subtree updates

poky: 67266331b0..835f7eac06:
  Adrian Bunk (9):
        valgrind: Remove dependency on libx11
        bluez5: Remove obsolete dependency on dbus-glib
        python3-dbus: Remove obsolete dependency on dbus-glib
        cups: Remove unnecessary dependency on dbus-glib
        libnotify: Remove obsolete dependency on dbus-glib
        unfs3: Switch to new upstream location
        i2c-tools: Add alternative for i2ctransfer
        meta: Remove remnants of bluez4 support
        e2fsprogs: Remove patch that disabled 64bit for ext4 by default

  Adrian Freihofer (1):
        yocto-bsp: runqemu runs beaglebone-yocto

  Adrian Ratiu (1):
        opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIR

  Alejandro del Castillo (1):
        opkg: upgrade to version 0.4.1

  Alexander Kanavin (3):
        rt-tests: exclude 1.4 version from upstream check as well
        gtk-doc: correct the style.css permissions
        mobile-broadband-provider-info: upgrade 20190116 -> 20190618

  Alistair Francis (7):
        mesa: Add support for the lima PACKAGECONFIG
        u-boot: Update to 2019.07
        packagegroup-core-sdk: Set blank sanitiser for RISC-V 32
        opensbi: Update from 0.3 to 0.4
        opensbi: Fix installed-vs-shipped warning
        qemurunner.py: Be more verbose about problems
        package_manager: Ensure the base-feed directory exists

  Andrej Valek (2):
        busybox: 1.30.1 -> 1.31.0
        oe/copy_buildsystem: move layer into layers directory

  Anuj Mittal (25):
        gstreamer1.0-plugins-bad: depend on vulkan-loader now
        vulkan-demos: depend on vulkan-loader
        vulkan: remove
        binutils: fix CVE-2019-12972 CVE-2019-9071
        gnupg: upgrade 2.2.16 -> 2.2.17
        libxslt: fix CVE-2019-13117 CVE-2019-13118
        libva: upgrade 2.4.1 -> 2.5.0
        libva-utils: upgrade 2.4.0 -> 2.5.0
        nasm: fix CVE-2018-19755
        python: fix CVE-2019-9740
        python3: upgrade 3.7.3 -> 3.7.4
        binutils: CVE-2019-9070 is same as CVE-2019-9071
        qemu: fix CVE-2019-12155
        bzip2: upgrade 1.0.7 -> 1.0.8
        glib-2.0: upgrade 2.60.4 -> 2.60.5
        vte: upgrade 0.56.1 -> 0.56.3
        openssl: set CVE vendor to openssl
        curl: upgrade 7.65.1 -> 7.65.2
        rsync: fix CVEs for included zlib
        glibc: CVE-2018-20796 is same as CVE-2019-9169
        unzip: fix CVE-2019-13232
        python: include CVE patches for python-native as well
        gdb: fix CVE-2017-9778
        iptables: upgrade 1.8.2 -> 1.8.3
        piglit: fix SRC_URI

  Armin Kuster (1):
        timezone: update to 2019b

  Bonnans, Laurent (1):
        openssl: fix valgrind errors on v1.1.1c

  Bruce Ashfield (5):
        linux-yocto/5.0: bsp: add basic xilinx zynqmp support
        linux-yocto/5.0: make scsi-debug include scsi core configs
        linux-yocto: bsp/beaglebone: support qemu -machine virt
        linux-yocto/4.19: update to 4.19.57 and -rt22
        package: check PKG_ variables before executing ontarget postinst

  CHerzig@Gauselmann.de (1):
        bitbake: fetch2/clearcase: Fix class import errors

  Changqing Li (5):
        quilt: run-ptest remove Interactive Input
        mdadm: fix systemd service start up failure
        mdam: fix mdmonitor start up failure
        opkg: make ptest output format align with common style
        mdadm: make ptest output format align with common style

