From f3fd288e7961708569de104ef3335274f35bd1b8 Mon Sep 17 00:00:00 2001
From: Brad Bishop <bradleyb@fuzziesquirrel.com>
Date: Fri, 21 Jun 2019 08:06:37 -0400
Subject: subtree updates

meta-raspberrypi: 40283f583b..ca11a291ee:
  Martin Schuessler (1):
        omxplayer: remove hardcoded tune and arch from Makefile

poky: 111b7173fe..50d272863d:
  Adrian Bunk (3):
        wireless-regdb: Add recipe
        go: Upgrade 1.12.5 -> 1.12.6
        libxslt: Fix CVE-2019-11068

  Alexander Kanavin (7):
        vala: upgrade 0.44.3 -> 0.44.5
        libnewt: merge libnewt-python recipe into the main recipe
        epiphany: update to 3.32.3
        btrfs-tools: update to 5.1.1
        createrepo-c: upgrade 0.14.0 -> 0.14.2
        librepo: upgrade 1.10.2 -> 1.10.3
        libmodulemd: upgrade 2.4.0 -> 2.5.0

  Alistair Francis (6):
        libffi: Add RISC-V support
        opensbi: Initial commit of OpenSBI
        qemuriscv64: Add the QEMU RISC-V 64-bit machine
        linux-yocto: Mark qemuriscv64 as compatible
        qemuriscv: Build uImage for RISC-V machines
        qemuriscv64: Fix QB_OPT_APPEND overwrite

  Anuj Mittal (1):
        runtime/cases/logrotate: make test more reliable

  Ayoub Zaki (1):
        kernel-fitimage: introduce FIT_HASH_ALG

  Changqing Li (1):
        gcc-runtime: fix C++ header mapping for n32/x32 tune

  Chee Yang Lee (1):
        wic/bootimg-efi: allow multiple initrd

  Chen Qi (2):
        manifest.py: fix test_SDK_manifest_entries
        target-sdk-provides-dummy: add libperl.so.5 to DUMMY_PROVIDES

  Chris PeBenito (1):
        volatile-binds: Change cp to use -a instead of -p.

  Denys Dmytriyenko (2):
        mtd-utils: upgrade 2.0.2 -> 2.1.0+
        mtd-utils: add "jffs" and "ubifs" PACKAGECONFIG options

  He Zhe (1):
        kernel: qemuarmv5: Update machine overrides of KERNEL_DEVICETREE

  Joe Slater (1):
        parted: change device manager check in ptest

  Joshua Watt (1):
        python3: Disable PGO for reproducible builds

  Kai Kang (3):
        systemd-conf: not configure network for nfs root
        rng-tools: 6.6 -> 6.7
        qemu: disable capstone for 32-bit mips with multilib

  Lei Maohui (1):
        openssl: Fix a build bug on aarch64BE.

  Martin Jansa (4):
        buildhistory: show time spent writting buildhistory
        base.bbclass: define PACKAGECONFIG_CONFARGS before only sometimes appending to it
        serf: stop scons trying to create directories in hosts rootfs
        bitbake: tests/utils.py: add one more test cases for bb.utils.vercmp_string

  Matt Madison (1):
        apt: fix permissions on apt-daily script for systemd

  Mingli Yu (1):
        bitbake: add iconv to HOSTTOOLS

  Pierre Le Magourou (4):
        cve-update-db: New recipe to update CVE database
        cve-check: Remove dependency to cve-check-tool-native
        cve-check: Manage CVE_PRODUCT with more than one name
        cve-check: Consider CVE that affects versions with less than operator

  Ricardo Ribalda Delgado (4):
        dpkg: Use less as pager
        meson: Fix native patch to python3
        rootfs: Fix dependency for every dpkg run
        python3: python3: Fix build error x86->x86

  Richard Purdie (7):
        libxcrypt: Switch to disable obsolete APIs
        libxcrypt-compat: Add recipe to build the obsolete APIs
        uninative-tarball: Add libxcrypt-compat
        openssh: Add missing DEPENDS on virtual/crypt
        lttng-tools: Filter ptest output to remove random tmp directories
        cmake: Clarify comment in cmake toolchain file
        uninative: Update to 2.6 release

  Robert Yang (2):
        linux-dummy: Add do_compile_kernelmodules
        make-mod-scripts: Depends on bison-native

  Ross Burton (7):
        insane: improve buildpath warning messages
        insane: remove empty test that does nothing
        binconfig: don't try to fix up .la files
        libsdl2: use binconfig-disabled
        glib-2.0: fix host path appearing in gsocketclient-slow test script
        oeqa/logparser: ignore test failure commentary
        python: make 'python' install everything instead of just the interpretter

