build-appliance-image: Update to warrior head revision

(From OE-Core rev: ca019eec1304ca2a400ea744c0eaafe0a766d5d1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/bin/bitbake-worker

@@ -195,9 +195,6 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha
             global worker_pipe_lock
             pipein.close()
 
-            signal.signal(signal.SIGTERM, sigterm_handler)
-            # Let SIGHUP exit as SIGTERM
-            signal.signal(signal.SIGHUP, sigterm_handler)
             bb.utils.signal_on_parent_exit("SIGTERM")
 
             # Save out the PID so that the event can include it the
@@ -212,6 +209,11 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha
             # This ensures signals sent to the controlling terminal like Ctrl+C
             # don't stop the child processes.
             os.setsid()
+
+            signal.signal(signal.SIGTERM, sigterm_handler)
+            # Let SIGHUP exit as SIGTERM
+            signal.signal(signal.SIGHUP, sigterm_handler)
+
             # No stdin
             newsi = os.open(os.devnull, os.O_RDWR)
             os.dup2(newsi, sys.stdin.fileno())

bitbake/lib/bb/cooker.py

@@ -171,8 +171,8 @@ class BBCooker:
         bb.debug(1, "BBCooker pyinotify1 %s" % time.time())
         sys.stdout.flush()
 
-        self.configwatcher.bbseen = []
-        self.configwatcher.bbwatchedfiles = []
+        self.configwatcher.bbseen = set()
+        self.configwatcher.bbwatchedfiles = set()
         self.confignotifier = pyinotify.Notifier(self.configwatcher, self.config_notifications)
         bb.debug(1, "BBCooker pyinotify2 %s" % time.time())
         sys.stdout.flush()
@@ -182,8 +182,8 @@ class BBCooker:
         self.watcher = pyinotify.WatchManager()
         bb.debug(1, "BBCooker pyinotify3 %s" % time.time())
         sys.stdout.flush()
-        self.watcher.bbseen = []
-        self.watcher.bbwatchedfiles = []
+        self.watcher.bbseen = set()
+        self.watcher.bbwatchedfiles = set()
         self.notifier = pyinotify.Notifier(self.watcher, self.notifications)
 
         bb.debug(1, "BBCooker pyinotify complete %s" % time.time())
@@ -278,14 +278,14 @@ class BBCooker:
         if not watcher:
             watcher = self.watcher
         for i in deps:
-            watcher.bbwatchedfiles.append(i[0])
+            watcher.bbwatchedfiles.add(i[0])
             if dirs:
                 f = i[0]
             else:
                 f = os.path.dirname(i[0])
             if f in watcher.bbseen:
                 continue
-            watcher.bbseen.append(f)
+            watcher.bbseen.add(f)
             watchtarget = None
             while True:
                 # We try and add watches for files that don't exist but if they did, would influence
@@ -294,7 +294,7 @@ class BBCooker:
                 try:
                     watcher.add_watch(f, self.watchmask, quiet=False)
                     if watchtarget:
-                        watcher.bbwatchedfiles.append(watchtarget)
+                        watcher.bbwatchedfiles.add(watchtarget)
                     break
                 except pyinotify.WatchManagerError as e:
                     if 'ENOENT' in str(e):
@@ -302,7 +302,7 @@ class BBCooker:
                         f = os.path.dirname(f)
                         if f in watcher.bbseen:
                             break
-                        watcher.bbseen.append(f)
+                        watcher.bbseen.add(f)
                         continue
                     if 'ENOSPC' in str(e):
                         providerlog.error("No space left on device or exceeds fs.inotify.max_user_watches?")
@@ -1934,7 +1934,8 @@ class Parser(multiprocessing.Process):
                 except IndexError:
                     break
                 result = self.parse(*job)
-
+                # Clear the siggen cache after parsing to control memory usage, its huge
+                bb.parse.siggen.postparsing_clean_cache()
             try:
                 self.results.put(result, timeout=0.25)
             except queue.Full:

bitbake/lib/bb/fetch2/__init__.py

@@ -1595,7 +1595,7 @@ class Fetch(object):
         fn = d.getVar('FILE')
         mc = d.getVar('__BBMULTICONFIG') or ""
         if cache and fn and mc + fn in urldata_cache:
-            self.ud = urldata_cache[mc + fn]
+            self.ud = urldata_cache[mc + fn + str(id(d))]
 
         for url in urls:
             if url not in self.ud:
@@ -1607,7 +1607,7 @@ class Fetch(object):
                         pass
 
         if fn and cache:
-            urldata_cache[mc + fn] = self.ud
+            urldata_cache[mc + fn + str(id(d))] = self.ud
 
     def localpath(self, url):
         if url not in self.urls:

bitbake/lib/bb/siggen.py

@@ -48,6 +48,9 @@ class SignatureGenerator(object):
     def get_unihash(self, task):
         return self.taskhash[task]
 
+    def postparsing_clean_cache(self):
+        return
+
     def get_taskhash(self, fn, task, deps, dataCache):
         return "0"
 
@@ -152,6 +155,14 @@ class SignatureGeneratorBasic(SignatureGenerator):
         for task in taskdeps:
             d.setVar("BB_BASEHASH_task-%s" % task, self.basehash[fn + "." + task])
 
+    def postparsing_clean_cache(self):
+        #
+        # After parsing we can remove some things from memory to reduce our memory footprint
+        #
+        self.gendeps = {}
+        self.lookupcache = {}
+        self.taskdeps = {}
+
     def rundep_check(self, fn, recipename, task, dep, depname, dataCache):
         # Return True if we should keep the dependency, False to drop it
         # We only manipulate the dependencies for packages not in the whitelist

documentation/Makefile

@@ -76,6 +76,11 @@
 # example publishes the 1.2 version of the PDF and HTML YP Development Tasks Manual
 # for the 'denzil' branch.
 #
+# IN MEMORIAM: This comment is to remember Scott Rifenbark (scottrif), whom we lost
+# in January, 2020. Scott was the primary technical writer for the Yocto Project for
+# over 9 years. In that time, he contributed many thousands of patches, built this
+# documentation tree, and enabled tens of thousands of developers to succeed with
+# embedded Linux. He ran this Makefile many thousands of times. Godspeed, Dude.
 
 ifeq ($(DOC),brief-yoctoprojectqs)
 XSLTOPTS = --stringparam html.stylesheet brief-yoctoprojectqs-style.css \

documentation/bsp-guide/bsp-guide.xml

@@ -138,11 +138,15 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
         </revhistory>
-
     <copyright>
       <year>&COPYRIGHT_YEAR;</year>
       <holder>Linux Foundation</holder>

documentation/dev-manual/dev-manual-common-tasks.xml

@@ -10829,15 +10829,6 @@
             features that are used by many distributions.
         </para>
 
-        <para>
-            By default, the Yocto Project uses SysVinit as the initialization
-            manager.
-            However, support also exists for systemd,
-            which is a full replacement for init with
-            parallel starting of services, reduced shell overhead and other
-            features that are used by many distributions.
-        </para>
-
         <para>
             Within the system, SysVinit treats system components as services.
             These services are maintained as shell scripts stored in the

documentation/dev-manual/dev-manual.xml

@@ -123,9 +123,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -108,9 +108,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual.xml

@@ -94,9 +94,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>
@@ -337,22 +342,22 @@
     </para>
 
     <xi:include
-        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-intro.xml"/>
+        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-intro.xml"/>
 
     <xi:include
-        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-execution.xml"/>
+        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-execution.xml"/>
 
     <xi:include
-        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.xml"/>
+        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.xml"/>
 
     <xi:include
-        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.xml"/>
+        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.xml"/>
 
     <xi:include
-        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.xml"/>
+        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.xml"/>
 
     <xi:include
-        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-hello.xml"/>
+        xmlns:xi="http://www.w3.org/2003/XInclude" href="../../bitbake/doc/bitbake-user-manual/bitbake-user-manual-hello.xml"/>
 
 </book>
 

documentation/poky.ent

@@ -1,19 +1,19 @@
-<!ENTITY DISTRO "2.7.2">
-<!ENTITY DISTRO_COMPRESSED "272">
+<!ENTITY DISTRO "2.7.3">
+<!ENTITY DISTRO_COMPRESSED "273">
 <!ENTITY DISTRO_NAME_NO_CAP "warrior">
 <!ENTITY DISTRO_NAME "Warrior">
 <!ENTITY DISTRO_NAME_NO_CAP_MINUS_ONE "thud">
 <!ENTITY DISTRO_NAME_MINUS_ONE "Thud">
-<!ENTITY YOCTO_DOC_VERSION "2.7.2">
-<!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.6">
-<!ENTITY DISTRO_REL_TAG "yocto-2.7.2">
+<!ENTITY YOCTO_DOC_VERSION "2.7.3">
+<!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.6.4">
+<!ENTITY DISTRO_REL_TAG "yocto-2.7.3">
 <!ENTITY METAINTELVERSION "11.0">
-<!ENTITY REL_MONTH_YEAR "November 2019">
+<!ENTITY REL_MONTH_YEAR "February 2020">
 <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
-<!ENTITY POKYVERSION "21.0.0">
-<!ENTITY POKYVERSION_COMPRESSED "2100">
+<!ENTITY POKYVERSION "21.0.3">
+<!ENTITY POKYVERSION_COMPRESSED "2103">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
-<!ENTITY COPYRIGHT_YEAR "2010-2019">
+<!ENTITY COPYRIGHT_YEAR "2010-2020">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
 <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
 <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">

documentation/profile-manual/profile-manual.xml

@@ -108,9 +108,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/sdk-manual/sdk-manual.xml

@@ -73,9 +73,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/toaster-manual/toaster-manual.xml

@@ -83,9 +83,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>November 2019</date>
                 <revremark>Released with the Yocto Project 2.7.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -1,36 +1,36 @@
 # Processes bitbake-user-manual (<word>-<word>-<word> style).
 # This style is for manual three-word folders, which currently is only the BitBake User Manual.
 # We used to have the "yocto-project-qs" and "poky-ref-manual" folders but no longer do.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
 
 # Processes all other manuals (<word>-<word> style).
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # Here is the one-liner:
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
 
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/sdk-manual/sdk-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/bsp-guide/bsp-guide.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/dev-manual/dev-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/overview-manual/overview-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/kernel-dev/kernel-dev.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/profile-manual/profile-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/ref-manual/ref-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.2/toaster-manual/toaster-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/sdk-manual/sdk-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/bsp-guide/bsp-guide.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/dev-manual/dev-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/overview-manual/overview-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/kernel-dev/kernel-dev.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/profile-manual/profile-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/ref-manual/ref-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/toaster-manual/toaster-manual.html#@"link" href="#@g
 
 # Process cases where just an external manual is referenced without an id anchor
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
 
 # Process a single, rouge occurrence of a linked reference to the Mega-Manual.
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.2/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
 

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.7.2"
+DISTRO_VERSION = "2.7.3"
 DISTRO_CODENAME = "warrior"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"

meta/classes/base.bbclass

@@ -476,6 +476,7 @@ python () {
     # If we're building a target package we need to use fakeroot (pseudo)
     # in order to capture permissions, owners, groups and special files
     if not bb.data.inherits_class('native', d) and not bb.data.inherits_class('cross', d):
+        d.appendVarFlag('do_prepare_recipe_sysroot', 'depends', ' virtual/fakeroot-native:do_populate_sysroot')
         d.setVarFlag('do_unpack', 'umask', '022')
         d.setVarFlag('do_configure', 'umask', '022')
         d.setVarFlag('do_compile', 'umask', '022')

meta/classes/cve-check.bbclass

@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -62,7 +62,7 @@ python do_cve_check () {
 
 }
 
-addtask cve_check after do_unpack before do_build
+addtask cve_check before do_build
 do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db"
 do_cve_check[nostamp] = "1"
 
@@ -70,7 +70,6 @@ python cve_check_cleanup () {
     """
     Delete the file used to gather all the CVE information.
     """
-
     bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE"))
 }
 
@@ -166,7 +165,6 @@ def check_cves(d, patched_cves):
     """
     Connect to the NVD database and find unpatched cves.
     """
-    import ast, csv, tempfile, subprocess, io
     from distutils.version import LooseVersion
 
     cves_unpatched = []
@@ -188,63 +186,74 @@ def check_cves(d, patched_cves):
     cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
 
     import sqlite3
-    db_file = d.getVar("CVE_CHECK_DB_FILE")
-    conn = sqlite3.connect(db_file)
+    db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
+    conn = sqlite3.connect(db_file, uri=True)
 
+    # For each of the known product names (e.g. curl has CPEs using curl and libcurl)...
     for product in products:
-        c = conn.cursor()
         if ":" in product:
             vendor, product = product.split(":", 1)
-            c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR IS ?", (product, vendor))
         else:
-            c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
+            vendor = "%"
 
-        for row in c:
-            cve = row[0]
-            version_start = row[3]
-            operator_start = row[4]
-            version_end = row[5]
-            operator_end = row[6]
+        # Find all relevant CVE IDs.
+        for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+            cve = cverow[0]
 
             if cve in cve_whitelist:
                 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
+                # TODO: this should be in the report as 'whitelisted'
+                patched_cves.add(cve)
+                continue
             elif cve in patched_cves:
                 bb.note("%s has been patched" % (cve))
-            else:
-                to_append = False
+                continue
+
+            vulnerable = False
+            for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+                (_, _, _, version_start, operator_start, version_end, operator_end) = row
+                #bb.debug(2, "Evaluating row " + str(row))
+
                 if (operator_start == '=' and pv == version_start):
-                    cves_unpatched.append(cve)
+                    vulnerable = True
                 else:
                     if operator_start:
                         try:
-                            to_append_start =  (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start))
-                            to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start))
+                            vulnerable_start =  (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start))
+                            vulnerable_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start))
                         except:
-                            bb.note("%s: Failed to compare %s %s %s for %s" %
+                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_start, version_start, cve))
-                            to_append_start = False
+                            vulnerable_start = False
                     else:
-                        to_append_start = False
+                        vulnerable_start = False
 
                     if operator_end:
                         try:
-                            to_append_end  = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end))
-                            to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end))
+                            vulnerable_end  = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end))
+                            vulnerable_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end))
                         except:
-                            bb.note("%s: Failed to compare %s %s %s for %s" %
+                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_end, version_end, cve))
-                            to_append_end = False
+                            vulnerable_end = False
                     else:
-                        to_append_end = False
+                        vulnerable_end = False
 
                     if operator_start and operator_end:
-                        to_append = to_append_start and to_append_end
+                        vulnerable = vulnerable_start and vulnerable_end
                     else:
-                        to_append = to_append_start or to_append_end
+                        vulnerable = vulnerable_start or vulnerable_end
 
-                if to_append:
+                if vulnerable:
+                    bb.note("%s-%s is vulnerable to %s" % (product, pv, cve))
                     cves_unpatched.append(cve)
-                bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve))
+                    break
+
+            if not vulnerable:
+                bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve))
+                # TODO: not patched but not vulnerable
+                patched_cves.add(cve)
+
     conn.close()
 
     return (list(patched_cves), cves_unpatched)
@@ -252,31 +261,23 @@ def check_cves(d, patched_cves):
 def get_cve_info(d, cves):
     """
     Get CVE information from the database.
-
-    Unfortunately the only way to get CVE info is set the output to
-    html (hard to parse) or query directly the database.
     """
 
-    try:
-        import sqlite3
-    except ImportError:
-        from pysqlite2 import dbapi2 as sqlite3
+    import sqlite3
 
     cve_data = {}
-    db_file = d.getVar("CVE_CHECK_DB_FILE")
-    placeholder = ",".join("?" * len(cves))
-    query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholder
-    conn = sqlite3.connect(db_file)
-    cur = conn.cursor()
-    for row in cur.execute(query, tuple(cves)):
-        cve_data[row[0]] = {}
-        cve_data[row[0]]["summary"] = row[1]
-        cve_data[row[0]]["scorev2"] = row[2]
-        cve_data[row[0]]["scorev3"] = row[3]
-        cve_data[row[0]]["modified"] = row[4]
-        cve_data[row[0]]["vector"] = row[5]
-    conn.close()
+    conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
 
+    for cve in cves:
+        for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+            cve_data[row[0]] = {}
+            cve_data[row[0]]["summary"] = row[1]
+            cve_data[row[0]]["scorev2"] = row[2]
+            cve_data[row[0]]["scorev3"] = row[3]
+            cve_data[row[0]]["modified"] = row[4]
+            cve_data[row[0]]["vector"] = row[5]
+
+    conn.close()
     return cve_data
 
 def cve_write_data(d, patched, unpatched, cve_data):

meta/classes/meson.bbclass

@@ -30,11 +30,6 @@ MESONOPTS = " --prefix ${prefix} \
               -Dcpp_args='${BUILD_CPPFLAGS} ${BUILD_CXXFLAGS}' \
               -Dcpp_link_args='${BUILD_LDFLAGS}'"
 
-MESON_TOOLCHAIN_ARGS = "${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}"
-MESON_C_ARGS = "${MESON_TOOLCHAIN_ARGS} ${CFLAGS}"
-MESON_CPP_ARGS = "${MESON_TOOLCHAIN_ARGS} ${CXXFLAGS}"
-MESON_LINK_ARGS = "${MESON_TOOLCHAIN_ARGS} ${LDFLAGS}"
-
 EXTRA_OEMESON_append = " ${PACKAGECONFIG_CONFARGS}"
 
 MESON_CROSS_FILE = ""
@@ -76,7 +71,7 @@ def meson_endian(prefix, d):
         bb.fatal("Cannot determine endianism for %s-%s" % (arch, os))
 
 addtask write_config before do_configure
-do_write_config[vardeps] += "MESON_C_ARGS MESON_CPP_ARGS MESON_LINK_ARGS CC CXX LD AR NM STRIP READELF"
+do_write_config[vardeps] += "CC CXX LD AR NM STRIP READELF CFLAGS CXXFLAGS LDFLAGS"
 do_write_config() {
     # This needs to be Py to split the args into single-element lists
     cat >${WORKDIR}/meson.cross <<EOF
@@ -93,10 +88,10 @@ llvm-config = 'llvm-config8.0.0'
 
 [properties]
 needs_exe_wrapper = true
-c_args = ${@meson_array('MESON_C_ARGS', d)}
-c_link_args = ${@meson_array('MESON_LINK_ARGS', d)}
-cpp_args = ${@meson_array('MESON_CPP_ARGS', d)}
-cpp_link_args = ${@meson_array('MESON_LINK_ARGS', d)}
+c_args = ${@meson_array('CFLAGS', d)}
+c_link_args = ${@meson_array('LDFLAGS', d)}
+cpp_args = ${@meson_array('CXXFLAGS', d)}
+cpp_link_args = ${@meson_array('LDFLAGS', d)}
 gtkdoc_exe_wrapper = '${B}/gtkdoc-qemuwrapper'
 
 [host_machine]

meta/classes/package_rpm.bbclass

@@ -409,7 +409,6 @@ python write_specfile () {
             if not file_list and localdata.getVar('ALLOW_EMPTY', False) != "1":
                 bb.note("Not creating empty RPM package for %s" % splitname)
             else:
-                bb.note("Creating RPM package for %s" % splitname)
                 spec_files_top.append('%files')
                 if extra_pkgdata:
                     package_rpm_extra_pkgdata(splitname, spec_files_top, localdata)
@@ -418,7 +417,7 @@ python write_specfile () {
                     bb.note("Creating RPM package for %s" % splitname)
                     spec_files_top.extend(file_list)
                 else:
-                    bb.note("Creating EMPTY RPM Package for %s" % splitname)
+                    bb.note("Creating empty RPM package for %s" % splitname)
                 spec_files_top.append('')
             continue
 
@@ -510,7 +509,7 @@ python write_specfile () {
                 bb.note("Creating RPM package for %s" % splitname)
                 spec_files_bottom.extend(file_list)
             else:
-                bb.note("Creating EMPTY RPM Package for %s" % splitname)
+                bb.note("Creating empty RPM package for %s" % splitname)
             spec_files_bottom.append('')
 
         del localdata

meta/classes/populate_sdk_ext.bbclass

@@ -121,7 +121,7 @@ SDK_TITLE_task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTR
 def clean_esdk_builddir(d, sdkbasepath):
     """Clean up traces of the fake build for create_filtered_tasklist()"""
     import shutil
-    cleanpaths = 'cache conf/sanity_info tmp'.split()
+    cleanpaths = ['cache', 'tmp']
     for pth in cleanpaths:
         fullpth = os.path.join(sdkbasepath, pth)
         if os.path.isdir(fullpth):

meta/classes/sanity.bbclass

@@ -919,7 +919,7 @@ def check_sanity(sanity_data):
     last_tmpdir = ""
     last_sstate_dir = ""
     last_nativelsbstr = ""
-    sanityverfile = sanity_data.expand("${TOPDIR}/conf/sanity_info")
+    sanityverfile = sanity_data.expand("${TOPDIR}/cache/sanity_info")
     if os.path.exists(sanityverfile):
         with open(sanityverfile, 'r') as f:
             for line in f:

meta/conf/distro/include/no-static-libs.inc

@@ -15,10 +15,6 @@ DISABLE_STATIC_pn-nativesdk-libcap = ""
 DISABLE_STATIC_pn-libpcap = ""
 # needed by gdb
 DISABLE_STATIC_pn-readline = ""
-# needed by pseudo
-DISABLE_STATIC_pn-sqlite3 = ""
-DISABLE_STATIC_pn-sqlite3-native = ""
-DISABLE_STATIC_pn-nativesdk-sqlite3 = ""
 # openjade/sgml-common have build issues without static libs
 DISABLE_STATIC_pn-sgml-common-native = ""
 DISABLE_STATIC_pn-openjade-native = ""

meta/lib/oe/lsb.py

@@ -110,12 +110,12 @@ def distro_identifier(adjust_hook=None):
     if adjust_hook:
         distro_id, release = adjust_hook(distro_id, release)
     if not distro_id:
-        return "Unknown"
-    # Filter out any non-alphanumerics
-    distro_id = re.sub(r'\W', '', distro_id)
+        return "unknown"
+    # Filter out any non-alphanumerics and convert to lowercase
+    distro_id = re.sub(r'\W', '', distro_id).lower()
 
     if release:
-        id_str = '{0}-{1}'.format(distro_id.lower(), release)
+        id_str = '{0}-{1}'.format(distro_id, release)
     else:
         id_str = distro_id
     return id_str.replace(' ','-').replace('/','-')

meta/lib/oe/sdk.py

@@ -88,10 +88,6 @@ class Sdk(object, metaclass=ABCMeta):
             bb.warn("cannot remove SDK dir: %s" % path)
 
     def install_locales(self, pm):
-        # This is only relevant for glibc
-        if self.d.getVar("TCLIBC") != "glibc":
-            return
-
         linguas = self.d.getVar("SDKIMAGE_LINGUAS")
         if linguas:
             import fnmatch

meta/lib/oeqa/buildperf/base.py

@@ -462,7 +462,7 @@ class BuildPerfTestCase(unittest.TestCase):
     def rm_tmp(self):
         """Cleanup temporary/intermediate files and directories"""
         log.debug("Removing temporary and cache files")
-        for name in ['bitbake.lock', 'conf/sanity_info',
+        for name in ['bitbake.lock', 'cache/sanity_info',
                      self.bb_vars['TMPDIR']]:
             oe.path.remove(name, recurse=True)
 

meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch

@@ -0,0 +1,64 @@
+Backport patch to fix CVE-2019-6471.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2019-6471
+
+CVE: CVE-2019-6471
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 19 Mar 2019 14:14:21 +1100
+Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext()
+
+(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712)
+---
+ lib/dns/dispatch.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
+index 408beda367..3278db4a07 100644
+--- a/lib/dns/dispatch.c
++++ b/lib/dns/dispatch.c
+@@ -134,7 +134,7 @@ struct dns_dispentry {
+ 	isc_task_t		       *task;
+ 	isc_taskaction_t		action;
+ 	void			       *arg;
+-	bool			item_out;
++	bool				item_out;
+ 	dispsocket_t			*dispsocket;
+ 	ISC_LIST(dns_dispatchevent_t)	items;
+ 	ISC_LINK(dns_dispentry_t)	link;
+@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) {
+ 	disp = resp->disp;
+ 	REQUIRE(VALID_DISPATCH(disp));
+ 
+-	REQUIRE(resp->item_out == true);
+-	resp->item_out = false;
+-
+ 	ev = *sockevent;
+ 	*sockevent = NULL;
+ 
+ 	LOCK(&disp->lock);
++
++	REQUIRE(resp->item_out == true);
++	resp->item_out = false;
++
+ 	if (ev->buffer.base != NULL)
+ 		free_buffer(disp, ev->buffer.base, ev->buffer.length);
+ 	free_devent(disp, ev);
+@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
+ 		isc_task_send(disp->task[0], &disp->ctlevent);
+ }
+ 
++/*
++ * disp must be locked.
++ */
+ static void
+ do_cancel(dns_dispatch_t *disp) {
+ 	dns_dispatchevent_t *ev;
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch

@@ -0,0 +1,60 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
+Date: Thu, 3 Jan 2019 14:17:43 +0100
+Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1)
+
+tcp-clients settings could be exceeded in some cases by
+creating more and more active TCP clients that are over
+the set quota limit, which in the end could lead to a
+DoS attack by e.g. exhaustion of file descriptors.
+
+If TCP client we're closing went over the quota (so it's
+not attached to a quota) mark it as mortal - so that it
+will be destroyed and not set up to listen for new
+connections - unless it's the last client for a specific
+interface.
+
+(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115)
+(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776)
+---
+ bin/named/client.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index d482da7121..0739dd48af 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
+ 			isc_socket_detach(&client->tcpsocket);
+ 		}
+ 
+-		if (client->tcpquota != NULL)
++		if (client->tcpquota != NULL) {
+ 			isc_quota_detach(&client->tcpquota);
++		} else {
++			/*
++			 * We went over quota with this client, we don't
++			 * want to restart listening unless this is the
++			 * last client on this interface, which is
++			 * checked later.
++			 */
++			if (TCP_CLIENT(client)) {
++				client->mortal = true;
++			}
++		}
+ 
+ 		if (client->timerset) {
+ 			(void)isc_timer_reset(client->timer,
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch

