poky: subtree update:c6bc20857c..b23aa6b753

Anatol Belski (1):
      bitbake: bitbake: hashserv: Fix localhost sometimes resolved to a wrong IP

Andrew Geissler (1):
      systemd: Upgrade v246.2 -> v246.6

Anibal Limon (1):
      mesa: update 20.1.6 -> 20.1.8

Bruce Ashfield (2):
      linux-yocto/beaglebone: Switch to sdhci-omap driver
      kernel-yocto: add KBUILD_DEFCONFIG search location to failure message

Changqing Li (1):
      sysklogd: fix parallel build issue

Charlie Davies (2):
      bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url
      bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url

Chee Yang Lee (1):
      bash : include patch 17 & 18

Chen Qi (2):
      populate_sdk_ext.bbclass: add ESDK_MANIFEST_EXCLUDES
      testsdk.py: remove workspace/sources to avoid failure in case of multilib

Chris Laplante (3):
      bitbake.conf: add name of multiconfig to BUILDCFG_HEADER when multiconfig is active
      cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file
      cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs

Christian Eggers (1):
      packagegroup: rrecommend perf also for musl on ARM

De Huo (1):
      bash: fix CVE-2019-18276

Jean-Francois Dagenais (2):
      bitbake: bitbake: tests/siggen: introduce clean_basepath testcases
      bitbake: bitbake: siggen: clean_basepath: improve perfo and readability

Jens Rehsack (1):
      image-artifact-names: make variables overridable

Jon Mason (1):
      Space-comma Cleanups

Jonathan Richardson (1):
      cortex-m0.inc: Add tuning for cortex-m0

Kai Kang (2):
      systemd: disable xdg-autostart generator by default
      kea: fix conflict between multilibs

Khairul Rohaizzat Jamaluddin (1):
      sphinx: ref-variables: Added entry for IMAGE_EFI_BOOT_FILES

Khem Raj (6):
      ncurses: Create alternative symlinks for st and st-256color
      packagegroups: remove strace and lttng-tools for rv32/musl
      qemuboot: Add QB_RNG variable
      gettext: Fix ptest failure
      ptest-runner: Backport patch to fix inappropriate ioctl error
      systemd: Drop 0023-Fix-field-efi_loader_entry_one_shot_stat-has-incompl.patch

Konrad Weihmann (1):
      testexport: rename create_tarball method

Leif Middelschulte (2):
      bitbake: fetch2: fix handling of `\` in file:// SRC_URI
      bitbake: tests/fetch: backslash support in file:// URIs

Mark Jonas (2):
      Add license text for PSF-2.0
      Map license names PSF and PSFv2 to PSF-2.0

Mingli Yu (3):
      kea: create /var/lib/kea and /var/run/kea folder
      bind: remove -r option for rndc-confgen
      debianutils: update the debian snapshot version

Nicolas Dechesne (3):
      sphinx: report errors when dependencies are not met
      README: include detailed information about sphinx
      sphinx: fix up some trademark and branding issues

Norman Stetter (1):
      sstate.bbclass: Check file ownership before doing 'touch -a'

Otavio Salvador (1):
      openssh: Allow enable/disable of rng-tools recommendation on sshd

Peter A. Bigot (1):
      go-mod.bbclass: use append to add `modcacherw`

Quentin Schulz (2):
      docs: static: theme_overrides.css: fix responsive design on <640px screens
      docs: fix broken links

Randy MacLeod (1):
      curl: Change SRC_URI from http to https

Rasmus Villemoes (1):
      kernel.bbclass: ensure symlink_kernsrc task gets run even with externalsrc

Richard Purdie (15):
      scripts/oe-build-perf-report: Use python3 from the environment
      dropbear/openssh: Lower priority of key generation
      oeqa/qemurunner: Increase serial timeout
      python3-markupsafe: Import from meta-oe/meta-python
      python3-jinja2: Import from meta-oe/meta-python
      buildtools-tarball: Add python3-jinja2
      buildtools-tarball: Fix conflicts with oe-selftest and other tooling
      oeqa/selftest/incompatible_lib: Fix append usage
      oeqa/selftest/containerimage: Update to match assumptions in configuration
      ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys
      build-appliance-image: Update to master head revision
      bitbake: Revert "bitbake-layers: add signal hander to avoid exception"
      staging: Ensure cleaned dependencies are added
      oeqa/selftest/devtool: Add sync call to test teardown
      bitbake: cooker: Avoid tracebacks if data was never setup