  Stefano Babic (1):
        systat: systemd never enables the service

  Tim Orling (4):
        perl-rdepends.txt: more ptest dependencies fixes
        libxml-sax-perl: upgrade 1.00 -> 1.02
        libmodule-build-perl: move from meta-perl
        libmodule-build-perl: upgrade 0.4224 -> 0.4229; enable ptest

  Yi Zhao (2):
        shadow: fix configure error with dash
        less: upgrade 550 -> 551

  Zang Ruochen (9):
        lighttpd: Upgrade 1.4.53 -> 1.4.54
        libevent:upgrade 2.1.8 -> 2.1.10
        libevdev:upgrade 1.6.0 -> 1.7.0
        gnutls:upgrade 3.6.7 -> 3.6.8
        gnupg:upgrade 2.2.15 -> 2.2.16
        curl:upgrade 7.64.1 -> 7.65.1
        lttng-ust:upgrade 2.10.3 -> 2.10.4
        xkeyboard:upgrade 2.26 -> 2.27
        gobject-introspection:upgrade 1.60.1 -> 1.60.2

Change-Id: I3df401c6822e1c5c2ee9cff57c7264fe31c6d22d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../files/0001-Fix-security-framework-bypass.patch | 124 +++++++++++++++++++++
 1 file changed, 124 insertions(+)
 create mode 100644 poky/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch

(limited to 'poky/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch')

diff --git a/poky/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch b/poky/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch
new file mode 100644
index 000000000..89b647ddb
--- /dev/null
+++ b/poky/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch
@@ -0,0 +1,124 @@
+From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: Fix security framework bypass
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+Upstream-Status: Backport
+CVE: CVE-2019-11068
+---
+ libxslt/documents.c | 18 ++++++++++--------
+ libxslt/imports.c   |  9 +++++----
+ libxslt/transform.c |  9 +++++----
+ libxslt/xslt.c      |  9 +++++----
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/libxslt/documents.c b/libxslt/documents.c
+index 3f3a7312..4aad11bb 100644
+--- a/libxslt/documents.c
++++ b/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
+ 	int res;
+ 
+ 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
+-	if (res == 0) {
+-	    xsltTransformError(ctxt, NULL, NULL,
+-		 "xsltLoadDocument: read rights for %s denied\n",
+-			     URI);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(ctxt, NULL, NULL,
++                     "xsltLoadDocument: read rights for %s denied\n",
++                                 URI);
+ 	    return(NULL);
+ 	}
+     }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
+ 	int res;
+ 
+ 	res = xsltCheckRead(sec, NULL, URI);
+-	if (res == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsltLoadStyleDocument: read rights for %s denied\n",
+-			     URI);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsltLoadStyleDocument: read rights for %s denied\n",
++                                 URI);
+ 	    return(NULL);
+ 	}
+     }
+diff --git a/libxslt/imports.c b/libxslt/imports.c
+index 874870cc..3783b247 100644
+--- a/libxslt/imports.c
++++ b/libxslt/imports.c
+@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
+ 	int secres;
+ 
+ 	secres = xsltCheckRead(sec, NULL, URI);
+-	if (secres == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsl:import: read rights for %s denied\n",
+-			     URI);
++	if (secres <= 0) {
++            if (secres == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsl:import: read rights for %s denied\n",
++                                 URI);
+ 	    goto error;
+ 	}
+     }
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 13793914..0636dbd0 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
+      */
+     if (ctxt->sec != NULL) {
+ 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
+-	if (ret == 0) {
+-	    xsltTransformError(ctxt, NULL, inst,
+-		 "xsltDocumentElem: write rights for %s denied\n",
+-			     filename);
++	if (ret <= 0) {
++            if (ret == 0)
++                xsltTransformError(ctxt, NULL, inst,
++                     "xsltDocumentElem: write rights for %s denied\n",
++                                 filename);
+ 	    xmlFree(URL);
+ 	    xmlFree(filename);
+ 	    return;
+diff --git a/libxslt/xslt.c b/libxslt/xslt.c
+index 780a5ad7..a234eb79 100644
+--- a/libxslt/xslt.c
++++ b/libxslt/xslt.c
+@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
+ 	int res;
+ 
+ 	res = xsltCheckRead(sec, NULL, filename);
+-	if (res == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsltParseStylesheetFile: read rights for %s denied\n",
+-			     filename);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsltParseStylesheetFile: read rights for %s denied\n",
++                                 filename);
+ 	    return(NULL);
+ 	}
+     }
+-- 
+2.20.1
+
-- 
cgit v1.2.3