  Chee Yang Lee (1):
        wic: add support for kernel with initramfs bundled

  Chen Qi (13):
        target-sdk-provides-dummy: add libperl.so.5 64bit
        devtool: warn user about multiple layer having the same base name
        image.bbclass: fix systemd_preset_all
        devtool.py: track to clean devtool.conf in test_create_workspace
        grub-efi.bbclass: take into consideration of multilib
        sysstat: use service file from source codes
        xmlcatalog: hold libxml2-native dependency
        oeqa/runtime/rpm: ensure no user process running before deleting user
        oeqa/runtime/rpm: Move test_rpm_query_nonroot test case to RpmBasicTest
        qemurunner.py: fix race condition at qemu startup
        msmtp: use alternatives to manage /usr/lib/sendmail
        runtime_test.py: use track_for_cleanup for temp dir
        devtool: remove temp dir in upgrade

  Fabio Berton (1):
        mesa: Update 19.1.0 -> 19.1.1

  Haiqing Bai (1):
        sysstat: Use sysstat.service in source for cron with systemd

  He Zhe (1):
        ltp: file01: Fix in was not recognized

  Hongzhi.Song (3):
        ltp: fix shmctl01 failure when executed.
        ltp: diotest4: Let kernel pick an address when calling mmap
        ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32

  Jason Wessel (5):
        glibc: Fix multilibs + usrmerge builds
        psmisc: Fix dependency for USE_NLS=no
        glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1"
        glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs
        glibc / glibc-locale: Fix stash_locale determinism problems

  Joe Slater (1):
        libtool: remove host information from libtool

  Jon Mason (1):
        oe_syslog.py: Handle syslogd/klogd restart race

  Joshua Watt (5):
        python3: Fix .pyc file reproduciblility
        oeqa: Test bitbake --skip-setsecene
        bitbake: bitbake: Add --skip-setscene option
        classes/icecc: Disable remote pre-processing by default
        scripts/buildstats-diff: Add option to filter tasks

  Joël Esponde (1):
        package.bbclass: fix directories setuid and setgid bits

  Jun Nie (1):
        kernel-fitimage: uboot-sign: fix missing signature

  Kai Kang (4):
        rng-tools: fix rngd blocks system shutdown
        openssl: fix multilib files conflict
        webkitgtk: set incomptible with tune mips
        defaultsetup.conf: enable select init manager

  Khem Raj (10):
        efibootmgr: Pass correct flags to compiler from pkg-config
        mpeg2dec: Fix PIE build and avoid relocation in text section on ARM
        Revert "unzip: fix CVE-2019-13232"
        musl: Upgrade to 1.1.23+
        mdadm: Include sys/sysmacros.h for major/minor definitions
        sysvinit: Include sys/sysmacros.h for major/minor definitions on musl too
        pam_systemd: Include missing.h for secure_getenv
        musl-obstack: Add recipe
        elfutils: Fix eu-* utils builds for musl
        maintainers: Account for musl-obstack and libssp-nonshared

  Li Zhou (2):
        bc: dc: fix exit code of q command
        iptables: Security Advisory - iptables - CVE-2019-11360

  Luca Boccassi (1):
        bitbake: tests/fetch.py: add missing skipIfNoNetwork tags to tests that try to git clone

  Matthias Schiffer (1):
        systemd: backport patch to fix sysctl warning on boot

  Mike Crowe (4):
        bitbake.conf: Stop exporting TARGET_ flags variables
        image.bbclass: Only append to IMAGE_LINK_NAME if it was already set
        rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifest
        rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_data

  Mikko Rapeli (3):
        busybox: enable unicode support
        cve-check.bbclass: initialize to_append
        freetype: add --tag CC to libtool arguments

  Mingli Yu (2):
        go.bbclass: separate the ptest logic to go-ptest class
        mdadm: fix ptest hang

  Oleksandr Kravchuk (34):
        mc: update to 4.8.23
        encodings: update to 1.0.5
        gawk: update to 5.0.1
        libinput: update to 1.13.3
        libxi: update to 1.7.10
        libxt: update to 1.2.0
        autoconf-archive: update to 2019.01.06
        python3-mako: update to 1.0.12
        python3-pbr: update to 5.3.1
        python3-pygobject: update to 3.32.2
        git: update to 2.22.0
        eudev: update to 3.2.8
        babeltrace: update to 1.5.7
        dpkg: update to 1.19.7
        apt: update to 1.2.31
        libinput: update to 1.13.4
        expat: update to 2.2.7
        libsolf: update to 0.7.5
        bison: update to 3.4.1
        ruby: update to 2.5.5
        quilt: update to 0.66
        bzip2: update to 1.0.7
        python3-mako: update to 1.0.13
        ifupdown: update to 0.8.22
        libdrm: update to 2.4.99
        python3-pbr: update to 5.4.0
        linux-firmware: bump to 20190618
        iproute2: update to 5.2.0
        udev-extraconf: do not mount swap partitions
        python3-pbr: update to 5.4.1
        xinput: update to 1.6.3
        python3-scons: update to 3.1.0
        python3-docutils: update to 0.15
        python3-mako: update to 1.0.14

