poky: subtree update:20946c63c2..c17113f1e2

Adrian Bunk (3):
      shadow: musl now supports secure_getenv
      kmod: Replace dolt hacks with backport of upstream dolt removal
      btrfs-tools: Add a PACKAGECONFIG for zstd

Alexander Kanavin (12):
      linux-yocto: add drm-bochs support
      mesa: fix upstream version check
      conf/conf-notes.txt: add a mention of common tools
      conf/conf-notes.txt: add a mention of common tools
      gtk-doc: upgrade 1.30 -> 1.31
      desktop-file-utils: upgrade 0.23 -> 0.24
      libdazzle: upgrade 3.32.2 -> 3.32.3
      rt-tests: exclude another development version
      vala: upgrade 0.44.5 -> 0.44.7
      epiphany: upgrade 3.32.3 -> 3.32.4
      libmodulemd: depend on target python at build time
      createrepo-c: upgrade 0.14.3 -> 0.15.0

Alistair Francis (3):
      qemu: Upgrade to version 4.1
      scripts/runqemu: Add support for the BIOS variable
      qemuriscv64: Specify the firmware as a bios instead of kernel

Anuj Mittal (2):
      binutils: fix CVE-2019-14250 CVE-2019-14444
      patch: backport fixes

Bruce Ashfield (6):
      kernel-devsrc: tweak for v5.3+
      kern-tools: Add SPDX license headers to source files
      linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
      kernel-yocto: import security fragments from meta-security
      kconf_check: tweak CONFIG_ regex
      linux-yocto/4.19: make drm-bochs feature available

Changqing Li (2):
      dbus: disable test-bus
      qemumips/qemumips64: move QB_SYSTEM_NAME to corresponding conf

Chen Qi (1):
      target-sdk-provides-dummy: extend packages for multilib case

He Zhe (2):
      ltp: Fix tgkill03 failure
      ltp: Fix ustat02 failure

Hongxu Jia (3):
      nfs-utils: decrease RLIMIT_NOFILE to 4k for systemd
      distcc: upgrade 3.3.2 -> 3.3.3
      ncurses: upgrade 6.1+20181013 -> 6.1+20190803

Jaewon Lee (1):
      devtool: build: Also run deploy for devtool build if applicable

Jason Wessel (2):
      cross-localedef-native: Add hardlink resolver from util-linux
      libc-package.bbclass: Split locale hard link processing into two parts

Jon Mason (1):
      resulttool: Prevent multiple results for the same test

Kai Kang (1):
      webkitgtk: disable gold on mipsn32

Kevin Hao (1):
      psplash: Avoid mount the psplash tmpfs twice

Khem Raj (10):
      musl: Update to latest tip
      systemd: Drop musl __secure_getenv patch
      mesa: Add packageconfigs for vc4 and v3d
      util-linux: Make pam specific logic apply to target recipe alone
      systemd.bbclass: Limit rm_sysvinit_initddir and rm_systemd_unitdir to target alone
      systemd: Refresh patch after removal of __secure_getenv patch
      gcc-9: Upgrade to 9.2
      gcc: Search in OE specific target gcclibdir
      opensbi: Disable SECURITY_CFLAGS since it cant link with libssp
      libffi: Upgrade to 3.3-rc0

Lei Maohui (2):
      nativesdk-qemu: support aarch64_be.
      at: fix a spelling mistake.

Mikko Rapeli (1):
      stress-ng: provide stress

Mingli Yu (1):
      python3: fix the test_locale output format

Oleksandr Kravchuk (8):
      ffmpeg: update to 4.2
      python-setuptools: update to 41.1.0
      python3-scons: update to 3.1.1
      ofono: update to 1.30
      bitbake.conf: fix XORG_MIRROR URL
      cups: update to 2.2.12
      git: update to 2.23.0
      python-setuptools: update to 41.2.0

Otavio Salvador (2):
      linux-firmware: Upgrade 20190618 -> 20190815
      kmscube: Bump revision to f632b23

Philippe Normand (1):
      libtasn1: Enable nativesdk support

Ricardo Ribalda Delgado (1):
      packagegroup-core-base-utils: Make it machine specific

Richard Purdie (7):
      yocto-check-layer: Ensure we use OEBasicHash as the signature handler
      package: Fix race between do_package and do_packagedata
      bitbake: cookerdata: Delay the setup of the siggen slightly to allow metadata defined siggens
      bitbake: runqueue: Small but critical fix
      bitbake: runqueue: Optimise holdoff task handling
      bitbake: runqueue: Further optimise holdoff tasks
      bitbake: runqueue: Optimise build_taskdepdata slightly

Ross Burton (2):
      systemd: add PACKAGECONFIG for gnu-efi
      pango: upgrade to 1.44.5

Trevor Gamblin (2):
      quilt: Export QUILT_PC variable in ptest Makefile
      quilt: added less to RDEPENDS list

