reset upstream subtrees to yocto 2.6

Reset the following subtrees on thud HEAD:

  poky: 87e3a9739d
  meta-openembedded: 6094ae18c8
  meta-security: 31dc4e7532
  meta-raspberrypi: a48743dc36
  meta-xilinx: c42016e2e6

Also re-apply backports that didn't make it into thud:
  poky:
    17726d0 systemd-systemctl-native: handle Install wildcards

  meta-openembedded:
    4321a5d libtinyxml2: update to 7.0.1
    042f0a3 libcereal: Add native and nativesdk classes
    e23284f libcereal: Allow empty package
    030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
    179a1b9 gtest: update to 1.8.1

Squashed OpenBMC subtree compatibility updates:
  meta-aspeed:
    Brad Bishop (1):
          aspeed: add yocto 2.6 compatibility

  meta-ibm:
    Brad Bishop (1):
          ibm: prepare for yocto 2.6

  meta-ingrasys:
    Brad Bishop (1):
          ingrasys: set layer compatibility to yocto 2.6

  meta-openpower:
    Brad Bishop (1):
          openpower: set layer compatibility to yocto 2.6

  meta-phosphor:
    Brad Bishop (3):
          phosphor: set layer compatibility to thud
          phosphor: libgpg-error: drop patches
          phosphor: react to fitimage artifact rename

    Ed Tanous (4):
          Dropbear: upgrade options for latest upgrade
          yocto2.6: update openssl options
          busybox: remove upstream watchdog patch
          systemd: Rebase CONFIG_CGROUP_BPF patch

Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

1 files changed, 0 insertions, 64 deletions

diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
deleted file mode 100644
index ee728f095..000000000
--- a/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-shadow-4.2.1: Fix CVE-2017-2616
-
-[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
-
-su: properly clear child PID
-
-If su is compiled with PAM support, it is possible for any local user
-to send SIGKILL to other processes with root privileges. There are
-only two conditions. First, the user must be able to perform su with
-a successful login. This does NOT have to be the root user, even using
-su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
-can only be sent to processes which were executed after the su process.
-It is not possible to send SIGKILL to processes which were already
-running. I consider this as a security vulnerability, because I was
-able to write a proof of concept which unlocked a screen saver of
-another user this way.
-
-Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686]
-CVE: CVE-2017-2616
-bug: 855943
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/src/su.c b/src/su.c
-index 3704217..1efcd61 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void)
- 				/* wake child when resumed */
- 				kill (pid, SIGCONT);
- 				stop = false;
-+			} else {
-+				pid_child = 0;
- 			}
- 		} while (!stop);
- 	}
- 
--	if (0 != caught) {
-+	if (0 != caught && 0 != pid_child) {
- 		(void) fputs ("\n", stderr);
- 		(void) fputs (_("Session terminated, terminating shell..."),
- 		              stderr);
- 		(void) kill (-pid_child, caught);
- 
- 		(void) signal (SIGALRM, kill_child);
-+		(void) signal (SIGCHLD, catch_signals);
- 		(void) alarm (2);
- 
--		(void) wait (&status);
-+		sigemptyset (&ourset);
-+		if ((sigaddset (&ourset, SIGALRM) != 0)
-+		    || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
-+			fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
-+			kill_child (0);
-+		} else {
-+			while (0 == waitpid (pid_child, &status, WNOHANG)) {
-+				sigsuspend (&ourset);
-+			}
-+			pid_child = 0;
-+			(void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
-+		}
-+
- 		(void) fputs (_(" ...terminated.\n"), stderr);
- 	}
-