reset upstream subtrees to HEAD

Reset the following subtrees on HEAD: poky: 8217b477a1(master) meta-xilinx: 64aa3d35ae(master) meta-openembedded: 0435c9e193(master) meta-raspberrypi: 490a4441ac(master) meta-security: cb6d1c85ee(master) Squashed patches: meta-phosphor: drop systemd 239 patches meta-phosphor: mrw-api: use correct install path Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
author: Brad Bishop <bradleyb@fuzziesquirrel.com> 2019-04-05 22:28:33 +0300
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> 2019-04-05 22:31:28 +0300
commit: 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch)
tree: e12769d7c76d8b0517d6de3d3c72189753d253ed /poky/meta/recipes-support/icu
parent: bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff)
download: openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz
3 files changed, 75 insertions, 14 deletions
diff --git a/poky/meta/recipes-support/icu/icu/CVE-2018-18928.patch b/poky/meta/recipes-support/icu/icu/CVE-2018-18928.patch
new file mode 100644
index 000000000..19c50e4e7
--- /dev/null
+++ b/poky/meta/recipes-support/icu/icu/CVE-2018-18928.patch
@@ -0,0 +1,63 @@
+CVE: CVE-2018-18928
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 53d8c8f3d181d87a6aa925b449b51c4a2c922a51 Mon Sep 17 00:00:00 2001
+From: Shane Carr <shane@unicode.org>
+Date: Mon, 29 Oct 2018 23:52:44 -0700
+Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing.
+
+---
+ i18n/fmtable.cpp                          |  2 +-
+ i18n/number_decimalquantity.cpp           |  5 ++++-
+ test/intltest/numfmtst.cpp                |  8 ++++++++
+ 6 files changed, 31 insertions(+), 4 deletions(-)
+
+diff --git a/i18n/fmtable.cpp b/i18n/fmtable.cpp
+index 45c7024fc29..8601d95f4a6 100644
+--- a/i18n/fmtable.cpp
++++ b/i18n/fmtable.cpp
+@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) {
+       // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?).
+       if (fDecimalQuantity->isZero()) {
+         fDecimalStr->append("0", -1, status);
+-      } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) {
++      } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) {
+         fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status);
+       } else {
+         fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status);
+diff --git a/i18n/number_decimalquantity.cpp b/i18n/number_decimalquantity.cpp
+index 47b930a564b..d5dd7ae694c 100644
+--- a/i18n/number_decimalquantity.cpp
++++ b/i18n/number_decimalquantity.cpp
+@@ -898,7 +898,10 @@ UnicodeString DecimalQuantity::toScientificString() const {
+     }
+     result.append(u'E');
+     int32_t _scale = upperPos + scale;
+-    if (_scale < 0) {
++    if (_scale == INT32_MIN) {
++        result.append({u"-2147483648", -1});
++        return result;
++    } else if (_scale < 0) {
+         _scale *= -1;
+         result.append(u'-');
+     } else {
+diff --git a/test/intltest/numfmtst.cpp b/test/intltest/numfmtst.cpp
+index 34355939113..8d52dc122bf 100644
+--- a/test/intltest/numfmtst.cpp
++++ b/test/intltest/numfmtst.cpp
+@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_ScientificIntegerOverflow() {
+     assertEquals(u"Should not overflow and should parse only the first exponent",
+                  u"1E-2147483647",
+                  {sp.data(), sp.length(), US_INV});
++
++    // Test edge case overflow of exponent
++    result = Formattable();
++    nf->parse(u".0003e-2147483644", result, status);
++    sp = result.getDecimalNumber(status);
++    assertEquals(u"Should not overflow",
++                 u"3E-2147483648",
++                 {sp.data(), sp.length(), US_INV});
+ }
+ 
+ void NumberFormatTest::Test13840_ParseLongStringCrash() {
diff --git a/poky/meta/recipes-support/icu/icu/fix-install-manx.patch b/poky/meta/recipes-support/icu/icu/fix-install-manx.patch
index 8186fb412..925b064eb 100644
--- a/poky/meta/recipes-support/icu/icu/fix-install-manx.patch
+++ b/poky/meta/recipes-support/icu/icu/fix-install-manx.patch
@@ -1,7 +1,7 @@
-From 3063a9211669bee673840ee81f81d30699b9b702 Mon Sep 17 00:00:00 2001
+From a6ddabc8cadb76bfe2d2e374a6702442cfe51cce Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Fri, 9 Oct 2015 17:50:41 +0100
-Subject: [PATCH 2/4] icu: fix install race
+Subject: [PATCH] icu: fix install race
 
