poky: subtree update:a35bf0e5d3..b66b9f7548

backport:
meson 0.54.2: backport upstream patch for boost libs

Adrian Bunk (1):
      libubootenv: Remove the DEPENDS on mtd-utils

Alex Kiernan (2):
      openssh: Upgrade 8.2p1 -> 8.3p1
      systemd: upgrade v245.5 -> v245.6

Alexander Kanavin (68):
      btrfs-tools: upgrade 5.4.1 -> 5.6.1
      build-compare: upgrade to latest revision
      ccache: upgrade 3.7.7 -> 3.7.9
      createrepo-c: upgrade 0.15.7 -> 0.15.10
      dpkg: upgrade 1.19.7 -> 1.20.0
      librepo: upgrade 1.11.2 -> 1.11.3
      python3-numpy: upgrade 1.18.3 -> 1.18.4
      python3-cython: upgrade 0.29.16 -> 0.29.19
      python3-gitdb: upgrade 4.0.4 -> 4.0.5
      python3-mako: upgrade 1.1.1 -> 1.1.3
      python3-pygments: upgrade 2.5.2 -> 2.6.1
      python3-smmap: upgrade 2.0.5 -> 3.0.4
      python3-subunit: upgrade 1.3.0 -> 1.4.0
      python3-testtools: upgrade 2.3.0 -> 2.4.0
      python3: upgrade 3.8.2 -> 3.8.3
      strace: upgrade 5.5 -> 5.6
      vala: upgrade 0.46.6 -> 0.48.6
      cups: upgrade 2.3.1 -> 2.3.3
      gawk: upgrade 5.0.1 -> 5.1.0
      libsolv: upgrade 0.7.10 -> 0.7.14
      man-pages: upgrade 5.05 -> 5.06
      msmtp: upgrade 1.8.8 -> 1.8.10
      stress-ng: upgrade 0.11.01 -> 0.11.12
      stress-ng: mark as incompatible with musl
      sudo: upgrade 1.8.31 -> 1.9.0
      adwaita-icon-theme: upgrade 3.34.3 -> 3.36.1
      gtk+3: upgrade 3.24.14 -> 3.24.20
      cogl-1.0: upgrade 1.22.4 -> 1.22.6
      mesa: upgrade 20.0.2 -> 20.0.7
      mesa: merge the .bb content into .inc
      piglit: upgrade to latest revision
      waffle: upgrade 1.6.0 -> 1.6.1
      pixman: upgrade 0.38.4 -> 0.40.0
      kmod: upgrade 26 -> 27
      powertop: upgrade 2.10 -> 2.12
      alsa-plugins: upgrade 1.2.1 -> 1.2.2
      alsa-tools: upgrade 1.1.7 -> 1.2.2
      alsa-utils: split the content into .inc
      alsa-topology/ucm-conf: update to 1.2.2
      x264: upgrade to latest revision
      puzzles: upgrade to latest revision
      libcap: upgrade 2.33 -> 2.34
      libical: upgrade 3.0.7 -> 3.0.8
      libunwind: upgrade 1.3.1 -> 1.4.0
      rng-tools: upgrade 6.9 -> 6.10
      babeltrace: correct the git SRC_URI
      libexif: update to 0.6.22
      ppp: update 2.4.7 -> 2.4.8
      gettext: update 0.20.1 -> 0.20.2
      ptest-runner: fix upstream version check
      automake: 1.16.1 -> 1.16.2
      bison: 3.5.4 -> 3.6.2
      cmake: update 3.16.5 -> 3.17.3
      gnu-config: update to latest revision
      jquery: update to 3.5.1
      json-c: update 0.13.1 - > 0.14
      libmodulemd: update 2.9.2 -> 2.9.4
      meson: upgrade 0.53.2 -> 0.54.2
      shared-mime-info: fix upstream version check
      mpg123: fix upstream version check
      ethtool: upgrade 5.4 -> 5.6
      libcpre2: update 10.34 -> 10.35
      help2man-native: update to 1.47.15
      apt: update to 1.8.2.1
      asciidoc: bump PV to 8.6.10
      pulseaudio: exclude pre-releases from version checks
      xinetd: switch to a maintained opensuse fork
      lz4: disable static library

