poky: subtree update:52a625582e..7035b4b21e

Adrian Bunk (9):
      squashfs-tools: Upgrade to 4.4
      screen: Upgrade 4.6.2 -> 4.7.0
      stress-ng: Upgrade 0.10.00 -> 0.10.08
      nspr: Upgrade 4.21 -> 4.23
      gcc: Remove stale gcc 8 patchfile
      gnu-efi: Upgrade 3.0.9 -> 3.0.10
      python3-numpy: Stop shipping manual config files
      coreutils: Move stdbuf into an own package coreutils-stdbuf
      gnu-efi: Upgrade 3.0.10 -> 3.0.11

Alessio Igor Bogani (1):
      systemtap: support usrmerge

Alexander Hirsch (1):
      libksba: Fix license specification

Alexander Kanavin (6):
      gcr: update to 3.34.0
      btrfs-tools: update to 5.3
      libmodulemd-v1: update to 1.8.16
      selftest: skip virgl test on centos 7 entirely
      nfs-utils: do not depend on bash unnecessarily
      selftest: add a test for gpl3-free images

Alistair Francis (4):
      opensbi: Bump from 0.4 to 0.5
      u-boot: Bump from 2019.07 to 2019.10
      qemuriscv64: Build smode U-Boot
      libsdl2: Fix build failure when using mesa 19.2.1

Andreas Müller (4):
      adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
      gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
      IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
      libical: add PACKAGECONFIG glib and enable it by default

André Draszik (10):
      testimage.bbclass: support hardware-controlled targets
      testimage.bbclass: enable ssh agent forwarding
      oeqa/runtime/df: don't fail on long device names
      oeqa/core/decorator: add skipIfFeature
      oeqa/runtime/opkg: skip install on read-only-rootfs
      oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
      ruby: update to v2.6.4
      ruby: some ptest fixes
      oeqa/runtime/context.py: ignore more files when loading controllers
      connman: mark connman-wait-online as SYSTEMD_PACKAGE

Bruce Ashfield (6):
      linux-yocto/4.19: update to v4.19.78
      linux-yocto/5.2: update to v5.2.20
      perf: fix v5.4+ builds
      perf: create directories before copying single files
      perf: add 'cap' PACKAGECONFIG
      perf: drop 'include' copy

Carlos Rafael Giani (12):
      gstreamer1.0: upgrade to version 1.16.1
      gstreamer1.0-plugins-base: upgrade to version 1.16.1
      gstreamer1.0-plugins-good: upgrade to version 1.16.1
      gstreamer1.0-plugins-bad: upgrade to version 1.16.1
      gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
      gstreamer1.0-libav: upgrade to version 1.16.1
      gstreamer1.0-vaapi: upgrade to version 1.16.1
      gstreamer1.0-omx: upgrade to version 1.16.1
      gstreamer1.0-python: upgrade to version 1.16.1
      gstreamer1.0-rtsp-server: upgrade to version 1.16.1
      gst-validate: upgrade to version 1.16.1
      gstreamer: Change SRC_URI to use HTTPS access instead of HTTP

Changqing Li (4):
      qemu: Fix CVE-2019-12068
      python: Fix CVE-2019-10160
      sudo: fix CVE-2019-14287
      mdadm: fix do_package failed when changed local.conf but not cleaned

Chee Yang Lee (2):
      wic/help: change 'wic write' help description
      wic/engine: use 'linux-swap' for swap file system

Chen Qi (3):
      go: fix CVE-2019-16276
      python3: fix CVE-2019-16935
      python: fix CVE-2019-16935

Chris Laplante via bitbake-devel (2):
      bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
      bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'

Christopher Larson (2):
      bitbake: fetch2/git: fetch shallow revs when needed
      bitbake: tests/fetch: add test for fetching shallow revs

Dan Callaghan (1):
      elfutils: add PACKAGECONFIG for compression algorithms

Douglas Royds via Openembedded-core (1):
      icecc: Export ICECC_CC and friends via wrapper-script

Eduardo Abinader (1):
      devtool: add ssh key option to deploy-target param

Eugene Smirnov (1):
      wic/rawcopy: Support files in sub-directories

Ferry Toth (1):
      sudo: Fix fetching sources

Frazer Leslie Clews (2):
      makedevs: fix format strings in makedevs.c in print statements
      makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf

