poky: subtree update:ad30a6d470..7231c10430

Akira Shibakawa (3):
      License-Update: attr: Add a missing file to LIC_FILES_CHKSUM.
      License-Update: kmod: Add a missing file to LIC_FILES_CHKSUM.
      License-Update: gdk-pixbuf: Fix LICENSE.

Alejandro Hernandez Samaniego (1):
      baremetal-helloworld: Fix install path since S doesnt have a trailing slash

Alexander Kanavin (4):
      ncurses: only include upstream releases in version check
      python3: fix upstream version check
      boost-build-native: fix upstream version check
      selftest/virgl: drop the custom 30 sec timeout

Alistair (1):
      weston-init: Allow setting idle time to 0

Changqing Li (1):
      toolchain-shar-extract.sh: don't print useless info

Charlie Davies (1):
      bitbake: bitbake: fetch/git: use shlex.quote() to support spaces in SRC_URI url

Chen Qi (2):
      watchdog: use /run instead of /var/run in systemd service file
      cups: use /run instead /var/run in systemd's unit file

David Reyna (1):
      bitbake: toaster: Enable Gatesgarth branch in place of Zeus

Douglas Royds (1):
      externalsrc: No single-task lock if S != B

Joshua Watt (2):
      ref-variables: Given example for naming sources
      ref-manual: Document wic --offset option

Khairul Rohaizzat Jamaluddin (1):
      imagefeatures: New test case, test_empty_image, added

Khem Raj (5):
      autotools.bbclass: Order CONFIG_SHELL before CACHED_CONFIGUREVARS
      boost: Fix build on 32-bit arches with 64bit time_t only
      mesa: Fix build on 32bit arches supporting 64bit time_t only
      packagegroup-core-tools-debug: Disable for rv32/glibc as well
      packagegroup-core-tools-profile: Remove lttng-tools and perf for rv32/glibc

Konrad Weihmann (1):
      lib/oe/rootfs: introduce IMAGE_LOG_CHECK_EXCLUDES

Lee Chee Yang (2):
      libproxy: fix CVE-2020-25219
      grub2: fix CVE-2020-10713

Martin Jansa (11):
      tune-cortexa76ae.inc: Correct TUNE_FEATURES
      arch-armv7a.inc: fix typo
      arch-mips.inc: remove duplicated mips64el-o32 from PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
      arch-arm64.inc: don't append _be to ARMPKGARCH for tune-aarch64_be
      tune-mips64r6.inc: fix typo in mipsisa64r6-nf
      tune-ep9312.inc: add t suffix for thumb to PACKAGE_EXTRA_ARCHS_tune-ep9312
      tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
      tune-supersparc.inc: remove
      tune-thunderx.inc: don't append _be to ARMPKGARCH for tune-thunderx_be
      siteinfo: Recognize 32bit PPC LE
      siteinfo: Recognize bigendian sh3be and sh4be

Max Krummenacher (2):
      linux-firmware: package marvel sdio 8997 firmware
      linux-firmware: package nvidia firmware

Mingli Yu (1):
      tcl: adapt to potential pseudo changes

Naoki Hayama (1):
      dev/test/ref-manual: Fix typos

Neil Armstrong (1):
      linux-firmware: add Amlogic VDEC firmware package

Nicolas Dechesne (4):
      sdk-manual: use built-in footnotes
      dev-manual/dev-manual-common-tasks: fix warning
      sphinx: add 3.1.3 and 3.0.4 release in the switcher
      dev-manual/dev-manual-common-tasks: fix typos and use extlinks

Paul Eggleton (2):
      classes/buildhistory: record SRC_URI
      classes/buildhistory: also save recipe info for native recipes

Quentin Schulz (17):
      docs: poky.yaml: use HTTPS for links
      docs: ref-manual: indentation, links and highlights fixes
      docs: remove OE_INIT_FILE variable
      docs: ref-manual: fix typos
      docs: ref-manual: migration-2.3: specify 2.3 version instead of DISTRO
      docs: ref-manual: ref-classes: remove dropped tinderclient class
      docs: ref-manual: ref-system-requirements: update requirements to build Sphinx docs
      docs: sphinx: yocto-vars: rebuild files when poky.yaml has changed
      docs: poky.yaml: fix identation in host packages variables
      docs: dev-manual-common-tasks: remove paragraph about race when missing DEPENDS
      docs: dev-manual-common-tasks: update python webserver example to python3
      docs: dev-manual: fix typos, highlights, indentation and links
      docs: ref-manual: ref-terms: add links to terms in glossary
      docs: bsp-guide: bsp: fix typos, highlights and links
      docs: kernel-dev: fix typos, highlights and links
      docs: kernel-dev-common: add .patch file extension to SRC_URI files
      docs: kernel-dev-faq: update outdated RDEPENDS_kernel-base