  Pascal Bach (1):
        cmake: 3.14.1 -> 3.14.5

  Paul Eggleton (7):
        libcap-ng: do not use symlink to share files with libcap-ng-python
        scripts/contrib/ddimage: fix typo
        scripts/contrib/ddimage: replace blacklist with mount check
        scripts/contrib/ddimage: be explicit whether device doesn't exist or isn't writeable
        list-packageconfig-flags: print PN instead of P
        recipetool: ignore zero-length setup.py files
        devtool: upgrade: fix handling of errors parsing upgraded recipe

  Peter Kjellerstedt (4):
        glib-2.0: Update to 2.60.4
        glibc-package.inc: Do not use bitbake variable syntax for shell variables
        meson.bbclass: Remove the MESON_*_ARGS variables
        nativesdk-meson: Remove some unused variables

  Pierre Le Magourou (10):
        cve-update-db: Use std library instead of urllib3
        cve-update-db: Manage proxy if needed.
        cve-update-db: do_populate_cve_db depends on do_fetch
        cve-update-db: Catch request.urlopen errors.
        cve-check: Depends on cve-update-db-native
        cve-update-db: Use NVD CPE data to populate PRODUCTS table
        cve-check: Update unpatched CVE matching
        cve-update-db-native: Skip recipe when cve-check class is not loaded.
        cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
        cve-update-db-native: Remove hash column from database.

  Ricardo Ribalda Delgado (4):
        nfs-mountd: Add missing dependency on systemd service
        systemd: Fix interface bring-up on kernels >= 5.2
        wic: Fix (again) partition files UIDs on multi rootfs images
        systemd-bootconf: Mark as machine specific

  Ricardo Salveti (1):
        gcc-9.1: add back GLIBC_DYNAMIC_LINKER riscv changes

