From f8caae304a2fa94cf2770b72a313ee843b2f177b Mon Sep 17 00:00:00 2001
From: Brad Bishop <bradleyb@fuzziesquirrel.com>
Date: Mon, 25 Mar 2019 13:13:56 -0400
Subject: poky: refresh thud: 506ec088e5..e4c0a8a7cb
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Update poky to thud HEAD.

Alexander Kanavin (1):
      ca-certificates: upgrade 20180409 -> 20190110

André Draszik (1):
      systemd: RDEPENDS on util-linux-umount

Changqing Li (1):
      libsndfile1: Security fix CVE-2018-19432

Chen Qi (1):
      target-sdk-provides-dummy: add more perl modules to avoid populate_sdk failure

Douglas Royds (1):
      libpam: libpamc is licensed under its own BSD-style licence

George McCollister (1):
      systemd: fix CVE-2019-6454

Jonathan Rajotte-Julien (3):
      lttng-ust: update to 2.10.3
      lttng-modules: update to 2.10.9
      lttng-tools: update to 2.9.11

Mark Hatle (10):
      bitbake: gitsm.py: Fix when a submodule is defined, but not initialized
      bitbake: gitsm.py: Add support for alternative URL formats from submodule files
      bitbake: tests/fetch.py: Add alternative gitsm test case
      bitbake: gitsm.py: Optimize code and attempt to resolve locking issue
      bitbake: gitsm.py: revise unpack
      bitbake: gitsm.py: Rework the shallow fetcher and test case
      bitbake: gitsm.py: Refactor the functions and simplify the class
      bitbake: gitsm.py: Fix relative URLs
      bitbake: gitsmy.py: Fix unpack of submodules of submodules
      bitbake: gitsm: The fetcher did not process some recursive submodules properly.

Ming Liu (1):
      rm_work: sort the value of do_build dependencies

Oleksandr Kravchuk (1):
      target-sdk-provides-dummy: add perl-module-overload

Richard Purdie (3):
      target-sdk-provides-dummy: Extend to -dev and -src packages
      systemd: Update recent CVE patches
      kernel: Ensure an initramfs is added if configured

Robert Yang (1):
      send-error-report: Add --no-ssl to use http protocol

Ross Burton (1):
      libpng: fix CVE-2019-7317

Change-Id: I3e03c837688d49703b4989a561f3728d616abbec
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../libpng/libpng/CVE-2019-7317.patch              |  20 ++++
 .../recipes-multimedia/libpng/libpng_1.6.36.bb     |   3 +-
 .../libsndfile/libsndfile1/CVE-2018-19432.patch    | 115 +++++++++++++++++++++
 .../libsndfile/libsndfile1_1.0.28.bb               |   1 +
 4 files changed, 138 insertions(+), 1 deletion(-)
 create mode 100644 poky/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
 create mode 100644 poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch

(limited to 'poky/meta/recipes-multimedia')

diff --git a/poky/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/poky/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
new file mode 100644
index 000000000..6ee1f8da3
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
+Use-after-free detected with static analysis.
+
+CVE: CVE-2019-7317
+Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/png.c b/png.c
+index 9d9926f638..efd1aecfbd 100644
+--- a/png.c
++++ b/png.c
+@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
+    if (image != NULL && image->opaque != NULL &&
+       image->opaque->error_buf == NULL)
+    {
+-      /* Ignore errors here: */
+-      (void)png_safe_execute(image, png_image_free_function, image);
++      png_image_free_function(image);
+       image->opaque = NULL;
+    }
+ }
diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
index 3cf4f7249..a58623788 100644
--- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
@@ -9,7 +9,8 @@ DEPENDS = "zlib"
 
 LIBV = "16"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
+           file://CVE-2019-7317.patch"
 SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
 SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
 