Wes Lindauer (5):
      iw: Fix license field to BSD-2-Clause
      openssh: Update LICENSE field with missing values
      shadow: Fix BSD license file checksum
      sudo: Fix BSD license file checksum
      libunwind: Fix MIT license file checksum

Yuan Chao (1):
      libnss-nis: upgrade 3.0 -> 3.1

Zang Ruochen (3):
      acpid: upgrade 2.0.31 -> 2.0.32
      lz4:upgrade 1.9.1 -> 1.9.2
      python3-pip:upgrade 19.2.1 -> 19.2.2

Change-Id: I2068692bfdbbf18f892761a12f85e913b8212f3f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

3 files changed, 175 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
new file mode 100644
index 0000000000..9891526e4e
--- /dev/null
+++ b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
@@ -0,0 +1,93 @@
+From 7f770b9c20da1a192dad8cb572a6391f2773285a Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Thu, 3 May 2018 14:31:55 +0200
+Subject: [PATCH 1/2] Don't leak temporary file on failed ed-style patch
+
+Now that we write ed-style patches to a temporary file before we
+apply them, we need to ensure that the temporary file is removed
+before we leave, even on fatal error.
+
+* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+  tmpname. Don't unlink the file directly, instead tag it for removal
+  at exit time.
+* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/common.h |  2 ++
+ src/pch.c    | 12 +++++-------
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/common.h b/src/common.h
+index ec50b40..22238b5 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -94,10 +94,12 @@ XTERN char const *origsuff;
+ XTERN char const * TMPINNAME;
+ XTERN char const * TMPOUTNAME;
+ XTERN char const * TMPPATNAME;
++XTERN char const * TMPEDNAME;
+ 
+ XTERN bool TMPINNAME_needs_removal;
+ XTERN bool TMPOUTNAME_needs_removal;
+ XTERN bool TMPPATNAME_needs_removal;
++XTERN bool TMPEDNAME_needs_removal;
+ 
+ #ifdef DEBUGGING
+ XTERN int debug;
+diff --git a/src/pch.c b/src/pch.c
+index 16e001a..c1a62cf 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char const *outname,
+     file_offset beginning_of_this_line;
+     size_t chars_read;
+     FILE *tmpfp = 0;
+-    char const *tmpname;
+     int tmpfd;
+     pid_t pid;
+ 
+@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname,
+ 	   invalid commands and treats the next line as a new command, which
+ 	   can lead to arbitrary command execution.  */
+ 
+-	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++	tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
+ 	if (tmpfd == -1)
+-	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++        pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
++        TMPEDNAME_needs_removal = true;
+ 	tmpfp = fdopen (tmpfd, "w+b");
+ 	if (! tmpfp)
+-	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++        pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
+       }
+ 
+     for (;;) {
+@@ -2449,8 +2449,7 @@ do_ed_script (char const *inname, char const *outname,
+       write_fatal ();
+ 
+     if (lseek (tmpfd, 0, SEEK_SET) == -1)
+-      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+-
++        pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+     if (! dry_run && ! skip_rest_of_patch) {
+ 	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ 	*outname_needs_removal = true;
+@@ -2482,7 +2481,6 @@ do_ed_script (char const *inname, char const *outname,
+     }
+ 
+     fclose (tmpfp);
+-    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {
+-- 
+2.17.0
+
diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
new file mode 100644
index 0000000000..d6a219a1b1
--- /dev/null
+++ b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
@@ -0,0 +1,80 @@
+From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 7 May 2018 15:14:45 +0200
+Subject: Don't leak temporary file on failed multi-file ed-style patch
+
+The previous fix worked fine with single-file ed-style patches, but
+would still leak temporary files in the case of multi-file ed-style
+patch. Fix that case as well, and extend the test case to check for
+it.
+
+* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+  the next file in a patch.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/patch.c    |  1 +
+ tests/ed-style | 31 +++++++++++++++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ 	    }
+ 	  remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ 	}
++      remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+ 
+       if (! skip_rest_of_patch && ! file_type)
+ 	{
+diff --git a/tests/ed-style b/tests/ed-style
+index 6b6ef9d..504e6e5 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -38,3 +38,34 @@ EOF
+ check 'cat foo' <<EOF
+ foo
+ EOF
++
++# Test the case where one ed-style patch modifies several files
++
++cat > ed3.diff <<EOF
++--- foo
+++++ foo
++1c
++bar
++.
++--- baz
+++++ baz
++0a
++baz
++.
++EOF
++
++# Apparently we can't create a file with such a patch, while it works fine
++# when the file name is provided on the command line
++cat > baz <<EOF
++EOF
++
++check 'patch -e -i ed3.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++bar
++EOF
++
++check 'cat baz' <<EOF
++baz
++EOF
+-- 
+cgit v1.0-41-gc330
+
diff --git a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
index 8908910f74..5d7f55f8dc 100644
--- a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -8,6 +8,8 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
             file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
             file://CVE-2019-13636.patch \
             file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
+            file://0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch \
+            file://0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch \
 "
 
 SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"