subtree updates

poky: 50d272863d..0b3e371116:
  Alistair Francis (1):
        recipes-bsp/opensbi: Fix the u-boot payload name

  Changqing Li (2):
        update-rc.d: update SRCREV and license checksum
        update-rc.d: support enable/disable options

  Chen Qi (2):
        context.py: avoid skipping tests by meaningless command argument
        oeqa: avoid class setup method to run when skipping the whole class

  Joe Slater (1):
        glib-2.0: Fix CVE-2019-12450

  Jonathan Rajotte (1):
        lttng-tools: update to 2.10.7

  Joseph Reynolds (1):
        dropbear: new feature: disable-weak-ciphers

  Joshua Watt (4):
        perl: Improve ptest package reproducibility
        python3: Reformat sysconfig
        perl: Reproducible build fixes
        bash: Remove .build files for reproducible builds

  Martin Jansa (1):
        gcc-runtime.inc: create the correct directory before creating the symlinks in it

  Ricardo Ribalda Delgado (1):
        go: avoid host contamination by GOCACHE

  Ross Burton (1):
        pigz: bump alternative priority

  Tim Orling (1):
        ptest-packagelists.inc: add libmodule-build-perl-ptest

meta-openembedded: 3b245e4fe8..64974b8779:
  Adrian Bunk (9):
        libauthen-radius-perl: Remove manual RDEPENDS from PN-ptest to PN package
        network-manager-applet: Remove obsolete dbus-glib and libnm-glib dependencies
        ndctl: Remove the unnecessary dependency on virtual/kernel
        tipcutils: Remove the unnecessary dependency on virtual/kernel
        xl2tpd: Remove the old 1.3.6 version
        gpsd: Force using python-scons-native for now
        efibootmgr: Remove, was moved to oe-core
        efivar: Remove, was moved to oe-core
        wireless-regdb: Remove, was moved to oe-core

  Andrey Zhizhikin (1):
        cpuburn-arm: add aarch64 machine and build configuration

  Ankit Navik (1):
        safec: Add Safe C license

  Bartosz Golaszewski (1):
        libgpiod: upgrade to v1.4

  Hongxu Jia (1):
        dracut: fix generated initramfs boot failure under bash 5

  Kai Kang (1):
        xfce4-screensaver: 0.1.4 -> 0.1.5

  Khem Raj (5):
        stressapptest: Fix build with libc++
        stressapptest: Implement reading sysfs and use it if sysconf is not there
        stressapptest: Use git SHA instead of git archive
        gmime: Add recipe
        pidgin-sipe: Depend on gmime

  Maciej Pijanowski (1):
        recipes-benchmark/stressapptest_1.0.9.bb: add recipe

  Mingli Yu (3):
        mariadb: Upgrade to 10.3.16
        mozjs: Fix do_patch error for mips64-n32
        python-lxml: replace -Og with -O for mips64-32

  Naveen Saini (1):
        pm-graph: fix multilib build failure

  Nicola Lunghi (1):
        libp11: No need to delete *.la anymore

  Oleksandr Kravchuk (1):
        openconnect: update to 8.03

  Pascal Bach (3):
        protobuf: 3.6.1 -> 3.8.0
        protobuf-c: add patch for protobuf 3 compatibility
        python3-protobuf, python-protobuf: 3.6.1 -> 3.8.0

  Persian Prince (1):
        blueman_%.bbappend: Avoid PAK archive (application/x-pak)

  Saikiran Madugula (1):
        gitver: Pass git directory argument to gitrev_run

  Tim Orling (1):
        libmodule-build-perl: drop, has moved to oe-core

  Yi Zhao (1):
        snort: upgrade 2.9.11.1 -> 2.9.13

  Zang Ruochen (3):
        python-twisted: upgrade 19.2.0 -> 19.2.1
        python-wrapt: upgrade 1.11.1 -> 1.11.2
        python-certifi: upgrade 2019.3.9 -> 2019.6.16

Change-Id: I0c3385628e0382c56c94fa27ba4d14e301c2e558
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

2 files changed, 63 insertions, 0 deletions

diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
new file mode 100644
index 0000000000..59e49195cc
--- /dev/null
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
@@ -0,0 +1,62 @@
+glib-2.0: fix CVE-2019-12450
+
+Not in release 2.61.1.
+
+CVE: CVE-2019-12450
+
+Upstream-Status: Backport [github.com/GNOME/glib.git]
+Signed-off-by: Joe Slater <joe.slater@windrivere.com>
+---
+From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: [PATCH] gfile: Limit access to files when copying
+
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 24b136d80..74b58047c 100644
+--- a/gio/gfile.c
++++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
+         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+                                                                    FALSE, NULL,
+                                                                    flags & G_FILE_COPY_BACKUP,
+-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
+-                                                                   info,
++                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
++                                                                   G_FILE_CREATE_PRIVATE, info,
+                                                                    cancellable, error);
+       else
+         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+-                                                                  FALSE, 0, info,
++                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
+                                                                   cancellable, error);
+     }
+   else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
+       out = (GOutputStream *)g_file_replace (destination,
+                                              NULL,
+                                              flags & G_FILE_COPY_BACKUP,
+-                                             G_FILE_CREATE_REPLACE_DESTINATION,
++                                             G_FILE_CREATE_REPLACE_DESTINATION |
++                                             G_FILE_CREATE_PRIVATE,
+                                              cancellable, error);
+     }
+   else
+     {
+-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
++      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+     }
+ 
+   if (!out)
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
index bb77294e1e..5942241de5 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
            file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
            file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
+           file://CVE-2019-12450.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"