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch
new file mode 100644
index 000000000..8ded2c0f8
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch
@@ -0,0 +1,115 @@
+From 6f3266277bed16525f0ac2f0f03ff4626f1923e5 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Thu, 8 Mar 2018 18:00:21 +1100
+Subject: [PATCH] Fix max channel count bug
+
+The code was allowing files to be written with a channel count of exactly
+`SF_MAX_CHANNELS` but was failing to read some file formats with the same
+channel count.
+
+Upstream-Status: Backport [https://github.com/erikd/libsndfile/
+commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5]
+
+CVE: CVE-2018-19432
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ src/aiff.c |    6 +++---
+ src/rf64.c |    4 ++--
+ src/w64.c  |    4 ++--
+ src/wav.c  |    4 ++--
+ 4 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index fbd43cb..6386bce 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2005 David Viens <davidv@plogue.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -950,7 +950,7 @@ aiff_read_header (SF_PRIVATE *psf, COMM_
+ 	if (psf->sf.channels < 1)
+ 		return SFE_CHANNEL_COUNT_ZERO ;
+ 
+-	if (psf->sf.channels >= SF_MAX_CHANNELS)
++	if (psf->sf.channels > SF_MAX_CHANNELS)
+ 		return SFE_CHANNEL_COUNT ;
+ 
+ 	if (! (found_chunk & HAVE_FORM))
+@@ -1030,7 +1030,7 @@ aiff_read_comm_chunk (SF_PRIVATE *psf, C
+ 	psf_log_printf (psf, "  Sample Rate : %d\n", samplerate) ;
+ 	psf_log_printf (psf, "  Frames      : %u%s\n", comm_fmt->numSampleFrames, (comm_fmt->numSampleFrames == 0 && psf->filelength > 104) ? " (Should not be 0)" : "") ;
+ 
+-	if (comm_fmt->numChannels < 1 || comm_fmt->numChannels >= SF_MAX_CHANNELS)
++	if (comm_fmt->numChannels < 1 || comm_fmt->numChannels > SF_MAX_CHANNELS)
+ 	{	psf_log_printf (psf, "  Channels    : %d (should be >= 1 and < %d)\n", comm_fmt->numChannels, SF_MAX_CHANNELS) ;
+ 		return SFE_CHANNEL_COUNT_BAD ;
+ 		} ;
+diff --git a/src/rf64.c b/src/rf64.c
+index d57f0f3..876cd45 100644
+--- a/src/rf64.c
++++ b/src/rf64.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 2008-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 2008-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2009      Uli Franke <cls@nebadje.org>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -382,7 +382,7 @@ rf64_read_header (SF_PRIVATE *psf, int *
+ 	if (psf->sf.channels < 1)
+ 		return SFE_CHANNEL_COUNT_ZERO ;
+ 
+-	if (psf->sf.channels >= SF_MAX_CHANNELS)
++	if (psf->sf.channels > SF_MAX_CHANNELS)
+ 		return SFE_CHANNEL_COUNT ;
+ 
+ 	/* WAVs can be little or big endian */
+diff --git a/src/w64.c b/src/w64.c
+index 939b716..a37d2c5 100644
+--- a/src/w64.c
++++ b/src/w64.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+ ** it under the terms of the GNU Lesser General Public License as published by
+@@ -383,7 +383,7 @@ w64_read_header	(SF_PRIVATE *psf, int *b
+ 	if (psf->sf.channels < 1)
+ 		return SFE_CHANNEL_COUNT_ZERO ;
+ 
+-	if (psf->sf.channels >= SF_MAX_CHANNELS)
++	if (psf->sf.channels > SF_MAX_CHANNELS)
+ 		return SFE_CHANNEL_COUNT ;
+ 
+ 	psf->endian = SF_ENDIAN_LITTLE ;		/* All W64 files are little endian. */
+diff --git a/src/wav.c b/src/wav.c
+index 7bd97bc..dc97545 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -627,7 +627,7 @@ wav_read_header	(SF_PRIVATE *psf, int *b
+ 	if (psf->sf.channels < 1)
+ 		return SFE_CHANNEL_COUNT_ZERO ;
+ 
+-	if (psf->sf.channels >= SF_MAX_CHANNELS)
++	if (psf->sf.channels > SF_MAX_CHANNELS)
+ 		return SFE_CHANNEL_COUNT ;
+ 
+ 	if (format != WAVE_FORMAT_PCM && (parsestage & HAVE_fact) == 0)
+-- 
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 13248f5cb..9700f4a6e 100644
--- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
            file://CVE-2017-14634.patch \
            file://CVE-2018-13139.patch \
            file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \
+           file://CVE-2018-19432.patch \
           "
 
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
-- 
cgit v1.2.3