Ross Burton (11):
      gettext: no need to depend on bison-native
      meta: add/fix invalid Upstream-Status tags
      bitbake: taskexp: update for GTK API changes
      glibc: make nscd optional
      utils: respect scheduler affinity in cpu_count()
      rpm: disable libarchive use
      sstate: set mode explicitly when creating directories in sstate-cache
      rpm: add PACKAGECONFIG for the systemd inhibit plugin
      boost: move the build directory outside of S
      bitbake: utils: add umask changing context manager
      bitbake: siggen: use correct umask when writing siginfo

Saul Wold (2):
      testimage: Add testimage_dump_target to kwargs
      target/ssh.py: Add dump_target support

Teoh Jay Shen (1):
      oeqa/runtime : add test for RTC(Real Time Clock)

Tim Orling (1):
      oeqa/selftest/cases/devtool.py: avoid .pyc race

Usama Arif (1):
      ref-manual: document authentication key variables

Wang Mingyu (1):
      maintainers.inc: Add Zang Ruochen and Wang Mingyu for several recipes

Yi Zhao (4):
      dhcpcd: pass --dbdir to EXTRA_OECONF to set database directory
      dhcpcd: set --runstatedir to /run
      dhcpcd: add dhcpcd user to support priviledge separation
      dhcpcd: set service to conflict with connman

akuster (1):
      libdrm: fix build failure

zangrc (4):
      bind: upgrade 9.16.5 -> 9.16.7
      stress-ng: upgrade 0.11.19 -> 0.11.21
      pango: upgrade 1.46.1 -> 1.46.2
      sudo: upgrade 1.9.2 -> 1.9.3

