poky: subtree update:52a625582e..7035b4b21e

Adrian Bunk (9):
      squashfs-tools: Upgrade to 4.4
      screen: Upgrade 4.6.2 -> 4.7.0
      stress-ng: Upgrade 0.10.00 -> 0.10.08
      nspr: Upgrade 4.21 -> 4.23
      gcc: Remove stale gcc 8 patchfile
      gnu-efi: Upgrade 3.0.9 -> 3.0.10
      python3-numpy: Stop shipping manual config files
      coreutils: Move stdbuf into an own package coreutils-stdbuf
      gnu-efi: Upgrade 3.0.10 -> 3.0.11

Alessio Igor Bogani (1):
      systemtap: support usrmerge

Alexander Hirsch (1):
      libksba: Fix license specification

Alexander Kanavin (6):
      gcr: update to 3.34.0
      btrfs-tools: update to 5.3
      libmodulemd-v1: update to 1.8.16
      selftest: skip virgl test on centos 7 entirely
      nfs-utils: do not depend on bash unnecessarily
      selftest: add a test for gpl3-free images

Alistair Francis (4):
      opensbi: Bump from 0.4 to 0.5
      u-boot: Bump from 2019.07 to 2019.10
      qemuriscv64: Build smode U-Boot
      libsdl2: Fix build failure when using mesa 19.2.1

Andreas Müller (4):
      adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
      gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
      IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
      libical: add PACKAGECONFIG glib and enable it by default

André Draszik (10):
      testimage.bbclass: support hardware-controlled targets
      testimage.bbclass: enable ssh agent forwarding
      oeqa/runtime/df: don't fail on long device names
      oeqa/core/decorator: add skipIfFeature
      oeqa/runtime/opkg: skip install on read-only-rootfs
      oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
      ruby: update to v2.6.4
      ruby: some ptest fixes
      oeqa/runtime/context.py: ignore more files when loading controllers
      connman: mark connman-wait-online as SYSTEMD_PACKAGE

Bruce Ashfield (6):
      linux-yocto/4.19: update to v4.19.78
      linux-yocto/5.2: update to v5.2.20
      perf: fix v5.4+ builds
      perf: create directories before copying single files
      perf: add 'cap' PACKAGECONFIG
      perf: drop 'include' copy

Carlos Rafael Giani (12):
      gstreamer1.0: upgrade to version 1.16.1
      gstreamer1.0-plugins-base: upgrade to version 1.16.1
      gstreamer1.0-plugins-good: upgrade to version 1.16.1
      gstreamer1.0-plugins-bad: upgrade to version 1.16.1
      gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
      gstreamer1.0-libav: upgrade to version 1.16.1
      gstreamer1.0-vaapi: upgrade to version 1.16.1
      gstreamer1.0-omx: upgrade to version 1.16.1
      gstreamer1.0-python: upgrade to version 1.16.1
      gstreamer1.0-rtsp-server: upgrade to version 1.16.1
      gst-validate: upgrade to version 1.16.1
      gstreamer: Change SRC_URI to use HTTPS access instead of HTTP

Changqing Li (4):
      qemu: Fix CVE-2019-12068
      python: Fix CVE-2019-10160
      sudo: fix CVE-2019-14287
      mdadm: fix do_package failed when changed local.conf but not cleaned

Chee Yang Lee (2):
      wic/help: change 'wic write' help description
      wic/engine: use 'linux-swap' for swap file system

Chen Qi (3):
      go: fix CVE-2019-16276
      python3: fix CVE-2019-16935
      python: fix CVE-2019-16935

Chris Laplante via bitbake-devel (2):
      bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
      bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'

Christopher Larson (2):
      bitbake: fetch2/git: fetch shallow revs when needed
      bitbake: tests/fetch: add test for fetching shallow revs

Dan Callaghan (1):
      elfutils: add PACKAGECONFIG for compression algorithms

Douglas Royds via Openembedded-core (1):
      icecc: Export ICECC_CC and friends via wrapper-script

Eduardo Abinader (1):
      devtool: add ssh key option to deploy-target param

Eugene Smirnov (1):
      wic/rawcopy: Support files in sub-directories

Ferry Toth (1):
      sudo: Fix fetching sources

Frazer Leslie Clews (2):
      makedevs: fix format strings in makedevs.c in print statements
      makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf

George McCollister (1):
      openssl: make OPENSSL_ENGINES match install path

Haiqing Bai (1):
      unfs3: fixed the issue that unfsd consumes 100% CPU

He Zhe (1):
      ltp: Fix overcommit_memory failure

Hongxu Jia (1):
      openssh: fix CVE-2019-16905

Joe Slater (2):
      libtiff: fix CVE-2019-17546
      libxslt: fix CVE-2019-18197