Andreas Müller (1):
      vte: Pack ${libexecdir}/vte-urlencode-cwd to vte-prompt

Anuj Mittal (1):
      linux-yocto: bump genericx86 kernel version to v5.4.40

Bruce Ashfield (5):
      linux-yocto/5.4: update to v5.4.42
      linux-yocto-rt/5.4: update to rt24
      linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels
      linux-yocto: gather reproducibility configs into a fragment
      linux-yocto/5.4: update to v5.4.43

Christian Eggers (2):
      librsvg: Extend for nativesdk
      tiff: Extend for nativesdk

Hongxu Jia (1):
      rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB

Jacob Kroon (1):
      bitbake: doc: More explanation to tasks that recursively depend on themselves

Jan Luebbe (1):
      classes/buildhistory: capture package config

Jens Rehsack (2):
      initscripts/init-system-helpers: fix mountnfs.sh dependency
      init-system-helpers: avoid superfluous update-rc.d

Joshua Watt (2):
      layer.conf: Bump OE-Core layer version
      wic: Add --offset argument for partitions

Junling Zheng (3):
      buildstats.bbclass: Remove useless variables
      buildstats.bbclass: Do not recalculate build start time
      security_flags: Remove stack protector flag from LDFLAGS

Kai Kang (1):
      bitbake: bitbake-user-manual-metadata.xml: fix a minor error

Khem Raj (4):
      make-mod-scripts: Fix a rare build race condition
      go-1.14: Update to 1.14.3 minor release
      armv8/tunes: Set TUNE_PKGARCH_64 based on ARMPKGARCH
      ltp: Disable sigwaitinfo tests relying on undefined behavior

Konrad Weihmann (8):
      qemurunner: fix ip fallback detection
      sysfsutils: rem leftover settings for libsysfs-dev
      debianutils: whitespace fixes
      libjpeg-turbo: whitespace fixes
      cairo: remove trailing whitespace
      gtk-doc: remove trailing whitespace
      libxt: fix whitespaces
      cogl: point to correct HOMEPAGE

Lee Chee Yang (4):
      re2c: fix CVE-2020-11958
      bind: fix CVE-2020-8616/7
      glib-2.0: 2.64.2 -> 2.64.3
      glib-networking: 2.64.2 -> 2.64.3

Marco Felsch (1):
      util-linux: alternatify rtcwake

Mark Hatle (1):
      sstate.bbclass: When siginfo or sig files are missing, stop fetcher errors

Martin Jansa (6):
      devtool: use -f and don't use --exclude-standard when adding files to workspace
      meta-selftest: add test of .gitignore in tarball
      lib/oe/patch: prevent applying patches without any subject
      lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
      Revert "lib/oe/patch: fix handling of patches with no header"
      meta-selftest: add test for .patch file with long filename and without subject

Mauro Queirós (3):
      bitbake: git.py: skip smudging if lfs=0 is set
      bitbake: git.py: LFS bitbake note should not be printed if need_lfs is not set.
      bitbake: git.py: Use the correct branch to check if the repository has LFS objects.

Ming Liu (2):
      u-boot.inc: fix some inconsistent coding style
      u-boot: introduce UBOOT_INITIAL_ENV

Paul Barker (5):
      archiver: Fix test case for srpm archiver mode
      oe-selftest: Allow overriding the build directory used for tests
      oe-selftest: Support verbose log output
      oe-selftest: Recursively patch test case paths
      bitbake: fetch2: Add the ability to list expanded URL data

Peter Kjellerstedt (1):
      cairo: Do not try to remove nonexistent directories

Pierre-Jean Texier (1):
      diffoscope: upgrade 144 -> 146

Ralph Siemsen (1):
      cve-check: include epoch in product version output

Richard Purdie (7):
      lib/classextend: Drop unneeded comment
      poky.ent: Update UBUNTU_HOST_PACKAGES_ESSENTIAL to match recent changes
      maintainers: Update Ross' email address
      logrotate: Drop obsolete setting/comment
      oeqa/targetcontrol: Rework exception handling to avoid warnings
      patchelf: Add patch to address corrupt shared library issue
      poky.ent: Update XXX_HOST_PACKAGES_ESSENTIAL to include mesa for other distros

