poky: subtree update:a8544811d7..b5763b2f48

Alexander Kanavin (29):
      rpm: upgrade to 4.15.1
      libmodulemd: move from 1.x to 2.x version
      libdnf: upgrade 0.28.1 -> 0.47.0
      dnf: upgrade 4.2.2 -> 4.2.21
      dnf: add a patch for base-files installation failures
      logrotate: update to 3.16.0
      rt-tests: further exclusion of development versions
      kmscube: update to latest commit
      xcb-proto: update to 1.14
      libxcb: update to 1.14
      ghostscript: do not hardcode version in SRC_URI
      ghostscript: update 9.50 -> 9.52
      webkitgtk: update to 2.28.2
      python3-gitdb: update to 4.0.4
      libevdev: update to 1.9.0
      python3-dbusmock: add recipe from meta-oe
      mc: update to 4.8.24
      coreutils: update to 8.32
      glib-2.0: update 2.62.4 -> 2.64.2
      glib-networking: update to 2.64.2
      gptfdisk: update to 1.0.5
      clutter-1.0: update to 1.26.4
      diffoscope: update to 143
      wpe: update to 1.6.0
      vte: update to 0.60.2
      libnotify: update to 0.7.9
      connman: update to 1.38
      xkeyboard-config: update to 2.29
      gcr: update to 3.36.0

Andreas M?ller (1):
      libsecret: upgrade 0.20.1 -> 0.20.3 / port to meson

Anibal Limon (2):
      ptest-runner: Bump to 2.4.0
      oeqa/runtime: Use libdir to run ptest-runner

Bartłomiej Burdukiewicz (2):
      libva: add PACKAGECONFIG and additonal rules for glx.
      libva: removed opengl from REQUIRED_DISTRO_FEATURES.

Benjamin Fair (1):
      util-linux: fix build error in kill

Bruce Ashfield (4):
      linux-yocto/5.4: update to v5.4.28
      linux-yocto/5.4: update to v5.4.32
      linux-yocto-dev: bump to v5.7-rc
      linux-yocto/5.4: update to v5.4.34

Frazer Clews (2):
      bitbake: lib/toaster: fixup codebase so pydocstyle can parse
      bitbake: lib/bs4/testing.py: fix bs4 testing

Jan Luebbe (1):
      openssl: upgrade 1.1.1f -> 1.1.1g

Joshua Watt (1):
      jquery: Upgrade 3.4.1 -> 3.5.0

Khem Raj (2):
      dpkg: Add riscv32 CPU support
      musl: Remove spurious unused patch

Mingli Yu (1):
      iputils: Initialize libgcrypt

Peter Kjellerstedt (1):
      libdnf: Use single-quotes around string literals used in SQL statements

Pierre-Jean Texier (3):
      timezone: upgrade 2019c -> 2020a
      curl: upgrade 7.69.1 -> 7.70.0
      curl: support mqtt in PACKAGECONFIG

Richard Purdie (6):
      sanity: Require gcc 6 or later
      gcc-target: Ensure buildtools-extended-tarball doesn't use arch=native
      abi_version/staging: Bump versions to force rebuild after sstate corruption
      bitbake: bitdoc: Remove it
      utils: Drop FILESPATHPKG usage
      utils: Drop is_machine_specific()/machine_paths()

Robert P. J. Day (5):
      ref-manual: fix excessive command indentation
      ref-manual: IMAGE_TYPES, add tar.zst, delete elf
      ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS"
      ref-manual: Remove long-dead PACKAGE_GROUP variable
      bitbake: docs: delete reference to obsolete recipe-depends.dot

Sakib Sajal (1):
      sqlite: backport CVE fixes

Tim Orling (2):
      atk: upgrade 2.34.1 -> 2.36.0
      at-spi2-core: upgrade 2.34.0 -> 2.36.0

Vyacheslav Yurkov (1):
      os-release: sanitize required fields

Wang Mingyu (1):
      icu: CVE-2020-10531

Change-Id: Iae5641be5ca6424275d2e0d63ba3a7a5ba90cde2
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