Reyna, David (1):
      bitbake: toaster: Update documentation links to new URLs

Richard Purdie (10):
      layer.conf: Switch to gatesgarth only in preparation for release
      bitbake: ui/toasterui: Fix startup faults from incorrect event sequencing
      bitbake: bitbake: Bump version to 1.48.0 ready for the new release
      oeqa: Add sync call to command execution
      poky.conf: Bump version for 3.2 gatesgarth release
      build-appliance-image: Update to master head revision
      bitbake: tests/fetch: Update upstream master->main branchname transition
      Revert "classes/buildhistory: also save recipe info for native recipes"
      valgrind: Fix build on musl after drd fixes
      build-appliance-image: Update to master head revision

Robert Yang (1):
      weston: Fix PACKAGECONFIG for remoting

Roland Hieber (1):
      devtool: make sure .git/info exists before writing to .git/info/excludes

Ross Burton (4):
      waf: don't assume the waf intepretter is good
      waf: add ${B} to do_configure[cleandirs]
      scripts/install-buildtools: Update to 3.2 M3 buildtools
      glib-2.0: fix parsing of slim encoded tzdata

Sourabh Banerjee (1):
      layer.conf: fix sanity error for PATH variable in extensible SDK workflow

Stacy Gaikovaia (2):
      valgrind: drd: fix pthread intercept test failures
      bitbake: main: Handle cooker daemon startup error

Tim Orling (1):
      bitbake: lib/bb/ui/knotty: fix typo in parseprogress

Victor Kamensky (3):
      Revert "qemumips: use 34Kf-64tlb CPU emulation"
      Revert "qemu: add 34Kf-64tlb fictitious cpu type"
      qemu: change TLBs number to 64 in 34Kf mips cpu model

Yi Zhao (1):
      dhcpcd: add PACKAGECONFIG for ntp/chrony/ypbind hooks

Zang Ruochen (1):
      harfbuzz: Refresh patch

akuster (2):
      busybox: add rev and pgrep
      kea: add init scripts

leimaohui (1):
      docs: Updated the status of spdx module.

zangrc (1):
      classes: Fixed the problem of undefined variables when compiling meta-toolchain.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic45bc219b94960751896a0ae3d4923a9f5849e70

2 files changed, 62 insertions, 0 deletions

diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
new file mode 100644
index 000000000..3ef7f8545
--- /dev/null
+++ b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
@@ -0,0 +1,61 @@
+From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 9 Sep 2020 11:12:02 -0500
+Subject: [PATCH] Rewrite url::recvline to be nonrecursive
+
+This function processes network input. It's semi-trusted, because the
+PAC ought to be trusted. But we still shouldn't allow it to control how
+far we recurse. A malicious PAC can cause us to overflow the stack by
+sending a sufficiently-long line without any '\n' character.
+
+Also, this function failed to properly handle EINTR, so let's fix that
+too, for good measure.
+
+Fixes #134
+
+Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
+CVE: CVE-2020-25219
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ libproxy/url.cpp | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..68d69cd 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -388,16 +388,24 @@ string url::to_string() const {
+ 	return m_orig;
+ }
+ 
+-static inline string recvline(int fd) {
+-	// Read a character.
+-	// If we don't get a character, return empty string.
+-	// If we are at the end of the line, return empty string.
+-	char c = '\0';
+-	
+-	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
+-		return "";
+-
+-	return string(1, c) + recvline(fd);
++static string recvline(int fd) {
++	string line;
++	int ret;
++
++	// Reserve arbitrary amount of space to avoid small memory reallocations.
++	line.reserve(128);
++
++	do {
++		char c;
++		ret = recv(fd, &c, 1, 0);
++		if (ret == 1) {
++			if (c == '\n')
++				return line;
++			line += c;
++		}
++	} while (ret == 1 || (ret == -1 && errno == EINTR));
++
++	return line;
+ }
+ 
+ char* url::get_pac() {
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
index 19dddebd4..a14c358cc 100644
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
@@ -10,6 +10,7 @@ DEPENDS = "glib-2.0"
 
 SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
            file://0001-get-pac-test-Fix-build-with-clang-libc.patch \
+           file://CVE-2020-25219.patch \
           "
 SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
 SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"