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I2c19d3b3793ee5a6f42e04817147d75f315943a5
diff --git a/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch b/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch
new file mode 100644
index 0000000..7b20732
--- /dev/null
+++ b/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch
@@ -0,0 +1,386 @@
+From 951bdaad7a18cc0dc1036bba86b18b90874d39ff Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Mon, 1 Jul 2019 09:03:53 -0400
+Subject: [PATCH] commit bash-20190628 snapshot
+
+An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
+By default, if Bash is run with its effective UID not equal to its real UID,
+it will drop privileges by setting its effective UID to its real UID.
+However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality,
+the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for
+runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore
+regains privileges. However, binaries running with an effective UID of 0 are unaffected.
+
+Get the patch from [1] to fix the issue.
+
+Upstream-Status: Inappropriate [the upstream thinks it doesn't increase the credibility of CVEs in general]
+CVE: CVE-2019-18276
+
+[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa
+
+Signed-off-by: De Huo <De.Huo@windriver.com>
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ MANIFEST          |  2 ++
+ bashline.c        | 50 +-------------------------------------------------
+ builtins/help.def |  2 +-
+ config.h.in       | 10 +++++++++-
+ configure.ac      |  1 +
+ doc/bash.1        |  3 ++-
+ doc/bashref.texi  |  3 ++-
+ lib/glob/glob.c   |  5 ++++-
+ pathexp.c         | 16 ++++++++++++++--
+ shell.c           |  8 ++++++++
+ tests/glob.tests  |  2 ++
+ tests/glob6.sub   | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ tests/glob7.sub   | 11 +++++++++++
+ 14 files changed, 122 insertions(+), 56 deletions(-)
+ create mode 100644 tests/glob6.sub
+ create mode 100644 tests/glob7.sub
+
+diff --git a/MANIFEST b/MANIFEST
+index 03de221..f9ccad7 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -1037,6 +1037,8 @@ tests/extglob3.tests	f
+ tests/extglob3.right	f
+ tests/extglob4.sub	f
+ tests/extglob5.sub	f
++tests/glob6.sub		f
++tests/glob7.sub		f
+ tests/func.tests	f
+ tests/func.right	f
+ tests/func1.sub		f
+diff --git a/bashline.c b/bashline.c
+index 824ea9d..d86b47d 100644
+--- a/bashline.c
++++ b/bashline.c
+@@ -3718,55 +3718,7 @@ static int
+ completion_glob_pattern (string)
+      char *string;
+ {
+-  register int c;
+-  char *send;
+-  int open;
+-
+-  DECLARE_MBSTATE;
+-
+-  open = 0;
+-  send = string + strlen (string);
+-
+-  while (c = *string++)
+-    {
+-      switch (c)
+-	{
+-	case '?':
+-	case '*':
+-	  return (1);
+-
+-	case '[':
+-	  open++;
+-	  continue;
+-
+-	case ']':
+-	  if (open)
+-	    return (1);
+-	  continue;
+-
+-	case '+':
+-	case '@':
+-	case '!':
+-	  if (*string == '(')	/*)*/
+-	    return (1);
+-	  continue;
+-
+-	case '\\':
+-	  if (*string++ == 0)
+-	    return (0);	 	  
+-	}
+-
+-      /* Advance one fewer byte than an entire multibyte character to
+-	 account for the auto-increment in the loop above. */
+-#ifdef HANDLE_MULTIBYTE
+-      string--;
+-      ADVANCE_CHAR_P (string, send - string);
+-      string++;
+-#else
+-      ADVANCE_CHAR_P (string, send - string);
+-#endif
+-    }
+-  return (0);
++  return (glob_pattern_p (string) == 1);
+ }
+ 
+ static char *globtext;
+diff --git a/builtins/help.def b/builtins/help.def
+index 006c4b5..92f9b38 100644
+--- a/builtins/help.def
++++ b/builtins/help.def
+@@ -128,7 +128,7 @@ help_builtin (list)
+ 
+   /* We should consider making `help bash' do something. */
+ 
+-  if (glob_pattern_p (list->word->word))
++  if (glob_pattern_p (list->word->word) == 1)
+     {
+       printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1)));
+       print_word_list (list, ", ");
+diff --git a/config.h.in b/config.h.in
+index 8554aec..ad4b1e8 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -1,6 +1,6 @@
+ /* config.h -- Configuration file for bash. */
+ 
+-/* Copyright (C) 1987-2009,2011-2012 Free Software Foundation, Inc.
++/* Copyright (C) 1987-2009,2011-2012,2013-2019 Free Software Foundation, Inc.
+ 
+    This file is part of GNU Bash, the Bourne Again SHell.