@@ -0,0 +1,670 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/719f604]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 719f604e3fad5b7479bd14e2fa0ef4413f0a8fdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
+Date: Fri, 4 Jan 2019 12:50:51 +0100
+Subject: [PATCH 2/6] tcp-clients could still be exceeded (v2)
+
+the TCP client quota could still be ineffective under some
+circumstances.  this change:
+
+- improves quota accounting to ensure that TCP clients are
+  properly limited, while still guaranteeing that at least one client
+  is always available to serve TCP connections on each interface.
+- uses more descriptive names and removes one (ntcptarget) that
+  was no longer needed
+- adds comments
+
+(cherry picked from commit 924651f1d5e605cd186d03f4f7340bcc54d77cc2)
+(cherry picked from commit 55a7a458e30e47874d34bdf1079eb863a0512396)
+---
+ bin/named/client.c                     | 311 ++++++++++++++++++++-----
+ bin/named/include/named/client.h       |  14 +-
+ bin/named/include/named/interfacemgr.h |  11 +-
+ bin/named/interfacemgr.c               |   8 +-
+ 4 files changed, 267 insertions(+), 77 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 0739dd48af..a7b49a0f71 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -246,10 +246,11 @@ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+ static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 			       dns_dispatch_t *disp, bool tcp);
+ static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-			       isc_socket_t *sock);
++			       isc_socket_t *sock, ns_client_t *oldclient);
+ static inline bool
+-allowed(isc_netaddr_t *addr, dns_name_t *signer, isc_netaddr_t *ecs_addr,
+-	uint8_t ecs_addrlen, uint8_t *ecs_scope, dns_acl_t *acl);
++allowed(isc_netaddr_t *addr, dns_name_t *signer,
++	isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen,
++	uint8_t *ecs_scope, dns_acl_t *acl)
+ static void compute_cookie(ns_client_t *client, uint32_t when,
+ 			   uint32_t nonce, const unsigned char *secret,
+ 			   isc_buffer_t *buf);
+@@ -405,8 +406,11 @@ exit_check(ns_client_t *client) {
+ 		 */
+ 		INSIST(client->recursionquota == NULL);
+ 		INSIST(client->newstate <= NS_CLIENTSTATE_READY);
+-		if (client->nreads > 0)
++
++		if (client->nreads > 0) {
+ 			dns_tcpmsg_cancelread(&client->tcpmsg);
++		}
++
+ 		if (client->nreads != 0) {
+ 			/* Still waiting for read cancel completion. */
+ 			return (true);
+@@ -416,25 +420,58 @@ exit_check(ns_client_t *client) {
+ 			dns_tcpmsg_invalidate(&client->tcpmsg);
+ 			client->tcpmsg_valid = false;
+ 		}
++
+ 		if (client->tcpsocket != NULL) {
+ 			CTRACE("closetcp");
+ 			isc_socket_detach(&client->tcpsocket);
++
++			if (client->tcpactive) {
++				LOCK(&client->interface->lock);
++				INSIST(client->interface->ntcpactive > 0);
++				client->interface->ntcpactive--;
++				UNLOCK(&client->interface->lock);
++				client->tcpactive = false;
++			}
+ 		}
+ 
+ 		if (client->tcpquota != NULL) {
+-			isc_quota_detach(&client->tcpquota);
+-		} else {
+ 			/*
+-			 * We went over quota with this client, we don't
+-			 * want to restart listening unless this is the
+-			 * last client on this interface, which is
+-			 * checked later.
++			 * If we are not in a pipeline group, or
++			 * we are the last client in the group, detach from
++			 * tcpquota; otherwise, transfer the quota to
++			 * another client in the same group.
+ 			 */
+-			if (TCP_CLIENT(client)) {
+-				client->mortal = true;
++			if (!ISC_LINK_LINKED(client, glink) ||
++			    (client->glink.next == NULL &&
++			     client->glink.prev == NULL))
++			{
++				isc_quota_detach(&client->tcpquota);
++			} else if (client->glink.next != NULL) {
++				INSIST(client->glink.next->tcpquota == NULL);
++				client->glink.next->tcpquota = client->tcpquota;
++				client->tcpquota = NULL;
++			} else {
++				INSIST(client->glink.prev->tcpquota == NULL);
++				client->glink.prev->tcpquota = client->tcpquota;
++				client->tcpquota = NULL;
+ 			}
+ 		}
+ 
++		/*
++		 * Unlink from pipeline group.
++		 */
++		if (ISC_LINK_LINKED(client, glink)) {
++			if (client->glink.next != NULL) {
++				client->glink.next->glink.prev =
++					client->glink.prev;
++			}
++			if (client->glink.prev != NULL) {
++				client->glink.prev->glink.next =
++					client->glink.next;
++			}
++			ISC_LINK_INIT(client, glink);
++		}
++
+ 		if (client->timerset) {
+ 			(void)isc_timer_reset(client->timer,
+ 					      isc_timertype_inactive,
+@@ -455,15 +492,16 @@ exit_check(ns_client_t *client) {
+ 		 * that already.  Check whether this client needs to remain
+ 		 * active and force it to go inactive if not.
+ 		 *
+-		 * UDP clients go inactive at this point, but TCP clients
+-		 * may remain active if we have fewer active TCP client
+-		 * objects than desired due to an earlier quota exhaustion.
++		 * UDP clients go inactive at this point, but a TCP client
++		 * will needs to remain active if no other clients are
++		 * listening for TCP requests on this interface, to
++		 * prevent this interface from going nonresponsive.
+ 		 */
+ 		if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
+ 			LOCK(&client->interface->lock);
+-			if (client->interface->ntcpcurrent <
+-				    client->interface->ntcptarget)
++			if (client->interface->ntcpaccepting == 0) {
+ 				client->mortal = false;
++			}
+ 			UNLOCK(&client->interface->lock);
+ 		}
+ 
+@@ -472,15 +510,17 @@ exit_check(ns_client_t *client) {
+ 		 * queue for recycling.
+ 		 */
+ 		if (client->mortal) {
+-			if (client->newstate > NS_CLIENTSTATE_INACTIVE)
++			if (client->newstate > NS_CLIENTSTATE_INACTIVE) {
+ 				client->newstate = NS_CLIENTSTATE_INACTIVE;
++			}
+ 		}
+ 
+ 		if (NS_CLIENTSTATE_READY == client->newstate) {
+ 			if (TCP_CLIENT(client)) {
+ 				client_accept(client);
+-			} else
++			} else {
+ 				client_udprecv(client);
++			}
+ 			client->newstate = NS_CLIENTSTATE_MAX;
+ 			return (true);
+ 		}
+@@ -492,41 +532,57 @@ exit_check(ns_client_t *client) {
+ 		/*
+ 		 * We are trying to enter the inactive state.
+ 		 */
+-		if (client->naccepts > 0)
++		if (client->naccepts > 0) {
+ 			isc_socket_cancel(client->tcplistener, client->task,
+ 					  ISC_SOCKCANCEL_ACCEPT);
++		}
+ 
+ 		/* Still waiting for accept cancel completion. */
+-		if (! (client->naccepts == 0))
++		if (! (client->naccepts == 0)) {
+ 			return (true);
++		}
+ 
+ 		/* Accept cancel is complete. */
+-		if (client->nrecvs > 0)
++		if (client->nrecvs > 0) {
+ 			isc_socket_cancel(client->udpsocket, client->task,
+ 					  ISC_SOCKCANCEL_RECV);
++		}
+ 
+ 		/* Still waiting for recv cancel completion. */
+-		if (! (client->nrecvs == 0))
++		if (! (client->nrecvs == 0)) {
+ 			return (true);
++		}
+ 
+ 		/* Still waiting for control event to be delivered */
+-		if (client->nctls > 0)
++		if (client->nctls > 0) {
+ 			return (true);
+-
+-		/* Deactivate the client. */
+-		if (client->interface)
+-			ns_interface_detach(&client->interface);
++		}
+ 
+ 		INSIST(client->naccepts == 0);
+ 		INSIST(client->recursionquota == NULL);
+-		if (client->tcplistener != NULL)
++		if (client->tcplistener != NULL) {
+ 			isc_socket_detach(&client->tcplistener);
+ 
+-		if (client->udpsocket != NULL)
++			if (client->tcpactive) {
++				LOCK(&client->interface->lock);
++				INSIST(client->interface->ntcpactive > 0);
++				client->interface->ntcpactive--;
++				UNLOCK(&client->interface->lock);
++				client->tcpactive = false;
++			}
++		}
++		if (client->udpsocket != NULL) {
+ 			isc_socket_detach(&client->udpsocket);
++		}
+ 
+-		if (client->dispatch != NULL)
++		/* Deactivate the client. */
++		if (client->interface != NULL) {
++			ns_interface_detach(&client->interface);
++		}
++
++		if (client->dispatch != NULL) {
+ 			dns_dispatch_detach(&client->dispatch);
++		}
+ 
+ 		client->attributes = 0;
+ 		client->mortal = false;
+@@ -551,10 +607,13 @@ exit_check(ns_client_t *client) {
+ 			client->newstate = NS_CLIENTSTATE_MAX;
+ 			if (!ns_g_clienttest && manager != NULL &&
+ 			    !manager->exiting)
++			{
+ 				ISC_QUEUE_PUSH(manager->inactive, client,
+ 					       ilink);
+-			if (client->needshutdown)
++			}
++			if (client->needshutdown) {
+ 				isc_task_shutdown(client->task);
++			}
+ 			return (true);
+ 		}
+ 	}
+@@ -675,7 +734,6 @@ client_start(isc_task_t *task, isc_event_t *event) {
+ 	}
+ }
+ 
+-
+ /*%
+  * The client's task has received a shutdown event.
+  */
+@@ -2507,17 +2565,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 	/*
+ 	 * Pipeline TCP query processing.
+ 	 */
+-	if (client->message->opcode != dns_opcode_query)
++	if (client->message->opcode != dns_opcode_query) {
+ 		client->pipelined = false;
++	}
+ 	if (TCP_CLIENT(client) && client->pipelined) {
+-		result = isc_quota_reserve(&ns_g_server->tcpquota);
+-		if (result == ISC_R_SUCCESS)
+-			result = ns_client_replace(client);
++		result = ns_client_replace(client);
+ 		if (result != ISC_R_SUCCESS) {
+-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+-				      NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+-				      "no more TCP clients(read): %s",
+-				      isc_result_totext(result));
+ 			client->pipelined = false;
+ 		}
+ 	}
+@@ -3087,6 +3140,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->filter_aaaa = dns_aaaa_ok;
+ #endif
+ 	client->needshutdown = ns_g_clienttest;
++	client->tcpactive = false;
+ 
+ 	ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
+ 		       NS_EVENT_CLIENTCONTROL, client_start, client, client,
+@@ -3100,6 +3154,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->formerrcache.id = 0;
+ 	ISC_LINK_INIT(client, link);
+ 	ISC_LINK_INIT(client, rlink);
++	ISC_LINK_INIT(client, glink);
+ 	ISC_QLINK_INIT(client, ilink);
+ 	client->keytag = NULL;
+ 	client->keytag_len = 0;
+@@ -3193,12 +3248,19 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 
+ 	INSIST(client->state == NS_CLIENTSTATE_READY);
+ 
++	/*
++	 * The accept() was successful and we're now establishing a new
++	 * connection. We need to make note of it in the client and
++	 * interface objects so client objects can do the right thing
++	 * when going inactive in exit_check() (see comments in
++	 * client_accept() for details).
++	 */
+ 	INSIST(client->naccepts == 1);
+ 	client->naccepts--;
+ 
+ 	LOCK(&client->interface->lock);
+-	INSIST(client->interface->ntcpcurrent > 0);
+-	client->interface->ntcpcurrent--;
++	INSIST(client->interface->ntcpaccepting > 0);
++	client->interface->ntcpaccepting--;
+ 	UNLOCK(&client->interface->lock);
+ 
+ 	/*
+@@ -3232,6 +3294,9 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ 			      "accept failed: %s",
+ 			      isc_result_totext(nevent->result));
++		if (client->tcpquota != NULL) {
++			isc_quota_detach(&client->tcpquota);
++		}
+ 	}
+ 
+ 	if (exit_check(client))
+@@ -3270,18 +3335,12 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		 * deny service to legitimate TCP clients.
+ 		 */
+ 		client->pipelined = false;
+-		result = isc_quota_attach(&ns_g_server->tcpquota,
+-					  &client->tcpquota);
+-		if (result == ISC_R_SUCCESS)
+-			result = ns_client_replace(client);
+-		if (result != ISC_R_SUCCESS) {
+-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+-				      NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+-				      "no more TCP clients(accept): %s",
+-				      isc_result_totext(result));
+-		} else if (ns_g_server->keepresporder == NULL ||
+-			   !allowed(&netaddr, NULL, NULL, 0, NULL,
+-				    ns_g_server->keepresporder)) {
++		result = ns_client_replace(client);
++		if (result == ISC_R_SUCCESS &&
++		    (client->sctx->keepresporder == NULL ||
++		     !allowed(&netaddr, NULL, NULL, 0, NULL,
++			      ns_g_server->keepresporder)))
++		{
+ 			client->pipelined = true;
+ 		}
+ 
+@@ -3298,12 +3357,80 @@ client_accept(ns_client_t *client) {
+ 
+ 	CTRACE("accept");
+ 
++	/*
++	 * The tcpquota object can only be simultaneously referenced a
++	 * pre-defined number of times; this is configured by 'tcp-clients'
++	 * in named.conf. If we can't attach to it here, that means the TCP
++	 * client quota has been exceeded.
++	 */
++	result = isc_quota_attach(&client->sctx->tcpquota,
++				  &client->tcpquota);
++	if (result != ISC_R_SUCCESS) {
++			bool exit;
++
++			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
++				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
++				      "no more TCP clients: %s",
++				      isc_result_totext(result));
++
++			/*
++			 * We have exceeded the system-wide TCP client
++			 * quota.  But, we can't just block this accept
++			 * in all cases, because if we did, a heavy TCP
++			 * load on other interfaces might cause this
++			 * interface to be starved, with no clients able
++			 * to accept new connections.
++			 *
++			 * So, we check here to see if any other client
++			 * is already servicing TCP queries on this
++			 * interface (whether accepting, reading, or
++			 * processing).
++			 *
++			 * If so, then it's okay *not* to call
++			 * accept - we can let this client to go inactive
++			 * and the other one handle the next connection
++			 * when it's ready.
++			 *
++			 * But if not, then we need to be a little bit
++			 * flexible about the quota. We allow *one* extra
++			 * TCP client through, to ensure we're listening on
++			 * every interface.
++			 *
++			 * (Note: In practice this means that the *real*
++			 * TCP client quota is tcp-clients plus the number
++			 * of interfaces.)
++			 */
++			LOCK(&client->interface->lock);
++			exit = (client->interface->ntcpactive > 0);
++			UNLOCK(&client->interface->lock);
++
++			if (exit) {
++				client->newstate = NS_CLIENTSTATE_INACTIVE;
++				(void)exit_check(client);
++				return;
++			}
++	}
++
++	/*
++	 * By incrementing the interface's ntcpactive counter we signal
++	 * that there is at least one client servicing TCP queries for the
++	 * interface.
++	 *
++	 * We also make note of the fact in the client itself with the
++	 * tcpactive flag. This ensures proper accounting by preventing
++	 * us from accidentally incrementing or decrementing ntcpactive
++	 * more than once per client object.
++	 */
++	if (!client->tcpactive) {
++		LOCK(&client->interface->lock);
++		client->interface->ntcpactive++;
++		UNLOCK(&client->interface->lock);
++		client->tcpactive = true;
++	}
++
+ 	result = isc_socket_accept(client->tcplistener, client->task,
+ 				   client_newconn, client);
+ 	if (result != ISC_R_SUCCESS) {
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "isc_socket_accept() failed: %s",
+-				 isc_result_totext(result));
+ 		/*
+ 		 * XXXRTH  What should we do?  We're trying to accept but
+ 		 *	   it didn't work.  If we just give up, then TCP
+@@ -3311,12 +3438,39 @@ client_accept(ns_client_t *client) {
+ 		 *
+ 		 *	   For now, we just go idle.
+ 		 */
++		UNEXPECTED_ERROR(__FILE__, __LINE__,
++				 "isc_socket_accept() failed: %s",
++				 isc_result_totext(result));
++		if (client->tcpquota != NULL) {
++			isc_quota_detach(&client->tcpquota);
++		}
+ 		return;
+ 	}
++
++	/*
++	 * The client's 'naccepts' counter indicates that this client has
++	 * called accept() and is waiting for a new connection. It should
++	 * never exceed 1.
++	 */
+ 	INSIST(client->naccepts == 0);
+ 	client->naccepts++;
++
++	/*
++	 * The interface's 'ntcpaccepting' counter is incremented when
++	 * any client calls accept(), and decremented in client_newconn()
++	 * once the connection is established.
++	 *
++	 * When the client object is shutting down after handling a TCP
++	 * request (see exit_check()), it looks to see whether this value is
++	 * non-zero. If so, that means another client has already called
++	 * accept() and is waiting to establish the next connection, which
++	 * means the first client is free to go inactive. Otherwise,
++	 * the first client must come back and call accept() again; this
++	 * guarantees there will always be at least one client listening
++	 * for new TCP connections on each interface.
++	 */
+ 	LOCK(&client->interface->lock);
+-	client->interface->ntcpcurrent++;
++	client->interface->ntcpaccepting++;
+ 	UNLOCK(&client->interface->lock);
+ }
+ 
+@@ -3390,13 +3544,14 @@ ns_client_replace(ns_client_t *client) {
+ 	tcp = TCP_CLIENT(client);
+ 	if (tcp && client->pipelined) {
+ 		result = get_worker(client->manager, client->interface,
+-				    client->tcpsocket);
++				    client->tcpsocket, client);
+ 	} else {
+ 		result = get_client(client->manager, client->interface,
+ 				    client->dispatch, tcp);
+ 	}
+-	if (result != ISC_R_SUCCESS)
++	if (result != ISC_R_SUCCESS) {
+ 		return (result);
++	}
+ 
+ 	/*
+ 	 * The responsibility for listening for new requests is hereby
+@@ -3585,6 +3740,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 		client->attributes |= NS_CLIENTATTR_TCP;
+ 		isc_socket_attach(ifp->tcpsocket,
+ 				  &client->tcplistener);
++
+ 	} else {
+ 		isc_socket_t *sock;
+ 
+@@ -3602,7 +3758,8 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ }
+ 
+ static isc_result_t
+-get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
++get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
++	   ns_client_t *oldclient)
+ {
+ 	isc_result_t result = ISC_R_SUCCESS;
+ 	isc_event_t *ev;
+@@ -3610,6 +3767,7 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
+ 	MTRACE("get worker");
+ 
+ 	REQUIRE(manager != NULL);
++	REQUIRE(oldclient != NULL);
+ 
+ 	if (manager->exiting)
+ 		return (ISC_R_SHUTTINGDOWN);
+@@ -3642,7 +3800,28 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-	client->tcpquota = &ns_g_server->tcpquota;
++
++	/*
++	 * Transfer TCP quota to the new client.
++	 */
++	INSIST(client->tcpquota == NULL);
++	INSIST(oldclient->tcpquota != NULL);
++	client->tcpquota = oldclient->tcpquota;
++	oldclient->tcpquota = NULL;
++
++	/*
++	 * Link to a pipeline group, creating it if needed.
++	 */
++	if (!ISC_LINK_LINKED(oldclient, glink)) {
++		oldclient->glink.next = NULL;
++		oldclient->glink.prev = NULL;
++	}
++	client->glink.next = oldclient->glink.next;
++	client->glink.prev = oldclient;
++	if (oldclient->glink.next != NULL) {
++		oldclient->glink.next->glink.prev = client;
++	}
++	oldclient->glink.next = client;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+@@ -3656,6 +3835,12 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
+ 	(void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
+ 	client->peeraddr_valid = true;
+ 
++	LOCK(&client->interface->lock);
++	client->interface->ntcpactive++;
++	UNLOCK(&client->interface->lock);
++
++	client->tcpactive = true;
++
+ 	INSIST(client->tcpmsg_valid == false);
+ 	dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
+ 	client->tcpmsg_valid = true;
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index b23a7b191d..1f7973f9c5 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -94,7 +94,8 @@ struct ns_client {
+ 	int			nupdates;
+ 	int			nctls;
+ 	int			references;
+-	bool		needshutdown; 	/*
++	bool			tcpactive;
++	bool			needshutdown; 	/*
+ 						 * Used by clienttest to get
+ 						 * the client to go from
+ 						 * inactive to free state
+@@ -130,9 +131,9 @@ struct ns_client {
+ 	isc_stdtime_t		now;
+ 	isc_time_t		tnow;
+ 	dns_name_t		signername;   /*%< [T]SIG key name */
+-	dns_name_t *		signer;	      /*%< NULL if not valid sig */
+-	bool		mortal;	      /*%< Die after handling request */
+-	bool		pipelined;   /*%< TCP queries not in sequence */
++	dns_name_t		*signer;      /*%< NULL if not valid sig */
++	bool			mortal;	      /*%< Die after handling request */
++	bool			pipelined;   /*%< TCP queries not in sequence */
+ 	isc_quota_t		*tcpquota;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+@@ -143,8 +144,8 @@ struct ns_client {
+ 	isc_sockaddr_t		destsockaddr;
+ 
+ 	isc_netaddr_t		ecs_addr;	/*%< EDNS client subnet */
+-	uint8_t		ecs_addrlen;
+-	uint8_t		ecs_scope;
++	uint8_t			ecs_addrlen;
++	uint8_t			ecs_scope;
+ 
+ 	struct in6_pktinfo	pktinfo;
+ 	isc_dscp_t		dscp;
+@@ -166,6 +167,7 @@ struct ns_client {
+ 
+ 	ISC_LINK(ns_client_t)	link;
+ 	ISC_LINK(ns_client_t)	rlink;
++	ISC_LINK(ns_client_t)	glink;
+ 	ISC_QLINK(ns_client_t)	ilink;
+ 	unsigned char		cookie[8];
+ 	uint32_t		expire;
+diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
+index 7d1883e1e8..61b08826a6 100644
+--- a/bin/named/include/named/interfacemgr.h
++++ b/bin/named/include/named/interfacemgr.h
+@@ -77,9 +77,14 @@ struct ns_interface {
+ 						/*%< UDP dispatchers. */
+ 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
+ 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
+-	int			ntcptarget;	/*%< Desired number of concurrent
+-						     TCP accepts */
+-	int			ntcpcurrent;	/*%< Current ditto, locked */
++	int			ntcpaccepting;	/*%< Number of clients
++						     ready to accept new
++						     TCP connections on this
++						     interface */
++	int			ntcpactive;	/*%< Number of clients
++						     servicing TCP queries
++						     (whether accepting or
++						     connected) */
+ 	int			nudpdispatch;	/*%< Number of UDP dispatches */
+ 	ns_clientmgr_t *	clientmgr;	/*%< Client manager. */
+ 	ISC_LINK(ns_interface_t) link;
+diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
+index 419927bf54..955096ef47 100644
+--- a/bin/named/interfacemgr.c
++++ b/bin/named/interfacemgr.c
+@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ 	 * connections will be handled in parallel even though there is
+ 	 * only one client initially.
+ 	 */
+-	ifp->ntcptarget = 1;
+-	ifp->ntcpcurrent = 0;
++	ifp->ntcpaccepting = 0;
++	ifp->ntcpactive = 0;
+ 	ifp->nudpdispatch = 0;
+ 
+ 	ifp->dscp = -1;
+@@ -522,9 +522,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
+ 	 */
+ 	(void)isc_socket_filter(ifp->tcpsocket, "dataready");
+ 
+-	result = ns_clientmgr_createclients(ifp->clientmgr,
+-					    ifp->ntcptarget, ifp,
+-					    true);
++	result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
+ 	if (result != ISC_R_SUCCESS) {
+ 		UNEXPECTED_ERROR(__FILE__, __LINE__,
+ 				 "TCP ns_clientmgr_createclients(): %s",
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch

@@ -0,0 +1,278 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
+Date: Thu, 17 Jan 2019 15:53:38 +0100
+Subject: [PATCH 3/6] use reference counter for pipeline groups (v3)
+
+Track pipeline groups using a shared reference counter
+instead of a linked list.
+
+(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91)
+(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb)
+---
+ bin/named/client.c               | 171 ++++++++++++++++++++-----------
+ bin/named/include/named/client.h |   2 +-
+ 2 files changed, 110 insertions(+), 63 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index a7b49a0f71..277656cef0 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+ 	}
+ }
+ 
++/*%
++ * Allocate a reference counter that will track the number of client structures
++ * using the TCP connection that 'client' called accept() for.  This counter
++ * will be shared between all client structures associated with this TCP
++ * connection.
++ */
++static void
++pipeline_init(ns_client_t *client) {
++	isc_refcount_t *refs;
++
++	REQUIRE(client->pipeline_refs == NULL);
++
++	/*
++	 * A global memory context is used for the allocation as different
++	 * client structures may have different memory contexts assigned and a
++	 * reference counter allocated here might need to be freed by a
++	 * different client.  The performance impact caused by memory context
++	 * contention here is expected to be negligible, given that this code
++	 * is only executed for TCP connections.
++	 */
++	refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
++	isc_refcount_init(refs, 1);
++	client->pipeline_refs = refs;
++}
++
++/*%
++ * Increase the count of client structures using the TCP connection that
++ * 'source' is associated with and put a pointer to that count in 'target',
++ * thus associating it with the same TCP connection.
++ */
++static void
++pipeline_attach(ns_client_t *source, ns_client_t *target) {
++	int old_refs;
++
++	REQUIRE(source->pipeline_refs != NULL);
++	REQUIRE(target->pipeline_refs == NULL);
++
++	old_refs = isc_refcount_increment(source->pipeline_refs);
++	INSIST(old_refs > 0);
++	target->pipeline_refs = source->pipeline_refs;
++}
++
++/*%
++ * Decrease the count of client structures using the TCP connection that
++ * 'client' is associated with.  If this is the last client using this TCP
++ * connection, free the reference counter and return true; otherwise, return
++ * false.
++ */
++static bool
++pipeline_detach(ns_client_t *client) {
++	isc_refcount_t *refs;
++	int old_refs;
++
++	REQUIRE(client->pipeline_refs != NULL);
++
++	refs = client->pipeline_refs;
++	client->pipeline_refs = NULL;
++
++	old_refs = isc_refcount_decrement(refs);
++	INSIST(old_refs > 0);
++
++	if (old_refs == 1) {
++		isc_mem_free(client->sctx->mctx, refs);
++		return (true);
++	}
++
++	return (false);
++}
++
+ /*%
+  * Check for a deactivation or shutdown request and take appropriate
+  * action.  Returns true if either is in progress; in this case
+@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) {
+ 			client->tcpmsg_valid = false;
+ 		}
+ 
++		if (client->tcpquota != NULL) {
++			if (client->pipeline_refs == NULL ||
++			    pipeline_detach(client))
++			{
++				/*
++				 * Only detach from the TCP client quota if
++				 * there are no more client structures using
++				 * this TCP connection.
++				 *
++				 * Note that we check 'pipeline_refs' and not
++				 * 'pipelined' because in some cases (e.g.
++				 * after receiving a request with an opcode
++				 * different than QUERY) 'pipelined' is set to
++				 * false after the reference counter gets
++				 * allocated in pipeline_init() and we must
++				 * still drop our reference as failing to do so
++				 * would prevent the reference counter itself
++				 * from being freed.
++				 */
++				isc_quota_detach(&client->tcpquota);
++			} else {
++				/*
++				 * There are other client structures using this
++				 * TCP connection, so we cannot detach from the
++				 * TCP client quota to prevent excess TCP
++				 * connections from being accepted.  However,
++				 * this client structure might later be reused
++				 * for accepting new connections and thus must
++				 * have its 'tcpquota' field set to NULL.
++				 */
++				client->tcpquota = NULL;
++			}
++		}
++
+ 		if (client->tcpsocket != NULL) {
+ 			CTRACE("closetcp");
+ 			isc_socket_detach(&client->tcpsocket);
+@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) {
+ 			}
+ 		}
+ 
+-		if (client->tcpquota != NULL) {
+-			/*
+-			 * If we are not in a pipeline group, or
+-			 * we are the last client in the group, detach from
+-			 * tcpquota; otherwise, transfer the quota to
+-			 * another client in the same group.
+-			 */
+-			if (!ISC_LINK_LINKED(client, glink) ||
+-			    (client->glink.next == NULL &&
+-			     client->glink.prev == NULL))
+-			{
+-				isc_quota_detach(&client->tcpquota);
+-			} else if (client->glink.next != NULL) {
+-				INSIST(client->glink.next->tcpquota == NULL);
+-				client->glink.next->tcpquota = client->tcpquota;
+-				client->tcpquota = NULL;
+-			} else {
+-				INSIST(client->glink.prev->tcpquota == NULL);
+-				client->glink.prev->tcpquota = client->tcpquota;
+-				client->tcpquota = NULL;
+-			}
+-		}
+-
+-		/*
+-		 * Unlink from pipeline group.
+-		 */
+-		if (ISC_LINK_LINKED(client, glink)) {
+-			if (client->glink.next != NULL) {
+-				client->glink.next->glink.prev =
+-					client->glink.prev;
+-			}
+-			if (client->glink.prev != NULL) {
+-				client->glink.prev->glink.next =
+-					client->glink.next;
+-			}
+-			ISC_LINK_INIT(client, glink);
+-		}
+-
+ 		if (client->timerset) {
+ 			(void)isc_timer_reset(client->timer,
+ 					      isc_timertype_inactive,
+@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	dns_name_init(&client->signername, NULL);
+ 	client->mortal = false;
+ 	client->pipelined = false;
++	client->pipeline_refs = NULL;
+ 	client->tcpquota = NULL;
+ 	client->recursionquota = NULL;
+ 	client->interface = NULL;
+@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->formerrcache.id = 0;
+ 	ISC_LINK_INIT(client, link);
+ 	ISC_LINK_INIT(client, rlink);
+-	ISC_LINK_INIT(client, glink);
+ 	ISC_QLINK_INIT(client, ilink);
+ 	client->keytag = NULL;
+ 	client->keytag_len = 0;
+@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		     !allowed(&netaddr, NULL, NULL, 0, NULL,
+ 			      ns_g_server->keepresporder)))
+ 		{
++			pipeline_init(client);
+ 			client->pipelined = true;
+ 		}
+ 
+@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-
+-	/*
+-	 * Transfer TCP quota to the new client.
+-	 */
+-	INSIST(client->tcpquota == NULL);
+-	INSIST(oldclient->tcpquota != NULL);
+-	client->tcpquota = oldclient->tcpquota;
+-	oldclient->tcpquota = NULL;
+-
+-	/*
+-	 * Link to a pipeline group, creating it if needed.
+-	 */
+-	if (!ISC_LINK_LINKED(oldclient, glink)) {
+-		oldclient->glink.next = NULL;
+-		oldclient->glink.prev = NULL;
+-	}
+-	client->glink.next = oldclient->glink.next;
+-	client->glink.prev = oldclient;
+-	if (oldclient->glink.next != NULL) {
+-		oldclient->glink.next->glink.prev = client;
+-	}
+-	oldclient->glink.next = client;
++	client->tcpquota = &client->sctx->tcpquota;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+ 	client->attributes |= NS_CLIENTATTR_TCP;
+-	client->pipelined = true;
+ 	client->mortal = true;
+ 
++	pipeline_attach(oldclient, client);
++	client->pipelined = true;
++
+ 	isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
+ 	isc_socket_attach(sock, &client->tcpsocket);
+ 	isc_socket_setname(client->tcpsocket, "worker-tcp", NULL);
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index 1f7973f9c5..aeed9ccdda 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -134,6 +134,7 @@ struct ns_client {
+ 	dns_name_t		*signer;      /*%< NULL if not valid sig */
+ 	bool			mortal;	      /*%< Die after handling request */
+ 	bool			pipelined;   /*%< TCP queries not in sequence */
++	isc_refcount_t		*pipeline_refs;
+ 	isc_quota_t		*tcpquota;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+@@ -167,7 +168,6 @@ struct ns_client {
+ 
+ 	ISC_LINK(ns_client_t)	link;
+ 	ISC_LINK(ns_client_t)	rlink;
+-	ISC_LINK(ns_client_t)	glink;
+ 	ISC_QLINK(ns_client_t)	ilink;
+ 	unsigned char		cookie[8];
+ 	uint32_t		expire;
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch

@@ -0,0 +1,512 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/2ab8a08]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 2ab8a085b3c666f28f1f9229bd6ecb59915b26c3 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 5 Apr 2019 16:12:18 -0700
+Subject: [PATCH 4/6] better tcpquota accounting and client mortality checks
+
+- ensure that tcpactive is cleaned up correctly when accept() fails.
+- set 'client->tcpattached' when the client is attached to the tcpquota.
+  carry this value on to new clients sharing the same pipeline group.
+  don't call isc_quota_detach() on the tcpquota unless tcpattached is
+  set.  this way clients that were allowed to accept TCP connections
+  despite being over quota (and therefore, were never attached to the
+  quota) will not inadvertently detach from it and mess up the
+  accounting.
+- simplify the code for tcpquota disconnection by using a new function
+  tcpquota_disconnect().
+- before deciding whether to reject a new connection due to quota
+  exhaustion, check to see whether there are at least two active
+  clients. previously, this was "at least one", but that could be
+  insufficient if there was one other client in READING state (waiting
+  for messages on an open connection) but none in READY (listening
+  for new connections).
+- before deciding whether a TCP client object can to go inactive, we
+  must ensure there are enough other clients to maintain service
+  afterward -- both accepting new connections and reading/processing new
+  queries.  A TCP client can't shut down unless at least one
+  client is accepting new connections and (in the case of pipelined
+  clients) at least one additional client is waiting to read.
+
+(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
+(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856)
+(cherry picked from commit 87d431161450777ea093821212abfb52d51b36e3)
+---
+ bin/named/client.c               | 244 +++++++++++++++++++------------
+ bin/named/include/named/client.h |   3 +-
+ 2 files changed, 152 insertions(+), 95 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 277656cef0..61e96dd28c 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -244,13 +244,14 @@ static void client_start(isc_task_t *task, isc_event_t *event);
+ static void client_request(isc_task_t *task, isc_event_t *event);
+ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+ static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-			       dns_dispatch_t *disp, bool tcp);
++			       dns_dispatch_t *disp, ns_client_t *oldclient,
++			       bool tcp);
+ static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 			       isc_socket_t *sock, ns_client_t *oldclient);
+ static inline bool
+ allowed(isc_netaddr_t *addr, dns_name_t *signer,
+ 	isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen,
+-	uint8_t *ecs_scope, dns_acl_t *acl)
++	uint8_t *ecs_scope, dns_acl_t *acl);
+ static void compute_cookie(ns_client_t *client, uint32_t when,
+ 			   uint32_t nonce, const unsigned char *secret,
+ 			   isc_buffer_t *buf);
+@@ -319,7 +320,7 @@ pipeline_init(ns_client_t *client) {
+ 	 * contention here is expected to be negligible, given that this code
+ 	 * is only executed for TCP connections.
+ 	 */
+-	refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
++	refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs));
+ 	isc_refcount_init(refs, 1);
+ 	client->pipeline_refs = refs;
+ }
+@@ -331,13 +332,13 @@ pipeline_init(ns_client_t *client) {
+  */
+ static void
+ pipeline_attach(ns_client_t *source, ns_client_t *target) {
+-	int old_refs;
++	int refs;
+ 
+ 	REQUIRE(source->pipeline_refs != NULL);
+ 	REQUIRE(target->pipeline_refs == NULL);
+ 
+-	old_refs = isc_refcount_increment(source->pipeline_refs);
+-	INSIST(old_refs > 0);
++	isc_refcount_increment(source->pipeline_refs, &refs);
++	INSIST(refs > 1);
+ 	target->pipeline_refs = source->pipeline_refs;
+ }
+ 
+@@ -349,25 +350,51 @@ pipeline_attach(ns_client_t *source, ns_client_t *target) {
+  */
+ static bool
+ pipeline_detach(ns_client_t *client) {
+-	isc_refcount_t *refs;
+-	int old_refs;
++	isc_refcount_t *refcount;
++	int refs;
+ 
+ 	REQUIRE(client->pipeline_refs != NULL);
+ 
+-	refs = client->pipeline_refs;
++	refcount = client->pipeline_refs;
+ 	client->pipeline_refs = NULL;
+ 
+-	old_refs = isc_refcount_decrement(refs);
+-	INSIST(old_refs > 0);
++	isc_refcount_decrement(refcount, refs);
+ 
+-	if (old_refs == 1) {
+-		isc_mem_free(client->sctx->mctx, refs);
++	if (refs == 0) {
++		isc_mem_free(ns_g_mctx, refs);
+ 		return (true);
+ 	}
+ 
+ 	return (false);
+ }
+ 
++/*
++ * Detach a client from the TCP client quota if appropriate, and set
++ * the quota pointer to NULL.
++ *
++ * Sometimes when the TCP client quota is exhausted but there are no other
++ * clients servicing the interface, a client will be allowed to continue
++ * running despite not having been attached to the quota. In this event,
++ * the TCP quota was never attached to the client, so when the client (or
++ * associated pipeline group) shuts down, the quota must NOT be detached.
++ *
++ * Otherwise, if the quota pointer is set, it should be detached. If not
++ * set at all, we just return without doing anything.
++ */
++static void
++tcpquota_disconnect(ns_client_t *client) {
++	if (client->tcpquota == NULL) {
++		return;
++	}
++
++	if (client->tcpattached) {
++		isc_quota_detach(&client->tcpquota);
++		client->tcpattached = false;
++	} else {
++		client->tcpquota = NULL;
++	}
++}
++
+ /*%
+  * Check for a deactivation or shutdown request and take appropriate
+  * action.  Returns true if either is in progress; in this case
+@@ -490,38 +517,31 @@ exit_check(ns_client_t *client) {
+ 			client->tcpmsg_valid = false;
+ 		}
+ 
+-		if (client->tcpquota != NULL) {
+-			if (client->pipeline_refs == NULL ||
+-			    pipeline_detach(client))
+-			{
+-				/*
+-				 * Only detach from the TCP client quota if
+-				 * there are no more client structures using
+-				 * this TCP connection.
+-				 *
+-				 * Note that we check 'pipeline_refs' and not
+-				 * 'pipelined' because in some cases (e.g.
+-				 * after receiving a request with an opcode
+-				 * different than QUERY) 'pipelined' is set to
+-				 * false after the reference counter gets
+-				 * allocated in pipeline_init() and we must
+-				 * still drop our reference as failing to do so
+-				 * would prevent the reference counter itself
+-				 * from being freed.
+-				 */
+-				isc_quota_detach(&client->tcpquota);
+-			} else {
+-				/*
+-				 * There are other client structures using this
+-				 * TCP connection, so we cannot detach from the
+-				 * TCP client quota to prevent excess TCP
+-				 * connections from being accepted.  However,
+-				 * this client structure might later be reused
+-				 * for accepting new connections and thus must
+-				 * have its 'tcpquota' field set to NULL.
+-				 */
+-				client->tcpquota = NULL;
+-			}
++		/*
++		 * Detach from pipeline group and from TCP client quota,
++		 * if appropriate.
++		 *
++		 * - If no pipeline group is active, attempt to
++		 *   detach from the TCP client quota.
++		 *
++		 * - If a pipeline group is active, detach from it;
++		 *   if the return code indicates that there no more
++		 *   clients left if this pipeline group, we also detach
++		 *   from the TCP client quota.
++		 *
++		 * - Otherwise we don't try to detach, we just set the
++		 *   TCP quota pointer to NULL if it wasn't NULL already.
++		 *
++		 * tcpquota_disconnect() will set tcpquota to NULL, either
++		 * by detaching it or by assignment, depending on the
++		 * needs of the client. See the comments on that function
++		 * for further information.
++		 */
++		if (client->pipeline_refs == NULL || pipeline_detach(client)) {
++			tcpquota_disconnect(client);
++		} else {
++			client->tcpquota = NULL;
++			client->tcpattached = false;
+ 		}
+ 
+ 		if (client->tcpsocket != NULL) {
+@@ -544,8 +564,6 @@ exit_check(ns_client_t *client) {
+ 			client->timerset = false;
+ 		}
+ 
+-		client->pipelined = false;
+-
+ 		client->peeraddr_valid = false;
+ 
+ 		client->state = NS_CLIENTSTATE_READY;
+@@ -558,18 +576,27 @@ exit_check(ns_client_t *client) {
+ 		 * active and force it to go inactive if not.
+ 		 *
+ 		 * UDP clients go inactive at this point, but a TCP client
+-		 * will needs to remain active if no other clients are
+-		 * listening for TCP requests on this interface, to
+-		 * prevent this interface from going nonresponsive.
++		 * may need to remain active and go into ready state if
++		 * no other clients are available to listen for TCP
++		 * requests on this interface or (in the case of pipelined
++		 * clients) to read for additional messages on the current
++		 * connection.
+ 		 */
+ 		if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
+ 			LOCK(&client->interface->lock);
+-			if (client->interface->ntcpaccepting == 0) {
++			if ((client->interface->ntcpaccepting == 0 ||
++			    (client->pipelined &&
++			     client->interface->ntcpactive < 2)) &&
++			    client->newstate != NS_CLIENTSTATE_FREED)
++			{
+ 				client->mortal = false;
++				client->newstate = NS_CLIENTSTATE_READY;
+ 			}
+ 			UNLOCK(&client->interface->lock);
+ 		}
+ 
++		client->pipelined = false;
++
+ 		/*
+ 		 * We don't need the client; send it to the inactive
+ 		 * queue for recycling.
+@@ -2634,6 +2661,18 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 		client->pipelined = false;
+ 	}
+ 	if (TCP_CLIENT(client) && client->pipelined) {
++		/*
++		 * We're pipelining. Replace the client; the
++		 * the replacement can read the TCP socket looking
++		 * for new messages and this client can process the
++		 * current message asynchronously.
++		 *
++		 * There are now at least three clients using this
++		 * TCP socket - one accepting new connections,
++		 * one reading an existing connection to get new
++		 * messages, and one answering the message already
++		 * received.
++		 */
+ 		result = ns_client_replace(client);
+ 		if (result != ISC_R_SUCCESS) {
+ 			client->pipelined = false;
+@@ -3197,6 +3236,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->pipelined = false;
+ 	client->pipeline_refs = NULL;
+ 	client->tcpquota = NULL;
++	client->tcpattached = false;
+ 	client->recursionquota = NULL;
+ 	client->interface = NULL;
+ 	client->peeraddr_valid = false;
+@@ -3359,9 +3399,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ 			      "accept failed: %s",
+ 			      isc_result_totext(nevent->result));
+-		if (client->tcpquota != NULL) {
+-			isc_quota_detach(&client->tcpquota);
+-		}
++		tcpquota_disconnect(client);
+ 	}
+ 
+ 	if (exit_check(client))
+@@ -3402,7 +3440,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		client->pipelined = false;
+ 		result = ns_client_replace(client);
+ 		if (result == ISC_R_SUCCESS &&
+-		    (client->sctx->keepresporder == NULL ||
++		    (ns_g_server->keepresporder == NULL ||
+ 		     !allowed(&netaddr, NULL, NULL, 0, NULL,
+ 			      ns_g_server->keepresporder)))
+ 		{
+@@ -3429,7 +3467,7 @@ client_accept(ns_client_t *client) {
+ 	 * in named.conf. If we can't attach to it here, that means the TCP
+ 	 * client quota has been exceeded.
+ 	 */
+-	result = isc_quota_attach(&client->sctx->tcpquota,
++	result = isc_quota_attach(&ns_g_server->tcpquota,
+ 				  &client->tcpquota);
+ 	if (result != ISC_R_SUCCESS) {
+ 			bool exit;
+@@ -3447,27 +3485,27 @@ client_accept(ns_client_t *client) {
+ 			 * interface to be starved, with no clients able
+ 			 * to accept new connections.
+ 			 *
+-			 * So, we check here to see if any other client
+-			 * is already servicing TCP queries on this
++			 * So, we check here to see if any other clients
++			 * are already servicing TCP queries on this
+ 			 * interface (whether accepting, reading, or
+-			 * processing).
+-			 *
+-			 * If so, then it's okay *not* to call
+-			 * accept - we can let this client to go inactive
+-			 * and the other one handle the next connection
+-			 * when it's ready.
++			 * processing). If there are at least two
++			 * (one reading and one processing a request)
++			 * then it's okay *not* to call accept - we
++			 * can let this client go inactive and another
++			 * one will resume accepting when it's done.
+ 			 *
+-			 * But if not, then we need to be a little bit
+-			 * flexible about the quota. We allow *one* extra
+-			 * TCP client through, to ensure we're listening on
+-			 * every interface.
++			 * If there aren't enough active clients on the
++			 * interface, then we can be a little bit
++			 * flexible about the quota. We'll allow *one*
++			 * extra client through to ensure we're listening
++			 * on every interface.
+ 			 *
+-			 * (Note: In practice this means that the *real*
+-			 * TCP client quota is tcp-clients plus the number
+-			 * of interfaces.)
++			 * (Note: In practice this means that the real
++			 * TCP client quota is tcp-clients plus the
++			 * number of listening interfaces plus 2.)
+ 			 */
+ 			LOCK(&client->interface->lock);
+-			exit = (client->interface->ntcpactive > 0);
++			exit = (client->interface->ntcpactive > 1);
+ 			UNLOCK(&client->interface->lock);
+ 
+ 			if (exit) {
+@@ -3475,6 +3513,9 @@ client_accept(ns_client_t *client) {
+ 				(void)exit_check(client);
+ 				return;
+ 			}
++
++	} else {
++		client->tcpattached = true;
+ 	}
+ 
+ 	/*
+@@ -3507,9 +3548,16 @@ client_accept(ns_client_t *client) {
+ 		UNEXPECTED_ERROR(__FILE__, __LINE__,
+ 				 "isc_socket_accept() failed: %s",
+ 				 isc_result_totext(result));
+-		if (client->tcpquota != NULL) {
+-			isc_quota_detach(&client->tcpquota);
++
++		tcpquota_disconnect(client);
++
++		if (client->tcpactive) {
++			LOCK(&client->interface->lock);
++			client->interface->ntcpactive--;
++			UNLOCK(&client->interface->lock);
++			client->tcpactive = false;
+ 		}
++
+ 		return;
+ 	}
+ 
+@@ -3527,13 +3575,12 @@ client_accept(ns_client_t *client) {
+ 	 * once the connection is established.
+ 	 *
+ 	 * When the client object is shutting down after handling a TCP
+-	 * request (see exit_check()), it looks to see whether this value is
+-	 * non-zero. If so, that means another client has already called
+-	 * accept() and is waiting to establish the next connection, which
+-	 * means the first client is free to go inactive. Otherwise,
+-	 * the first client must come back and call accept() again; this
+-	 * guarantees there will always be at least one client listening
+-	 * for new TCP connections on each interface.
++	 * request (see exit_check()), if this value is at least one, that
++	 * means another client has called accept() and is waiting to
++	 * establish the next connection. That means the client may be
++	 * be free to become inactive; otherwise it may need to start
++	 * listening for connections itself to prevent the interface
++	 * going dead.
+ 	 */
+ 	LOCK(&client->interface->lock);
+ 	client->interface->ntcpaccepting++;
+@@ -3613,19 +3660,19 @@ ns_client_replace(ns_client_t *client) {
+ 				    client->tcpsocket, client);
+ 	} else {
+ 		result = get_client(client->manager, client->interface,
+-				    client->dispatch, tcp);
++				    client->dispatch, client, tcp);
++
++		/*
++		 * The responsibility for listening for new requests is hereby
++		 * transferred to the new client.  Therefore, the old client
++		 * should refrain from listening for any more requests.
++		 */
++		client->mortal = true;
+ 	}
+ 	if (result != ISC_R_SUCCESS) {
+ 		return (result);
+ 	}
+ 
+-	/*
+-	 * The responsibility for listening for new requests is hereby
+-	 * transferred to the new client.  Therefore, the old client
+-	 * should refrain from listening for any more requests.
+-	 */
+-	client->mortal = true;
+-
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -3759,7 +3806,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
+ 
+ static isc_result_t
+ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-	   dns_dispatch_t *disp, bool tcp)
++	   dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp)
+ {
+ 	isc_result_t result = ISC_R_SUCCESS;
+ 	isc_event_t *ev;
+@@ -3803,6 +3850,16 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 	client->dscp = ifp->dscp;
+ 
+ 	if (tcp) {
++		client->tcpattached = false;
++		if (oldclient != NULL) {
++			client->tcpattached = oldclient->tcpattached;
++		}
++
++		LOCK(&client->interface->lock);
++		client->interface->ntcpactive++;
++		UNLOCK(&client->interface->lock);
++		client->tcpactive = true;
++
+ 		client->attributes |= NS_CLIENTATTR_TCP;
+ 		isc_socket_attach(ifp->tcpsocket,
+ 				  &client->tcplistener);
+@@ -3866,7 +3923,8 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-	client->tcpquota = &client->sctx->tcpquota;
++	client->tcpquota = &ns_g_server->tcpquota;
++	client->tcpattached = oldclient->tcpattached;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+@@ -3885,7 +3943,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	LOCK(&client->interface->lock);
+ 	client->interface->ntcpactive++;
+ 	UNLOCK(&client->interface->lock);
+-
+ 	client->tcpactive = true;
+ 
+ 	INSIST(client->tcpmsg_valid == false);
+@@ -3913,7 +3970,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
+ 	MTRACE("createclients");
+ 
+ 	for (disp = 0; disp < n; disp++) {
+-		result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
++		result = get_client(manager, ifp, ifp->udpdispatch[disp],
++				    NULL, tcp);
+ 		if (result != ISC_R_SUCCESS)
+ 			break;
+ 	}
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index aeed9ccdda..e2c40acd28 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -9,8 +9,6 @@
+  * information regarding copyright ownership.
+  */
+ 
+-/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */
+-
+ #ifndef NAMED_CLIENT_H
+ #define NAMED_CLIENT_H 1
+ 
+@@ -136,6 +134,7 @@ struct ns_client {
+ 	bool			pipelined;   /*%< TCP queries not in sequence */
+ 	isc_refcount_t		*pipeline_refs;
+ 	isc_quota_t		*tcpquota;
++	bool			tcpattached;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+ 
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch

@@ -0,0 +1,911 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/c47ccf6]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From c47ccf630f147378568b33e8fdb7b754f228c346 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 5 Apr 2019 16:26:05 -0700
+Subject: [PATCH 5/6] refactor tcpquota and pipeline refs; allow special-case
+ overrun in isc_quota
+
+- if the TCP quota has been exceeded but there are no clients listening
+  for new connections on the interface, we can now force attachment to the
+  quota using isc_quota_force(), instead of carrying on with the quota not
+  attached.
+- the TCP client quota is now referenced via a reference-counted
+  'ns_tcpconn' object, one of which is created whenever a client begins
+  listening for new connections, and attached to by members of that
+  client's pipeline group. when the last reference to the tcpconn
+  object is detached, it is freed and the TCP quota slot is released.
+- reduce code duplication by adding mark_tcp_active() function.
+- convert counters to atomic.
+
+(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b)
+(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46)
+(cherry picked from commit 13f7c918b8720d890408f678bd73c20e634539d9)
+---
+ bin/named/client.c                     | 444 +++++++++++--------------
+ bin/named/include/named/client.h       |  12 +-
+ bin/named/include/named/interfacemgr.h |   6 +-
+ bin/named/interfacemgr.c               |   1 +
+ lib/isc/include/isc/quota.h            |   7 +
+ lib/isc/quota.c                        |  33 +-
+ lib/isc/win32/libisc.def.in            |   1 +
+ 7 files changed, 236 insertions(+), 268 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 61e96dd28c..d826ab32bf 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -244,8 +244,7 @@ static void client_start(isc_task_t *task, isc_event_t *event);
+ static void client_request(isc_task_t *task, isc_event_t *event);
+ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+ static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-			       dns_dispatch_t *disp, ns_client_t *oldclient,
+-			       bool tcp);
++			       dns_dispatch_t *disp, bool tcp);
+ static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 			       isc_socket_t *sock, ns_client_t *oldclient);
+ static inline bool
+@@ -301,16 +300,32 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+ }
+ 
+ /*%
+- * Allocate a reference counter that will track the number of client structures
+- * using the TCP connection that 'client' called accept() for.  This counter
+- * will be shared between all client structures associated with this TCP
+- * connection.
++ * Allocate a reference-counted object that will maintain a single pointer to
++ * the (also reference-counted) TCP client quota, shared between all the
++ * clients processing queries on a single TCP connection, so that all
++ * clients sharing the one socket will together consume only one slot in
++ * the 'tcp-clients' quota.
+  */
+-static void
+-pipeline_init(ns_client_t *client) {
+-	isc_refcount_t *refs;
++static isc_result_t
++tcpconn_init(ns_client_t *client, bool force) {
++	isc_result_t result;
++	isc_quota_t *quota = NULL;
++	ns_tcpconn_t *tconn = NULL;
+ 
+-	REQUIRE(client->pipeline_refs == NULL);
++	REQUIRE(client->tcpconn == NULL);
++
++	/*
++	 * Try to attach to the quota first, so we won't pointlessly
++	 * allocate memory for a tcpconn object if we can't get one.
++	 */
++	if (force) {
++		result = isc_quota_force(&ns_g_server->tcpquota, &quota);
++	} else {
++		result = isc_quota_attach(&ns_g_server->tcpquota, &quota);
++	}
++	if (result != ISC_R_SUCCESS) {
++		return (result);
++	}
+ 
+ 	/*
+ 	 * A global memory context is used for the allocation as different
+@@ -320,78 +335,80 @@ pipeline_init(ns_client_t *client) {
+ 	 * contention here is expected to be negligible, given that this code
+ 	 * is only executed for TCP connections.
+ 	 */
+-	refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs));
+-	isc_refcount_init(refs, 1);
+-	client->pipeline_refs = refs;
++	tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn));
++
++	isc_refcount_init(&tconn->refs, 1);
++	tconn->tcpquota = quota;
++	quota = NULL;
++	tconn->pipelined = false;
++
++	client->tcpconn = tconn;
++
++	return (ISC_R_SUCCESS);
+ }
+ 
+ /*%
+- * Increase the count of client structures using the TCP connection that
+- * 'source' is associated with and put a pointer to that count in 'target',
+- * thus associating it with the same TCP connection.
++ * Increase the count of client structures sharing the TCP connection
++ * that 'source' is associated with; add a pointer to the same tcpconn
++ * to 'target', thus associating it with the same TCP connection.
+  */
+ static void
+-pipeline_attach(ns_client_t *source, ns_client_t *target) {
++tcpconn_attach(ns_client_t *source, ns_client_t *target) {
+ 	int refs;
+ 
+-	REQUIRE(source->pipeline_refs != NULL);
+-	REQUIRE(target->pipeline_refs == NULL);
++	REQUIRE(source->tcpconn != NULL);
++	REQUIRE(target->tcpconn == NULL);
++	REQUIRE(source->tcpconn->pipelined);
+ 
+-	isc_refcount_increment(source->pipeline_refs, &refs);
++	isc_refcount_increment(&source->tcpconn->refs, &refs);
+ 	INSIST(refs > 1);
+-	target->pipeline_refs = source->pipeline_refs;
++	target->tcpconn = source->tcpconn;
+ }
+ 
+ /*%
+- * Decrease the count of client structures using the TCP connection that
++ * Decrease the count of client structures sharing the TCP connection that
+  * 'client' is associated with.  If this is the last client using this TCP
+- * connection, free the reference counter and return true; otherwise, return
+- * false.
++ * connection, we detach from the TCP quota and free the tcpconn
++ * object. Either way, client->tcpconn is set to NULL.
+  */
+-static bool
+-pipeline_detach(ns_client_t *client) {
+-	isc_refcount_t *refcount;
++static void
++tcpconn_detach(ns_client_t *client) {
++	ns_tcpconn_t *tconn = NULL;
+ 	int refs;
+ 
+-	REQUIRE(client->pipeline_refs != NULL);
+-
+-	refcount = client->pipeline_refs;
+-	client->pipeline_refs = NULL;
++	REQUIRE(client->tcpconn != NULL);
+ 
+-	isc_refcount_decrement(refcount, refs);
++	tconn = client->tcpconn;
++	client->tcpconn = NULL;
+ 
++	isc_refcount_decrement(&tconn->refs, &refs);
+ 	if (refs == 0) {
+-		isc_mem_free(ns_g_mctx, refs);
+-		return (true);
++		isc_quota_detach(&tconn->tcpquota);
++		isc_mem_free(ns_g_mctx, tconn);
+ 	}
+-
+-	return (false);
+ }
+ 
+-/*
+- * Detach a client from the TCP client quota if appropriate, and set
+- * the quota pointer to NULL.
+- *
+- * Sometimes when the TCP client quota is exhausted but there are no other
+- * clients servicing the interface, a client will be allowed to continue
+- * running despite not having been attached to the quota. In this event,
+- * the TCP quota was never attached to the client, so when the client (or
+- * associated pipeline group) shuts down, the quota must NOT be detached.
++/*%
++ * Mark a client as active and increment the interface's 'ntcpactive'
++ * counter, as a signal that there is at least one client servicing
++ * TCP queries for the interface. If we reach the TCP client quota at
++ * some point, this will be used to determine whether a quota overrun
++ * should be permitted.
+  *
+- * Otherwise, if the quota pointer is set, it should be detached. If not
+- * set at all, we just return without doing anything.
++ * Marking the client active with the 'tcpactive' flag ensures proper
++ * accounting, by preventing us from incrementing or decrementing
++ * 'ntcpactive' more than once per client.
+  */
+ static void
+-tcpquota_disconnect(ns_client_t *client) {
+-	if (client->tcpquota == NULL) {
+-		return;
+-	}
+-
+-	if (client->tcpattached) {
+-		isc_quota_detach(&client->tcpquota);
+-		client->tcpattached = false;
+-	} else {
+-		client->tcpquota = NULL;
++mark_tcp_active(ns_client_t *client, bool active) {
++	if (active && !client->tcpactive) {
++		isc_atomic_xadd(&client->interface->ntcpactive, 1);
++		client->tcpactive = active;
++	} else if (!active && client->tcpactive) {
++		uint32_t old =
++			isc_atomic_xadd(&client->interface->ntcpactive, -1);
++		INSIST(old > 0);
++		client->tcpactive = active;
+ 	}
+ }
+ 
+@@ -484,7 +501,8 @@ exit_check(ns_client_t *client) {
+ 		INSIST(client->recursionquota == NULL);
+ 
+ 		if (NS_CLIENTSTATE_READING == client->newstate) {
+-			if (!client->pipelined) {
++			INSIST(client->tcpconn != NULL);
++			if (!client->tcpconn->pipelined) {
+ 				client_read(client);
+ 				client->newstate = NS_CLIENTSTATE_MAX;
+ 				return (true); /* We're done. */
+@@ -507,8 +525,8 @@ exit_check(ns_client_t *client) {
+ 			dns_tcpmsg_cancelread(&client->tcpmsg);
+ 		}
+ 
+-		if (client->nreads != 0) {
+-			/* Still waiting for read cancel completion. */
++		/* Still waiting for read cancel completion. */
++		if (client->nreads > 0) {
+ 			return (true);
+ 		}
+ 
+@@ -518,43 +536,45 @@ exit_check(ns_client_t *client) {
+ 		}
+ 
+ 		/*
+-		 * Detach from pipeline group and from TCP client quota,
+-		 * if appropriate.
++		 * Soon the client will be ready to accept a new TCP
++		 * connection or UDP request, but we may have enough
++		 * clients doing that already.  Check whether this client
++		 * needs to remain active and allow it go inactive if
++		 * not.
+ 		 *
+-		 * - If no pipeline group is active, attempt to
+-		 *   detach from the TCP client quota.
++		 * UDP clients always go inactive at this point, but a TCP
++		 * client may need to stay active and return to READY
++		 * state if no other clients are available to listen
++		 * for TCP requests on this interface.
+ 		 *
+-		 * - If a pipeline group is active, detach from it;
+-		 *   if the return code indicates that there no more
+-		 *   clients left if this pipeline group, we also detach
+-		 *   from the TCP client quota.
+-		 *
+-		 * - Otherwise we don't try to detach, we just set the
+-		 *   TCP quota pointer to NULL if it wasn't NULL already.
+-		 *
+-		 * tcpquota_disconnect() will set tcpquota to NULL, either
+-		 * by detaching it or by assignment, depending on the
+-		 * needs of the client. See the comments on that function
+-		 * for further information.
++		 * Regardless, if we're going to FREED state, that means
++		 * the system is shutting down and we don't need to
++		 * retain clients.
+ 		 */
+-		if (client->pipeline_refs == NULL || pipeline_detach(client)) {
+-			tcpquota_disconnect(client);
+-		} else {
+-			client->tcpquota = NULL;
+-			client->tcpattached = false;
++		if (client->mortal && TCP_CLIENT(client) &&
++		    client->newstate != NS_CLIENTSTATE_FREED &&
++		    !ns_g_clienttest &&
++		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
++		{
++			/* Nobody else is accepting */
++			client->mortal = false;
++			client->newstate = NS_CLIENTSTATE_READY;
++		}
++
++		/*
++		 * Detach from TCP connection and TCP client quota,
++		 * if appropriate. If this is the last reference to
++		 * the TCP connection in our pipeline group, the
++		 * TCP quota slot will be released.
++		 */
++		if (client->tcpconn) {
++			tcpconn_detach(client);
+ 		}
+ 
+ 		if (client->tcpsocket != NULL) {
+ 			CTRACE("closetcp");
+ 			isc_socket_detach(&client->tcpsocket);
+-
+-			if (client->tcpactive) {
+-				LOCK(&client->interface->lock);
+-				INSIST(client->interface->ntcpactive > 0);
+-				client->interface->ntcpactive--;
+-				UNLOCK(&client->interface->lock);
+-				client->tcpactive = false;
+-			}
++			mark_tcp_active(client, false);
+ 		}
+ 
+ 		if (client->timerset) {
+@@ -567,35 +587,6 @@ exit_check(ns_client_t *client) {
+ 		client->peeraddr_valid = false;
+ 
+ 		client->state = NS_CLIENTSTATE_READY;
+-		INSIST(client->recursionquota == NULL);
+-
+-		/*
+-		 * Now the client is ready to accept a new TCP connection
+-		 * or UDP request, but we may have enough clients doing
+-		 * that already.  Check whether this client needs to remain
+-		 * active and force it to go inactive if not.
+-		 *
+-		 * UDP clients go inactive at this point, but a TCP client
+-		 * may need to remain active and go into ready state if
+-		 * no other clients are available to listen for TCP
+-		 * requests on this interface or (in the case of pipelined
+-		 * clients) to read for additional messages on the current
+-		 * connection.
+-		 */
+-		if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
+-			LOCK(&client->interface->lock);
+-			if ((client->interface->ntcpaccepting == 0 ||
+-			    (client->pipelined &&
+-			     client->interface->ntcpactive < 2)) &&
+-			    client->newstate != NS_CLIENTSTATE_FREED)
+-			{
+-				client->mortal = false;
+-				client->newstate = NS_CLIENTSTATE_READY;
+-			}
+-			UNLOCK(&client->interface->lock);
+-		}
+-
+-		client->pipelined = false;
+ 
+ 		/*
+ 		 * We don't need the client; send it to the inactive
+@@ -630,7 +621,7 @@ exit_check(ns_client_t *client) {
+ 		}
+ 
+ 		/* Still waiting for accept cancel completion. */
+-		if (! (client->naccepts == 0)) {
++		if (client->naccepts > 0) {
+ 			return (true);
+ 		}
+ 
+@@ -641,7 +632,7 @@ exit_check(ns_client_t *client) {
+ 		}
+ 
+ 		/* Still waiting for recv cancel completion. */
+-		if (! (client->nrecvs == 0)) {
++		if (client->nrecvs > 0) {
+ 			return (true);
+ 		}
+ 
+@@ -654,14 +645,7 @@ exit_check(ns_client_t *client) {
+ 		INSIST(client->recursionquota == NULL);
+ 		if (client->tcplistener != NULL) {
+ 			isc_socket_detach(&client->tcplistener);
+-
+-			if (client->tcpactive) {
+-				LOCK(&client->interface->lock);
+-				INSIST(client->interface->ntcpactive > 0);
+-				client->interface->ntcpactive--;
+-				UNLOCK(&client->interface->lock);
+-				client->tcpactive = false;
+-			}
++			mark_tcp_active(client, false);
+ 		}
+ 		if (client->udpsocket != NULL) {
+ 			isc_socket_detach(&client->udpsocket);
+@@ -816,7 +800,7 @@ client_start(isc_task_t *task, isc_event_t *event) {
+ 		return;
+ 
+ 	if (TCP_CLIENT(client)) {
+-		if (client->pipelined) {
++		if (client->tcpconn != NULL) {
+ 			client_read(client);
+ 		} else {
+ 			client_accept(client);
+@@ -2470,6 +2454,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 		client->nrecvs--;
+ 	} else {
+ 		INSIST(TCP_CLIENT(client));
++		INSIST(client->tcpconn != NULL);
+ 		REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
+ 		REQUIRE(event->ev_sender == &client->tcpmsg);
+ 		buffer = &client->tcpmsg.buffer;
+@@ -2657,17 +2642,19 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 	/*
+ 	 * Pipeline TCP query processing.
+ 	 */
+-	if (client->message->opcode != dns_opcode_query) {
+-		client->pipelined = false;
++	if (TCP_CLIENT(client) &&
++	    client->message->opcode != dns_opcode_query)
++	{
++		client->tcpconn->pipelined = false;
+ 	}
+-	if (TCP_CLIENT(client) && client->pipelined) {
++	if (TCP_CLIENT(client) && client->tcpconn->pipelined) {
+ 		/*
+ 		 * We're pipelining. Replace the client; the
+-		 * the replacement can read the TCP socket looking
+-		 * for new messages and this client can process the
++		 * replacement can read the TCP socket looking
++		 * for new messages and this one can process the
+ 		 * current message asynchronously.
+ 		 *
+-		 * There are now at least three clients using this
++		 * There will now be at least three clients using this
+ 		 * TCP socket - one accepting new connections,
+ 		 * one reading an existing connection to get new
+ 		 * messages, and one answering the message already
+@@ -2675,7 +2662,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 		 */
+ 		result = ns_client_replace(client);
+ 		if (result != ISC_R_SUCCESS) {
+-			client->pipelined = false;
++			client->tcpconn->pipelined = false;
+ 		}
+ 	}
+ 
+@@ -3233,10 +3220,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->signer = NULL;
+ 	dns_name_init(&client->signername, NULL);
+ 	client->mortal = false;
+-	client->pipelined = false;
+-	client->pipeline_refs = NULL;
+-	client->tcpquota = NULL;
+-	client->tcpattached = false;
++	client->tcpconn = NULL;
+ 	client->recursionquota = NULL;
+ 	client->interface = NULL;
+ 	client->peeraddr_valid = false;
+@@ -3341,9 +3325,10 @@ client_read(ns_client_t *client) {
+ 
+ static void
+ client_newconn(isc_task_t *task, isc_event_t *event) {
++	isc_result_t result;
+ 	ns_client_t *client = event->ev_arg;
+ 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
+-	isc_result_t result;
++	uint32_t old;
+ 
+ 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
+ 	REQUIRE(NS_CLIENT_VALID(client));
+@@ -3363,10 +3348,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 	INSIST(client->naccepts == 1);
+ 	client->naccepts--;
+ 
+-	LOCK(&client->interface->lock);
+-	INSIST(client->interface->ntcpaccepting > 0);
+-	client->interface->ntcpaccepting--;
+-	UNLOCK(&client->interface->lock);
++	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
++	INSIST(old > 0);
+ 
+ 	/*
+ 	 * We must take ownership of the new socket before the exit
+@@ -3399,7 +3382,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ 			      "accept failed: %s",
+ 			      isc_result_totext(nevent->result));
+-		tcpquota_disconnect(client);
++		tcpconn_detach(client);
+ 	}
+ 
+ 	if (exit_check(client))
+@@ -3437,15 +3420,13 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		 * telnetting to port 53 (once per CPU) will
+ 		 * deny service to legitimate TCP clients.
+ 		 */
+-		client->pipelined = false;
+ 		result = ns_client_replace(client);
+ 		if (result == ISC_R_SUCCESS &&
+ 		    (ns_g_server->keepresporder == NULL ||
+ 		     !allowed(&netaddr, NULL, NULL, 0, NULL,
+ 			      ns_g_server->keepresporder)))
+ 		{
+-			pipeline_init(client);
+-			client->pipelined = true;
++			client->tcpconn->pipelined = true;
+ 		}
+ 
+ 		client_read(client);
+@@ -3462,78 +3443,59 @@ client_accept(ns_client_t *client) {
+ 	CTRACE("accept");
+ 
+ 	/*
+-	 * The tcpquota object can only be simultaneously referenced a
+-	 * pre-defined number of times; this is configured by 'tcp-clients'
+-	 * in named.conf. If we can't attach to it here, that means the TCP
+-	 * client quota has been exceeded.
++	 * Set up a new TCP connection. This means try to attach to the
++	 * TCP client quota (tcp-clients), but fail if we're over quota.
+ 	 */
+-	result = isc_quota_attach(&ns_g_server->tcpquota,
+-				  &client->tcpquota);
++	result = tcpconn_init(client, false);
+ 	if (result != ISC_R_SUCCESS) {
+-			bool exit;
++		bool exit;
+ 
+-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+-				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
+-				      "no more TCP clients: %s",
+-				      isc_result_totext(result));
+-
+-			/*
+-			 * We have exceeded the system-wide TCP client
+-			 * quota.  But, we can't just block this accept
+-			 * in all cases, because if we did, a heavy TCP
+-			 * load on other interfaces might cause this
+-			 * interface to be starved, with no clients able
+-			 * to accept new connections.
+-			 *
+-			 * So, we check here to see if any other clients
+-			 * are already servicing TCP queries on this
+-			 * interface (whether accepting, reading, or
+-			 * processing). If there are at least two
+-			 * (one reading and one processing a request)
+-			 * then it's okay *not* to call accept - we
+-			 * can let this client go inactive and another
+-			 * one will resume accepting when it's done.
+-			 *
+-			 * If there aren't enough active clients on the
+-			 * interface, then we can be a little bit
+-			 * flexible about the quota. We'll allow *one*
+-			 * extra client through to ensure we're listening
+-			 * on every interface.
+-			 *
+-			 * (Note: In practice this means that the real
+-			 * TCP client quota is tcp-clients plus the
+-			 * number of listening interfaces plus 2.)
+-			 */
+-			LOCK(&client->interface->lock);
+-			exit = (client->interface->ntcpactive > 1);
+-			UNLOCK(&client->interface->lock);
++		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
++			      NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
++			      "TCP client quota reached: %s",
++			      isc_result_totext(result));
+ 
+-			if (exit) {
+-				client->newstate = NS_CLIENTSTATE_INACTIVE;
+-				(void)exit_check(client);
+-				return;
+-			}
++		/*
++		 * We have exceeded the system-wide TCP client quota.  But,
++		 * we can't just block this accept in all cases, because if
++		 * we did, a heavy TCP load on other interfaces might cause
++		 * this interface to be starved, with no clients able to
++		 * accept new connections.
++		 *
++		 * So, we check here to see if any other clients are
++		 * already servicing TCP queries on this interface (whether
++		 * accepting, reading, or processing). If we find at least
++		 * one, then it's okay *not* to call accept - we can let this
++		 * client go inactive and another will take over when it's
++		 * done.
++		 *
++		 * If there aren't enough active clients on the interface,
++		 * then we can be a little bit flexible about the quota.
++		 * We'll allow *one* extra client through to ensure we're
++		 * listening on every interface; we do this by setting the
++		 * 'force' option to tcpconn_init().
++		 *
++		 * (Note: In practice this means that the real TCP client
++		 * quota is tcp-clients plus the number of listening
++		 * interfaces plus 1.)
++		 */
++		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
++		if (exit) {
++			client->newstate = NS_CLIENTSTATE_INACTIVE;
++			(void)exit_check(client);
++			return;
++		}
+ 
+-	} else {
+-		client->tcpattached = true;
++		result = tcpconn_init(client, true);
++		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ 	}
+ 
+ 	/*
+-	 * By incrementing the interface's ntcpactive counter we signal
+-	 * that there is at least one client servicing TCP queries for the
+-	 * interface.
+-	 *
+-	 * We also make note of the fact in the client itself with the
+-	 * tcpactive flag. This ensures proper accounting by preventing
+-	 * us from accidentally incrementing or decrementing ntcpactive
+-	 * more than once per client object.
++	 * If this client was set up using get_client() or get_worker(),
++	 * then TCP is already marked active. However, if it was restarted
++	 * from exit_check(), it might not be, so we take care of it now.
+ 	 */
+-	if (!client->tcpactive) {
+-		LOCK(&client->interface->lock);
+-		client->interface->ntcpactive++;
+-		UNLOCK(&client->interface->lock);
+-		client->tcpactive = true;
+-	}
++	mark_tcp_active(client, true);
+ 
+ 	result = isc_socket_accept(client->tcplistener, client->task,
+ 				   client_newconn, client);
+@@ -3549,15 +3511,8 @@ client_accept(ns_client_t *client) {
+ 				 "isc_socket_accept() failed: %s",
+ 				 isc_result_totext(result));
+ 
+-		tcpquota_disconnect(client);
+-
+-		if (client->tcpactive) {
+-			LOCK(&client->interface->lock);
+-			client->interface->ntcpactive--;
+-			UNLOCK(&client->interface->lock);
+-			client->tcpactive = false;
+-		}
+-
++		tcpconn_detach(client);
++		mark_tcp_active(client, false);
+ 		return;
+ 	}
+ 
+@@ -3582,9 +3537,7 @@ client_accept(ns_client_t *client) {
+ 	 * listening for connections itself to prevent the interface
+ 	 * going dead.
+ 	 */
+-	LOCK(&client->interface->lock);
+-	client->interface->ntcpaccepting++;
+-	UNLOCK(&client->interface->lock);
++	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
+ }
+ 
+ static void
+@@ -3655,24 +3608,25 @@ ns_client_replace(ns_client_t *client) {
+ 	REQUIRE(client->manager != NULL);
+ 
+ 	tcp = TCP_CLIENT(client);
+-	if (tcp && client->pipelined) {
++	if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) {
+ 		result = get_worker(client->manager, client->interface,
+ 				    client->tcpsocket, client);
+ 	} else {
+ 		result = get_client(client->manager, client->interface,
+-				    client->dispatch, client, tcp);
++				    client->dispatch, tcp);
+ 
+-		/*
+-		 * The responsibility for listening for new requests is hereby
+-		 * transferred to the new client.  Therefore, the old client
+-		 * should refrain from listening for any more requests.
+-		 */
+-		client->mortal = true;
+ 	}
+ 	if (result != ISC_R_SUCCESS) {
+ 		return (result);
+ 	}
+ 
++	/*
++	 * The responsibility for listening for new requests is hereby
++	 * transferred to the new client.  Therefore, the old client
++	 * should refrain from listening for any more requests.
++	 */
++	client->mortal = true;
++
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -3806,7 +3760,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
+ 
+ static isc_result_t
+ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-	   dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp)
++	   dns_dispatch_t *disp, bool tcp)
+ {
+ 	isc_result_t result = ISC_R_SUCCESS;
+ 	isc_event_t *ev;
+@@ -3850,15 +3804,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 	client->dscp = ifp->dscp;
+ 
+ 	if (tcp) {
+-		client->tcpattached = false;
+-		if (oldclient != NULL) {
+-			client->tcpattached = oldclient->tcpattached;
+-		}
+-
+-		LOCK(&client->interface->lock);
+-		client->interface->ntcpactive++;
+-		UNLOCK(&client->interface->lock);
+-		client->tcpactive = true;
++		mark_tcp_active(client, true);
+ 
+ 		client->attributes |= NS_CLIENTATTR_TCP;
+ 		isc_socket_attach(ifp->tcpsocket,
+@@ -3923,16 +3869,14 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-	client->tcpquota = &ns_g_server->tcpquota;
+-	client->tcpattached = oldclient->tcpattached;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+ 	client->attributes |= NS_CLIENTATTR_TCP;
+ 	client->mortal = true;
+ 
+-	pipeline_attach(oldclient, client);
+-	client->pipelined = true;
++	tcpconn_attach(oldclient, client);
++	mark_tcp_active(client, true);
+ 
+ 	isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
+ 	isc_socket_attach(sock, &client->tcpsocket);
+@@ -3940,11 +3884,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	(void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
+ 	client->peeraddr_valid = true;
+ 
+-	LOCK(&client->interface->lock);
+-	client->interface->ntcpactive++;
+-	UNLOCK(&client->interface->lock);
+-	client->tcpactive = true;
+-
+ 	INSIST(client->tcpmsg_valid == false);
+ 	dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
+ 	client->tcpmsg_valid = true;
+@@ -3970,8 +3909,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
+ 	MTRACE("createclients");
+ 
+ 	for (disp = 0; disp < n; disp++) {
+-		result = get_client(manager, ifp, ifp->udpdispatch[disp],
+-				    NULL, tcp);
++		result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
+ 		if (result != ISC_R_SUCCESS)
+ 			break;
+ 	}
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index e2c40acd28..969ee4c08f 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -78,6 +78,13 @@
+  *** Types
+  ***/
+ 
++/*% reference-counted TCP connection object */
++typedef struct ns_tcpconn {
++	isc_refcount_t		refs;
++	isc_quota_t		*tcpquota;
++	bool			pipelined;
++} ns_tcpconn_t;
++
+ /*% nameserver client structure */
+ struct ns_client {
+ 	unsigned int		magic;
+@@ -131,10 +138,7 @@ struct ns_client {
+ 	dns_name_t		signername;   /*%< [T]SIG key name */
+ 	dns_name_t		*signer;      /*%< NULL if not valid sig */
+ 	bool			mortal;	      /*%< Die after handling request */
+-	bool			pipelined;   /*%< TCP queries not in sequence */
+-	isc_refcount_t		*pipeline_refs;
+-	isc_quota_t		*tcpquota;
+-	bool			tcpattached;
++	ns_tcpconn_t		*tcpconn;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+ 
+diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
+index 61b08826a6..3535ef22a8 100644
+--- a/bin/named/include/named/interfacemgr.h
++++ b/bin/named/include/named/interfacemgr.h
+@@ -9,8 +9,6 @@
+  * information regarding copyright ownership.
+  */
+ 
+-/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
+-
+ #ifndef NAMED_INTERFACEMGR_H
+ #define NAMED_INTERFACEMGR_H 1
+ 
+@@ -77,11 +75,11 @@ struct ns_interface {
+ 						/*%< UDP dispatchers. */
+ 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
+ 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
+-	int			ntcpaccepting;	/*%< Number of clients
++	int32_t			ntcpaccepting;	/*%< Number of clients
+ 						     ready to accept new
+ 						     TCP connections on this
+ 						     interface */
+-	int			ntcpactive;	/*%< Number of clients
++	int32_t			ntcpactive;	/*%< Number of clients
+ 						     servicing TCP queries
+ 						     (whether accepting or
+ 						     connected) */
+diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
+index 955096ef47..d9f6df5802 100644
+--- a/bin/named/interfacemgr.c
++++ b/bin/named/interfacemgr.c
+@@ -388,6 +388,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ 	 */
+ 	ifp->ntcpaccepting = 0;
+ 	ifp->ntcpactive = 0;
++
+ 	ifp->nudpdispatch = 0;
+ 
+ 	ifp->dscp = -1;
+diff --git a/lib/isc/include/isc/quota.h b/lib/isc/include/isc/quota.h
+index b9bf59877a..36c5830242 100644
+--- a/lib/isc/include/isc/quota.h
++++ b/lib/isc/include/isc/quota.h
+@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p);
+  * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA).
+  */
+ 
++isc_result_t
++isc_quota_force(isc_quota_t *quota, isc_quota_t **p);
++/*%<
++ * Like isc_quota_attach, but will attach '*p' to the quota
++ * even if the hard quota has been exceeded.
++ */
++
+ void
+ isc_quota_detach(isc_quota_t **p);
+ /*%<
+diff --git a/lib/isc/quota.c b/lib/isc/quota.c
+index 3ddff0d875..556a61f21d 100644
+--- a/lib/isc/quota.c
++++ b/lib/isc/quota.c
+@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) {
+ 	UNLOCK(&quota->lock);
+ }
+ 
+-isc_result_t
+-isc_quota_attach(isc_quota_t *quota, isc_quota_t **p)
+-{
++static isc_result_t
++doattach(isc_quota_t *quota, isc_quota_t **p, bool force) {
+ 	isc_result_t result;
+-	INSIST(p != NULL && *p == NULL);
++	REQUIRE(p != NULL && *p == NULL);
++
+ 	result = isc_quota_reserve(quota);
+-	if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA)
++	if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) {
++		*p = quota;
++	} else if (result == ISC_R_QUOTA && force) {
++		/* attach anyway */
++		LOCK(&quota->lock);
++		quota->used++;
++		UNLOCK(&quota->lock);
++
+ 		*p = quota;
++		result = ISC_R_SUCCESS;
++	}
++
+ 	return (result);
+ }
+ 
++isc_result_t
++isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) {
++	return (doattach(quota, p, false));
++}
++
++isc_result_t
++isc_quota_force(isc_quota_t *quota, isc_quota_t **p) {
++	return (doattach(quota, p, true));
++}
++
+ void
+-isc_quota_detach(isc_quota_t **p)
+-{
++isc_quota_detach(isc_quota_t **p) {
+ 	INSIST(p != NULL && *p != NULL);
+ 	isc_quota_release(*p);
+ 	*p = NULL;
+diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in
+index a82facec0f..7b9f23d776 100644
+--- a/lib/isc/win32/libisc.def.in
++++ b/lib/isc/win32/libisc.def.in
+@@ -519,6 +519,7 @@ isc_portset_removerange
+ isc_quota_attach
+ isc_quota_destroy
+ isc_quota_detach
++isc_quota_force
+ isc_quota_init
+ isc_quota_max
+ isc_quota_release
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch

@@ -0,0 +1,80 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 5 Apr 2019 16:26:19 -0700
+Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces
+
+in the "refactor tcpquota and pipeline refs" commit, the counting
+of active interfaces was tightened in such a way that named could
+fail to listen on an interface if there were more interfaces than
+tcp-clients. when checking the quota to start accepting on an
+interface, if the number of active clients was above zero, then
+it was presumed that some other client was able to handle accepting
+new connections. this, however, ignored the fact that the current client
+could be included in that count, so if the quota was already exceeded
+before all the interfaces were listening, some interfaces would never
+listen.
+
+we now check whether the current client has been marked active; if so,
+then the number of active clients on the interface must be greater
+than 1, not 0.
+
+(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5)
+(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41)
+---
+ bin/named/client.c      | 8 +++++---
+ doc/arm/Bv9ARM-book.xml | 3 ++-
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index d826ab32bf..845326abc0 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) {
+ 		 *
+ 		 * So, we check here to see if any other clients are
+ 		 * already servicing TCP queries on this interface (whether
+-		 * accepting, reading, or processing). If we find at least
+-		 * one, then it's okay *not* to call accept - we can let this
++		 * accepting, reading, or processing). If we find that at
++		 * least one client other than this one is active, then
++		 * it's okay *not* to call accept - we can let this
+ 		 * client go inactive and another will take over when it's
+ 		 * done.
+ 		 *
+@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) {
+ 		 * quota is tcp-clients plus the number of listening
+ 		 * interfaces plus 1.)
+ 		 */
+-		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
++		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
++			(client->tcpactive ? 1 : 0));
+ 		if (exit) {
+ 			client->newstate = NS_CLIENTSTATE_INACTIVE;
+ 			(void)exit_check(client);
+diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
+index 381768d540..9c76d3cd6f 100644
+--- a/doc/arm/Bv9ARM-book.xml
++++ b/doc/arm/Bv9ARM-book.xml
+@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
+ 		<para>
+ 		  The number of file descriptors reserved for TCP, stdio,
+ 		  etc.  This needs to be big enough to cover the number of
+-		  interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
++		  interfaces <command>named</command> listens on plus
++		  <command>tcp-clients</command>, as well as
+ 		  to provide room for outgoing TCP queries and incoming zone
+ 		  transfers.  The default is <literal>512</literal>.
+ 		  The minimum value is <literal>128</literal> and the
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch

@@ -0,0 +1,140 @@
+Backport commit to fix compile error on arm caused by commits which are
+to fix CVE-2018-5743.
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Wed, 17 Apr 2019 15:22:27 +0200
+Subject: [PATCH] Replace atomic operations in bin/named/client.c with
+ isc_refcount reference counting
+
+---
+ bin/named/client.c                     | 18 +++++++-----------
+ bin/named/include/named/interfacemgr.h |  5 +++--
+ bin/named/interfacemgr.c               |  7 +++++--
+ 3 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 845326abc0..29fecadca8 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
+ static void
+ mark_tcp_active(ns_client_t *client, bool active) {
+ 	if (active && !client->tcpactive) {
+-		isc_atomic_xadd(&client->interface->ntcpactive, 1);
++		isc_refcount_increment0(&client->interface->ntcpactive, NULL);
+ 		client->tcpactive = active;
+ 	} else if (!active && client->tcpactive) {
+-		uint32_t old =
+-			isc_atomic_xadd(&client->interface->ntcpactive, -1);
+-		INSIST(old > 0);
++		isc_refcount_decrement(&client->interface->ntcpactive, NULL);
+ 		client->tcpactive = active;
+ 	}
+ }
+@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
+ 		if (client->mortal && TCP_CLIENT(client) &&
+ 		    client->newstate != NS_CLIENTSTATE_FREED &&
+ 		    !ns_g_clienttest &&
+-		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
++		    isc_refcount_current(&client->interface->ntcpaccepting) == 0)
+ 		{
+ 			/* Nobody else is accepting */
+ 			client->mortal = false;
+@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 	isc_result_t result;
+ 	ns_client_t *client = event->ev_arg;
+ 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
+-	uint32_t old;
+ 
+ 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
+ 	REQUIRE(NS_CLIENT_VALID(client));
+@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 	INSIST(client->naccepts == 1);
+ 	client->naccepts--;
+ 
+-	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
+-	INSIST(old > 0);
++	isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
+ 
+ 	/*
+ 	 * We must take ownership of the new socket before the exit
+@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
+ 		 * quota is tcp-clients plus the number of listening
+ 		 * interfaces plus 1.)
+ 		 */
+-		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
+-			(client->tcpactive ? 1 : 0));
++		exit = (isc_refcount_current(&client->interface->ntcpactive) >
++			(client->tcpactive ? 1U : 0U));
+ 		if (exit) {
+ 			client->newstate = NS_CLIENTSTATE_INACTIVE;
+ 			(void)exit_check(client);
+@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
+ 	 * listening for connections itself to prevent the interface
+ 	 * going dead.
+ 	 */
+-	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
++	isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
+ }
+ 
+ static void
+diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
+index 3535ef22a8..6e10f210fd 100644
+--- a/bin/named/include/named/interfacemgr.h
++++ b/bin/named/include/named/interfacemgr.h
+@@ -45,6 +45,7 @@
+ #include <isc/magic.h>
+ #include <isc/mem.h>
+ #include <isc/socket.h>
++#include <isc/refcount.h>
+ 
+ #include <dns/result.h>
+ 
+@@ -75,11 +76,11 @@ struct ns_interface {
+ 						/*%< UDP dispatchers. */
+ 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
+ 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
+-	int32_t			ntcpaccepting;	/*%< Number of clients
++	isc_refcount_t		ntcpaccepting;	/*%< Number of clients
+ 						     ready to accept new
+ 						     TCP connections on this
+ 						     interface */
+-	int32_t			ntcpactive;	/*%< Number of clients
++	isc_refcount_t		ntcpactive;	/*%< Number of clients
+ 						     servicing TCP queries
+ 						     (whether accepting or
+ 						     connected) */
+diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
+index d9f6df5802..135533be6b 100644
+--- a/bin/named/interfacemgr.c
++++ b/bin/named/interfacemgr.c
+@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ 	 * connections will be handled in parallel even though there is
+ 	 * only one client initially.
+ 	 */
+-	ifp->ntcpaccepting = 0;
+-	ifp->ntcpactive = 0;
++	isc_refcount_init(&ifp->ntcpaccepting, 0);
++	isc_refcount_init(&ifp->ntcpactive, 0);
+ 
+ 	ifp->nudpdispatch = 0;
+ 
+@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
+ 
+ 	ns_interfacemgr_detach(&ifp->mgr);
+ 
++	isc_refcount_destroy(&ifp->ntcpactive);
++	isc_refcount_destroy(&ifp->ntcpaccepting);
++
+ 	ifp->magic = 0;
+ 	isc_mem_put(mctx, ifp, sizeof(*ifp));
+ }
+-- 
+2.20.1
+

meta/recipes-connectivity/bind/bind_9.11.5-P4.bb

@@ -20,6 +20,14 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
+           file://0001-bind-fix-CVE-2019-6471.patch \
+           file://0001-fix-enforcement-of-tcp-clients-v1.patch \
+           file://0002-tcp-clients-could-still-be-exceeded-v2.patch \
+           file://0003-use-reference-counter-for-pipeline-groups-v3.patch \
+           file://0004-better-tcpquota-accounting-and-client-mortality-chec.patch \
+           file://0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch \
+           file://0006-restore-allowance-for-tcp-clients-interfaces.patch \
+           file://0007-Replace-atomic-operations-in-bin-named-client.c-with.patch \
 "
 
 SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960"
@@ -29,6 +37,10 @@ UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
 RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
 
+# BIND >= 9.11.2 need dhcpd >= 4.4.0,
+# don't report it here since dhcpd is already recent enough.
+CVE_CHECK_WHITELIST += "CVE-2019-6470"
+
 inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
 
 MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh"

meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch

@@ -1,29 +0,0 @@
-From aafa3512b7b742f5e66a5543e41974cc5e7eebfa Mon Sep 17 00:00:00 2001
-From: maxice8 <thinkabit.ukim@gmail.com>
-Date: Sun, 22 Jul 2018 18:54:17 -0300
-Subject: [PATCH] pcap-usb-linux.c: add missing limits.h for musl systems.
-
-fix compilation on musl libc systems like Void Linux and Alpine.
-
-Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/d557c98a16dc254aaff03762b694fe624e180bea]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- pcap-usb-linux.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c
-index 6f8adf65..b92c05ea 100644
---- a/pcap-usb-linux.c
-+++ b/pcap-usb-linux.c
-@@ -50,6 +50,7 @@
- #include <stdlib.h>
- #include <unistd.h>
- #include <fcntl.h>
-+#include <limits.h>
- #include <string.h>
- #include <dirent.h>
- #include <byteswap.h>
--- 
-2.17.1
-

meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb

@@ -11,10 +11,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
 DEPENDS = "flex-native bison-native"
 
 SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
-           file://0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch \
            "
-SRC_URI[md5sum] = "dffd65cb14406ab9841f421732eb0f33"
-SRC_URI[sha256sum] = "2edb88808e5913fdaa8e9c1fcaf272e19b2485338742b5074b9fe44d68f37019"
+SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c"
+SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094"
 
 inherit autotools binconfig-disabled pkgconfig bluetooth
 

meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch

@@ -1,69 +0,0 @@
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2019 14:39:15 +0000
-Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
-
-ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
-every encryption operation. RFC 7539 specifies that the nonce value (IV)
-should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
-front pads the nonce with 0 bytes if it is less than 12 bytes. However it
-also incorrectly allows a nonce to be set of up to 16 bytes. In this case
-only the last 12 bytes are significant and any additional leading bytes are
-ignored.
-
-It is a requirement of using this cipher that nonce values are unique.
-Messages encrypted using a reused nonce value are susceptible to serious
-confidentiality and integrity attacks. If an application changes the
-default nonce length to be longer than 12 bytes and then makes a change to
-the leading bytes of the nonce expecting the new value to be a new unique
-nonce then such an application could inadvertently encrypt messages with a
-reused nonce.
-
-Additionally the ignored bytes in a long nonce are not covered by the
-integrity guarantee of this cipher. Any application that relies on the
-integrity of these ignored leading bytes of a long nonce may be further
-affected.
-
-Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
-because no such use sets such a long nonce value. However user
-applications that use this cipher directly and set a non-default nonce
-length to be longer than 12 bytes may be vulnerable.
-
-CVE: CVE-2019-1543
-
-Fixes #8345
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8406)
-
-(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
----
- crypto/evp/e_chacha20_poly1305.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
-index c1917bb86a6..d3e2c622a1b 100644
---- a/crypto/evp/e_chacha20_poly1305.c
-+++ b/crypto/evp/e_chacha20_poly1305.c
-@@ -30,6 +30,8 @@ typedef struct {
- 
- #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
- 
-+#define CHACHA20_POLY1305_MAX_IVLEN     12
-+
- static int chacha_init_key(EVP_CIPHER_CTX *ctx,
-                            const unsigned char user_key[CHACHA_KEY_SIZE],
-                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
-@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-         return 1;
- 
-     case EVP_CTRL_AEAD_SET_IVLEN:
--        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
-+        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
-             return 0;
-         actx->nonce_len = arg;
-         return 1;

meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch

@@ -0,0 +1,758 @@
+From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Wed, 4 Dec 2019 12:48:21 +0100
+Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
+
+There is an overflow bug in the x64_64 Montgomery squaring procedure used in
+exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
+suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
+result of this defect would be very difficult to perform and are not believed
+likely. Attacks against DH512 are considered just feasible. However, for an
+attack the target would have to re-use the DH512 private key, which is not
+recommended anyway. Also applications directly using the low level API
+BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
+
+CVE-2019-1551
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+(Merged from https://github.com/openssl/openssl/pull/10575)
+
+CVE: CVE-2019-1551
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
+ 1 file changed, 197 insertions(+), 184 deletions(-)
+
+diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
+index b1797b649f0..7534d5cd03e 100755
+--- a/crypto/bn/asm/rsaz-x86_64.pl
++++ b/crypto/bn/asm/rsaz-x86_64.pl
+@@ -116,7 +116,7 @@
+ 	subq	\$128+24, %rsp
+ .cfi_adjust_cfa_offset	128+24
+ .Lsqr_body:
+-	movq	$mod, %rbp		# common argument
++	movq	$mod, %xmm1		# common off-load
+ 	movq	($inp), %rdx
+ 	movq	8($inp), %rax
+ 	movq	$n0, 128(%rsp)
+@@ -134,7 +134,8 @@
+ .Loop_sqr:
+ 	movl	$times,128+8(%rsp)
+ #first iteration
+-	movq	%rdx, %rbx
++	movq	%rdx, %rbx		# 0($inp)
++	mov	%rax, %rbp		# 8($inp)
+ 	mulq	%rdx
+ 	movq	%rax, %r8
+ 	movq	16($inp), %rax
+@@ -173,31 +174,29 @@
+ 	mulq	%rbx
+ 	addq	%rax, %r14
+ 	movq	%rbx, %rax
+-	movq	%rdx, %r15
+-	adcq	\$0, %r15
++	adcq	\$0, %rdx
+ 
+-	addq	%r8, %r8		#shlq	\$1, %r8
+-	movq	%r9, %rcx
+-	adcq	%r9, %r9		#shld	\$1, %r8, %r9
++	xorq	%rcx,%rcx		# rcx:r8 = r8 << 1
++	addq	%r8, %r8
++	 movq	%rdx, %r15
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
+-	movq	%rax, (%rsp)
+-	addq	%rdx, %r8
+-	adcq	\$0, %r9
++	addq	%r8, %rdx
++	adcq	\$0, %rcx
+ 
+-	movq	%r8, 8(%rsp)
+-	shrq	\$63, %rcx
++	movq	%rax, (%rsp)
++	movq	%rdx, 8(%rsp)
+ 
+ #second iteration
+-	movq	8($inp), %r8
+ 	movq	16($inp), %rax
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r10
+ 	movq	24($inp), %rax
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r11
+ 	movq	32($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -205,7 +204,7 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r12
+ 	movq	40($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -213,7 +212,7 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r13
+ 	movq	48($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -221,7 +220,7 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r14
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -229,39 +228,39 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r15
+-	movq	%r8, %rax
++	movq	%rbp, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rbx, %r15
+-	movq	%rdx, %r8
+-	movq	%r10, %rdx
+-	adcq	\$0, %r8
++	adcq	\$0, %rdx
+ 
+-	add	%rdx, %rdx
+-	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+-	movq	%r11, %rbx
+-	adcq	%r11, %r11		#shld	\$1, %r10, %r11
++	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
++	addq	%r9, %r9
++	 movq	%rdx, %r8
++	adcq	%r10, %r10
++	adcq	\$0, %rbx
+ 
+ 	mulq	%rax
++	addq	%rcx, %rax
++	 movq	16($inp), %rbp
++	adcq	\$0, %rdx
+ 	addq	%rax, %r9
++	 movq	24($inp), %rax
+ 	adcq	%rdx, %r10
+-	adcq	\$0, %r11
++	adcq	\$0, %rbx
+ 
+ 	movq	%r9, 16(%rsp)
+ 	movq	%r10, 24(%rsp)
+-	shrq	\$63, %rbx
+ 
+ #third iteration
+-	movq	16($inp), %r9
+-	movq	24($inp), %rax
+-	mulq	%r9
++	mulq	%rbp
+ 	addq	%rax, %r12
+ 	movq	32($inp), %rax
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
++	mulq	%rbp
+ 	addq	%rax, %r13
+ 	movq	40($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -269,7 +268,7 @@
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
++	mulq	%rbp
+ 	addq	%rax, %r14
+ 	movq	48($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -277,9 +276,7 @@
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
+-	 movq	%r12, %r10
+-	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
++	mulq	%rbp
+ 	addq	%rax, %r15
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -287,36 +284,40 @@
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
+-	 shrq	\$63, %r10
++	mulq	%rbp
+ 	addq	%rax, %r8
+-	movq	%r9, %rax
++	movq	%rbp, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rcx, %r8
+-	movq	%rdx, %r9
+-	adcq	\$0, %r9
++	adcq	\$0, %rdx
+ 
+-	movq	%r13, %rcx
+-	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
++	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
++	addq	%r11, %r11
++	 movq	%rdx, %r9
++	adcq	%r12, %r12
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
++	addq	%rbx, %rax
++	 movq	24($inp), %r10
++	adcq	\$0, %rdx
+ 	addq	%rax, %r11
++	 movq	32($inp), %rax
+ 	adcq	%rdx, %r12
+-	adcq	\$0, %r13
++	adcq	\$0, %rcx
+ 
+ 	movq	%r11, 32(%rsp)
+ 	movq	%r12, 40(%rsp)
+-	shrq	\$63, %rcx
+ 
+ #fourth iteration
+-	movq	24($inp), %r10
+-	movq	32($inp), %rax
++	mov	%rax, %r11		# 32($inp)
+ 	mulq	%r10
+ 	addq	%rax, %r14
+ 	movq	40($inp), %rax
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
++	mov	%rax, %r12		# 40($inp)
+ 	mulq	%r10
+ 	addq	%rax, %r15
+ 	movq	48($inp), %rax
+@@ -325,9 +326,8 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
++	mov	%rax, %rbp		# 48($inp)
+ 	mulq	%r10
+-	 movq	%r14, %r12
+-	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
+ 	addq	%rax, %r8
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -336,32 +336,33 @@
+ 	adcq	\$0, %rbx
+ 
+ 	mulq	%r10
+-	 shrq	\$63, %r12
+ 	addq	%rax, %r9
+ 	movq	%r10, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rbx, %r9
+-	movq	%rdx, %r10
+-	adcq	\$0, %r10
++	adcq	\$0, %rdx
+ 
+-	movq	%r15, %rbx
+-	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
++	xorq	%rbx, %rbx		# rbx:r13:r14 = r13:r14 << 1
++	addq	%r13, %r13
++	 movq	%rdx, %r10
++	adcq	%r14, %r14
++	adcq	\$0, %rbx
+ 
+ 	mulq	%rax
++	addq	%rcx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r13
++	 movq	%r12, %rax		# 40($inp)
+ 	adcq	%rdx, %r14
+-	adcq	\$0, %r15
++	adcq	\$0, %rbx
+ 
+ 	movq	%r13, 48(%rsp)
+ 	movq	%r14, 56(%rsp)
+-	shrq	\$63, %rbx
+ 
+ #fifth iteration
+-	movq	32($inp), %r11
+-	movq	40($inp), %rax
+ 	mulq	%r11
+ 	addq	%rax, %r8
+-	movq	48($inp), %rax
++	movq	%rbp, %rax		# 48($inp)
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+@@ -369,97 +370,99 @@
+ 	addq	%rax, %r9
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+-	 movq	%r8, %r12
+-	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
+ 	addq	%rcx, %r9
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
++	mov	%rax, %r14		# 56($inp)
+ 	mulq	%r11
+-	 shrq	\$63, %r12
+ 	addq	%rax, %r10
+ 	movq	%r11, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rcx, %r10
+-	movq	%rdx, %r11
+-	adcq	\$0, %r11
++	adcq	\$0, %rdx
+ 
+-	movq	%r9, %rcx
+-	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
++	xorq	%rcx, %rcx		# rcx:r8:r15 = r8:r15 << 1
++	addq	%r15, %r15
++	 movq	%rdx, %r11
++	adcq	%r8, %r8
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
++	addq	%rbx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r15
++	 movq	%rbp, %rax		# 48($inp)
+ 	adcq	%rdx, %r8
+-	adcq	\$0, %r9
++	adcq	\$0, %rcx
+ 
+ 	movq	%r15, 64(%rsp)
+ 	movq	%r8, 72(%rsp)
+-	shrq	\$63, %rcx
+ 
+ #sixth iteration
+-	movq	40($inp), %r12
+-	movq	48($inp), %rax
+ 	mulq	%r12
+ 	addq	%rax, %r10
+-	movq	56($inp), %rax
++	movq	%r14, %rax		# 56($inp)
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+ 	mulq	%r12
+ 	addq	%rax, %r11
+ 	movq	%r12, %rax
+-	 movq	%r10, %r15
+-	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+ 	adcq	\$0, %rdx
+-	 shrq	\$63, %r15
+ 	addq	%rbx, %r11
+-	movq	%rdx, %r12
+-	adcq	\$0, %r12
++	adcq	\$0, %rdx
+ 
+-	movq	%r11, %rbx
+-	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
++	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
++	addq	%r9, %r9
++	 movq	%rdx, %r12
++	adcq	%r10, %r10
++	adcq	\$0, %rbx
+ 
+ 	mulq	%rax
++	addq	%rcx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r9
++	 movq	%r14, %rax		# 56($inp)
+ 	adcq	%rdx, %r10
+-	adcq	\$0, %r11
++	adcq	\$0, %rbx
+ 
+ 	movq	%r9, 80(%rsp)
+ 	movq	%r10, 88(%rsp)
+ 
+ #seventh iteration
+-	movq	48($inp), %r13
+-	movq	56($inp), %rax
+-	mulq	%r13
++	mulq	%rbp
+ 	addq	%rax, %r12
+-	movq	%r13, %rax
+-	movq	%rdx, %r13
+-	adcq	\$0, %r13
++	movq	%rbp, %rax
++	adcq	\$0, %rdx
+ 
+-	xorq	%r14, %r14
+-	shlq	\$1, %rbx
+-	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
+-	adcq	%r13, %r13		#shld	\$1, %r12, %r13
+-	adcq	%r14, %r14		#shld	\$1, %r13, %r14
++	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
++	addq	%r11, %r11
++	 movq	%rdx, %r13
++	adcq	%r12, %r12
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
++	addq	%rbx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r11
++	 movq	%r14, %rax		# 56($inp)
+ 	adcq	%rdx, %r12
+-	adcq	\$0, %r13
++	adcq	\$0, %rcx
+ 
+ 	movq	%r11, 96(%rsp)
+ 	movq	%r12, 104(%rsp)
+ 
+ #eighth iteration
+-	movq	56($inp), %rax
++	xorq	%rbx, %rbx		# rbx:r13 = r13 << 1
++	addq	%r13, %r13
++	adcq	\$0, %rbx
++
+ 	mulq	%rax
+-	addq	%rax, %r13
++	addq	%rcx, %rax
+ 	adcq	\$0, %rdx
+-
+-	addq	%rdx, %r14
+-
+-	movq	%r13, 112(%rsp)
+-	movq	%r14, 120(%rsp)
++	addq	%r13, %rax
++	adcq	%rbx, %rdx
+ 
+ 	movq	(%rsp), %r8
+ 	movq	8(%rsp), %r9
+@@ -469,6 +472,10 @@
+ 	movq	40(%rsp), %r13
+ 	movq	48(%rsp), %r14
+ 	movq	56(%rsp), %r15
++	movq	%xmm1, %rbp
++
++	movq	%rax, 112(%rsp)
++	movq	%rdx, 120(%rsp)
+ 
+ 	call	__rsaz_512_reduce
+ 
+@@ -500,9 +507,9 @@
+ .Loop_sqrx:
+ 	movl	$times,128+8(%rsp)
+ 	movq	$out, %xmm0		# off-load
+-	movq	%rbp, %xmm1		# off-load
+ #first iteration
+ 	mulx	%rax, %r8, %r9
++	mov	%rax, %rbx
+ 
+ 	mulx	16($inp), %rcx, %r10
+ 	xor	%rbp, %rbp		# cf=0, of=0
+@@ -510,40 +517,39 @@
+ 	mulx	24($inp), %rax, %r11
+ 	adcx	%rcx, %r9
+ 
+-	mulx	32($inp), %rcx, %r12
++	.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($inp), %rcx, %r12
+ 	adcx	%rax, %r10
+ 
+-	mulx	40($inp), %rax, %r13
++	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00	# mulx	40($inp), %rax, %r13
+ 	adcx	%rcx, %r11
+ 
+-	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
++	mulx	48($inp), %rcx, %r14
+ 	adcx	%rax, %r12
+ 	adcx	%rcx, %r13
+ 
+-	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
++	mulx	56($inp), %rax, %r15
+ 	adcx	%rax, %r14
+ 	adcx	%rbp, %r15		# %rbp is 0
+ 
+-	mov	%r9, %rcx
+-	shld	\$1, %r8, %r9
+-	shl	\$1, %r8
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
+-	adcx	%rdx, %r8
+-	 mov	8($inp), %rdx
+-	adcx	%rbp, %r9
++	mulx	%rdx, %rax, $out
++	 mov	%rbx, %rdx		# 8($inp)
++	xor	%rcx, %rcx
++	adox	%r8, %r8
++	adcx	$out, %r8
++	adox	%rbp, %rcx
++	adcx	%rbp, %rcx
+ 
+ 	mov	%rax, (%rsp)
+ 	mov	%r8, 8(%rsp)
+ 
+ #second iteration
+-	mulx	16($inp), %rax, %rbx
++	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00	# mulx	16($inp), %rax, %rbx
+ 	adox	%rax, %r10
+ 	adcx	%rbx, %r11
+ 
+-	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
++	mulx	24($inp), $out, %r8
+ 	adox	$out, %r11
++	.byte	0x66
+ 	adcx	%r8, %r12
+ 
+ 	mulx	32($inp), %rax, %rbx
+@@ -561,24 +567,25 @@
+ 	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
+ 	adox	$out, %r15
+ 	adcx	%rbp, %r8
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r8
++	 .byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00		# mov	16($inp), %rdx
+ 
+-	mov	%r11, %rbx
+-	shld	\$1, %r10, %r11
+-	shld	\$1, %rcx, %r10
+-
+-	xor	%ebp,%ebp
+-	mulx	%rdx, %rax, %rcx
+-	 mov	16($inp), %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r9, %r9
++	adcx	%rbp, $out
++	adox	%r10, %r10
+ 	adcx	%rax, %r9
+-	adcx	%rcx, %r10
+-	adcx	%rbp, %r11
++	adox	%rbp, %rbx
++	adcx	$out, %r10
++	adcx	%rbp, %rbx
+ 
+ 	mov	%r9, 16(%rsp)
+ 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
+ 
+ #third iteration
+-	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
++	mulx	24($inp), $out, %r9
+ 	adox	$out, %r12
+ 	adcx	%r9, %r13
+ 
+@@ -586,7 +593,7 @@
+ 	adox	%rax, %r13
+ 	adcx	%rcx, %r14
+ 
+-	mulx	40($inp), $out, %r9
++	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r9
+ 	adox	$out, %r14
+ 	adcx	%r9, %r15
+ 
+@@ -594,27 +601,28 @@
+ 	adox	%rax, %r15
+ 	adcx	%rcx, %r8
+ 
+-	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
++	mulx	56($inp), $out, %r9
+ 	adox	$out, %r8
+ 	adcx	%rbp, %r9
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r9
++	 mov	24($inp), %rdx
+ 
+-	mov	%r13, %rcx
+-	shld	\$1, %r12, %r13
+-	shld	\$1, %rbx, %r12
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rcx, %rcx
++	adcx	%rbx, %rax
++	adox	%r11, %r11
++	adcx	%rbp, $out
++	adox	%r12, %r12
+ 	adcx	%rax, %r11
+-	adcx	%rdx, %r12
+-	 mov	24($inp), %rdx
+-	adcx	%rbp, %r13
++	adox	%rbp, %rcx
++	adcx	$out, %r12
++	adcx	%rbp, %rcx
+ 
+ 	mov	%r11, 32(%rsp)
+-	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
++	mov	%r12, 40(%rsp)
+ 
+ #fourth iteration
+-	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
++	mulx	32($inp), %rax, %rbx
+ 	adox	%rax, %r14
+ 	adcx	%rbx, %r15
+ 
+@@ -629,25 +637,25 @@
+ 	mulx	56($inp), $out, %r10
+ 	adox	$out, %r9
+ 	adcx	%rbp, %r10
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r10
++	 mov	32($inp), %rdx
+ 
+-	.byte	0x66
+-	mov	%r15, %rbx
+-	shld	\$1, %r14, %r15
+-	shld	\$1, %rcx, %r14
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r13, %r13
++	adcx	%rbp, $out
++	adox	%r14, %r14
+ 	adcx	%rax, %r13
+-	adcx	%rdx, %r14
+-	 mov	32($inp), %rdx
+-	adcx	%rbp, %r15
++	adox	%rbp, %rbx
++	adcx	$out, %r14
++	adcx	%rbp, %rbx
+ 
+ 	mov	%r13, 48(%rsp)
+ 	mov	%r14, 56(%rsp)
+ 
+ #fifth iteration
+-	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
++	mulx	40($inp), $out, %r11
+ 	adox	$out, %r8
+ 	adcx	%r11, %r9
+ 
+@@ -658,18 +666,19 @@
+ 	mulx	56($inp), $out, %r11
+ 	adox	$out, %r10
+ 	adcx	%rbp, %r11
++	 mulx	%rdx, %rax, $out
++	 mov	40($inp), %rdx
+ 	adox	%rbp, %r11
+ 
+-	mov	%r9, %rcx
+-	shld	\$1, %r8, %r9
+-	shld	\$1, %rbx, %r8
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rcx, %rcx
++	adcx	%rbx, %rax
++	adox	%r15, %r15
++	adcx	%rbp, $out
++	adox	%r8, %r8
+ 	adcx	%rax, %r15
+-	adcx	%rdx, %r8
+-	 mov	40($inp), %rdx
+-	adcx	%rbp, %r9
++	adox	%rbp, %rcx
++	adcx	$out, %r8
++	adcx	%rbp, %rcx
+ 
+ 	mov	%r15, 64(%rsp)
+ 	mov	%r8, 72(%rsp)
+@@ -682,18 +691,19 @@
+ 	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
+ 	adox	$out, %r11
+ 	adcx	%rbp, %r12
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r12
++	 mov	48($inp), %rdx
+ 
+-	mov	%r11, %rbx
+-	shld	\$1, %r10, %r11
+-	shld	\$1, %rcx, %r10
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r9, %r9
++	adcx	%rbp, $out
++	adox	%r10, %r10
+ 	adcx	%rax, %r9
+-	adcx	%rdx, %r10
+-	 mov	48($inp), %rdx
+-	adcx	%rbp, %r11
++	adcx	$out, %r10
++	adox	%rbp, %rbx
++	adcx	%rbp, %rbx
+ 
+ 	mov	%r9, 80(%rsp)
+ 	mov	%r10, 88(%rsp)
+@@ -703,31 +713,31 @@
+ 	adox	%rax, %r12
+ 	adox	%rbp, %r13
+ 
+-	xor	%r14, %r14
+-	shld	\$1, %r13, %r14
+-	shld	\$1, %r12, %r13
+-	shld	\$1, %rbx, %r12
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
+-	adcx	%rax, %r11
+-	adcx	%rdx, %r12
++	mulx	%rdx, %rax, $out
++	xor	%rcx, %rcx
+ 	 mov	56($inp), %rdx
+-	adcx	%rbp, %r13
++	adcx	%rbx, %rax
++	adox	%r11, %r11
++	adcx	%rbp, $out
++	adox	%r12, %r12
++	adcx	%rax, %r11
++	adox	%rbp, %rcx
++	adcx	$out, %r12
++	adcx	%rbp, %rcx
+ 
+ 	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
+ 	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
+ 
+ #eighth iteration
+ 	mulx	%rdx, %rax, %rdx
+-	adox	%rax, %r13
+-	adox	%rbp, %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r13, %r13
++	adcx	%rbp, %rdx
++	adox	%rbp, %rbx
++	adcx	%r13, %rax
++	adcx	%rdx, %rbx
+ 
+-	.byte	0x66
+-	add	%rdx, %r14
+-
+-	movq	%r13, 112(%rsp)
+-	movq	%r14, 120(%rsp)
+ 	movq	%xmm0, $out
+ 	movq	%xmm1, %rbp
+ 
+@@ -741,6 +751,9 @@
+ 	movq	48(%rsp), %r14
+ 	movq	56(%rsp), %r15
+ 
++	movq	%rax, 112(%rsp)
++	movq	%rbx, 120(%rsp)
++
+ 	call	__rsaz_512_reducex
+ 
+ 	addq	64(%rsp), %r8