  Richard Purdie (58):
        multilib_global: Fix multilib rebuild issue
        multilib_global: Fix KERNEL_VERSION expansion problems
        sysklogd: Fix init script races
        busybox: Improve syslog restart handling
        oeqa/runtime/syslog: Improve test debug messages
        oeqa/runtime/oesyslog: systemd syslog restart doesn't change pid
        oeqa/runtime/syslog: Add delay to test to avoid failures
        busybox: Fix typo in syslog initscript
        pigz: Add debug for autobuilder errors
        staging: Code cleanup
        package: Build pkgdata specific to the current recipe
        Revert "pigz: Add debug for autobuilder errors"
        grub2: Drop unneeded code
        bitbake: event: Clear ui_queue after handling it
        bitbake: main: Ensure log messages are printed when no UI starts
        bitbake: main: Alter EOFError handling
        core-image-sato-sdk-ptest: Reduce image padding size due to bootimg 4GB limit
        oeqa/bbtests: Tweak test bitbake output pattern matching
        sstate: Add tweak to avoid multiple sstate stats messages
        bitbake: siggen: Fix default handler
        bitbake: siggen: Use unique hashes for tasks
        bitbake: runqueue: Tweak buildable variable handling in scheduler
        bitbake: runqueue: Drop unused BB_SETSCENE_VERIFY_FUNCTION2
        bitbake: runqueue: Remove now uneeded code
        bitbake: runqueue: Move scenequeue data generation to a separate function
        bitbake: runqueue: Remove unused function parameter
        bitbake: runqueue: Factor out the process_setscene_whitelist checks
        bitbake: runqueue: Uniquely namespace the scenequeue functions
        bitbake: runqueue: Merge stats handling together for setscene/real tasks
        bitbake: runqueue: Merge scenequeue and real task queue code together
        bitbake: runqueue: Fix counter/task updating glitch
        bitbake: runqueue: Remove RunQueueExecuteScenequeue and RunQueueExecuteTasks
        bitbake: runqueue: Simplify _execute_runqueue logic
        bitbake: runqueue: Fold remains of the scenequeue setup into RunQueueExecute
        bitbake: event/runqueue: Drop StampUpdate event, its pointless/unused
        bitbake: runqueue: Add covered_tasks (or 'collated_deps') to scenequeue data
        bitbake: runqueue: Simplify scenequeue unskippable calculation
        bitbake: runqueue: Tweak comments and debug code
        bitbake: runqueue: Code simplification
        bitbake: runqueue: Remove pointless variable
        bitbake: runqueue: Further scheduler buildable tasks cleanup
        bitbake: runqueue: Clarify scenequeue_covered vs. tasks_covered
        bitbake: runqueue: Merge the queues and execute setscene and normal tasks in parallel
        bitbake: runqueue: Alter setscenewhitelist handling
        bitbake: runqueue: Complete the merge of scenequeue and normal task execution
        bitbake: tests: Add initial scenario based test for runqueue
        bitbake: uihelper: No longer listen to scenequeue task started
        bitbake: runqueue: Simplify some convoluted logic
        bitbake: runqueue: Whitespace fix
        bitbake: runqueue: Abstract hash verification function
        bitbake: runqueue: Optimise multiconfig with overlapping setscene
        bitbake: tests/runqueue: Allow common sstate tasks to become valid
        bitbake: runqueue: Fix non setscene tasks targets being lost
        staging: Drop clean_recipe_sysroot
        poky-lsb: Drop features already in poky
        poky-lsb: Drop libx11 PREFERRED_PROVIDER
        distro/include: Add poky-distro-alt-test-config.inc
        bitbake: siggen: Fix handling of tainted sig files

  Robert Yang (13):
        update-alternatives.bbclass: run update-alternatives firstly in postinst script
        busybox: make postinst run firstly before update-alternatives
        multilib.bbclass: Reduce ALTERNATIVE_PRIORITY for extended recipes
        bitbake: bitbake: lib: Cleanup /usr/bin/env python
        bitbake: bitbake: toaster:tests: python -> python3
        ksum.py: python -> python3
        wic: python2 -> python3
        ext-sdk-prepare.py: python2 -> python3
        oeqa: Cleanup /usr/bin/env python
        package_rpm.bbclass: python2 -> python3
        bitbake: cache: Remove duplicated lines for provides and rprovides
        bitbake: cache: Set packages for skipped recipes
        bitbake: cache: Create a symlink for current cachefile

  Ross Burton (56):
        cve-check: be idiomatic
        gtk-icon-cache: rename intercept to update_gtk_icon_cache
        fortran-helloworld: add a very dumb Fortran Hello World for testing
        oeqa/buildoptions: check that Fortran code actually cross-compiles
        buildhistory: write the contents of the sysroot
        buildhistory: report sysroot changes
        perl: fix Upstream-Status tags
        efivar: ensure that target security flags are not used to build native code
        multilib_script: fix whitespace
        buildhistory_analysis: ignore ownership for sysroot diffs
        insane: use clean_path for the host contamination warnings
        libsndfile1: disable use of sqlite3 by default
        libsndfile1: remove redundant autoconf seeding
        buildhistory: don't output ownership for the sysroot
        buildhistory: filter out the unexpected prefix for native/cross sysroots
        alsa-utils: disable tools using GTK+2
        packagegroup-core-lsb: remove GTK+
        recipetool: add MD5 hash for the line-wrapped MPL-1.1 license
        oeqa/recipetool: change the CMake test to use taglib
        gtk+: remove GTK+ 2
        gnome-themes-standard: remove
        Revert "sysstat: use service file from source codes"
        libpsl: update Upstream-Status
        grub: build with python 3
        qemu: use Python 3 to build
        ninja: use Python 3
        conf/poky: add debian-10 to the supported distribution list
        tiff: remove redundant patch
        tiff: fix CVE-2019-6128
        tiff: fix CVE-2019-7663
        cve-check: remove redundant readline CVE whitelisting
        cve-check-tool: remove
        glibc: exclude child recipes from CVE scanning
        libid3tag: CVE-2017-11551 is the same as CVE-2004-2779
        libid3tag: handle unknown encodings (CVE-2017-11550)
        subversion: set CVE vendor to Apache
        boost: set CVE vendor to Boost
        git: set CVE vendor to git-scm
        ed: set CVE vendor to avoid false positives
        cve-check: allow comparison of Vendor as well as Product
        flex: set CVE_PRODUCT to include vendor
        cve-update-db-native: use SQL placeholders instead of format strings
        xkeyboard-config: remove redundant intltool dependency
        piglit: upgrade to latest revision
        pkgconf: upgrade 1.6.1 -> 1.6.3
        conf/poky: add Fedora 30 and Opensuse Leap 15.1 to supported distributions
        cve-update-db-native: use os.path.join instead of +
        cve-update-db: actually inherit native
        cve-update-db-native: use executemany() to optimise CPE insertion
        cve-update-db-native: improve metadata parsing
        cve-update-db-native: clean up JSON fetching
        freetype: upgrade to 2.10.1
        unfs3: set upstream tag regex to avoid false-positives
        meson.bbclass: export STRIP=${BUILD_STRIP}
        ffmpeg: don't use hardcoded lookup tables
        ffmpeg: upgrade to 4.1.4

