poky: subtree update:488e39b623..c8075ed8f1

Alejandro Hernandez Samaniego (1):
      bitbake: fetch2/wget: Avoid crashing when connection drops mid checkstatus

Alexander Kanavin (17):
      webkit/wpe: only check even versions
      syslinux: use NO_INLINE_FUNCS in CFLAGS
      dosfstools: update 4.1 -> 4.2
      e2fsprogs: update 1.45.7 -> 1.46.1
      elfutils: update 0.182 -> 0.183
      meson: update 0.56.2 -> 0.57.1
      perl: update 5.32.0 -> 5.32.1
      openssl: address ptest failures caused by perl 5.32.1
      ptest-perl/run-ptest: address failures caused by perl 5.32.1
      pango: update 1.48.0 -> 1.48.2
      vulkan-samples: update to latest revision
      webkitgtk: update 2.30.4 -> 2.30.5
      libgcrypt: update 1.8.7 -> 1.9.2
      pinentry: update 1.1.0 -> 1.1.1
      libmd: add a recipe
      libbsd: udpate 0.10.0 -> 0.11.3
      scripts/lib/wic/partition.py: do not set FAT size

Charlie Davies (2):
      bitbake: bitbake: providers: fix incorrect return type bug
      bitbake: bitbake: providers: use pythonic empty list check

Colin Finck (1):
      dosfstools: Build --without-iconv

Diego Santa Cruz (4):
      packagegroup-base: use amixer instead of alsamixer
      packagegroup-base: do not force hdparm and e2fsprogs
      sysklogd: do not open any network sockets by default
      createrepo-c: set path to magic database for native and nativesdk

Dorinda (7):
      gdb-common.inc: add PACKAGECONFIG for debuginfod
      meta/recipes-bsp: Add HOMEPAGE / DESCRIPTION
      meta/recipes-connectivity: Add HOMEPAGE / DESCRIPTION
      meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
      meta/recipes-core: Add HOMEPAGE / DESCRIPTION
      scripts/oe-debuginfod: script that fetches package manager directory
      binutils: add PACKAGECONFIG for debuginfod

Florian Bezdeka (1):
      wic: Warn if an ext filesystem affected by the Y2038 problem is used

He Zhe (1):
      glibc: Disable CPU ISA level requirement check

Jan Brzezanski (1):
      bitbake: Force parser shutdown after catching an exception

Jan-Simon Moeller (1):
      Add core-image-weston to reproducible build tests

Jan-Simon Möller (2):
      reproducible_builds: SOURCE_DATE_EPOCH should not be 0
      oe-selftests: add rpm to reproducible build selftest

Jate Sujjavanich (1):
      iputils: Fix cap_net_raw for installed binaries

Joel Stanley (1):
      conf/machine-sdk: Add ppc64le SDK machine

Joshua Watt (2):
      bitbake: event: Fix broken builds when multiconfig has a hyphen in the name
      diffoscope: Add python3-rpm as dependency

Khem Raj (23):
      nettle: Upgrade to 3.7.1
      runqemu: Add new option to disable vga emulation
      linuxloader: Deal with little-endian ppc64 ldso name
      musl: Install /lib directory
      goarch.bbclass: Fix ppc64le detection
      bitbake.conf: Do not use lib64 for baselib on musl/ppc64
      glibc: Build for power9 cpu when using powerpc64le tunes
      tune-power9: Enable qemu-usermode
      selftest: Replace building dep tool with direnv
      goarch: Use softfloat instead of 387 for 386 goarch
      go: Upgrade compiler to 1.16 major release
      go: Enable CGO and pie buildmode on rv64
      go-helloworld: Turn into a go module enabled build
      binutils: Upgrade to 2.36.1 release
      llvm: Upgrade to 11.1.0 release
      oeqa/pam: Need shadow installed for the tests
      glibc: Fix rawmemchr
      rxvt-unicode: Do not use throw specifications
      llvm: Fix build with c++17
      dtc: Fix array-bounds error
      puzzles: Fix stringop-overflow warning
      igt-gpu-tools: Fix warnings with gcc 11
      kea: Fix configure test error with gcc11

Klaus Heinrich Kiwi (1):
      kernel-fitimage: Don't use unit addresses on FIT

Martin Jansa (3):
      sstatesig.py: show an error instead of warning when sstate manifest isn't found
      glib-2.0: replace THISDIR instead of COREBASE in find_meson_cross_files --cross-file paths
      coreutils: use u-a for base32

Meh Mbeh Ida Delphine (7):
      licenses: Update license file to match current SPDX names
      recipes-gnome: Add missing HOMEPAGE and DESCRIPTION for recipes
      recipes-graphics: Add missing HOMEPAGE and DESCRIPTION for recipes.
      recipes-kernel: Add missing HOMEPAGE and DESCRIPTION for recipes.
      recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes.
      recipes-sato: Add missing HOMEPAGE and DESCRIPTION for recipes
      recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipes

Michael Halstead (2):
      releases: update to include 3.2.2
      releases: update to include 3.1.6

Mike Crowe (2):
      externalsrc: Pass through npmsw URIs in SRC_URI
      gcc-sanitizers: Move content from gcclibdir into libdir

Milan Shah (1):
      report-error.bbclass: Add layer and bitbake version info to error report

Mingli Yu (1):
      python3: Fix python interpreter line length for nativesdk

Oleksandr Kravchuk (4):
      python3: update to 3.9.2
      ell: update to 0.38
      net-tools: update to 2.10
      busybox: update 1.33.0

Peter Kjellerstedt (1):
      asciidoc: Switch to using the main branch

Randy MacLeod (3):
      Add libgit2, libssh2 from meta-oe for rust
      libssh2: pull in additional commits from meta-oe
      libgit2: pull in updates from meta-oe

Richard Purdie (61):
      maintainers: Update email address for Victor
      figures/yp-how-it-works-new-diagram.png: Fix spelling error underline
      recipes: Update common-licenses references to match new names
      licenses.conf: Add missing 'or-later' mappings
      licenses: Fix canonical license for 'or-later' handling
      licenses: Update INCOMPATIBLE_LICENSE for 'or-later' handling
      license_image: Don't canonicalise INCOMPATIBLE_LICENSE
      selftest/incompatible_lic: Update the tests after the 'or-later' license handling changes
      gma500-gfx-check: Update licence to match changes in OE-Core
      diffoscope: Upgrade 166 -> 167
      linux-firmware: upgrade 20201218 -> 20210208
      python3-pycryptodome/pycryptodomex: upgrade 3.9.9 -> 3.10.1
      apt: Upgrade 1.8.2.1 -> 1.8.2.2
      python3-magic: upgrade 0.4.18 -> 0.4.20
      libproxy: Avoid /etc/sysconfig determinism issue
      rsync: Fix a file sorting determinism issue
      rsync: Fix group name determinism issue
      libcap-ng: Fix python bindings determinism issue
      libcap-ng: Replace python patch with a better fix
      libevdev: Update patch status to backport
      ca-certificates: Clean up two patches and submit upstream
      libpcre: Drop old/stale patch
      diffoscope: Ensure the correct magic file is used
      babeltrace2: Fix reproducibility
      reproducible: Improve SOURCE_DATE_EPOCH_FALLBACK handling
      selftest/reproducible: Remove exclusions for recipes which now reproduce
      diffoscope: Ensure rpm is configured correctly
      package/package_rpm: Disable font_provides configuration for reproducibilty
      fonts: Bump HASHEQUIV_HASH_VERSION after rpmdeps change
      reproduce: Fix exclusion list for rpm
      maintainers: add entries libssh2 libgit2
      cups: Fix reproducibility issues
      gcr: Fix reproducibility issue
      rsync: Update patch status
      gtk-doc: Fix reproducibility issue
      epiphany: Fix reproducibility issue
      epiphany: Fix distributor contamination from /etc/os-release
      gst-devtools: Fix reproducibility issue
      parted: Fix reproducibility issue
      libsecret: Improve determimism
      libhandy: Fix reproducibility issue
      selftest/reproducible: Don't call sync between each file compare
      image: Add directories to PSEUDO_IGNORE_PATHS
      populate_sdk: Add directories to PSEUDO_IGNORE_PATHS
      bitbake.conf/image: Move image specific PSEUDO_IGNORE_PATHS to image class
      bitbake.conf: Split PSEUDO_IGNORE_PATHS to be more readable
      bootchart2: Fix manpage reproducibility issue
      igt-gpu-tools: Fix reproducibility issue
      libid3tag: Fix reproducibility issue
      apr-util: Fix CFLAGS used in build
      gstreamer1.0-python: Set internal python library path correcty
      diffoscope: Upgrade 167 -> 168
      syslinux: Fix reproducibility issues
      swig: Fix reproducibility issue
      efivar: Fix reproducibility issue
      systemd-bootchart: Disable LTO to fix reproducibility
      selftest/reproducible: Add ability to pull some objects from sstate
      qemu: Determinism fixes
      lttng: Fix reproducibility issues
      ltp: Fixing determinism issues
      python3-cython: Remove build paths from debug sources

Ross Burton (1):
      grub: shuffle packaging for aarch64 builds

Scott Murray (1):
      screen: fix CVE-2021-26937

Stefan Ghinea (2):
      wpa-supplicant: fix CVE-2021-0326
      cups: fix CVE-2020-10001

Tomasz Dziendzielski (1):
      bitbake.conf: Introduce FAKEROOTLOGS variable used by bitbake to print pseudo.log