meta/recipes-connectivity/openssl/openssl/afalg.patch

@@ -18,14 +18,14 @@ index 3baa8ce..9ef52ed 100755
 -            ($mi2) = $mi2 =~ /(\d+)/;
 -            my $ver = $ma*10000 + $mi1*100 + $mi2;
 -            if ($ver < $minver) {
--                $disabled{afalgeng} = "too-old-kernel";
+-                disable('too-old-kernel', 'afalgeng');
 -            } else {
 -                push @{$config{engdirs}}, "afalg";
 -            }
 -        } else {
--            $disabled{afalgeng} = "cross-compiling";
+-            disable('cross-compiling', 'afalgeng');
 -        }
 +        push @{$config{engdirs}}, "afalg";
      } else {
-         $disabled{afalgeng}  = "not-linux";
+         disable('not-linux', 'afalgeng');
      }

meta/recipes-connectivity/openssl/openssl_1.1.1d.bb

@@ -16,15 +16,15 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-skip-test_symbol_presence.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
-           file://CVE-2019-1543.patch \
+           file://CVE-2019-1551.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
-SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
+SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
+SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
 
 inherit lib_package multilib_header ptest
 
@@ -43,10 +43,10 @@ do_configure[cleandirs] = "${B}"
 EXTRA_OECONF_append_libc-musl = " no-async"
 EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
 
-# This prevents openssl from using getrandom() which is not available on older glibc versions
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
 # (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
 
 # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
 CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
@@ -204,3 +204,9 @@ RREPLACES_openssl-conf = "openssl10-conf"
 RCONFLICTS_openssl-conf = "openssl10-conf"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch

@@ -0,0 +1,82 @@
+hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication
+of disconnection in certain situations because source address validation is
+mishandled. This is a denial of service that should have been prevented by PMF
+(aka management frame protection). The attacker must send a crafted 802.11 frame
+from a location that is within the 802.11 communications range.
+
+CVE: CVE-2019-16275
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c    | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ 			   "hostapd_notif_assoc: Skip event with no address");
+ 		return -1;
+ 	}
++
++	if (is_multicast_ether_addr(addr) ||
++	    is_zero_ether_addr(addr) ||
++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++			   " in received indication - ignore this indication silently",
++			   __func__, MAC2STR(addr));
++		return 0;
++	}
++
+ 	random_add_randomness(addr, ETH_ALEN);
+ 
+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ 	fc = le_to_host16(mgmt->frame_control);
+ 	stype = WLAN_FC_GET_STYPE(fc);
+ 
++	if (is_multicast_ether_addr(mgmt->sa) ||
++	    is_zero_ether_addr(mgmt->sa) ||
++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++			   " in received frame - ignore this frame silently",
++			   MAC2STR(mgmt->sa));
++		return 0;
++	}
++
+ 	if (stype == WLAN_FC_STYPE_BEACON) {
+ 		handle_beacon(hapd, mgmt, len, fi);
+ 		return 1;
+-- 
+2.20.1

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb

@@ -41,6 +41,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch \
            file://0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch \
            file://0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch \
+           file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
           "
 SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10"
 SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074"

meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch

@@ -0,0 +1,57 @@
+From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: gfile: Limit access to files when copying
+
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+
+CVE: CVE-2019-12450
+Upstream-Status: Backport
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 1cc69166a..13b435480 100644
+--- a/gio/gfile.c
++++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
+         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+                                                                    FALSE, NULL,
+                                                                    flags & G_FILE_COPY_BACKUP,
+-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
+-                                                                   info,
++                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
++                                                                   G_FILE_CREATE_PRIVATE, info,
+                                                                    cancellable, error);
+       else
+         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+-                                                                  FALSE, 0, info,
++                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
+                                                                   cancellable, error);
+     }
+   else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
+       out = (GOutputStream *)g_file_replace (destination,
+                                              NULL,
+                                              flags & G_FILE_COPY_BACKUP,
+-                                             G_FILE_CREATE_REPLACE_DESTINATION,
++                                             G_FILE_CREATE_REPLACE_DESTINATION |
++                                             G_FILE_CREATE_PRIVATE,
+                                              cancellable, error);
+     }
+   else
+     {
+-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
++      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+     }
+ 
+   if (!out)
+-- 
+2.20.1
+

meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb

@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
            file://glib-meson.cross \
            file://CVE-2019-13012.patch \
+           file://0001-gfile-Limit-access-to-files-when-copying.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"

meta/recipes-core/glibc/glibc/CVE-2019-19126.patch

@@ -0,0 +1,32 @@
+From 37c90e117310728a4ad1eb998c0bbe7d79c4a398 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net>
+Date: Thu, 21 Nov 2019 00:20:15 +0100
+Subject: [PATCH] rtld: Check __libc_enable_secure before honoring
+ LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
+
+The problem was introduced in glibc 2.23, in commit
+b9eb92ab05204df772eb4929eccd018637c9f3e9
+("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
+
+(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398]
+CVE: CVE-2019-19126
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+index 975cbe2..df2cdfd 100644
+--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+@@ -31,7 +31,8 @@
+    environment variable, LD_PREFER_MAP_32BIT_EXEC.  */
+ #define EXTRA_LD_ENVVARS \
+   case 21:								  \
+-    if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
++    if (!__libc_enable_secure						  \
++	&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
+       GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
+ 	|= bit_arch_Prefer_MAP_32BIT_EXEC;				  \
+     break;
+-- 
+2.9.3

meta/recipes-core/glibc/glibc_2.29.bb

@@ -56,6 +56,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0030-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
            file://0001-x86-64-memcmp-Use-unsigned-Jcc-instructions-on-size-.patch \
            file://CVE-2019-9169.patch \
+           file://CVE-2019-19126.patch \
 "
 
 S = "${WORKDIR}/git"

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "2070a08cdd2233cd5f249c49b56f8bdbc50a4b6b"
+SRCREV ?= "83e9841bb832c0e68b3b34e64166234ad09155b9"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=warrior \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch

@@ -0,0 +1,38 @@
+From 3cd2b25ddb04740be2880cfd78d60038452228b1 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Wed, 7 Aug 2019 17:39:17 +0800
+Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover
+
+When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
+is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
+NULL and free newDoc will cause a memory leak.
+
+Found with libFuzzer.
+
+Closes #82.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549]
+CVE: CVE-2019-19956
+
+Signed-off-by: Rahul Chauhan <rahulk@mvista.com>
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index b7ecd65..491f5c9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -13899,7 +13899,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
+     xmlFreeParserCtxt(ctxt);
+     newDoc->intSubset = NULL;
+     newDoc->extSubset = NULL;
+-    newDoc->oldNs = NULL;
++    if(doc != NULL)
++	newDoc->oldNs = NULL;
+     xmlFreeDoc(newDoc);
+ 
+     return(ret);
+-- 
+2.7.4
+

meta/recipes-core/libxml/libxml2_2.9.8.bb

@@ -23,6 +23,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://fix-CVE-2017-8872.patch \
            file://fix-CVE-2018-14404.patch \
            file://0001-Fix-infinite-loop-in-LZMA-decompression.patch \
+           file://fix-CVE-2019-19956.patch \
            "
 
 SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d"

meta/recipes-core/meta/cve-update-db-native.bb

@@ -21,26 +21,26 @@ python do_populate_cve_db() {
     """
     Update NVD database with json data feed
     """
-
+    import bb.utils
     import sqlite3, urllib, urllib.parse, shutil, gzip
     from datetime import date
 
-    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
+    bb.utils.export_proxies(d)
+
+    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
     YEAR_START = 2002
 
-    db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
-    db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
+    db_file = d.getVar("CVE_CHECK_DB_FILE")
+    db_dir = os.path.dirname(db_file)
     json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
-    proxy = d.getVar("https_proxy")
 
-    if proxy:
-        # instantiate an opener but do not install it as the global
-        # opener unless if we're really sure it's applicable for all
-        # urllib requests
-        proxy_handler = urllib.request.ProxyHandler({'https': proxy})
-        proxy_opener = urllib.request.build_opener(proxy_handler)
-    else:
-        proxy_opener = None
+    # Don't refresh the database more than once an hour
+    try:
+        import time
+        if time.time() - os.path.getmtime(db_file) < (60*60):
+            return
+    except OSError:
+        pass
 
     cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
 
@@ -59,15 +59,7 @@ python do_populate_cve_db() {
         json_url = year_url + ".json.gz"
 
         # Retrieve meta last modified date
-
-        response = None
-
-        if proxy_opener:
-            response = proxy_opener.open(meta_url)
-        else:
-            req = urllib.request.Request(meta_url)
-            response = urllib.request.urlopen(req)
-
+        response = urllib.request.urlopen(meta_url)
         if response:
             for l in response.read().decode("utf-8").splitlines():
                 key, value = l.split(":", 1)
@@ -87,12 +79,7 @@ python do_populate_cve_db() {
 
             # Update db with current year json file
             try:
-                if proxy_opener:
-                    response = proxy_opener.open(json_url)
-                else:
-                    req = urllib.request.Request(json_url)
-                    response = urllib.request.urlopen(req)
-
+                response = urllib.request.urlopen(json_url)
                 if response:
                     update_db(c, gzip.decompress(response.read()).decode('utf-8'))
                 c.execute("insert or replace into META values (?, ?)", [year, last_modified])
@@ -112,11 +99,14 @@ python do_populate_cve_db() {
 
 def initialize_db(c):
     c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+
     c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
         SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+
     c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
         VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
         VERSION_END TEXT, OPERATOR_END TEXT)")
+    c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
 
 def parse_node_and_insert(c, node, cveId):
     # Parse children node if needed

meta/recipes-core/systemd/systemd.inc

@@ -14,7 +14,14 @@ LICENSE = "GPLv2 & LGPLv2.1"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "511646b8ac5c82f210b16920044465756913d238"
+# DNSOverTLS strict mode was added in 243
+# https://github.com/systemd/systemd/issues/9397
+CVE_CHECK_WHITELIST += "CVE-2018-21029"
+
+# Commit dc903ec516cb on the 241 branch
+CVE_CHECK_WHITELIST += "CVE-2019-3843 CVE-2019-3844"
+
+SRCREV = "d1cc09a6eac5f8d62e630cc31d604095e30d2d84"
 SRCBRANCH = "v241-stable"
 SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}"
 

meta/recipes-devtools/binutils/binutils-2.32.inc

@@ -52,6 +52,8 @@ SRC_URI = "\
      file://CVE-2019-12972.patch \
      file://CVE-2019-14250.patch \
      file://CVE-2019-14444.patch \
+     file://CVE-2019-17450.patch \
+     file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 

meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+	PR 25078
+	* dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+	recur_count.  Error on recur_count reaching 100 rather than
+	info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +++++++++++++++++------------------
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit *unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-			bfd_byte *           orig_info_ptr,
+-			struct attribute *   attr_ptr,
+-			const char **        pname,
+-			bfd_boolean *        is_linkage,
+-			char **              filename_ptr,
+-			int *                linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++			struct attribute *attr_ptr,
++			unsigned int recur_count,
++			const char **pname,
++			bfd_boolean *is_linkage,
++			char **filename_ptr,
++			int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++    {
++      _bfd_error_handler
++	(_("DWARF error: abstract instance recursion detected"));
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+      is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+ 					 info_ptr, info_ptr_end);
+ 	      if (info_ptr == NULL)
+ 		break;
+-	      /* It doesn't ever make sense for DW_AT_specification to
+-		 refer to the same DIE.  Stop simple recursion.  */
+-	      if (info_ptr == orig_info_ptr)
+-		{
+-		  _bfd_error_handler
+-		    (_("DWARF error: abstract instance recursion detected"));
+-		  bfd_set_error (bfd_error_bad_value);
+-		  return FALSE;
+-		}
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+ 		    }
+ 		  break;
+ 		case DW_AT_specification:
+-		  if (!find_abstract_instance (unit, info_ptr, &attr,
++		  if (!find_abstract_instance (unit, &attr, recur_count + 1,
+ 					       &name, is_linkage,
+ 					       filename_ptr, linenumber_ptr))
+ 		    return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_abstract_origin:
+ 		case DW_AT_specification:
+-		  if (!find_abstract_instance (unit, info_ptr, &attr,
++		  if (!find_abstract_instance (unit, &attr, 0,
+ 					       &func->name,
+ 					       &func->is_linkage,
+ 					       &func->file,
+-- 
+2.23.0
+

meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17451, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+
+Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1
+and ffffd5555453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+	PR 25070
+	* dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+	total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+       for (total_size = 0;
+ 	   msec;
+ 	   msec = find_debug_info (debug_bfd, debug_sections, msec))
+-	total_size += msec->size;
++	{
++	  /* Catch PR25070 testcase overflowing size calculation here.  */
++	  if (total_size + msec->size < total_size
++	      || total_size + msec->size < msec->size)
++	    {
++	      bfd_set_error (bfd_error_no_memory);
++	      return FALSE;
++	    }
++	  total_size += msec->size;
++	}
+ 
+       stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+       if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+

meta/recipes-devtools/file/file/CVE-2019-18218.patch

@@ -0,0 +1,55 @@
+cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
+number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte
+out-of-bounds write).
+
+CVE: CVE-2019-18218
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+---
+ src/cdf.c | 9 ++++-----
+ src/cdf.h | 1 +
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 9d6396742..bb81d6374 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1016,8 +1016,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1060,8 +1061,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554b7..05056668f 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1

meta/recipes-devtools/file/file_5.36.bb

@@ -14,7 +14,8 @@ DEPENDS_class-native = "zlib-native"
 # Blacklist a bogus tag in upstream check
 UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)"
 
-SRC_URI = "git://github.com/file/file.git"
+SRC_URI = "git://github.com/file/file.git \
+           file://CVE-2019-18218.patch"
 
 SRCREV = "f3a4b9ada3ca99e62c62b9aa78eee4935a8094fe"
 S = "${WORKDIR}/git"

meta/recipes-devtools/flex/flex_2.6.0.bb

@@ -68,3 +68,6 @@ do_install_ptest() {
 	    -e 's/^builddir = \(.*\)/builddir = ./' -e 's/^top_builddir = \(.*\)/top_builddir = ./' \
 	    -i ${D}${PTEST_PATH}/Makefile
 }
+
+# Not Apache Flex, or Adobe Flex, or IBM Flex.
+CVE_PRODUCT = "flex_project:flex"

meta/recipes-devtools/gdb/gdb-8.2.1.inc

@@ -19,6 +19,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \
            file://0001-Fix-build-with-latest-GCC-9.0-tree.patch \
            file://CVE-2017-9778.patch \
            file://0012-AArch64-Fix-the-gdb-build-with-musl-libc.patch \
+           file://CVE-2019-1010180.patch \
 "
 SRC_URI[md5sum] = "f8b2562e830a4098dd5b5ea9e9296c70"
 SRC_URI[sha256sum] = "0a6a432907a03c5c8eaad3c3cffd50c00a40c3a5e3c4039440624bae703f2202"

meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch

@@ -0,0 +1,132 @@
+From 950b74950f6020eda38647f22e9077ac7f68ca49 Mon Sep 17 00:00:00 2001
+From: Keith Seitz <keiths@redhat.com>
+Date: Wed, 16 Oct 2019 11:33:59 -0700
+Subject: [PATCH] DWARF reader: Reject sections with invalid sizes
+
+This is another fuzzer bug, gdb/23567.  This time, the fuzzer has
+specifically altered the size of .debug_str:
+
+$ eu-readelf -S objdump
+Section Headers:
+[Nr] Name                 Type         Addr             Off      Size     ES Flags Lk Inf Al
+[31] .debug_str           PROGBITS     0000000000000000 0057116d ffffffffffffffff  1 MS     0   0  1
+
+When this file is loaded into GDB, the DWARF reader crashes attempting
+to access the string table (or it may just store a bunch of nonsense):
+
+[gdb-8.3-6-fc30]
+$ gdb -nx -q objdump
+BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size
+Reading symbols from /path/to/objdump...
+Segmentation fault (core dumped)
+
+Nick has already committed a BFD patch to issue the warning seen above.
+
+[gdb master 6acc1a0b]
+$ gdb -BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size
+Reading symbols from /path/to/objdump...
+(gdb) inf func
+All defined functions:
+
+File ./../include/dwarf2.def:
+186:	const
+
+              8 *>(.:
+                     ;'@<40>B);
+747:	const
+
+              8 *<2A>(.:
+                     ;'@<40>B);
+701:	const
+
+              8 *<2A>D <20>
+                     (.:
+                        ;'@<40>B);
+71:	const
+
+              8 *(.:
+                    ;'@<40>B);
+/* and more gibberish  */
+
+Consider read_indirect_string_at_offset_from:
+
+static const char *
+read_indirect_string_at_offset_from (struct objfile *objfile,
+                                     bfd *abfd, LONGEST str_offset,
+                                     struct dwarf2_section_info *sect,
+                                     const char *form_name,
+                                     const char *sect_name)
+{
+  dwarf2_read_section (objfile, sect);
+  if (sect->buffer == NULL)
+    error (_("%s used without %s section [in module %s]"),
+           form_name, sect_name, bfd_get_filename (abfd));
+  if (str_offset >= sect->size)
+    error (_("%s pointing outside of %s section [in module %s]"),
+           form_name, sect_name, bfd_get_filename (abfd));
+  gdb_assert (HOST_CHAR_BIT == 8);
+  if (sect->buffer[str_offset] == '\0')
+    return NULL;
+  return (const char *) (sect->buffer + str_offset);
+}
+
+With sect_size being ginormous, the code attempts to access
+sect->buffer[GINORMOUS], and depending on the layout of memory,
+GDB either stores a bunch of gibberish strings or crashes.
+
+This is an attempt to mitigate this by implementing a similar approach
+used by BFD. In our case, we simply reject the section with the invalid
+length:
+
+$ ./gdb -nx -q objdump
+BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size
+Reading symbols from /path/to/objdump...
+
+warning: Discarding section .debug_str which has a section size (ffffffffffffffff) larger than the file size [in module /path/to/objdump]
+DW_FORM_strp used without .debug_str section [in module /path/to/objdump]
+(No debugging symbols found in /path/to/objdump)
+(gdb)
+
+Unfortunately, I have not found a way to regression test this, since it
+requires poking ELF section headers.
+
+gdb/ChangeLog:
+2019-10-16  Keith Seitz  <keiths@redhat.com>
+
+	PR gdb/23567
+	* dwarf2read.c (dwarf2_per_objfile::locate_sections): Discard
+	sections whose size is greater than the file size.
+
+Change-Id: I896ac3b4eb2207c54e8e05c16beab3051d9b4b2f
+
+CVE: CVE-2019-1010180
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49]
+[Removed Changelog entry]
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ gdb/dwarf2read.c | 9 +++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c
+index 0443b55..a78f818 100644
+--- a/gdb/dwarf2read.c
++++ b/gdb/dwarf2read.c
+@@ -2338,6 +2338,15 @@ dwarf2_per_objfile::locate_sections (bfd *abfd, asection *sectp,
+   if ((aflag & SEC_HAS_CONTENTS) == 0)
+     {
+     }
++  else if (elf_section_data (sectp)->this_hdr.sh_size
++	   > bfd_get_file_size (abfd))
++    {
++      bfd_size_type size = elf_section_data (sectp)->this_hdr.sh_size;
++      warning (_("Discarding section %s which has a section size (%s"
++		 ") larger than the file size [in module %s]"),
++	       bfd_section_name (abfd, sectp), phex_nz (size, sizeof (size)),
++	       bfd_get_filename (abfd));
++    }
+   else if (section_is_p (sectp->name, &names.info))
+     {
+       this->info.s.section = sectp;
+-- 
+2.7.4
+

meta/recipes-devtools/git/git.inc

@@ -13,6 +13,8 @@ S = "${WORKDIR}/git-${PV}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1"
 