Robert P. J. Day (1):
      bitbake.conf: Remove unused DEPLOY_DIR_TOOLS variable

Tim Orling (1):
      bitbake: toaster-requirements.txt: require Django 2.2

Trevor Gamblin (1):
      qemuarm: check serial consoles vs /proc/consoles

Wang Mingyu (13):
      less: upgrade 551 -> 562
      liburcu: upgrade 0.12.0 -> 0.12.1
      alsa-lib: upgrade 1.2.1.2 -> 1.2.2
      alsa-utils: upgrade 1.2.1 -> 1.2.2
      python3-six: upgrade 1.14.0 -> 1.15.0
      util-linux: upgrade 2.35.1 -> 2.35.2
      xf86-input-libinput: upgrade 0.29.0 -> 0.30.0
      ca-certificates: upgrade 20190110 -> 20200601
      dbus: upgrade 1.12.16 -> 1.12.18
      libyaml: upgrade 0.2.4 -> 0.2.5
      sqlite: upgrade 3.31.1 -> 3.32.1
      valgrind: upgrade 3.15.0 -> 3.16.0
      dbus-test: upgrade 1.12.16 -> 1.12.18

akuster (2):
      poky.ent: Update OPENSUSE_HOST_PACKAGES_ESSENTIAL to include mesa-dri-devel
      yocto-docs: Add SPDX headers in scripts and Makefile

hongxu (1):
      core-image-minimal-initramfs: keep restriction with initramfs-module-install

zangrc (3):
      python3-pycairo:upgrade 1.19.0 -> 1.19.1
      python3-pygobject:upgrade 3.34.0 -> 3.36.1
      python3-setuptools:upgrade 45.2.0 -> 47.1.1

zhengruoqin (2):
      gdb: upgrade 9.1 -> 9.2
      libyaml: upgrade 0.2.2 -> 0.2.4

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I60e616be0c30904f8cfc947089ed2e4f5e84bc60

