
packagegroup-core-tools-profile: Remove lttng-tools and perf for rv32/glibc
Konrad Weihmann (1):
lib/oe/rootfs: introduce IMAGE_LOG_CHECK_EXCLUDES
Lee Chee Yang (2):
libproxy: fix CVE-2020-25219
grub2: fix CVE-2020-10713
Martin Jansa (11):
tune-cortexa76ae.inc: Correct TUNE_FEATURES
arch-armv7a.inc: fix typo
arch-mips.inc: remove duplicated mips64el-o32 from PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
arch-arm64.inc: don't append _be to ARMPKGARCH for tune-aarch64_be
tune-mips64r6.inc: fix typo in mipsisa64r6-nf
tune-ep9312.inc: add t suffix for thumb to PACKAGE_EXTRA_ARCHS_tune-ep9312
tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
tune-supersparc.inc: remove
tune-thunderx.inc: don't append _be to ARMPKGARCH for tune-thunderx_be
siteinfo: Recognize 32bit PPC LE
siteinfo: Recognize bigendian sh3be and sh4be
Max Krummenacher (2):
linux-firmware: package marvel sdio 8997 firmware
linux-firmware: package nvidia firmware
Mingli Yu (1):
tcl: adapt to potential pseudo changes
Naoki Hayama (1):
dev/test/ref-manual: Fix typos
Neil Armstrong (1):
linux-firmware: add Amlogic VDEC firmware package
Nicolas Dechesne (4):
sdk-manual: use built-in footnotes
dev-manual/dev-manual-common-tasks: fix warning
sphinx: add 3.1.3 and 3.0.4 release in the switcher
dev-manual/dev-manual-common-tasks: fix typos and use extlinks
Paul Eggleton (2):
classes/buildhistory: record SRC_URI
classes/buildhistory: also save recipe info for native recipes
Quentin Schulz (17):
docs: poky.yaml: use HTTPS for links
docs: ref-manual: indentation, links and highlights fixes
docs: remove OE_INIT_FILE variable
docs: ref-manual: fix typos
docs: ref-manual: migration-2.3: specify 2.3 version instead of DISTRO
docs: ref-manual: ref-classes: remove dropped tinderclient class
docs: ref-manual: ref-system-requirements: update requirements to build Sphinx docs
docs: sphinx: yocto-vars: rebuild files when poky.yaml has changed
docs: poky.yaml: fix identation in host packages variables
docs: dev-manual-common-tasks: remove paragraph about race when missing DEPENDS
docs: dev-manual-common-tasks: update python webserver example to python3
docs: dev-manual: fix typos, highlights, indentation and links
docs: ref-manual: ref-terms: add links to terms in glossary
docs: bsp-guide: bsp: fix typos, highlights and links
docs: kernel-dev: fix typos, highlights and links
docs: kernel-dev-common: add .patch file extension to SRC_URI files
docs: kernel-dev-faq: update outdated RDEPENDS_kernel-base
Reyna, David (1):
bitbake: toaster: Update documentation links to new URLs
Richard Purdie (10):
layer.conf: Switch to gatesgarth only in preparation for release
bitbake: ui/toasterui: Fix startup faults from incorrect event sequencing
bitbake: bitbake: Bump version to 1.48.0 ready for the new release
oeqa: Add sync call to command execution
poky.conf: Bump version for 3.2 gatesgarth release
build-appliance-image: Update to master head revision
bitbake: tests/fetch: Update upstream master->main branchname transition
Revert "classes/buildhistory: also save recipe info for native recipes"
valgrind: Fix build on musl after drd fixes
build-appliance-image: Update to master head revision
Robert Yang (1):
weston: Fix PACKAGECONFIG for remoting
Roland Hieber (1):
devtool: make sure .git/info exists before writing to .git/info/excludes
Ross Burton (4):
waf: don't assume the waf intepretter is good
waf: add ${B} to do_configure[cleandirs]
scripts/install-buildtools: Update to 3.2 M3 buildtools
glib-2.0: fix parsing of slim encoded tzdata
Sourabh Banerjee (1):
layer.conf: fix sanity error for PATH variable in extensible SDK workflow
Stacy Gaikovaia (2):
valgrind: drd: fix pthread intercept test failures
bitbake: main: Handle cooker daemon startup error
Tim Orling (1):
bitbake: lib/bb/ui/knotty: fix typo in parseprogress
Victor Kamensky (3):
Revert "qemumips: use 34Kf-64tlb CPU emulation"
Revert "qemu: add 34Kf-64tlb fictitious cpu type"
qemu: change TLBs number to 64 in 34Kf mips cpu model
Yi Zhao (1):
dhcpcd: add PACKAGECONFIG for ntp/chrony/ypbind hooks
Zang Ruochen (1):
harfbuzz: Refresh patch
akuster (2):
busybox: add rev and pgrep
kea: add init scripts
leimaohui (1):
docs: Updated the status of spdx module.
zangrc (1):
classes: Fixed the problem of undefined variables when compiling meta-toolchain.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic45bc219b94960751896a0ae3d4923a9f5849e70
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
new file mode 100644
index 0000000..3ef7f85
--- /dev/null
+++ b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
@@ -0,0 +1,61 @@
+From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 9 Sep 2020 11:12:02 -0500
+Subject: [PATCH] Rewrite url::recvline to be nonrecursive
+
+This function processes network input. It's semi-trusted, because the
+PAC ought to be trusted. But we still shouldn't allow it to control how
+far we recurse. A malicious PAC can cause us to overflow the stack by
+sending a sufficiently-long line without any '\n' character.
+
+Also, this function failed to properly handle EINTR, so let's fix that
+too, for good measure.
+
+Fixes #134
+
+Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
+CVE: CVE-2020-25219
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ libproxy/url.cpp | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..68d69cd 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -388,16 +388,24 @@ string url::to_string() const {
+ return m_orig;
+ }
+
+-static inline string recvline(int fd) {
+- // Read a character.
+- // If we don't get a character, return empty string.
+- // If we are at the end of the line, return empty string.
+- char c = '\0';
+-
+- if (recv(fd, &c, 1, 0) != 1 || c == '\n')
+- return "";
+-
+- return string(1, c) + recvline(fd);
++static string recvline(int fd) {
++ string line;
++ int ret;
++
++ // Reserve arbitrary amount of space to avoid small memory reallocations.
++ line.reserve(128);
++
++ do {
++ char c;
++ ret = recv(fd, &c, 1, 0);
++ if (ret == 1) {
++ if (c == '\n')
++ return line;
++ line += c;
++ }
++ } while (ret == 1 || (ret == -1 && errno == EINTR));
++
++ return line;
+ }
+
+ char* url::get_pac() {
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
index 19dddeb..a14c358 100644
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
@@ -10,6 +10,7 @@
SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
file://0001-get-pac-test-Fix-build-with-clang-libc.patch \
+ file://CVE-2020-25219.patch \
"
SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"