+ 
+@@ -807,6 +807,14 @@
+ #undef HAVE_SETREGID
+ #undef HAVE_DECL_SETREGID
+ 
++/* Define if you have the setregid function.  */
++#undef HAVE_SETRESGID
++#undef HAVE_DECL_SETRESGID
++
++/* Define if you have the setresuid function.  */
++#undef HAVE_SETRESUID
++#undef HAVE_DECL_SETRESUID
++
+ /* Define if you have the setvbuf function.  */
+ #undef HAVE_SETVBUF
+ 
+diff --git a/configure.ac b/configure.ac
+index 52b4cdb..549adef 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -810,6 +810,7 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
++AC_CHECK_DECLS[(setresuid, setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+ 
+diff --git a/doc/bash.1 b/doc/bash.1
+index e6cd08d..9e58a0b 100644
+--- a/doc/bash.1
++++ b/doc/bash.1
+@@ -4681,7 +4681,8 @@ above).
+ .PD
+ .SH "SIMPLE COMMAND EXPANSION"
+ When a simple command is executed, the shell performs the following
+-expansions, assignments, and redirections, from left to right.
++expansions, assignments, and redirections, from left to right, in
++the following order.
+ .IP 1.
+ The words that the parser has marked as variable assignments (those
+ preceding the command name) and redirections are saved for later
+diff --git a/doc/bashref.texi b/doc/bashref.texi
+index d33cd57..3065126 100644
+--- a/doc/bashref.texi
++++ b/doc/bashref.texi
+@@ -2964,7 +2964,8 @@ is not specified.  If the file does not exist, it is created.
+ @cindex command expansion
+ 
+ When a simple command is executed, the shell performs the following
+-expansions, assignments, and redirections, from left to right.
++expansions, assignments, and redirections, from left to right, in
++the following order.
+ 
+ @enumerate
+ @item
+diff --git a/lib/glob/glob.c b/lib/glob/glob.c
+index 398253b..2eaa33e 100644
+--- a/lib/glob/glob.c
++++ b/lib/glob/glob.c
+@@ -607,6 +607,7 @@ glob_vector (pat, dir, flags)
+   register unsigned int i;
+   int mflags;		/* Flags passed to strmatch (). */
+   int pflags;		/* flags passed to sh_makepath () */
++  int hasglob;		/* return value from glob_pattern_p */
+   int nalloca;
+   struct globval *firstmalloc, *tmplink;
+   char *convfn;
+@@ -648,10 +649,12 @@ glob_vector (pat, dir, flags)
+   patlen = (pat && *pat) ? strlen (pat) : 0;
+ 
+   /* If the filename pattern (PAT) does not contain any globbing characters,
++     or contains a pattern with only backslash escapes (hasglob == 2),
+      we can dispense with reading the directory, and just see if there is
+      a filename `DIR/PAT'.  If there is, and we can access it, just make the
+      vector to return and bail immediately. */
+-  if (skip == 0 && glob_pattern_p (pat) == 0)
++  hasglob = 0;
++  if (skip == 0 && (hasglob = glob_pattern_p (pat)) == 0 || hasglob == 2)
+     {
+       int dirlen;
+       struct stat finfo;
+diff --git a/pathexp.c b/pathexp.c
+index c1bf2d8..e6c5392 100644
+--- a/pathexp.c
++++ b/pathexp.c
+@@ -58,7 +58,10 @@ int extended_glob = EXTGLOB_DEFAULT;
+ /* Control enabling special handling of `**' */
+ int glob_star = 0;
+ 
+-/* Return nonzero if STRING has any unquoted special globbing chars in it.  */
++/* Return nonzero if STRING has any unquoted special globbing chars in it.
++   This is supposed to be called when pathname expansion is performed, so
++   it implements the rules in Posix 2.13.3, specifically that an unquoted
++   slash cannot appear in a bracket expression. */
+ int
+ unquoted_glob_pattern_p (string)
+      register char *string;
+@@ -85,10 +88,14 @@ unquoted_glob_pattern_p (string)
+ 	  continue;
+ 
+ 	case ']':
+-	  if (open)
++	  if (open)		/* XXX - if --open == 0? */
+ 	    return (1);
+ 	  continue;
+ 
++	case '/':
++	  if (open)
++	    open = 0;
++
+ 	case '+':
+ 	case '@':
+ 	case '!':
+@@ -106,6 +113,11 @@ unquoted_glob_pattern_p (string)
+ 	      string++;
+ 	      continue;
+ 	    }
++	  else if (open && *string == '/')
++	    {
++	      string++;		/* quoted slashes in bracket expressions are ok */
++	      continue;
++	    }
+ 	  else if (*string == 0)
+ 	    return (0);
+ 	 	  
+diff --git a/shell.c b/shell.c
+index a2b2a55..6adabc8 100644
+--- a/shell.c
++++ b/shell.c
+@@ -1293,7 +1293,11 @@ disable_priv_mode ()
+ {
+   int e;
+ 
++#if HAVE_DECL_SETRESUID
++  if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