George McCollister (1):
      openssl: make OPENSSL_ENGINES match install path

Haiqing Bai (1):
      unfs3: fixed the issue that unfsd consumes 100% CPU

He Zhe (1):
      ltp: Fix overcommit_memory failure

Hongxu Jia (1):
      openssh: fix CVE-2019-16905

Joe Slater (2):
      libtiff: fix CVE-2019-17546
      libxslt: fix CVE-2019-18197

Kai Kang (1):
      bind: fix CVE-2019-6471 and CVE-2018-5743

Liwei Song (1):
      util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]

Mattias Hansson (1):
      base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot

Max Tomago (1):
      python-native: Remove debug.patch

Maxime Roussin-Bélanger (2):
      meta: update and add missing homepage/bugtracker links
      meta: add missing description in recipes-gnome

Michael Ho (1):
      cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH

Mike Crowe (2):
      kernel-fitimage: Cope with non-standard kernel deploy subdirectory
      kernel-devicetree: Cope with non-standard kernel deploy subdirectory

Mikko Rapeli (1):
      systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}

Nicola Lunghi (1):
      ofono: tidy up the recipe

Ola x Nilsson (10):
      oeqa/selftest/recipetool: Use with to control file handle lifetime
      oe.types.path: Use with to control file handle lifetime
      lib/oe/packagedata: Use with to control file handle lifetime
      lib/oe/package_manager: Use with to control file handle lifetime
      report-error.bbclass: Use with to control file handle lifetime
      package.bbclass: Use with to manage file handle lifetimes
      devtool-source.bbclass: Use with to manage file handle lifetime
      libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
      bitbake: bitbake: prserv/serv: Use with while reading pidfile
      bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime

Oleksandr Kravchuk (4):
      ell: update to 0.23
      ell: update to 0.25
      ell: update to 0.26
      ofono: update to 1.31

Ricardo Ribalda Delgado (1):
      i2c-tools: Add missing RDEPEND

Richard Leitner (1):
      kernel-fitimage: introduce FIT_SIGN_ALG

Richard Purdie (4):
      tinderclient: Drop obsolete class
      meson: Backport fix to assist meta-oe breakage
      nfs-utils: Improve handling when no exported fileysystems
      qemu: Avoid potential build configuration contamination

Robert Yang (1):
      bluez5: Fix for --enable-btpclient

Ross Burton (29):
      sanity: check the format of SDK_VENDOR
      file: explicitly disable seccomp
      python3: -dev should depend on distutils
      gawk: add PACKAGECONFIG for readline
      python3: alternative name is python3-config not python-config
      python3: ensure that all forms of python3-config are in python3-dev
      oeqa/selftest: use specialist assert* methods
      bluez5: refresh upstreamed patches
      xorgproto: fix summary
      libx11: upgrade to 1.6.9
      xorgproto: upgrade to 2019.2
      llvm: add missing Upstream-Status tags
      buildhistory-analysis: filter out -src changes by default
      squashfs-tools: remove redundant source checksums
      squashfs-tools: clean up compile/install tasks
      wpa-supplicant: fix CVE-2019-16275
      gcr: remove intltool-native
      elfutils: disable bzip
      cve-check: ensure all known CVEs are in the report
      git: some tools are no longer perl, so move to main recipe
      git: cleanup man install
      qemu-helper-native: add missing option to getopt() call
      qemu-helper-native: showing help shouldn't be an error
      qemu-helper-native: pass compiler flags
      oeqa/selftest: add test for oe-run-native
      cve-check: failure to parse versions should be more visible
      gst-examples: rename so PV is in filename
      sanity: check for more bits of Python
      recipeutils-test: use a small dependency in the dummy recipe

Sai Hari Chandana Kalluri (1):
      devtool: Add --remove-work option for devtool reset command

Scott Rifenbark (9):
      ref-manual: First pass of 2.8 migration changes (WIP)
      poky.ent: Updated the release date to October 2019
      dev-manual: Added info to "Selecting an Initialization Manager"
      ref-manual: 2nd pass 3.0 migration
      documenation: Changed "2.8" to "3.0".
      ref-manual: Removed deprecated link to ref-classes-bluetooth
      ref-manual, dev-manual: Clean up of a commit
      ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
      ref-manual, dev-manual: Added CMake toolchain files.