3 files changed, 237 insertions, 0 deletions

diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch
new file mode 100644
index 000000000..8f0023191
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch
@@ -0,0 +1,206 @@
+Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8616.patch]
+CVE: CVE-2020-8616
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+diff --git a/lib/dns/adb.c b/lib/dns/adb.c
+index 058495f6a5..6b8a9537f0 100644
+--- a/lib/dns/adb.c
++++ b/lib/dns/adb.c
+@@ -404,14 +404,13 @@ static void log_quota(dns_adbentry_t *entry, const char *fmt, ...)
+  */
+ #define FIND_WANTEVENT(fn)      (((fn)->options & DNS_ADBFIND_WANTEVENT) != 0)
+ #define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0)
+-#define FIND_AVOIDFETCHES(fn)   (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \
+-				 != 0)
+-#define FIND_STARTATZONE(fn)    (((fn)->options & DNS_ADBFIND_STARTATZONE) \
+-				 != 0)
+-#define FIND_HINTOK(fn)         (((fn)->options & DNS_ADBFIND_HINTOK) != 0)
+-#define FIND_GLUEOK(fn)         (((fn)->options & DNS_ADBFIND_GLUEOK) != 0)
+-#define FIND_HAS_ADDRS(fn)      (!ISC_LIST_EMPTY((fn)->list))
+-#define FIND_RETURNLAME(fn)     (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0)
++#define FIND_AVOIDFETCHES(fn)	(((fn)->options & DNS_ADBFIND_AVOIDFETCHES) != 0)
++#define FIND_STARTATZONE(fn)	(((fn)->options & DNS_ADBFIND_STARTATZONE) != 0)
++#define FIND_HINTOK(fn)		(((fn)->options & DNS_ADBFIND_HINTOK) != 0)
++#define FIND_GLUEOK(fn)		(((fn)->options & DNS_ADBFIND_GLUEOK) != 0)
++#define FIND_HAS_ADDRS(fn)	(!ISC_LIST_EMPTY((fn)->list))
++#define FIND_RETURNLAME(fn)	(((fn)->options & DNS_ADBFIND_RETURNLAME) != 0)
++#define FIND_NOFETCH(fn)	(((fn)->options & DNS_ADBFIND_NOFETCH) != 0)
+ 
+ /*
+  * These are currently used on simple unsigned ints, so they are
+@@ -3155,21 +3154,26 @@ dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+ 		 * Listen to negative cache hints, and don't start
+ 		 * another query.
+ 		 */
+-		if (NCACHE_RESULT(result) || AUTH_NX(result))
++		if (NCACHE_RESULT(result) || AUTH_NX(result)) {
+ 			goto fetch;
++		}
+ 
+-		if (!NAME_FETCH_V6(adbname))
++		if (!NAME_FETCH_V6(adbname)) {
+ 			wanted_fetches |= DNS_ADBFIND_INET6;
++		}
+ 	}
+ 
+  fetch:
+ 	if ((WANT_INET(wanted_addresses) && NAME_HAS_V4(adbname)) ||
+ 	    (WANT_INET6(wanted_addresses) && NAME_HAS_V6(adbname)))
++	{
+ 		have_address = true;
+-	else
++	} else {
+ 		have_address = false;
+-	if (wanted_fetches != 0 &&
+-	    ! (FIND_AVOIDFETCHES(find) && have_address)) {
++	}
++	if (wanted_fetches != 0 && !(FIND_AVOIDFETCHES(find) && have_address) &&
++	    !FIND_NOFETCH(find))
++	{
+ 		/*
+ 		 * We're missing at least one address family.  Either the
+ 		 * caller hasn't instructed us to avoid fetches, or we don't
+@@ -3177,8 +3181,9 @@ dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+ 		 * be acceptable so we have to launch fetches.
+ 		 */
+ 
+-		if (FIND_STARTATZONE(find))
++		if (FIND_STARTATZONE(find)) {
+ 			start_at_zone = true;
++		}
+ 
+ 		/*
+ 		 * Start V4.
+diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h
+index 63a13c4e41..edf6e54935 100644
+--- a/lib/dns/include/dns/adb.h
++++ b/lib/dns/include/dns/adb.h
+@@ -207,6 +207,10 @@ struct dns_adbfind {
+  *      lame for this query.
+  */
+ #define DNS_ADBFIND_OVERQUOTA		0x00000400
++/*%
++ *	Don't perform a fetch even if there are no address records available.
++ */
++#define DNS_ADBFIND_NOFETCH		0x00000800
+ 
+ /*%
+  * The answers to queries come back as a list of these.
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 7c44478a26..0a40859d08 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -172,6 +172,14 @@
+ #define DEFAULT_MAX_QUERIES 75
+ #endif
+ 
++/*
++ * After NS_FAIL_LIMIT attempts to fetch a name server address,
++ * if the number of addresses in the NS RRset exceeds NS_RR_LIMIT,
++ * stop trying to fetch, in order to avoid wasting resources.
++ */
++#define NS_FAIL_LIMIT 4
++#define NS_RR_LIMIT   5
++
+ /* Number of hash buckets for zone counters */
+ #ifndef RES_DOMAIN_BUCKETS
+ #define RES_DOMAIN_BUCKETS	523
+@@ -3130,8 +3138,7 @@ sort_finds(dns_adbfindlist_t *findlist, unsigned int bias) {
+ static void
+ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
+ 	 unsigned int options, unsigned int flags, isc_stdtime_t now,
+-	 bool *overquota, bool *need_alternate)