+CVE_PRODUCT = "git-scm:git"
+
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[cvsserver] = ""
 PACKAGECONFIG[svn] = ""

meta/recipes-devtools/go/go-1.12.inc

@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.12"
-GO_MINOR = ".1"
+GO_MINOR = ".9"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -17,8 +17,9 @@ SRC_URI += "\
     file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
     file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
+    file://0010-fix-CVE-2019-17596.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
-SRC_URI[main.md5sum] = "09fe592343465560b4b8431d870b3df3"
-SRC_URI[main.sha256sum] = "0be127684df4b842a64e58093154f9d15422f1405f1fcff4b2c36ffc6a15818a"
+SRC_URI[main.md5sum] = "6132109d4050da349eadc9f7b0304ef4"
+SRC_URI[main.sha256sum] = "ab0e56ed9c4732a653ed22e232652709afbf573e710f56a07f7fdeca578d62fc"

meta/recipes-devtools/go/go-1.12/0010-fix-CVE-2019-17596.patch

@@ -0,0 +1,42 @@
+From f1783e1ce44a86c000a7c380a57a805c89c3efbe Mon Sep 17 00:00:00 2001
+From: Katie Hockman <katie@golang.org>
+Date: Mon, 14 Oct 2019 16:42:21 -0400
+Subject: [PATCH] crypto/dsa: prevent bad public keys from causing panic
+
+dsa.Verify might currently use a nil s inverse in a
+multiplication if the public key contains a non-prime Q,
+causing a panic. Change this to check that the mod
+inverse exists before using it.
+
+Fixes CVE-2019-17596
+
+Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809
+Reviewed-by: Filippo Valsorda <valsorda@google.com>
+(cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575232
+
+CVE: CVE-2019-17596
+Upstream-Status: Backport [https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ src/crypto/dsa/dsa.go | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
+index 575314b..2fc4f1f 100644
+--- a/src/crypto/dsa/dsa.go
++++ b/src/crypto/dsa/dsa.go
+@@ -279,6 +279,9 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
+ 	}
+ 
+ 	w := new(big.Int).ModInverse(s, pub.Q)
++	if w == nil {
++		return false
++	}
+ 
+ 	n := pub.Q.BitLen()
+ 	if n&7 != 0 {
+-- 
+2.23.0
+

meta/recipes-devtools/meson/meson.inc

@@ -17,6 +17,7 @@ SRC_URI = "https://github.com/mesonbuild/meson/releases/download/${PV}/meson-${P
            file://many-cross.patch \
            file://cross-libdir.patch \
            file://0001-Fix-missing-return-statements-that-are-seen-with-Wer.patch \
+           file://0001-Handle-strings-in-cross-file-args.-Closes-4671.patch \
            "
 SRC_URI[sha256sum] = "ef9f14326ec1e30d3ba1a26df0f92826ede5a79255ad723af78a2691c37109fd"
 SRC_URI[md5sum] = "0267b0871266056184c484792572c682"

meta/recipes-devtools/meson/meson/0001-Handle-strings-in-cross-file-args.-Closes-4671.patch

@@ -0,0 +1,87 @@
+From 4818b27894c828a50befc94f1bc9062e89a544ea Mon Sep 17 00:00:00 2001
+From: Jussi Pakkanen <jpakkane@gmail.com>
+Date: Sat, 29 Dec 2018 18:23:36 +0200
+Subject: [PATCH] Handle strings in cross file args. Closes #4671.
+
+Upstream-Status: Backport [6c76ac80173bdc40d35e2d6b802f7950646781dc]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+
+---
+
+Note that the change to ninjabackend.py does not come from commit
+6c76ac80, as it was not corrected until commit 2b22576f. However,
+since that commit is huge and changes a lot of unrelated stuff, it was
+easier to include the relevant part here.
+
+ cross/ubuntu-armhf.txt                       |  2 +-
+ mesonbuild/backend/ninjabackend.py           |  2 +-
+ mesonbuild/compilers/compilers.py            |  4 ++--
+ test cases/common/137 get define/meson.build | 12 +++---------
+ 4 files changed, 7 insertions(+), 13 deletions(-)
+
+diff --git a/cross/ubuntu-armhf.txt b/cross/ubuntu-armhf.txt
+index fec8ce7..a6e1f15 100644
+--- a/cross/ubuntu-armhf.txt
++++ b/cross/ubuntu-armhf.txt
+@@ -12,7 +12,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'
+ root = '/usr/arm-linux-gnueabihf'
+ # Used in unit test '140 get define'
+ c_args = ['-DMESON_TEST_ISSUE_1665=1']
+-cpp_args = ['-DMESON_TEST_ISSUE_1665=1']
++cpp_args = '-DMESON_TEST_ISSUE_1665=1'
+ 
+ has_function_printf = true
+ has_function_hfkerhisadf = false
+diff --git a/mesonbuild/backend/ninjabackend.py b/mesonbuild/backend/ninjabackend.py
+index 3739c0a..2cebeef 100644
+--- a/mesonbuild/backend/ninjabackend.py
++++ b/mesonbuild/backend/ninjabackend.py
+@@ -1400,7 +1400,7 @@ int dummy;
+                 if is_cross:
+                     crstr = '_CROSS'
+                     try:
+-                        cross_args = self.environment.cross_info.config['properties'][langname + '_link_args']
++                        cross_args = mesonlib.stringlistify(self.environment.cross_info.config['properties'][langname + '_link_args'])
+                     except KeyError:
+                         pass
+                 rule = 'rule %s%s_LINKER\n' % (langname, crstr)
+diff --git a/mesonbuild/compilers/compilers.py b/mesonbuild/compilers/compilers.py
+index e27ae2b..a5b9e91 100644
+--- a/mesonbuild/compilers/compilers.py
++++ b/mesonbuild/compilers/compilers.py
+@@ -1048,10 +1048,10 @@ class Compiler:
+             if 'properties' in environment.cross_info.config:
+                 props = environment.cross_info.config['properties']
+                 lang_args_key = self.language + '_args'
+-                extra_flags += props.get(lang_args_key, [])
++                extra_flags += mesonlib.stringlistify(props.get(lang_args_key, []))
+                 lang_link_args_key = self.language + '_link_args'
+                 if link:
+-                    extra_flags += props.get(lang_link_args_key, [])
++                    extra_flags += mesonlib.stringlistify(props.get(lang_link_args_key, []))
+         return extra_flags
+ 
+     def _get_compile_output(self, dirname, mode):
+diff --git a/test cases/common/137 get define/meson.build b/test cases/common/137 get define/meson.build
+index 109f628..1647e22 100644
+--- a/test cases/common/137 get define/meson.build	
++++ b/test cases/common/137 get define/meson.build	
+@@ -67,15 +67,9 @@ foreach lang : ['c', 'cpp']
+ 
+   run_1665_test = false
+   if meson.is_cross_build()
+-    # Can't use an empty array as a fallback here because of
+-    # https://github.com/mesonbuild/meson/issues/1481
+-    lang_args = meson.get_cross_property(lang + '_args', [])
+-    if lang_args.length() != 0
+-      foreach lang_arg : lang_args
+-        if lang_arg.contains('MESON_TEST_ISSUE_1665')
+-          run_1665_test = true
+-        endif
+-      endforeach
++    lang_arg = meson.get_cross_property(lang + '_args', '')
++    if lang_arg == '-DMESON_TEST_ISSUE_1665=1'
++      run_1665_test = true
+     endif
+   endif
+ 

meta/recipes-devtools/meson/nativesdk-meson_0.49.2.bb

@@ -16,11 +16,6 @@ def meson_endian(prefix, d):
     else:
         bb.fatal("Cannot determine endianism for %s-%s" % (arch, os))
 
-MESON_TOOLCHAIN_ARGS = "${BUILDSDK_CC_ARCH}${TOOLCHAIN_OPTIONS}"
-MESON_C_ARGS = "${MESON_TOOLCHAIN_ARGS} ${BUILDSDK_CFLAGS}"
-MESON_CPP_ARGS = "${MESON_TOOLCHAIN_ARGS} ${BUILDSDK_CXXFLAGS}"
-MESON_LINK_ARGS = "${MESON_TOOLCHAIN_ARGS} ${BUILDSDK_LDFLAGS}"
-
 # The cross file logic is similar but not identical to that in meson.bbclass,
 # since it's generating for an SDK rather than a cross-compile. Important
 # differences are:

meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch

@@ -0,0 +1,116 @@
+From 3079f7966dbed4497e36d5067cbfd896a90358cb Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov <gorcunov@gmail.com>
+Date: Wed, 14 Nov 2018 10:03:42 +0300
+Subject: [PATCH] preproc: Fix malformed parameter count
+
+readnum returns 64bit number which may become
+a negative integer upon conversion which in
+turn lead to out of bound array access.
+
+Fix it by explicit conversion with bounds check
+
+ | POC6:2: error: parameter count `2222222222' is out of bounds [0; 2147483647]
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392528
+
+Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-19755
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ asm/preproc.c | 43 +++++++++++++++++++++----------------------
+ 1 file changed, 21 insertions(+), 22 deletions(-)
+
+diff --git a/asm/preproc.c b/asm/preproc.c
+index b6afee3..e5ad05a 100644
+--- a/asm/preproc.c
++++ b/asm/preproc.c
+@@ -1650,6 +1650,23 @@ smacro_defined(Context * ctx, const char *name, int nparam, SMacro ** defn,
+     return false;
+ }
+ 
++/* param should be a natural number [0; INT_MAX] */
++static int read_param_count(const char *str)
++{
++    int result;
++    bool err;
++
++    result = readnum(str, &err);
++    if (result < 0 || result > INT_MAX) {
++        result = 0;
++        nasm_error(ERR_NONFATAL, "parameter count `%s' is out of bounds [%d; %d]",
++                   str, 0, INT_MAX);
++    } else if (err) {
++        nasm_error(ERR_NONFATAL, "unable to parse parameter count `%s'", str);
++    }
++    return result;
++}
++
+ /*
+  * Count and mark off the parameters in a multi-line macro call.
+  * This is called both from within the multi-line macro expansion
+@@ -1871,11 +1888,7 @@ static bool if_condition(Token * tline, enum preproc_token ct)
+                   pp_directives[ct]);
+         } else {
+             searching.nparam_min = searching.nparam_max =
+-                readnum(tline->text, &j);
+-            if (j)
+-                nasm_error(ERR_NONFATAL,
+-                      "unable to parse parameter count `%s'",
+-                      tline->text);
++                read_param_count(tline->text);
+         }
+         if (tline && tok_is_(tline->next, "-")) {
+             tline = tline->next->next;
+@@ -1886,11 +1899,7 @@ static bool if_condition(Token * tline, enum preproc_token ct)
+                       "`%s' expects a parameter count after `-'",
+                       pp_directives[ct]);
+             else {
+-                searching.nparam_max = readnum(tline->text, &j);
+-                if (j)
+-                    nasm_error(ERR_NONFATAL,
+-                          "unable to parse parameter count `%s'",
+-                          tline->text);
++                searching.nparam_max = read_param_count(tline->text);
+                 if (searching.nparam_min > searching.nparam_max) {
+                     nasm_error(ERR_NONFATAL,
+                           "minimum parameter count exceeds maximum");
+@@ -2079,8 +2088,6 @@ static void undef_smacro(Context *ctx, const char *mname)
+  */
+ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive)
+ {
+-    bool err;
+-
+     tline = tline->next;
+     skip_white_(tline);
+     tline = expand_id(tline);
+@@ -2103,11 +2110,7 @@ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive)
+     if (!tok_type_(tline, TOK_NUMBER)) {
+         nasm_error(ERR_NONFATAL, "`%s' expects a parameter count", directive);
+     } else {
+-        def->nparam_min = def->nparam_max =
+-            readnum(tline->text, &err);
+-        if (err)
+-            nasm_error(ERR_NONFATAL,
+-                  "unable to parse parameter count `%s'", tline->text);
++        def->nparam_min = def->nparam_max = read_param_count(tline->text);
+     }
+     if (tline && tok_is_(tline->next, "-")) {
+         tline = tline->next->next;
+@@ -2117,11 +2120,7 @@ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive)
+             nasm_error(ERR_NONFATAL,
+                   "`%s' expects a parameter count after `-'", directive);
+         } else {
+-            def->nparam_max = readnum(tline->text, &err);
+-            if (err) {
+-                nasm_error(ERR_NONFATAL, "unable to parse parameter count `%s'",
+-                      tline->text);
+-            }
++            def->nparam_max = read_param_count(tline->text);
+             if (def->nparam_min > def->nparam_max) {
+                 nasm_error(ERR_NONFATAL, "minimum parameter count exceeds maximum");
+                 def->nparam_max = def->nparam_min;
+-- 
+2.10.5.GIT
+

meta/recipes-devtools/nasm/nasm/CVE-2019-14248.patch

@@ -0,0 +1,43 @@
+From 93d41d82963b2cfd0b24c906f5a8daf53281b559 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin (Intel)" <hpa@zytor.com>
+Date: Fri, 16 Aug 2019 01:12:54 -0700
+Subject: [PATCH] BR 3392576: don't segfault on a bad %pragma limit
+
+Don't segfault on a bad %pragma limit. Instead treat a NULL pointer as
+an empty string.
+
+Reported-by: Ren Kimura <rkx1209dev@gmail.com>
+Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
+
+CVE: CVE-2019-14248
+Upstream-Status: Backport [https://repo.or.cz/nasm.git/commit/93d41d82963b2cfd0b24c906f5a8daf53281b559]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ asm/nasm.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index c84d675..65116ab 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -212,6 +212,11 @@ nasm_set_limit(const char *limit, const char *valstr)
+     bool rn_error;
+     int errlevel;
+ 
++    if (!limit)
++        limit = "";
++    if (!valstr)
++        valstr = "";
++
+     for (i = 0; i <= LIMIT_MAX; i++) {
+         if (!nasm_stricmp(limit, limit_info[i].name))
+             break;
+@@ -204,7 +209,7 @@ nasm_set_limit(const char *limit, const char *valstr)
+             errlevel = ERR_WARNING|ERR_NOFILE|ERR_USAGE;
+         else
+             errlevel = ERR_WARNING|ERR_PASS1|WARN_UNKNOWN_PRAGMA;
+-        nasm_error(errlevel, "unknown limit: `%s'", limit);
++        nasm_error(errlevel, "invalid limit value: `%s'", valstr);
+         return DIRR_ERROR;
+     }
+ 

meta/recipes-devtools/nasm/nasm_2.14.02.bb

@@ -3,7 +3,10 @@ SECTION = "devel"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe"
 
-SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2"
+SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
+           file://CVE-2018-19755.patch \
+           file://CVE-2019-14248.patch \
+           "
 
 SRC_URI[md5sum] = "3f489aa48ad2aa1f967dc5e293bbd06f"
 SRC_URI[sha256sum] = "34fd26c70a277a9fdd54cb5ecf389badedaf48047b269d1008fbc819b24e80bc"

meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch

@@ -6,8 +6,8 @@ Subject: [PATCH] Invoke ed directly instead of using the shell
 * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
 command to avoid quoting vulnerabilities.
 
-CVE: CVE-2019-13638
-Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
+CVE: CVE-2019-13638 CVE-2018-20969
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 
 ---

meta/recipes-devtools/pseudo/files/0001-Add-statx.patch

@@ -0,0 +1,106 @@
+From 4e41a05de1f34ba00a68ca4f20fb49c4d1cbd2d0 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 6 Nov 2019 12:17:46 +0000
+Subject: [PATCH] Add statx glibc/syscall support
+
+Modern distros (e.g. fedora30) are starting to use the new statx() syscall through
+the newly exposed glibc wrapper function in software like coreutils (e.g. the ls
+command). Add support to intercept this to pseudo.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Submitted [Emailed to seebs]
+---
+ ports/linux/guts/statx.c | 48 ++++++++++++++++++++++++++++++++++++++++
+ ports/linux/portdefs.h   |  1 +
+ ports/linux/wrapfuncs.in |  1 +
+ 3 files changed, 50 insertions(+)
+ create mode 100644 ports/linux/guts/statx.c
+
+diff --git a/ports/linux/statx/guts/statx.c b/ports/linux/statx/guts/statx.c
+new file mode 100644
+index 0000000..a3259c4
+--- /dev/null
++++ b/ports/linux/statx/guts/statx.c
+@@ -0,0 +1,42 @@
++/*
++ * Copyright (c) 2019 Linux Foundation
++ * Author: Richard Purdie
++ *
++ * SPDX-License-Identifier: LGPL-2.1-only
++ *
++ * int
++ * statx(int dirfd, const char *pathname, int flags, unsigned int mask, struct statx *statxbuf) {
++ *	int rc = -1;
++ */
++	pseudo_msg_t *msg;
++	PSEUDO_STATBUF buf;
++	int save_errno;
++
++	rc = real_statx(dirfd, pathname, flags, mask, statxbuf);
++	save_errno = errno;
++	if (rc == -1) {
++		return rc;
++	}
++
++	buf.st_uid = statxbuf->stx_uid;
++	buf.st_gid = statxbuf->stx_gid;
++	buf.st_dev = makedev(statxbuf->stx_dev_major, statxbuf->stx_dev_minor);
++	buf.st_ino = statxbuf->stx_ino;
++	buf.st_mode = statxbuf->stx_mode;
++	buf.st_rdev = makedev(statxbuf->stx_rdev_major, statxbuf->stx_rdev_minor);
++	buf.st_nlink = statxbuf->stx_nlink;
++	msg = pseudo_client_op(OP_STAT, 0, -1, dirfd, pathname, &buf);
++	if (msg && msg->result == RESULT_SUCCEED) {
++		pseudo_debug(PDBGF_FILE, "statx(path %s), flags %o, stat rc %d, stat uid %o\n", pathname, flags, rc, statxbuf->stx_uid);
++		statxbuf->stx_uid = msg->uid;
++		statxbuf->stx_gid = msg->gid;
++		statxbuf->stx_mode = msg->mode;
++		statxbuf->stx_rdev_major = major(msg->rdev);
++		statxbuf->stx_rdev_minor = minor(msg->rdev);
++	} else {
++		pseudo_debug(PDBGF_FILE, "statx(path %s) failed, flags %o, stat rc %d, stat uid %o\n", pathname, flags, rc, statxbuf->stx_uid);
++	}
++	errno = save_errno;
++/*	return rc;
++ * }
++ */
+diff --git a/ports/linux/statx/portdefs.h b/ports/linux/statx/portdefs.h
+new file mode 100644
+index 0000000..bf934dc
+--- /dev/null
++++ b/ports/linux/statx/portdefs.h
+@@ -0,0 +1,6 @@
++/*
++ * SPDX-License-Identifier: LGPL-2.1-only
++ *
++ */
++#include <sys/stat.h>
++#include <sys/sysmacros.h>
+diff --git a/ports/linux/statx/wrapfuncs.in b/ports/linux/statx/wrapfuncs.in
+new file mode 100644
+index 0000000..c9cd4c3
+--- /dev/null
++++ b/ports/linux/statx/wrapfuncs.in
+@@ -0,0 +1 @@
++int statx(int dirfd, const char *pathname, int flags, unsigned int mask, struct statx *statxbuf);
+diff --git a/ports/linux/subports b/ports/linux/subports
+index a29044a..49081bf 100755
+--- a/ports/linux/subports
++++ b/ports/linux/subports
+@@ -54,3 +54,13 @@ else
+ fi
+ rm -f dummy.c dummy.o
+ 
++cat > dummy.c <<EOF
++#define _GNU_SOURCE
++#include <sys/stat.h>
++struct statx x;
++EOF
++if ${CC} -c -o dummy.o dummy.c >/dev/null 2>&1; then
++	echo "linux/statx"
++fi
++rm -f dummy.c dummy.o
++
+-- 
+2.17.1
+

meta/recipes-devtools/pseudo/pseudo.inc

@@ -4,7 +4,7 @@
 
 SUMMARY = "Pseudo gives fake root capabilities to a normal user"
 HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/pseudo"
-LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a1d8023a6f953ac6ea4af765ff62d574"
 SECTION = "base"
 LICENSE = "LGPL2.1"
 DEPENDS = "sqlite3 attr"
@@ -30,23 +30,10 @@ PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback --enable-ep
 
 # Compile for the local machine arch...
 do_compile () {
-        SQLITE_LDADD='$(SQLITE)/$(SQLITE_LIB)/libsqlite3.a'
-	for sqlite_link_opt in $(pkg-config sqlite3 --libs --static)
-	do
-	    case "$sqlite_link_opt" in
-	    -lsqlite3)
-		;;
-	    -l*)
-		SQLITE_LDADD="${SQLITE_LDADD} ${sqlite_link_opt}"
-		;;
-	    *)
-		;;
-	    esac
-	done
 	if [ "${SITEINFO_BITS}" = "64" ]; then
-	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib${SITEINFO_BITS} --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --with-static-sqlite="$SQLITE_LDADD" --without-rpath
+	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib${SITEINFO_BITS} --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --without-rpath
 	else
-	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --with-static-sqlite="$SQLITE_LDADD" --without-rpath
+	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --without-rpath
 	fi
 	oe_runmake ${MAKEOPTS}
 }

meta/recipes-devtools/pseudo/pseudo_git.bb

@@ -6,9 +6,10 @@ SRC_URI = "git://git.yoctoproject.org/pseudo \
            file://fallback-group \
            file://moreretries.patch \
            file://toomanyfiles.patch \
+           file://0001-Add-statx.patch \
            "
 
-SRCREV = "3fa7c853e0bcd6fe23f7524c2a3c9e3af90901c3"
+SRCREV = "060058bb29f70b244e685b3c704eb0641b736f73"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 

meta/recipes-devtools/python/python-native/0001-python-native-fix-one-do_populate_sysroot-warning.patch

@@ -1,4 +1,4 @@
-From 12292444e1b3662b994bc223d92b8338fb0895ff Mon Sep 17 00:00:00 2001
+From 6cbb7529cf7ff0da3ca649fb3486facd9620d625 Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Thu, 25 Oct 2018 07:32:14 +0000
 Subject: [PATCH] python-native: fix one do_populate_sysroot warning
@@ -17,23 +17,24 @@ when do_populate_sysroot. use append to fix it.
 Upstream-Status: Inappropriate [oe-specific]
 
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
 ---
  setup.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/setup.py b/setup.py
-index 7bf13ed..6c0f29b 100644
+index a2c8127..22f9e23 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -40,7 +40,7 @@ def add_dir_to_list(dirlist, dir):
-     1) 'dir' is not already in 'dirlist'
-     2) 'dir' actually exists, and is a directory."""
-     if dir is not None and os.path.isdir(dir) and dir not in dirlist:
--        dirlist.insert(0, dir)
-+        dirlist.append(dir)
-
- def macosx_sdk_root():
-     """
+@@ -47,7 +47,7 @@ def add_dir_to_list(dirlist, dir):
+         else:
+             dir_exists = os.path.isdir(dir)
+         if dir_exists:
+-            dirlist.insert(0, dir)
++            dirlist.append(dir)
+ 
+ MACOS_SDK_ROOT = None
+ 
 -- 
-2.18.0
+2.17.1
 

meta/recipes-devtools/python/python-native_2.7.17.bb

@@ -12,7 +12,7 @@ SRC_URI += "\
             file://nohostlibs.patch \
             file://multilib.patch \
             file://add-md5module-support.patch \
-            file://builddir.patch \
+            file://0001-python-Resolve-intermediate-staging-issues.patch \
             file://parallel-makeinst-create-bindir.patch \
             file://revert_use_of_sysconfigdata.patch \
             file://0001-python-native-fix-one-do_populate_sysroot-warning.patch \

meta/recipes-devtools/python/python.inc

@@ -8,15 +8,10 @@ INC_PR = "r1"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
-           file://bpo-35907-cve-2019-9948.patch \
-           file://bpo-35907-cve-2019-9948-fix.patch \
-           file://bpo-36216-cve-2019-9636.patch \
-           file://bpo-36216-cve-2019-9636-fix.patch \
-           file://CVE-2019-9740.patch \
            "
 
-SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5"
-SRC_URI[sha256sum] = "f222ef602647eecb6853681156d32de4450a2c39f4de93bd5b20235f2e660ed7"
+SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd"
+SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41"
 
 # python recipe is actually python 2.x
 # also, exclude pre-releases for both python 2.x and 3.x
@@ -24,6 +19,19 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>2(\.\d+)+).tar"
 
 CVE_PRODUCT = "python"
 