 The generic recursive target calls target-local so also adding it to the
 dependency list results in races due to install-local being executed twice in
@@ -18,11 +18,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
  source/Makefile.in | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)
 
-diff --git a/source/Makefile.in b/source/Makefile.in
-index c1db15b..4948deb 100644
+diff --git a/Makefile.in b/Makefile.in
+index be9435b..ada20d7 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -73,7 +73,7 @@ EXTRA_DATA =
+@@ -77,7 +77,7 @@ EXTRA_DATA =
  
  ## List of phony targets
  .PHONY : all all-local all-recursive install install-local install-udata install-udata-files install-udata-dlls		\
@@ -31,7 +31,7 @@ index c1db15b..4948deb 100644
  distclean-local distclean-recursive doc dist dist-local dist-recursive	\
  check check-local check-recursive clean-recursive-with-twist install-icu \
  doc install-doc tests icu4j-data icu4j-data-install update-windows-makefiles xcheck-local xcheck-recursive xperf xcheck xperf-recursive \
-@@ -84,9 +84,9 @@ check-exhaustive check-exhaustive-local check-exhaustive-recursive releaseDist
+@@ -88,9 +88,9 @@ check-exhaustive check-exhaustive-local check-exhaustive-recursive releaseDist
  
  ## List of standard targets
  all: all-local all-recursive
@@ -43,15 +43,12 @@ index c1db15b..4948deb 100644
  dist: dist-recursive
  check: all check-recursive
  check-recursive: all
-@@ -350,7 +350,7 @@ config.status: $(srcdir)/configure $(srcdir)/common/unicode/uvernum.h
- 
+@@ -357,7 +357,7 @@ config.status: $(srcdir)/configure $(srcdir)/common/unicode/uvernum.h
  install-manx: $(MANX_FILES)
  	$(MKINSTALLDIRS) $(DESTDIR)$(mandir)/man$(SECTION)
+ ifneq ($(MANX_FILES),)
 -	$(INSTALL_DATA) $? $(DESTDIR)$(mandir)/man$(SECTION)
 +	$(INSTALL_DATA) $^ $(DESTDIR)$(mandir)/man$(SECTION)
+ endif
  
  config/%.$(SECTION): $(srcdir)/config/%.$(SECTION).in
- 	cd $(top_builddir) \
--- 
-2.14.2
-
diff --git a/poky/meta/recipes-support/icu/icu_62.1.bb b/poky/meta/recipes-support/icu/icu_63.1.bb
index 4e3750b99..961f022ad 100644
--- a/poky/meta/recipes-support/icu/icu_62.1.bb
+++ b/poky/meta/recipes-support/icu/icu_63.1.bb
@@ -17,13 +17,14 @@ SRC_URI = "${BASE_SRC_URI} \
            file://icu-pkgdata-large-cmd.patch \
            file://fix-install-manx.patch \
            file://0002-Add-ARC-support.patch \
+           file://CVE-2018-18928.patch \
            "
 
 SRC_URI_append_class-target = "\
            file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \
           "
-SRC_URI[md5sum] = "490ad9d920158e0314e10ba74ae9a150"
-SRC_URI[sha256sum] = "3dd9868d666350dda66a6e305eecde9d479fb70b30d5b55d78a1deffb97d5aa3"
+SRC_URI[md5sum] = "9e40f6055294284df958200e308bce50"
+SRC_URI[sha256sum] = "05c490b69454fce5860b7e8e2821231674af0a11d7ef2febea9a32512998cb9d"
 
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/"
 UPSTREAM_CHECK_URI = "http://download.icu-project.org/files/icu4c/"
author	Brad Bishop <bradleyb@fuzziesquirrel.com>	2019-04-05 22:28:33 +0300
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	2019-04-05 22:31:28 +0300
commit	193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch)
tree	e12769d7c76d8b0517d6de3d3c72189753d253ed /poky/meta/recipes-support/icu
parent	bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff)
download	openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz