poky: subtree update:7035b4b21e..a616ffebdc

Adrian Bunk (3):
      python3: Upgrade 3.7.4 -> 3.7.5
      lz4: Whitelist CVE-2014-4715
      iputils: Whitelist CVE-2000-1213 CVE-2000-1214

Alex Kube (1):
      go: Refactor patches for 1.13.3

Andreas Müller (2):
      vte: upgrade 0.56.3 -> 0.58.2
      webkitgtk: upgrade 2.26.1 -> 2.26.2

Andreas Oberritter (3):
      glibc: move ldconfig to its own package
      package.bbclass: Always include ldconfig fragment
      systemd: Add runtime dependency on new ldconfig package

André Draszik (1):
      libevent: update packaging (one package per shared library)

Anuj Mittal (1):
      libsdl2: fix race when building in parallel

Armin Kuster (13):
      oeqa/core: Add a check for MACHINE
      oeqa/core: Add qemu checks
      oeqa/manual/bsp-qemu: remove rpm tests already done in runtime
      oeqa/manual/bsp-qemu: remove KVM enabled which is already done in selftest runqemu
      oeqa/manual/bsp-qemu: drop xserver test done at runtime
      oeqa/manual/bsp-qemu: remove only_one_connmand_in_background test done at runtime
      oeqa/manual/bsp-qemu: remove postinit test done w/selftest runtime
      oeqa/manual/bsp-qemu: remove manual bash test
      oeqa/manual/bsp-qemu: remove manual useradd test
      oeqa/selftest/oescripts: move list-packageconfig-flags tests from manual to self
      oeqa/manua/oe-core: remove manual PACKAGECONFIG_FLAGS tests
      oeqa/selftest/runtime_test: add crosstab selftest
      oeqa/manual/oe-core: remove crosstab test from manual

Changhyeok Bae (1):
      iproute2: update 5.2.0 -> 5.3.0

Chee Yang Lee (1):
      wic: beautify 'wic help'

Chris Laplante via bitbake-devel (7):
      bitbake: contrib/vim: More Python indenting; move indent file to correct directory
      bitbake: contrib/vim: Special handling of bb.fatal
      bitbake: contrib/vim: don't redeclare indenter
      bitbake: contrib/vim: renaming & comments
      bitbake: contrib/vim: indenting for assignments; tweak Python indenting
      bitbake: contrib/vim: handle shell indenting
      bitbake: contrib/vim: Add copyright and license notice

Denys Dmytriyenko (1):
      buildhistory: fix "version went backwards" QA error message

Gavin Li (1):
      bitbake: prserv: fix ResourceWarning due to unclosed socket

Haris Okanovic (8):
      isoimage-isohybrid.py: Parameterize ESP label
      isoimage-isohybrid.py: Parameterize ESP partition size
      initscripts/sysfs.sh: Mount /sys/firmware/efi/efivars when possible
      gnupg: Split gpg and gpg-agent into a minimal gnupg-gpg package
      opkg: RDEPEND "gnupg-gpg" instead of "gnupg"
      gnupg/libksba/npth/pinentry: Add nativesdk to BBCLASSEXTEND
      meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexer
      dhcp: Workaround busybox limitation in Linux dhclient-script

Ivan Efimov (1):
      bitbake: bitbake-worker child process create group before registering SIGTERM handler

Jacob Kroon (2):
      rm_work: Promote do_image_qa stamps to setscene versions
      rm_work: Simplify logic for setscene promotion

Jagadeesh Krishnanjanappa (1):
      tune-cortexa32: Fix libgcc-initial build issue for cortex-a32

Joshua Watt (4):
      oeqa: reproducible: Add option to capture bad packages
      icecc-create-env: Use OE patchelf in SDK
      mc: Fix build reproducibility
      wayland: Fix wayland-scanner build for MinGW

Khem Raj (4):
      libtirpc: Do not include bits/endian.h directly
      strace: Fix ptest build
      libnsl2: Update to latest master
      strace: Fix build found with 64bit time_t/musl

Liwei Song (1):
      buildtools-tarball: export OPENSSL_CONF for openssl

Mark Hatle (1):
      populate_sdk_ext.bbclass: Make integrated buildtools optional

Maxime Roussin-Bélanger (1):
      meta: add missing description for some recipes in graphics

Mikko Rapeli (1):
      harfbuzz: split libharfbuzz-subset.so to its own binary package

Oleksandr Kravchuk (1):
      git: update to 2.24.0

Paul Barker (1):
      scripts/native-intercept: Add chgrp intercept

Peter Kjellerstedt (3):
      sysstat: Correct our systemd unit file
      sysstat: Correct when to use the package provided systemd unit files
      bitbake: cooker: Remove a left-over comment about expanded_data