++#else
+   if (setuid (current_user.uid) < 0)
++#endif
+     {
+       e = errno;
+       sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
+@@ -1302,7 +1306,11 @@ disable_priv_mode ()
+ 	exit (e);
+ #endif
+     }
++#if HAVE_DECL_SETRESGID
++  if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
++#else
+   if (setgid (current_user.gid) < 0)
++#endif
+     sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
+ 
+   current_user.euid = current_user.uid;
+diff --git a/tests/glob.tests b/tests/glob.tests
+index 01913bb..fb012f7 100644
+--- a/tests/glob.tests
++++ b/tests/glob.tests
+@@ -12,6 +12,8 @@ ${THIS_SH} ./glob1.sub
+ ${THIS_SH} ./glob2.sub
+ ${THIS_SH} ./glob3.sub
+ ${THIS_SH} ./glob4.sub
++${THIS_SH} ./glob6.sub
++${THIS_SH} ./glob7.sub
+ 
+ MYDIR=$PWD	# save where we are
+ 
+diff --git a/tests/glob6.sub b/tests/glob6.sub
+new file mode 100644
+index 0000000..b099811
+--- /dev/null
++++ b/tests/glob6.sub
+@@ -0,0 +1,54 @@
++# tests of the backslash-in-glob-patterns discussion on the austin-group ML
++
++: ${TMPDIR:=/var/tmp}
++
++ORIG=$PWD
++GLOBDIR=$TMPDIR/bash-glob-$$
++mkdir $GLOBDIR && cd $GLOBDIR
++
++# does the pattern matcher allow backslashes as escape characters and remove
++# them as part of matching?
++touch abcdefg
++pat='ab\cd*'
++printf '<%s>\n' $pat
++pat='\.'
++printf '<%s>\n' $pat
++rm abcdefg
++
++# how about when escaping pattern characters?
++touch '*abc.c'
++a='\**.c'
++printf '%s\n' $a
++rm -f '*abc.c'
++
++# how about when making the distinction between readable and searchable path
++# components?
++mkdir -m a=x searchable
++mkdir -m a=r readable
++
++p='searchable/\.'
++printf "%s\n" $p
++
++p='searchable/\./.'
++printf "%s\n" $p
++
++p='readable/\.'
++printf "%s\n" $p
++
++p='readable/\./.'
++printf "%s\n" $p
++
++printf "%s\n" 'searchable/\.'
++printf "%s\n" 'readable/\.'
++
++echo */.
++
++p='*/\.'
++echo $p
++
++echo */'.'
++
++rmdir searchable readable
++
++cd $ORIG
++rmdir $GLOBDIR
+diff --git a/tests/glob7.sub b/tests/glob7.sub
+new file mode 100644
+index 0000000..0212b8e
+--- /dev/null
++++ b/tests/glob7.sub
+@@ -0,0 +1,11 @@
++# according to Posix 2.13.3, a slash in a bracket expression renders that
++# bracket expression invalid
++shopt -s nullglob
++
++echo 1: [qwe/qwe]
++echo 2: [qwe/
++echo 3: [qwe/]
++
++echo 4: [qwe\/qwe]
++echo 5: [qwe\/
++echo 6: [qwe\/]
+-- 
+1.9.1
+
diff --git a/poky/meta/recipes-extended/bash/bash_5.0.bb b/poky/meta/recipes-extended/bash/bash_5.0.bb
index 8ff9e6e..257a03b 100644
--- a/poky/meta/recipes-extended/bash/bash_5.0.bb
+++ b/poky/meta/recipes-extended/bash/bash_5.0.bb
@@ -21,6 +21,8 @@
            ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-014;apply=yes;striplevel=0;name=patch014 \
            ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-015;apply=yes;striplevel=0;name=patch015 \
            ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-016;apply=yes;striplevel=0;name=patch016 \
+           ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-017;apply=yes;striplevel=0;name=patch017 \
+           ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-018;apply=yes;striplevel=0;name=patch018 \
            file://execute_cmd.patch \
            file://mkbuiltins_have_stringize.patch \
            file://build-tests.patch \
@@ -28,6 +30,7 @@
            file://run-ptest \
            file://run-bash-ptests \
            file://fix-run-builtins.patch \
+           file://bash-CVE-2019-18276.patch \
            "
 
 SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b"
@@ -65,6 +68,11 @@
 SRC_URI[patch015.sha256sum] = "a517df2dda93b26d5cbf00effefea93e3a4ccd6652f152f4109170544ebfa05e"
 SRC_URI[patch016.md5sum] = "a682ed6fa2c2e7a7c3ba6bdeada07fb5"
 SRC_URI[patch016.sha256sum] = "ffd1d7a54a99fa7f5b1825e4f7e95d8c8876bc2ca151f150e751d429c650b06d"
+SRC_URI[patch017.md5sum] = "d9dcaa1d8e7a24850449a1aac43a12a9"
+SRC_URI[patch017.sha256sum] = "4cf3b9fafb8a66d411dd5fc9120032533a4012df1dc6ee024c7833373e2ddc31"
+SRC_URI[patch018.md5sum] = "a64d950d5de72ae590455b13e6afefcb"
+SRC_URI[patch018.sha256sum] = "7c314e375a105a6642e8ed44f3808b9def89d15f7492fe2029a21ba9c0de81d3"
+
 
 DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
 DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"