Kai Kang (1):
      bind: fix CVE-2019-6471 and CVE-2018-5743

Liwei Song (1):
      util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]

Mattias Hansson (1):
      base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot

Max Tomago (1):
      python-native: Remove debug.patch

Maxime Roussin-Bélanger (2):
      meta: update and add missing homepage/bugtracker links
      meta: add missing description in recipes-gnome

Michael Ho (1):
      cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH

Mike Crowe (2):
      kernel-fitimage: Cope with non-standard kernel deploy subdirectory
      kernel-devicetree: Cope with non-standard kernel deploy subdirectory

Mikko Rapeli (1):
      systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}

Nicola Lunghi (1):
      ofono: tidy up the recipe

Ola x Nilsson (10):
      oeqa/selftest/recipetool: Use with to control file handle lifetime
      oe.types.path: Use with to control file handle lifetime
      lib/oe/packagedata: Use with to control file handle lifetime
      lib/oe/package_manager: Use with to control file handle lifetime
      report-error.bbclass: Use with to control file handle lifetime
      package.bbclass: Use with to manage file handle lifetimes
      devtool-source.bbclass: Use with to manage file handle lifetime
      libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
      bitbake: bitbake: prserv/serv: Use with while reading pidfile
      bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime

Oleksandr Kravchuk (4):
      ell: update to 0.23
      ell: update to 0.25
      ell: update to 0.26
      ofono: update to 1.31

Ricardo Ribalda Delgado (1):
      i2c-tools: Add missing RDEPEND

Richard Leitner (1):
      kernel-fitimage: introduce FIT_SIGN_ALG

Richard Purdie (4):
      tinderclient: Drop obsolete class
      meson: Backport fix to assist meta-oe breakage
      nfs-utils: Improve handling when no exported fileysystems
      qemu: Avoid potential build configuration contamination

Robert Yang (1):
      bluez5: Fix for --enable-btpclient

Ross Burton (29):
      sanity: check the format of SDK_VENDOR
      file: explicitly disable seccomp
      python3: -dev should depend on distutils
      gawk: add PACKAGECONFIG for readline
      python3: alternative name is python3-config not python-config
      python3: ensure that all forms of python3-config are in python3-dev
      oeqa/selftest: use specialist assert* methods
      bluez5: refresh upstreamed patches
      xorgproto: fix summary
      libx11: upgrade to 1.6.9
      xorgproto: upgrade to 2019.2
      llvm: add missing Upstream-Status tags
      buildhistory-analysis: filter out -src changes by default
      squashfs-tools: remove redundant source checksums
      squashfs-tools: clean up compile/install tasks
      wpa-supplicant: fix CVE-2019-16275
      gcr: remove intltool-native
      elfutils: disable bzip
      cve-check: ensure all known CVEs are in the report
      git: some tools are no longer perl, so move to main recipe
      git: cleanup man install
      qemu-helper-native: add missing option to getopt() call
      qemu-helper-native: showing help shouldn't be an error
      qemu-helper-native: pass compiler flags
      oeqa/selftest: add test for oe-run-native
      cve-check: failure to parse versions should be more visible
      gst-examples: rename so PV is in filename
      sanity: check for more bits of Python
      recipeutils-test: use a small dependency in the dummy recipe

Sai Hari Chandana Kalluri (1):
      devtool: Add --remove-work option for devtool reset command

Scott Rifenbark (9):
      ref-manual: First pass of 2.8 migration changes (WIP)
      poky.ent: Updated the release date to October 2019
      dev-manual: Added info to "Selecting an Initialization Manager"
      ref-manual: 2nd pass 3.0 migration
      documenation: Changed "2.8" to "3.0".
      ref-manual: Removed deprecated link to ref-classes-bluetooth
      ref-manual, dev-manual: Clean up of a commit
      ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
      ref-manual, dev-manual: Added CMake toolchain files.

Stefan Agner (1):
      uninative: check .done file instead of tarball

Tom Benn (1):
      dbus: update dbus-1.init to reflect new PID file

Trevor Gamblin (5):
      aspell: upgrade from 0.60.7 to 0.60.8
      binutils: fix CVE-2019-17450
      binutils: fix CVE-2019-17451
      ncurses: fix CVE-2019-17594, CVE-2019-17595
      libgcrypt: upgrade 1.8.4 -> 1.8.5

Trevor Woerner (1):
      libcap-ng: undefined reference to `pthread_atfork'

Wenlin Kang (1):
      sysstat: fix CVE-2019-16167

Yann Dirson (1):
      mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG

Yeoh Ee Peng (1):
      scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages

Yi Zhao (2):
      libsdl2: fix CVE-2019-13616
      libgcrypt: fix CVE-2019-12904