Stefan Agner (1):
      uninative: check .done file instead of tarball

Tom Benn (1):
      dbus: update dbus-1.init to reflect new PID file

Trevor Gamblin (5):
      aspell: upgrade from 0.60.7 to 0.60.8
      binutils: fix CVE-2019-17450
      binutils: fix CVE-2019-17451
      ncurses: fix CVE-2019-17594, CVE-2019-17595
      libgcrypt: upgrade 1.8.4 -> 1.8.5

Trevor Woerner (1):
      libcap-ng: undefined reference to `pthread_atfork'

Wenlin Kang (1):
      sysstat: fix CVE-2019-16167

Yann Dirson (1):
      mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG

Yeoh Ee Peng (1):
      scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages

Yi Zhao (2):
      libsdl2: fix CVE-2019-13616
      libgcrypt: fix CVE-2019-12904

Zang Ruochen (6):
      bison:upgrade 3.4.1 -> 3.4.2
      e2fsprogs:upgrade 1.45.3 -> 1.45.4
      libxvmc:upgrade 1.0.11 -> 1.0.12
      python3-pip:upgrade 19.2.3 -> 19.3.1
      python-setuptools:upgrade 41.2.0 -> 41.4.0
      libcap-ng:upgrade 0.7.9 -> 0.7.10

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b

3 files changed, 152 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.32.inc b/poky/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a88..349c3e115 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,8 @@ SRC_URI = "\
      file://CVE-2019-12972.patch \
      file://CVE-2019-14250.patch \
      file://CVE-2019-14444.patch \
+     file://CVE-2019-17450.patch \
+     file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
new file mode 100644
index 000000000..a6ce0b9a8
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+	PR 25078
+	* dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+	recur_count.  Error on recur_count reaching 100 rather than
+	info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +++++++++++++++++------------------
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit *unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-			bfd_byte *           orig_info_ptr,
+-			struct attribute *   attr_ptr,
+-			const char **        pname,
+-			bfd_boolean *        is_linkage,
+-			char **              filename_ptr,
+-			int *                linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++			struct attribute *attr_ptr,
++			unsigned int recur_count,
++			const char **pname,
++			bfd_boolean *is_linkage,
++			char **filename_ptr,
++			int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++    {
++      _bfd_error_handler
++	(_("DWARF error: abstract instance recursion detected"));
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+      is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+ 					 info_ptr, info_ptr_end);
+ 	      if (info_ptr == NULL)
+ 		break;
+-	      /* It doesn't ever make sense for DW_AT_specification to
+-		 refer to the same DIE.  Stop simple recursion.  */
+-	      if (info_ptr == orig_info_ptr)
+-		{
+-		  _bfd_error_handler
+-		    (_("DWARF error: abstract instance recursion detected"));
+-		  bfd_set_error (bfd_error_bad_value);
+-		  return FALSE;
+-		}
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+ 		    }
+ 		  break;
+ 		case DW_AT_specification:
+-		  if (!find_abstract_instance (unit, info_ptr, &attr,
++		  if (!find_abstract_instance (unit, &attr, recur_count + 1,
+ 					       &name, is_linkage,
+ 					       filename_ptr, linenumber_ptr))
+ 		    return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_abstract_origin:
+ 		case DW_AT_specification:
+-		  if (!find_abstract_instance (unit, info_ptr, &attr,
++		  if (!find_abstract_instance (unit, &attr, 0,
+ 					       &func->name,
+ 					       &func->is_linkage,
+ 					       &func->file,
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
new file mode 100644
index 000000000..b36a53266
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17451, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+
+Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1
+and ffffd5555453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+	PR 25070
+	* dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+	total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+       for (total_size = 0;
+ 	   msec;
+ 	   msec = find_debug_info (debug_bfd, debug_sections, msec))
+-	total_size += msec->size;
++	{
++	  /* Catch PR25070 testcase overflowing size calculation here.  */
++	  if (total_size + msec->size < total_size
++	      || total_size + msec->size < msec->size)
++	    {
++	      bfd_set_error (bfd_error_no_memory);
++	      return FALSE;
++	    }
++	  total_size += msec->size;
++	}
+ 
+       stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+       if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+