+-{
++	 bool *overquota, bool *need_alternate, unsigned int *no_addresses) {
+ 	dns_adbaddrinfo_t *ai;
+ 	dns_adbfind_t *find;
+ 	dns_resolver_t *res;
+@@ -3219,7 +3226,12 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
+ 			      find->result_v6 != DNS_R_NXDOMAIN) ||
+ 			     (res->dispatches6 == NULL &&
+ 			      find->result_v4 != DNS_R_NXDOMAIN)))
++			{
+ 				*need_alternate = true;
++			}
++			if (no_addresses != NULL) {
++				(*no_addresses)++;
++			}
+ 		} else {
+ 			if ((find->options & DNS_ADBFIND_OVERQUOTA) != 0) {
+ 				if (overquota != NULL)
+@@ -3270,6 +3282,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
+ 	dns_rdata_ns_t ns;
+ 	bool need_alternate = false;
+ 	bool all_spilled = true;
++	unsigned int no_addresses = 0;
+ 
+ 	FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
+ 
+@@ -3437,20 +3450,28 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
+ 		 * Extract the name from the NS record.
+ 		 */
+ 		result = dns_rdata_tostruct(&rdata, &ns, NULL);
+-		if (result != ISC_R_SUCCESS)
++		if (result != ISC_R_SUCCESS) {
+ 			continue;
++		}
+ 
+-		findname(fctx, &ns.name, 0, stdoptions, 0, now,
+-			 &overquota, &need_alternate);
++		if (no_addresses > NS_FAIL_LIMIT &&
++		    dns_rdataset_count(&fctx->nameservers) > NS_RR_LIMIT)
++		{
++			stdoptions |= DNS_ADBFIND_NOFETCH;
++		}
++		findname(fctx, &ns.name, 0, stdoptions, 0, now, &overquota,
++			 &need_alternate, &no_addresses);
+ 
+-		if (!overquota)
++		if (!overquota) {
+ 			all_spilled = false;
++		}
+ 
+ 		dns_rdata_reset(&rdata);
+ 		dns_rdata_freestruct(&ns);
+ 	}
+-	if (result != ISC_R_NOMORE)
++	if (result != ISC_R_NOMORE) {
+ 		return (result);
++	}
+ 
+ 	/*
+ 	 * Do we need to use 6 to 4?
+@@ -3465,7 +3486,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
+ 			if (!a->isaddress) {
+ 				findname(fctx, &a->_u._n.name, a->_u._n.port,
+ 					 stdoptions, FCTX_ADDRINFO_FORWARDER,
+-					 now, NULL, NULL);
++					 now, NULL, NULL, NULL);
+ 				continue;
+ 			}
+ 			if (isc_sockaddr_pf(&a->_u.addr) != family)
+@@ -3827,16 +3827,14 @@ fctx_try(fetchctx_t *fctx, bool retrying, bool badcache) {
+ 		}
+ 	}
+ 
+-	if (dns_name_countlabels(&fctx->domain) > 2) {
+-		result = isc_counter_increment(fctx->qc);
+-		if (result != ISC_R_SUCCESS) {
+-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+-				      DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+-				      "exceeded max queries resolving '%s'",
+-				      fctx->info);
+-			fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+-			return;
+-		}
++	result = isc_counter_increment(fctx->qc);
++	if (result != ISC_R_SUCCESS) {
++		isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
++			      DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
++			      "exceeded max queries resolving '%s'",
++			      fctx->info);
++		fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
++		return;
+ 	}
+ 
+ 	bucketnum = fctx->bucketnum;
diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch
new file mode 100644
index 000000000..d8769c45c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8617.patch]
+CVE: CVE-2020-8617
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
+index b597a18d49..6357a3a486 100644
+--- a/lib/dns/tsig.c
++++ b/lib/dns/tsig.c
+@@ -1427,8 +1424,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
+ 			goto cleanup_context;
+ 		}
+ 		msg->verified_sig = 1;
+-	} else if (tsig.error != dns_tsigerror_badsig &&
+-		   tsig.error != dns_tsigerror_badkey) {
++	} else if (!response || (tsig.error != dns_tsigerror_badsig &&
++				 tsig.error != dns_tsigerror_badkey))
++	{
+ 		tsig_log(msg->tsigkey, 2, "signature was empty");
+ 		return (DNS_R_TSIGVERIFYFAILURE);
+ 	}
+@@ -1484,7 +1482,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
+ 		}
+ 	}
+ 
+-	if (tsig.error != dns_rcode_noerror) {
++	if (response && tsig.error != dns_rcode_noerror) {
+ 		msg->tsigstatus = tsig.error;
+ 		if (tsig.error == dns_tsigerror_badtime)
+ 			ret = DNS_R_CLOCKSKEW;
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb
index 4e64171cc..8f2d702dc 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb
@@ -18,6 +18,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
+           file://CVE-2020-8616.patch \
+           file://CVE-2020-8617.patch \
            "
 
 SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057"