  Sai Hari Chandana Kalluri (3):
        devtool/standard.py: Update devtool modify to copy source from work-shared if its already downloaded
        devtool/standard.py: Create a copy of kernel source within work-shared if not present
        devtool: provide support for devtool menuconfig command

  Scott Rifenbark (5):
        overview-manual: Fixed manual history table
        sdk-manual: Updated devtool to talk about oe-local-files.
        dev-manual: Provided proper link title
        ref-manual: Fixed typo for BBMULTICONFIG variable.
        ref-manual: Removed "python2" mention in example.

  Stefan Agner (1):
        psplash: create psplash tmpfs mount directory in psplash-init

  Tim Orling (3):
        vulkan-headers: add recipe
        vulkan-loader: add recipe
        vulkan-tools: add recipe

  Ulrich Ölmann (1):
        squashfs-tools: upgrade to commit f95864afe883

  William Bourque (2):
        wic/plugins: Source that support both EFI and BIOS
        meta/lib/oeqa: Test for bootimg-biosplusefi Source

  Yi Zhao (2):
        debianutils: upgrade 4.8.6.1 -> 4.8.6.3
        ltp: upgrade 20190115 -> 20190517

  Zang Ruochen (9):
        nss: upgrade 3.44 -> 3.44.1
        util-linux:upgrade 2.33.2 -> 2.34
        librepo:upgrade 1.10.3 -> 1.10.4
        sqlite3: Upgrade 3.28.0 -> 3.29.0
        nss: Upgrade 3.44.1 -> 3.45
        xauth:upgrade 1.0.10 -> 1.1
        libice:upgrade 1.0.9 -> 1.0.10
        xwininfo:upgrade 1.1.4 -> 1.1.5
        libpciaccess:upgrade 0.14 -> 0.16

meta-phosphor: fe8cee7488..601f253a66:
  Brad Bishop (1):
        meta-phosphor: systemd: remove upstreamed patches