2 files changed, 129 insertions, 0 deletions

diff --git a/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch
new file mode 100644
index 000000000..6697b27dc
--- /dev/null
+++ b/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch
@@ -0,0 +1,128 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ftang@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+
+Upstream-Status: Accepted
+CVE: CVE-2020-10531
+
+Reference to upstream patch:
+https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
+
+---
+ common/unistr.cpp          |  6 ++-
+ test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++++++++
+ test/intltest/ustrtest.h   |  1 +
+ 3 files changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/common/unistr.cpp b/common/unistr.cpp
+index 901bb33..6ea0915 100644
+--- a/common/unistr.cpp
++++ b/common/unistr.cpp
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+   }
+ 
+   int32_t oldLength = length();
+-  int32_t newLength = oldLength + srcLength;
++  int32_t newLength; 
++  if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { 
++     setToBogus(); 
++     return *this; 
++  }
+ 
+   // Check for append onto ourself
+   const UChar* oldArray = getArrayStart();
+diff --git a/test/intltest/ustrtest.cpp b/test/intltest/ustrtest.cpp
+index b6515ea..ad38bdf 100644
+--- a/test/intltest/ustrtest.cpp
++++ b/test/intltest/ustrtest.cpp
+@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
+     TESTCASE_AUTO(TestWCharPointers);
+     TESTCASE_AUTO(TestNullPointers);
+     TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf);
++    TESTCASE_AUTO(TestLargeAppend);
+     TESTCASE_AUTO_END;
+ }
+ 
+@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
+     str.insert(2, sub);
+     assertEquals("", u"abbcdcde", str);
+ }
++
++void UnicodeStringTest::TestLargeAppend() {
++    if(quick) return;
++
++    IcuTestErrorCode status(*this, "TestLargeAppend");
++    // Make a large UnicodeString
++    int32_t len = 0xAFFFFFF;
++    UnicodeString str;
++    char16_t *buf = str.getBuffer(len);
++    // A fast way to set buffer to valid Unicode.
++    // 4E4E is a valid unicode character
++    uprv_memset(buf, 0x4e, len * 2);
++    str.releaseBuffer(len);
++    UnicodeString dest;
++    // Append it 16 times
++    // 0xAFFFFFF times 16 is 0xA4FFFFF1,
++    // which is greater than INT32_MAX, which is 0x7FFFFFFF.
++    int64_t total = 0;
++    for (int32_t i = 0; i < 16; i++) {
++        dest.append(str);
++        total += len;
++        if (total <= INT32_MAX) {
++            assertFalse("dest is not bogus", dest.isBogus());
++        } else {
++            assertTrue("dest should be bogus", dest.isBogus());
++        }
++    }
++    dest.remove();
++    total = 0;
++    for (int32_t i = 0; i < 16; i++) {
++        dest.append(str);
++        total += len;
++        if (total + len <= INT32_MAX) {
++            assertFalse("dest is not bogus", dest.isBogus());
++        } else if (total <= INT32_MAX) {
++            // Check that a string of exactly the maximum size works
++            UnicodeString str2;
++            int32_t remain = INT32_MAX - total;
++            char16_t *buf2 = str2.getBuffer(remain);
++            if (buf2 == nullptr) {
++                // if somehow memory allocation fail, return the test
++                return;
++            }
++            uprv_memset(buf2, 0x4e, remain * 2);
++            str2.releaseBuffer(remain);
++            dest.append(str2);
++            total += remain;
++            assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
++            assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
++            assertFalse("dest is not bogus", dest.isBogus());
++
++            // Check that a string size+1 goes bogus
++            str2.truncate(1);
++            dest.append(str2);
++            total++;
++            assertTrue("dest should be bogus", dest.isBogus());
++        } else {
++            assertTrue("dest should be bogus", dest.isBogus());
++        }
++    }
++}
+diff --git a/test/intltest/ustrtest.h b/test/intltest/ustrtest.h
+index 218befd..4a356a9 100644
+--- a/test/intltest/ustrtest.h
++++ b/test/intltest/ustrtest.h
+@@ -97,6 +97,7 @@ public:
+     void TestWCharPointers();
+     void TestNullPointers();
+     void TestUnicodeStringInsertAppendToSelf();
++    void TestLargeAppend();
+ };
+ 
+ #endif
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/icu/icu_66.1.bb b/poky/meta/recipes-support/icu/icu_66.1.bb
index f2bb344e3..a8096c184 100644
--- a/poky/meta/recipes-support/icu/icu_66.1.bb
+++ b/poky/meta/recipes-support/icu/icu_66.1.bb
@@ -26,6 +26,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
            file://fix-install-manx.patch \
            file://0001-Fix-big-endian-build.patch;apply=no \
            file://0001-icu-Added-armeb-support.patch \
+           file://CVE-2020-10531.patch \
            "
 
 SRC_URI_append_class-target = "\