Zang Ruochen (6):
      bison:upgrade 3.4.1 -> 3.4.2
      e2fsprogs:upgrade 1.45.3 -> 1.45.4
      libxvmc:upgrade 1.0.11 -> 1.0.12
      python3-pip:upgrade 19.2.3 -> 19.3.1
      python-setuptools:upgrade 41.2.0 -> 41.4.0
      libcap-ng:upgrade 0.7.9 -> 0.7.10

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b

3 files changed, 293 insertions, 1 deletions

diff --git a/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
new file mode 100644
index 0000000000..2a11e3f7ec
--- /dev/null
+++ b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
@@ -0,0 +1,178 @@
+From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
+ Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ lib/util/strtoid.c | 100 ++++++++++++++++++++++++++++-------------------------
+ 1 files changed, 53 insertions(+), 46 deletions(-)
+
+diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
+index 2dfce75..6b3916b 100644
+--- a/lib/util/strtoid.c
++++ b/lib/util/strtoid.c
+@@ -49,6 +49,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++    bool valid = false;
++    debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++    if (ep != p) {
++	/* check for valid separator (including '\0') */
++	if (sep == NULL)
++	    sep = "";
++	do {
++	    if (*ep == *sep)
++		valid = true;
++	} while (*sep++ != '\0');
++    }
++    debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+     char *ep;
+     id_t ret = 0;
+     long long llval;
+-    bool valid = false;
+     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+     /* skip leading space so we can pick up the sign, if any */
+     while (isspace((unsigned char)*p))
+ 	p++;
+-    if (sep == NULL)
+-	sep = "";
++
++    /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
+     errno = 0;
+     llval = strtoll(p, &ep, 10);
+-    if (ep != p) {
+-	/* check for valid separator (including '\0') */
+-	do {
+-	    if (*ep == *sep)
+-		valid = true;
+-	} while (*sep++ != '\0');
++    if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++	errno = ERANGE;
++	if (errstr != NULL)
++	    *errstr = N_("value too large");
++	goto done;
+     }
+-    if (!valid) {
++    if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++	errno = ERANGE;
+ 	if (errstr != NULL)
+-	    *errstr = N_("invalid value");
+-	errno = EINVAL;
++	    *errstr = N_("value too small");
+ 	goto done;
+     }
+-    if (errno == ERANGE) {
+-	if (errstr != NULL) {
+-	    if (llval == LLONG_MAX)
+-		*errstr = N_("value too large");
+-	    else
+-		*errstr = N_("value too small");
+-	}
++
++    /* Disallow id -1, which means "no change". */
++    if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
++	if (errstr != NULL)
++	    *errstr = N_("invalid value");
++	errno = EINVAL;
+ 	goto done;
+     }
+     ret = (id_t)llval;
+@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+ {
+     char *ep;
+     id_t ret = 0;
+-    bool valid = false;
+     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+     /* skip leading space so we can pick up the sign, if any */
+     while (isspace((unsigned char)*p))
+ 	p++;
+-    if (sep == NULL)
+-	sep = "";
++
+     errno = 0;
+     if (*p == '-') {
+ 	long lval = strtol(p, &ep, 10);
+-	if (ep != p) {
+-	    /* check for valid separator (including '\0') */
+-	    do {
+-		if (*ep == *sep)
+-		    valid = true;
+-	    } while (*sep++ != '\0');
+-	}
+-	if (!valid) {
+-	    if (errstr != NULL)
+-		*errstr = N_("invalid value");
+-	    errno = EINVAL;
+-	    goto done;
+-	}
+ 	if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+ 	    errno = ERANGE;
+ 	    if (errstr != NULL)
+@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+ 		*errstr = N_("value too small");
+ 	    goto done;
+ 	}
+-	ret = (id_t)lval;
+-    } else {
+-	unsigned long ulval = strtoul(p, &ep, 10);
+-	if (ep != p) {
+-	    /* check for valid separator (including '\0') */
+-	    do {
+-		if (*ep == *sep)
+-		    valid = true;
+-	    } while (*sep++ != '\0');
+-	}
+-	if (!valid) {
++
++	/* Disallow id -1, which means "no change". */
++	if (!valid_separator(p, ep, sep) || lval == -1) {
+ 	    if (errstr != NULL)
+ 		*errstr = N_("invalid value");
+ 	    errno = EINVAL;
+ 	    goto done;
+ 	}
++	ret = (id_t)lval;
++    } else {
++	unsigned long ulval = strtoul(p, &ep, 10);
+ 	if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
+ 	    errno = ERANGE;
+ 	    if (errstr != NULL)
+ 		*errstr = N_("value too large");
+ 	    goto done;
+ 	}
++