Change-Id: If591144821cd2e5b990a7aa49a1cf426f6a906de
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-multimedia/libtiff/files/libtool2.patch b/poky/meta/recipes-multimedia/libtiff/files/libtool2.patch
deleted file mode 100644
index 96233b4..0000000
--- a/poky/meta/recipes-multimedia/libtiff/files/libtool2.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 5b893206e0a0d529ba2d0caf58cfffc03bccb598 Mon Sep 17 00:00:00 2001
-From: Marcin Juszkiewicz <hrw@openedhand.com>
-Date: Sat, 14 Jun 2008 13:42:22 +0000
-Subject: [PATCH] tiff: make it work after libtool upgrade
-
-Upstream-Status: Inappropriate [configuration]
-
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index c7b02e2..ae1c964 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -27,7 +27,7 @@ dnl Process this file with autoconf to produce a configure script.
- AC_PREREQ(2.64)
- AC_INIT([LibTIFF Software],[4.0.10],[tiff@lists.maptools.org],[tiff])
- AC_CONFIG_AUX_DIR(config)
--AC_CONFIG_MACRO_DIR(m4)
-+dnl AC_CONFIG_MACRO_DIR(m4)
- AC_LANG(C)
- 
- dnl Compute the canonical host (run-time) system type variable
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-6128.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-6128.patch
new file mode 100644
index 0000000..6f1fd4d
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-6128.patch
@@ -0,0 +1,52 @@
+CVE: CVE-2019-6128
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Wed, 23 Jan 2019 15:03:53 -0500
+Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128.
+
+pal2rgb failed to free memory on a few errors. This was reported
+here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
+---
+ tools/pal2rgb.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 01d8502ec..9492f1cf1 100644
+--- a/tools/pal2rgb.c
++++ b/tools/pal2rgb.c
+@@ -118,12 +118,14 @@ main(int argc, char* argv[])
+ 	    shortv != PHOTOMETRIC_PALETTE) {
+ 		fprintf(stderr, "%s: Expecting a palette image.\n",
+ 		    argv[optind]);
++		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
+ 		fprintf(stderr,
+ 		    "%s: No colormap (not a valid palette image).\n",
+ 		    argv[optind]);
++		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	bitspersample = 0;
+@@ -131,11 +133,14 @@ main(int argc, char* argv[])
+ 	if (bitspersample != 8) {
+ 		fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
+ 		    argv[optind]);
++		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	out = TIFFOpen(argv[optind+1], "w");
+-	if (out == NULL)
++	if (out == NULL) {
++		(void) TIFFClose(in);
+ 		return (-2);
++	}
+ 	cpTags(in, out);
+ 	TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
+ 	TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
+-- 
+2.21.0
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch
new file mode 100644
index 0000000..f244fb2
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch
@@ -0,0 +1,77 @@
+CVE: CVE-2019-7663
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From c6fc6c1fa895024c86285c58efd6424cf8078f32 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Mon, 11 Feb 2019 10:05:33 +0100
+Subject: [PATCH 1/2] check that (Tile Width)*(Samples/Pixel) do no overflow
+
+fixes bug 2833
+---
+ tools/tiffcp.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..f0ee2c02 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1408,7 +1408,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	int status = 1;
+ 	uint32 imagew = TIFFRasterScanlineSize(in);
+ 	uint32 tilew = TIFFTileRowSize(in);
+-	int iskew  = imagew - tilew*spp;
++	int iskew;
+ 	tsize_t tilesize = TIFFTileSize(in);
+ 	tdata_t tilebuf;
+ 	uint8* bufp = (uint8*) buf;
+@@ -1416,6 +1416,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	uint32 row;
+ 	uint16 bps = 0, bytes_per_sample;
+ 
++	if (spp > (0x7fffffff / tilew))
++	{
++		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
++		return 0;
++	}
++	iskew = imagew - tilew*spp;
+ 	tilebuf = _TIFFmalloc(tilesize);
+ 	if (tilebuf == 0)
+ 		return 0;
+-- 
+2.20.1
+
+
+From da6454aa80b9bb3154dfab4e8b21637de47531e0 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Mon, 11 Feb 2019 21:42:03 +0100
+Subject: [PATCH 2/2] tiffcp.c: use INT_MAX
+
+---
+ tools/tiffcp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index f0ee2c02..8c81aa4f 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -41,6 +41,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ #include <ctype.h>
+ 
+@@ -1416,7 +1417,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	uint32 row;
+ 	uint16 bps = 0, bytes_per_sample;
+ 
+-	if (spp > (0x7fffffff / tilew))
++	if (spp > (INT_MAX / tilew))
+ 	{
+ 		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ 		return 0;
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb
index 152fa81..9994962 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb
@@ -5,9 +5,8 @@
 CVE_PRODUCT = "libtiff"
 
 SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
-           file://libtool2.patch \
-           "
-
+           file://CVE-2019-6128.patch \
+           file://CVE-2019-7663.patch"
 SRC_URI[md5sum] = "114192d7ebe537912a2b97408832e7fd"
 SRC_URI[sha256sum] = "2c52d11ccaf767457db0c46795d9c7d1a8d8f76f68b0b800a3dfe45786b996e4"