Richard Purdie (9):
      bitbake: fetch2: Ensure cached url data is matched to a datastore
      staging: Handle files moving between dependencies
      sstate: Add ability to hide summary output for sstate
      selftest/signing: Fix test_locked_signatures to use a temporary layer
      dhcp/ruby/ffpmeg: Use CFLAGS, not TARGET_CFLAGS
      bitbake: runqueue: Improve sstate rehashing output
      pseudo: Add statx support to fix fedora30 issues
      pseudo: Drop static linking to sqlite3
      sqlite3: Drop pic as we no longer need the sqlite3 static lib

Ross Burton (16):
      file: fix CVE-2019-18218
      file: remove redundant upstream check workaround
      file: run test suite when building natively
      patch: the CVE-2019-13638 fix also handles CVE-2018-20969
      libpng: whitelist CVE-2019-17371
      procps: whitelist CVE-2018-1121
      libsndfile1: whitelist CVE-2018-13419
      libpam: set CVE_PRODUCT
      libsoup: set CVE_PRODUCT
      libsoup-2.4: upgrade to 2.66.4
      insane: improve textrel warning message
      libsoup: update patch upstream status
      acpica: upgrade to 20191018
      ovmf: unify DEPENDS
      cve-check: we don't actually need to unpack to check
      cve-update-db-native: don't refresh more than once an hour

Samuli Piippo (1):
      linux-firmware: update packaging for brcm files

Scott Rifenbark (3):
      ref-manual: Completed the 3.0 migration section.
      mega-manual: Updated mega-manual Bitbake manual search path
      ref-manual: Removed blank lines from 3.0 migratrion section.

Stefan Agner (1):
      dbus: drop unused group netdev

Torbjörn Svensson (1):
      psplash: Do mount psplash tmpfs if not mounted

Trevor Gamblin (1):
      python3-misc: add python3-audio to RDEPENDS

Volker Vogelhuber (1):
      bitbake: fetch2/hg: Fix various runtime issues

Yeoh Ee Peng (4):
      scripts/resulttool/report: Enable report to use regression_map
      scripts/resulttool/report: Enable output raw test results
      scripts/resulttool/report: Add total statistic to test result.
      resulttool/store.py: Enable add extra test environment data

Yongxin Liu (2):
      systemd: Fix invalid argument of pstore log entry
      ltp: Add "udevadm trigger" before swap verification in mkswap01.sh

Zang Ruochen (8):
      ruby:upgrade 2.6.4 -> 2.6.5
      ethtool:upgrade 5.2 -> 5.3
      libdrm:upgrade 2.4.99 -> 2.4.100
      libcheck:upgrade 0.12.0 -> 0.13.0
      curl:upgrade 7.66.0 -> 7.67.0
      libinput:upgrade 1.14.1 -> 1.14.3
      python3-six:upgrade 1.12.0 -> 1.13.0
      libedit: upgrade 20190324 -> 20191025

Zhixiong Chi (1):
      libtirpc: create the symbol link for rpc header files

grygorii tertychnyi (1):
      archiver: avoid empty incfile in ar_recipe

Change-Id: Ice596e426e4533d7568a82bcbb21efdfc19e21e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

2 files changed, 61 insertions, 4 deletions

diff --git a/poky/meta/recipes-devtools/file/file/CVE-2019-18218.patch b/poky/meta/recipes-devtools/file/file/CVE-2019-18218.patch
new file mode 100644
index 0000000000..3d02c5ad4b
--- /dev/null
+++ b/poky/meta/recipes-devtools/file/file/CVE-2019-18218.patch
@@ -0,0 +1,55 @@
+cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
+number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte
+out-of-bounds write).
+
+CVE: CVE-2019-18218
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+---
+ src/cdf.c | 9 ++++-----
+ src/cdf.h | 1 +
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 9d6396742..bb81d6374 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1016,8 +1016,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1060,8 +1061,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554b7..05056668f 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1
diff --git a/poky/meta/recipes-devtools/file/file_5.37.bb b/poky/meta/recipes-devtools/file/file_5.37.bb
index c53a120b84..a96ccc0d39 100644
--- a/poky/meta/recipes-devtools/file/file_5.37.bb
+++ b/poky/meta/recipes-devtools/file/file_5.37.bb
@@ -11,10 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
 DEPENDS = "zlib file-replacement-native"
 DEPENDS_class-native = "zlib-native"
 
-# Blacklist a bogus tag in upstream check
-UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)"
-
-SRC_URI = "git://github.com/file/file.git"
+SRC_URI = "git://github.com/file/file.git \
+           file://CVE-2019-18218.patch"
 
 SRCREV = "a0d5b0e4e9f97d74a9911e95cedd579852e25398"
 S = "${WORKDIR}/git"
@@ -31,6 +29,10 @@ EXTRA_OEMAKE_append_class-nativesdk = "-e FILE_COMPILE=${STAGING_BINDIR_NATIVE}/
 
 FILES_${PN} += "${datadir}/misc/*.mgc"
 
+do_compile_append_class-native() {
+	oe_runmake check
+}
+
 do_install_append_class-native() {
 	create_cmdline_wrapper ${D}/${bindir}/file \
 		--magic-file ${datadir}/misc/magic.mgc