++	/* Disallow id -1, which means "no change". */
++	if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
++	    if (errstr != NULL)
++		*errstr = N_("invalid value");
++	    errno = EINVAL;
++	    goto done;
++	}
+ 	ret = (id_t)ulval;
+     }
+     if (errstr != NULL)
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
new file mode 100644
index 0000000000..453a8b09a4
--- /dev/null
+++ b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
@@ -0,0 +1,112 @@
+From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust
+ testsudoers/test5 which relied upon gid -1 parsing.
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ lib/util/regress/atofoo/atofoo_test.c            | 36 ++++++++++++++++------
+ plugins/sudoers/regress/testsudoers/test5.out.ok |  2 +-
+ plugins/sudoers/regress/testsudoers/test5.sh     |  2 +-
+ 3 files changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c
+index 031a7ed..fb41c1a 100644
+--- a/lib/util/regress/atofoo/atofoo_test.c
++++ b/lib/util/regress/atofoo/atofoo_test.c
+@@ -26,6 +26,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <errno.h>
+ 
+ #include "sudo_compat.h"
+ #include "sudo_util.h"
+@@ -80,15 +81,20 @@ static struct strtoid_data {
+     id_t id;
+     const char *sep;
+     const char *ep;
++    int errnum;
+ } strtoid_data[] = {
+-    { "0,1", 0, ",", "," },
+-    { "10", 10, NULL, NULL },
+-    { "-2", -2, NULL, NULL },
++    { "0,1", 0, ",", ",", 0 },
++    { "10", 10, NULL, NULL, 0 },
++    { "-1", 0, NULL, NULL, EINVAL },
++    { "4294967295", 0, NULL, NULL, EINVAL },
++    { "4294967296", 0, NULL, NULL, ERANGE },
++    { "-2147483649", 0, NULL, NULL, ERANGE },
++    { "-2", -2, NULL, NULL, 0 },
+ #if SIZEOF_ID_T != SIZEOF_LONG_LONG
+-    { "-2", (id_t)4294967294U, NULL, NULL },
++    { "-2", (id_t)4294967294U, NULL, NULL, 0 },
+ #endif
+-    { "4294967294", (id_t)4294967294U, NULL, NULL },
+-    { NULL, 0, NULL, NULL }
++    { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
++    { NULL, 0, NULL, NULL, 0 }
+ };
+ 
+ static int
+@@ -104,11 +110,23 @@ test_strtoid(int *ntests)
+ 	(*ntests)++;
+ 	errstr = "some error";
+ 	value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
+-	if (errstr != NULL) {
+-	    if (d->id != (id_t)-1) {
+-		sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++	if (d->errnum != 0) {
++	    if (errstr == NULL) {
++		sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
++		    d->idstr, d->errnum);
++		errors++;
++	    } else if (value != 0) {
++		sudo_warnx_nodebug("FAIL: %s should return 0 on error",
++		    d->idstr);
++		errors++;
++	    } else if (errno != d->errnum) {
++		sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
++		    d->idstr, errno, d->errnum);
+ 		errors++;
+ 	    }
++	} else if (errstr != NULL) {
++	    sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++	    errors++;
+ 	} else if (value != d->id) {
+ 	    sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
+ 	    errors++;
+diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok
+index 5e319c9..cecf700 100644
+--- a/plugins/sudoers/regress/testsudoers/test5.out.ok
++++ b/plugins/sudoers/regress/testsudoers/test5.out.ok
+@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
+ Entries for user root:
+ 
+ Command unmatched
+-testsudoers: test5.inc should be owned by gid 4294967295
++testsudoers: test5.inc should be owned by gid 4294967294
+ Parse error in sudoers near line 1.
+ 
+ Entries for user root:
+diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh
+index 9e690a6..94d585c 100755
+--- a/plugins/sudoers/regress/testsudoers/test5.sh
++++ b/plugins/sudoers/regress/testsudoers/test5.sh
+@@ -24,7 +24,7 @@ EOF
+ 
+ # Test group writable
+ chmod 664 $TESTFILE
+-./testsudoers -U $MYUID -G -1 root id <<EOF
++./testsudoers -U $MYUID -G -2 root id <<EOF
+ #include $TESTFILE
+ EOF
+ 
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb b/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb
index 9d2d6bd429..0a11a1b28f 100644
--- a/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb
+++ b/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb
@@ -1,8 +1,10 @@
 require sudo.inc
 
-SRC_URI = "http://www.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
+SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://0001-Include-sys-types.h-for-id_t-definition.patch \
+           file://CVE-2019-14287-1.patch \
+           file://CVE-2019-14287-2.patch \
            "
 
 PAM_SRC_URI = "file://sudo.pam"