Vivien Didelot (1):
      systemd: Fix importd requirements comment

Wang Mingyu (12):
      util-linux: upgrade 2.36.1 -> 2.36.2
      xkeyboard-config: upgrade 2.31 -> 2.32
      liburcu: upgrade 0.12.1 -> 0.12.2
      lttng-ust: upgrade 2.12.0 -> 2.12.1
      openssl: upgrade 1.1.1i -> 1.1.1j
      bluez5: upgrade 5.55 -> 5.56
      libxcrypt: upgrade 4.4.17 -> 4.4.18
      nfs-utils: upgrade 2.5.2 -> 2.5.3
      ccache: upgrade 4.1 -> 4.2
      eudev: upgrade 3.2.9 -> 3.2.10
      glslang: upgrade 11.1.0 -> 11.2.0
      iproute2: upgrade 5.10.0 -> 5.11.0

Yi Fan Yu (3):
      libnl: add ptest support
      gdb: Remove "ALLOW_EMPTY_gdbserver" on riscv
      valgrind: Increase timeout duration 30 -> 90 s

zhengruoqin (8):
      glibc-package.inc: Fix arm multlib header issue with struct_stat.h
      glibc: Unify wordsize.h with arm multilibs
      libxcrypt-compat: upgrade 4.4.17 -> 4.4.18
      log4cplus: upgrade 2.0.5 -> 2.0.6
      python3-cython: upgrade 0.29.21 -> 0.29.22
      python3-git: upgrade 3.1.13 -> 3.1.14
      sysvinit: upgrade 2.98 -> 2.99
      python3-magic: upgrade 0.4.20 -> 0.4.22

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I69b5102d327da636a9c36642b46841e4341368d8

2 files changed, 77 insertions, 0 deletions

diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index e7a704134c..244c87001f 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.t
            file://0004-cups-fix-multilib-install-file-conflicts.patch \
            file://volatiles.99_cups \
            file://cups-volatiles.conf \
+           file://CVE-2020-10001.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases"
@@ -54,6 +55,8 @@ EXTRA_OECONF = " \
                --enable-debug \
                --disable-relro \
                --enable-libusb \
+               --with-system-groups=lpadmin \
+               --with-cups-group=lp \
                --with-domainsocket=/run/cups/cups.sock \
                DSOFLAGS='${LDFLAGS}' \
                "
diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2020-10001.patch b/poky/meta/recipes-extended/cups/cups/CVE-2020-10001.patch
new file mode 100644
index 0000000000..09a0a5765d
--- /dev/null
+++ b/poky/meta/recipes-extended/cups/cups/CVE-2020-10001.patch
@@ -0,0 +1,74 @@
+From efbea1742bd30f842fbbfb87a473e5c84f4162f9 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 1 Feb 2021 15:02:32 -0500
+Subject: [PATCH] Fix a buffer (read) overflow in ippReadIO (CVE-2020-10001)
+
+Upstream-Status: Backport
+CVE: CVE-2020-10001
+
+Reference to upstream patch:
+[https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9]
+
+[SG: Addapted for version 2.3.3]
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+---
+ CHANGES.md | 2 ++
+ cups/ipp.c | 8 +++++---
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGES.md b/CHANGES.md
+index df72892..5ca12da 100644
+--- a/CHANGES.md
++++ b/CHANGES.md
+@@ -4,6 +4,8 @@ CHANGES - 2.3.3 - 2020-04-24
+ Changes in CUPS v2.3.3
+ ----------------------
+ 
++- Security: Fixed a buffer (read) overflow in the `ippReadIO` function
++  (CVE-2020-10001)
+ - CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
+   constraint.  `ppdcSource::get_resolution` function did not handle
+   invalid resolution strings.
+diff --git a/cups/ipp.c b/cups/ipp.c
+index 3d52934..adbb26f 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2866,7 +2866,8 @@ ippReadIO(void       *src,		/* I - Data source */
+   unsigned char		*buffer,	/* Data buffer */
+ 			string[IPP_MAX_TEXT],
+ 					/* Small string buffer */
+-			*bufptr;	/* Pointer into buffer */
++			*bufptr,	/* Pointer into buffer */
++			*bufend;	/* End of buffer */
+   ipp_attribute_t	*attr;		/* Current attribute */
+   ipp_tag_t		tag;		/* Current tag */
+   ipp_tag_t		value_tag;	/* Current value tag */
+@@ -3441,6 +3442,7 @@ ippReadIO(void       *src,		/* I - Data source */
+ 		}
+ 
+                 bufptr = buffer;
++                bufend = buffer + n;
+ 
+ 	       /*
+ 	        * text-with-language and name-with-language are composite
+@@ -3454,7 +3456,7 @@ ippReadIO(void       *src,		/* I - Data source */
+ 
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
+-		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
++		if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
+ 		{
+ 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+ 		                _("IPP language length overflows value."), 1);
+@@ -3481,7 +3483,7 @@ ippReadIO(void       *src,		/* I - Data source */
+                 bufptr += 2 + n;
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
+-		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
++		if ((bufptr + 2 + n) > bufend)
+ 		{
+ 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+ 		                _("IPP string length overflows value."), 1);
+-- 
+2.17.1
+