+# Upstream agreement is that these are not security issues:
+# https://bugs.python.org/issue32367
+CVE_CHECK_WHITELIST += "CVE-2017-17522"
+# https://bugs.python.org/issue32056
+CVE_CHECK_WHITELIST += "CVE-2017-18207"
+
+# Windows-only, "It was determined that this is a longtime behavior
+# of Python that cannot really be altered at this point."
+CVE_CHECK_WHITELIST += "CVE-2015-5652"
+
+# This is not exploitable when glibc has CVE-2016-10739 fixed.
+CVE_CHECK_WHITELIST += "CVE-2019-18348"
+
 PYTHON_MAJMIN = "2.7"
 
 inherit autotools pkgconfig

meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

@@ -1,90 +0,0 @@
-From 532ed09c5454bb789a301bb6f1339a0818255610 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com>
-Date: Sat, 14 Sep 2019 13:26:38 -0400
-Subject: [PATCH] [2.7] bpo-34155: Dont parse domains containing @ (GH-13079)
- (GH-16006)
-
-This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address.
-
-(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
-
-Excludes changes to Lib/email/_header_value_parser.py, which did not
-exist in 2.7.
-
-Co-authored-by: jpic <jpic@users.noreply.github.com>
-
-https://bugs.python.org/issue34155
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9]
-
-CVE: CVE-2019-16056
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Lib/email/_parseaddr.py                            | 11 ++++++++++-
- Lib/email/test/test_email.py                       | 14 ++++++++++++++
- .../2019-05-04-13-33-37.bpo-34155.MJll68.rst       |  1 +
- 3 files changed, 25 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-
-diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
-index 690db2c22d..dc49d2e45a 100644
---- a/Lib/email/_parseaddr.py
-+++ b/Lib/email/_parseaddr.py
-@@ -336,7 +336,12 @@ class AddrlistClass:
-         aslist.append('@')
-         self.pos += 1
-         self.gotonext()
--        return EMPTYSTRING.join(aslist) + self.getdomain()
-+        domain = self.getdomain()
-+        if not domain:
-+            # Invalid domain, return an empty address instead of returning a
-+            # local part to denote failed parsing.
-+            return EMPTYSTRING
-+        return EMPTYSTRING.join(aslist) + domain
- 
-     def getdomain(self):
-         """Get the complete domain name from an address."""
-@@ -351,6 +356,10 @@ class AddrlistClass:
-             elif self.field[self.pos] == '.':
-                 self.pos += 1
-                 sdlist.append('.')
-+            elif self.field[self.pos] == '@':
-+                # bpo-34155: Don't parse domains with two `@` like
-+                # `a@malicious.org@important.com`.
-+                return EMPTYSTRING
-             elif self.field[self.pos] in self.atomends:
-                 break
-             else:
-diff --git a/Lib/email/test/test_email.py b/Lib/email/test/test_email.py
-index 4b4dee3d34..2efe44ac5a 100644
---- a/Lib/email/test/test_email.py
-+++ b/Lib/email/test/test_email.py
-@@ -2306,6 +2306,20 @@ class TestMiscellaneous(TestEmailBase):
-         self.assertEqual(Utils.parseaddr('<>'), ('', ''))
-         self.assertEqual(Utils.formataddr(Utils.parseaddr('<>')), '')
- 
-+    def test_parseaddr_multiple_domains(self):
-+        self.assertEqual(
-+            Utils.parseaddr('a@b@c'),
-+            ('', '')
-+        )
-+        self.assertEqual(
-+            Utils.parseaddr('a@b.c@c'),
-+            ('', '')
-+        )
-+        self.assertEqual(
-+            Utils.parseaddr('a@172.17.0.1@c'),
-+            ('', '')
-+        )
-+
-     def test_noquote_dump(self):
-         self.assertEqual(
-             Utils.formataddr(('A Silly Person', 'person@dom.ain')),
-diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-new file mode 100644
-index 0000000000..50292e29ed
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-@@ -0,0 +1 @@
-+Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.

meta/recipes-devtools/python/python/0001-python-Resolve-intermediate-staging-issues.patch

@@ -1,5 +1,10 @@
-When cross compiling python, we used to need to install the Makefile, pyconfig.h 
-and the python library to their final location before being able to compile the 
+From 77bcb3238b2853d511714544e0f84a37be6c79bf Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 14 Nov 2012 14:31:24 +0000
+Subject: [PATCH] python: Resolve intermediate staging issues
+
+When cross compiling python, we used to need to install the Makefile, pyconfig.h
+and the python library to their final location before being able to compile the
 rest of python. This change allows us to point python at its own source when
 building, avoiding a variety of sysroot staging issues and simplifying the main
 python recipe.
@@ -7,10 +12,29 @@ python recipe.
 Upstream-Status: Inappropriate
 RP 2012/11/13
 
-Index: Python-2.7.9/Lib/sysconfig.py
-===================================================================
---- Python-2.7.9.orig/Lib/sysconfig.py
-+++ Python-2.7.9/Lib/sysconfig.py
+---
+ Lib/distutils/sysconfig.py | 3 +++
+ Lib/sysconfig.py           | 5 ++++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py
+index 2f4b8ca..15bceb5 100644
+--- a/Lib/distutils/sysconfig.py
++++ b/Lib/distutils/sysconfig.py
+@@ -31,6 +31,9 @@ else:
+     # sys.executable can be empty if argv[0] has been changed and Python is
+     # unable to retrieve the real program name
+     project_base = os.getcwd()
++_PYTHONBUILDDIR = os.environ.get("PYTHONBUILDDIR", None)
++if _PYTHONBUILDDIR:
++    project_base = _PYTHONBUILDDIR
+ if os.name == "nt" and "pcbuild" in project_base[-8:].lower():
+     project_base = os.path.abspath(os.path.join(project_base, os.path.pardir))
+ # PC/VS7.1
+diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
+index 9c8350d..bddbe2e 100644
+--- a/Lib/sysconfig.py
++++ b/Lib/sysconfig.py
 @@ -93,6 +93,7 @@ _PREFIX = os.path.normpath(sys.prefix)
  _EXEC_PREFIX = os.path.normpath(sys.exec_prefix)
  _CONFIG_VARS = None
@@ -30,17 +54,6 @@ Index: Python-2.7.9/Lib/sysconfig.py
      _PROJECT_BASE = os.path.dirname(_safe_realpath(sys.executable))
  else:
      # sys.executable can be empty if argv[0] has been changed and Python is
-Index: Python-2.7.9/Lib/distutils/sysconfig.py
-===================================================================
---- Python-2.7.9.orig/Lib/distutils/sysconfig.py
-+++ Python-2.7.9/Lib/distutils/sysconfig.py
-@@ -26,6 +26,9 @@ EXEC_PREFIX = os.path.normpath(sys.exec_
- # live in project/PCBuild9.  If we're dealing with an x64 Windows build,
- # it'll live in project/PCbuild/amd64.
- project_base = os.path.dirname(os.path.abspath(sys.executable))
-+_PYTHONBUILDDIR = os.environ.get("PYTHONBUILDDIR", None)
-+if _PYTHONBUILDDIR:
-+    project_base = _PYTHONBUILDDIR
- if os.name == "nt" and "pcbuild" in project_base[-8:].lower():
-     project_base = os.path.abspath(os.path.join(project_base, os.path.pardir))
- # PC/VS7.1
+-- 
+2.17.1
+

meta/recipes-devtools/python/python/CVE-2019-9740.patch

@@ -1,215 +0,0 @@
-From bb8071a4cae5ab3fe321481dd3d73662ffb26052 Mon Sep 17 00:00:00 2001
-From: Victor Stinner <victor.stinner@gmail.com>
-Date: Tue, 21 May 2019 15:12:33 +0200
-Subject: [PATCH] bpo-30458: Disallow control chars in http URLs (GH-12755)
- (GH-13154) (GH-13315)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Disallow control chars in http URLs in urllib2.urlopen.  This
-addresses a potential security problem for applications that do not
-sanity check their URLs where http request headers could be injected.
-
-Disable https related urllib tests on a build without ssl (GH-13032)
-These tests require an SSL enabled build. Skip these tests when
-python is built without SSL to fix test failures.
-
-Use httplib.InvalidURL instead of ValueError as the new error case's
-exception. (GH-13044)
-
-Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
-
-(cherry picked from commit 7e200e0763f5b71c199aaf98bd5588f291585619)
-
-Notes on backport to Python 2.7:
-
-* test_urllib tests urllib.urlopen() which quotes the URL and so is
-  not vulerable to HTTP Header Injection.
-* Add tests to test_urllib2 on urllib2.urlopen().
-* Reject non-ASCII characters: range 0x80-0xff.
-
-Upstream-Status: Backport
-CVE: CVE-2019-9740
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/httplib.py                                | 16 ++++++
- Lib/test/test_urllib.py                       | 25 +++++++++
- Lib/test/test_urllib2.py                      | 51 ++++++++++++++++++-
- Lib/test/test_xmlrpc.py                       |  8 ++-
- .../2019-04-10-08-53-30.bpo-30458.51E-DA.rst  |  1 +
- 5 files changed, 99 insertions(+), 2 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
-
-diff --git a/Lib/httplib.py b/Lib/httplib.py
-index 60a8fb4e355f..1b41c346e090 100644
---- a/Lib/httplib.py
-+++ b/Lib/httplib.py
-@@ -247,6 +247,16 @@
- _is_legal_header_name = re.compile(r'\A[^:\s][^:\r\n]*\Z').match
- _is_illegal_header_value = re.compile(r'\n(?![ \t])|\r(?![ \t\n])').search
- 
-+# These characters are not allowed within HTTP URL paths.
-+#  See https://tools.ietf.org/html/rfc3986#section-3.3 and the
-+#  https://tools.ietf.org/html/rfc3986#appendix-A pchar definition.
-+# Prevents CVE-2019-9740.  Includes control characters such as \r\n.
-+# Restrict non-ASCII characters above \x7f (0x80-0xff).
-+_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]')
-+# Arguably only these _should_ allowed:
-+#  _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
-+# We are more lenient for assumed real world compatibility purposes.
-+
- # We always set the Content-Length header for these methods because some
- # servers will otherwise respond with a 411
- _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
-@@ -927,6 +937,12 @@ def putrequest(self, method, url, skip_host=0, skip_accept_encoding=0):
-         self._method = method
-         if not url:
-             url = '/'
-+        # Prevent CVE-2019-9740.
-+        match = _contains_disallowed_url_pchar_re.search(url)
-+        if match:
-+            raise InvalidURL("URL can't contain control characters. %r "
-+                             "(found at least %r)"
-+                             % (url, match.group()))
-         hdr = '%s %s %s' % (method, url, self._http_vsn_str)
- 
-         self._output(hdr)
-diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
-index 1ce9201c0693..d7778d4194f3 100644
---- a/Lib/test/test_urllib.py
-+++ b/Lib/test/test_urllib.py
-@@ -257,6 +257,31 @@ def test_url_fragment(self):
-         finally:
-             self.unfakehttp()
- 
-+    def test_url_with_control_char_rejected(self):
-+        for char_no in range(0, 0x21) + range(0x7f, 0x100):
-+            char = chr(char_no)
-+            schemeless_url = "//localhost:7777/test%s/" % char
-+            self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
-+            try:
-+                # urllib quotes the URL so there is no injection.
-+                resp = urllib.urlopen("http:" + schemeless_url)
-+                self.assertNotIn(char, resp.geturl())
-+            finally:
-+                self.unfakehttp()
-+
-+    def test_url_with_newline_header_injection_rejected(self):
-+        self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
-+        host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123"
-+        schemeless_url = "//" + host + ":8080/test/?test=a"
-+        try:
-+            # urllib quotes the URL so there is no injection.
-+            resp = urllib.urlopen("http:" + schemeless_url)
-+            self.assertNotIn(' ', resp.geturl())
-+            self.assertNotIn('\r', resp.geturl())
-+            self.assertNotIn('\n', resp.geturl())
-+        finally:
-+            self.unfakehttp()
-+
-     def test_read_bogus(self):
-         # urlopen() should raise IOError for many error codes.
-         self.fakehttp('''HTTP/1.1 401 Authentication Required
-diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
-index 6d24d5ddf83c..9531818e16b2 100644
---- a/Lib/test/test_urllib2.py
-+++ b/Lib/test/test_urllib2.py
-@@ -15,6 +15,9 @@
- except ImportError:
-     ssl = None
- 
-+from test.test_urllib import FakeHTTPMixin
-+
-+
- # XXX
- # Request
- # CacheFTPHandler (hard to write)
-@@ -1262,7 +1265,7 @@ def _test_basic_auth(self, opener, auth_handler, auth_header,
-         self.assertEqual(len(http_handler.requests), 1)
-         self.assertFalse(http_handler.requests[0].has_header(auth_header))
- 
--class MiscTests(unittest.TestCase):
-+class MiscTests(unittest.TestCase, FakeHTTPMixin):
- 
-     def test_build_opener(self):
-         class MyHTTPHandler(urllib2.HTTPHandler): pass
-@@ -1317,6 +1320,52 @@ def test_unsupported_algorithm(self):
-             "Unsupported digest authentication algorithm 'invalid'"
-         )
- 
-+    @unittest.skipUnless(ssl, "ssl module required")
-+    def test_url_with_control_char_rejected(self):
-+        for char_no in range(0, 0x21) + range(0x7f, 0x100):
-+            char = chr(char_no)
-+            schemeless_url = "//localhost:7777/test%s/" % char
-+            self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
-+            try:
-+                # We explicitly test urllib.request.urlopen() instead of the top
-+                # level 'def urlopen()' function defined in this... (quite ugly)
-+                # test suite.  They use different url opening codepaths.  Plain
-+                # urlopen uses FancyURLOpener which goes via a codepath that
-+                # calls urllib.parse.quote() on the URL which makes all of the
-+                # above attempts at injection within the url _path_ safe.
-+                escaped_char_repr = repr(char).replace('\\', r'\\')
-+                InvalidURL = httplib.InvalidURL
-+                with self.assertRaisesRegexp(
-+                    InvalidURL, "contain control.*" + escaped_char_repr):
-+                    urllib2.urlopen("http:" + schemeless_url)
-+                with self.assertRaisesRegexp(
-+                    InvalidURL, "contain control.*" + escaped_char_repr):
-+                    urllib2.urlopen("https:" + schemeless_url)
-+            finally:
-+                self.unfakehttp()
-+
-+    @unittest.skipUnless(ssl, "ssl module required")
-+    def test_url_with_newline_header_injection_rejected(self):
-+        self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
-+        host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123"
-+        schemeless_url = "//" + host + ":8080/test/?test=a"
-+        try:
-+            # We explicitly test urllib2.urlopen() instead of the top
-+            # level 'def urlopen()' function defined in this... (quite ugly)
-+            # test suite.  They use different url opening codepaths.  Plain
-+            # urlopen uses FancyURLOpener which goes via a codepath that
-+            # calls urllib.parse.quote() on the URL which makes all of the
-+            # above attempts at injection within the url _path_ safe.
-+            InvalidURL = httplib.InvalidURL
-+            with self.assertRaisesRegexp(
-+                InvalidURL, r"contain control.*\\r.*(found at least . .)"):
-+                urllib2.urlopen("http:" + schemeless_url)
-+            with self.assertRaisesRegexp(InvalidURL, r"contain control.*\\n"):
-+                urllib2.urlopen("https:" + schemeless_url)
-+        finally:
-+            self.unfakehttp()
-+
-+
- 
- class RequestTests(unittest.TestCase):
- 
-diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
-index 36b3be67fd6b..90ccb30716ff 100644
---- a/Lib/test/test_xmlrpc.py
-+++ b/Lib/test/test_xmlrpc.py
-@@ -659,7 +659,13 @@ def test_dotted_attribute(self):
-     def test_partial_post(self):
-         # Check that a partial POST doesn't make the server loop: issue #14001.
-         conn = httplib.HTTPConnection(ADDR, PORT)
--        conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
-+        conn.send('POST /RPC2 HTTP/1.0\r\n'
-+                  'Content-Length: 100\r\n\r\n'
-+                  'bye HTTP/1.1\r\n'
-+                  'Host: %s:%s\r\n'
-+                  'Accept-Encoding: identity\r\n'
-+                  'Content-Length: 0\r\n\r\n'
-+                  % (ADDR, PORT))
-         conn.close()
- 
- class SimpleServerEncodingTestCase(BaseServerTestCase):
-diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
-new file mode 100644
-index 000000000000..47cb899df1af
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
-@@ -0,0 +1 @@
-+Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request.  Such potentially malicious header injection URLs now cause an httplib.InvalidURL exception to be raised.

meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch

@@ -1,55 +0,0 @@
-From 179a5f75f1121dab271fe8f90eb35145f9dcbbda Mon Sep 17 00:00:00 2001
-From: Sihoon Lee <push0ebp@gmail.com>
-Date: Fri, 17 May 2019 02:41:06 +0900
-Subject: [PATCH] Update test_urllib.py and urllib.py\nchange assertEqual into
- assertRasies in DummyURLopener test, and simplify mitigation
-
-Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
-
-CVE: CVE-2019-9948
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- Lib/test/test_urllib.py | 11 +++--------
- Lib/urllib.py           |  4 ++--
- 2 files changed, 5 insertions(+), 10 deletions(-)
-
-diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
-index e5f210e62a18..1e23dfb0bb16 100644
---- a/Lib/test/test_urllib.py
-+++ b/Lib/test/test_urllib.py
-@@ -1027,14 +1027,9 @@ def test_local_file_open(self):
-         class DummyURLopener(urllib.URLopener):
-             def open_local_file(self, url):
-                 return url
--        self.assertEqual(DummyURLopener().open(
--            'local-file://example'), '//example')
--        self.assertEqual(DummyURLopener().open(
--            'local_file://example'), '//example')
--        self.assertRaises(IOError, urllib.urlopen,
--            'local-file://example')
--        self.assertRaises(IOError, urllib.urlopen,
--            'local_file://example')
-+        for url in ('local_file://example', 'local-file://example'):
-+            self.assertRaises(IOError, DummyURLopener().open, url)
-+            self.assertRaises(IOError, urllib.urlopen, url)
- 
- # Just commented them out.
- # Can't really tell why keep failing in windows and sparc.
-diff --git a/Lib/urllib.py b/Lib/urllib.py
-index a24e9a5c68fb..39b834054e9e 100644
---- a/Lib/urllib.py
-+++ b/Lib/urllib.py
-@@ -203,10 +203,10 @@ def open(self, fullurl, data=None):
-         name = 'open_' + urltype
-         self.type = urltype
-         name = name.replace('-', '_')
--        
-+
-         # bpo-35907: # disallow the file reading with the type not allowed
-         if not hasattr(self, name) or \
--            (self == _urlopener and name == 'open_local_file'):
-+            getattr(self, name) == self.open_local_file:
-             if proxy:
-                 return self.open_unknown_proxy(proxy, fullurl, data)
-             else:

meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch

@@ -1,55 +0,0 @@
-From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
-From: push0ebp <push0ebp@shl-MacBook-Pro.local>
-Date: Thu, 14 Feb 2019 02:05:46 +0900
-Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
- URL scheme in urllib
-
-Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
-
-CVE: CVE-2019-9948
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- Lib/test/test_urllib.py | 12 ++++++++++++
- Lib/urllib.py           |  5 ++++-
- 2 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
-index 1ce9201c0693..e5f210e62a18 100644
---- a/Lib/test/test_urllib.py
-+++ b/Lib/test/test_urllib.py
-@@ -1023,6 +1023,18 @@ def open_spam(self, url):
-             "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
-             "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
- 
-+    def test_local_file_open(self):
-+        class DummyURLopener(urllib.URLopener):
-+            def open_local_file(self, url):
-+                return url
-+        self.assertEqual(DummyURLopener().open(
-+            'local-file://example'), '//example')
-+        self.assertEqual(DummyURLopener().open(
-+            'local_file://example'), '//example')
-+        self.assertRaises(IOError, urllib.urlopen,
-+            'local-file://example')
-+        self.assertRaises(IOError, urllib.urlopen,
-+            'local_file://example')
- 
- # Just commented them out.
- # Can't really tell why keep failing in windows and sparc.
-diff --git a/Lib/urllib.py b/Lib/urllib.py
-index d85504a5cb7e..a24e9a5c68fb 100644
---- a/Lib/urllib.py
-+++ b/Lib/urllib.py
-@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
-         name = 'open_' + urltype
-         self.type = urltype
-         name = name.replace('-', '_')
--        if not hasattr(self, name):
-+        
-+        # bpo-35907: # disallow the file reading with the type not allowed
-+        if not hasattr(self, name) or \
-+            (self == _urlopener and name == 'open_local_file'):
-             if proxy:
-                 return self.open_unknown_proxy(proxy, fullurl, data)
-             else:

meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch

@@ -1,28 +0,0 @@
-From 06b5ee585d6e76bdbb4002f642d864d860cbbd2b Mon Sep 17 00:00:00 2001
-From: Steve Dower <steve.dower@python.org>
-Date: Tue, 12 Mar 2019 08:23:33 -0700
-Subject: [PATCH] bpo-36216: Only print test messages when verbose
-
-CVE: CVE-2019-9636
- 
-Upstream-Status: Backport https://github.com/python/cpython/pull/12291/commits/06b5ee585d6e76bdbb4002f642d864d860cbbd2b
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- Lib/test/test_urlparse.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
-index 73b0228ea8e3..1830d0b28688 100644
---- a/Lib/test/test_urlparse.py
-+++ b/Lib/test/test_urlparse.py
-@@ -644,7 +644,8 @@ def test_urlsplit_normalization(self):
-         for scheme in [u"http", u"https", u"ftp"]:
-             for c in denorm_chars:
-                 url = u"{}://netloc{}false.netloc/path".format(scheme, c)
--                print "Checking %r" % url
-+                if test_support.verbose:
-+                    print "Checking %r" % url
-                 with self.assertRaises(ValueError):
-                     urlparse.urlsplit(url)
- 

meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch

@@ -1,111 +0,0 @@
-From 3e3669c9c41a27e1466e2c28b3906e3dd0ce3e7e Mon Sep 17 00:00:00 2001
-From: Steve Dower <steve.dower@python.org>
-Date: Thu, 7 Mar 2019 08:25:22 -0800
-Subject: [PATCH] bpo-36216: Add check for characters in netloc that normalize
- to separators (GH-12201)
-
-CVE: CVE-2019-9636
-
-Upstream-Status: Backport https://github.com/python/cpython/pull/12216/commits/3e3669c9c41a27e1466e2c28b3906e3dd0ce3e7e
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- Doc/library/urlparse.rst                      | 20 ++++++++++++++++
- Lib/test/test_urlparse.py                     | 24 +++++++++++++++++++
- Lib/urlparse.py                               | 17 +++++++++++++
- .../2019-03-06-09-38-40.bpo-36216.6q1m4a.rst  |  3 +++
- 4 files changed, 64 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
-
-diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
-index 4e1ded73c266..73b0228ea8e3 100644
---- a/Lib/test/test_urlparse.py
-+++ b/Lib/test/test_urlparse.py
-@@ -1,4 +1,6 @@
- from test import test_support
-+import sys
-+import unicodedata
- import unittest
- import urlparse
- 
-@@ -624,6 +626,28 @@ def test_portseparator(self):
-         self.assertEqual(urlparse.urlparse("http://www.python.org:80"),
-                 ('http','www.python.org:80','','','',''))
- 
-+    def test_urlsplit_normalization(self):
-+        # Certain characters should never occur in the netloc,
-+        # including under normalization.
-+        # Ensure that ALL of them are detected and cause an error
-+        illegal_chars = u'/:#?@'
-+        hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
-+        denorm_chars = [
-+            c for c in map(unichr, range(128, sys.maxunicode))
-+            if (hex_chars & set(unicodedata.decomposition(c).split()))
-+            and c not in illegal_chars
-+        ]
-+        # Sanity check that we found at least one such character
-+        self.assertIn(u'\u2100', denorm_chars)
-+        self.assertIn(u'\uFF03', denorm_chars)
-+
-+        for scheme in [u"http", u"https", u"ftp"]:
-+            for c in denorm_chars:
-+                url = u"{}://netloc{}false.netloc/path".format(scheme, c)
-+                print "Checking %r" % url
-+                with self.assertRaises(ValueError):
-+                    urlparse.urlsplit(url)
-+
- def test_main():
-     test_support.run_unittest(UrlParseTestCase)
- 
-diff --git a/Lib/urlparse.py b/Lib/urlparse.py
-index f7c2b032b097..54eda08651ab 100644
---- a/Lib/urlparse.py
-+++ b/Lib/urlparse.py
-@@ -165,6 +165,21 @@ def _splitnetloc(url, start=0):
-             delim = min(delim, wdelim)     # use earliest delim position
-     return url[start:delim], url[delim:]   # return (domain, rest)
- 
-+def _checknetloc(netloc):
-+    if not netloc or not isinstance(netloc, unicode):
-+        return
-+    # looking for characters like \u2100 that expand to 'a/c'
-+    # IDNA uses NFKC equivalence, so normalize for this check
-+    import unicodedata
-+    netloc2 = unicodedata.normalize('NFKC', netloc)
-+    if netloc == netloc2:
-+        return
-+    _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
-+    for c in '/?#@:':
-+        if c in netloc2:
-+            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
-+                             "characters under NFKC normalization")
-+
- def urlsplit(url, scheme='', allow_fragments=True):
-     """Parse a URL into 5 components:
-     <scheme>://<netloc>/<path>?<query>#<fragment>
-@@ -193,6 +208,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
-                 url, fragment = url.split('#', 1)
-             if '?' in url:
-                 url, query = url.split('?', 1)
-+            _checknetloc(netloc)
-             v = SplitResult(scheme, netloc, url, query, fragment)
-             _parse_cache[key] = v
-             return v
-@@ -216,6 +232,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
-         url, fragment = url.split('#', 1)
-     if '?' in url:
-         url, query = url.split('?', 1)
-+    _checknetloc(netloc)
-     v = SplitResult(scheme, netloc, url, query, fragment)
-     _parse_cache[key] = v
-     return v
-diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
-new file mode 100644
-index 000000000000..1e1ad92c6feb
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
-@@ -0,0 +1,3 @@
-+Changes urlsplit() to raise ValueError when the URL contains characters that
-+decompose under IDNA encoding (NFKC-normalization) into characters that
-+affect how the URL is parsed.
-\ No newline at end of file

meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch

@@ -1,81 +0,0 @@
-From 5a1033fe5be764a135adcfff2fdc14edc3e5f327 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 10 Oct 2019 16:32:19 +0800
-Subject: [PATCH] bpo-36742: Fixes handling of pre-normalization characters in
- urlsplit() bpo-36742: Corrects fix to handle decomposition in usernames
-
-Upstream-Status: Backport
-
-https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259
-https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de#diff-b577545d73dd0cdb2c337a4c5f89e1d7
-
-CVE: CVE-2019-10160
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- Lib/test/test_urlparse.py | 19 +++++++++++++------
- Lib/urlparse.py           | 14 +++++++++-----
- 2 files changed, 22 insertions(+), 11 deletions(-)
-
-diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
-index 1830d0b..857ed96 100644
---- a/Lib/test/test_urlparse.py
-+++ b/Lib/test/test_urlparse.py
-@@ -641,13 +641,20 @@ class UrlParseTestCase(unittest.TestCase):
-         self.assertIn(u'\u2100', denorm_chars)
-         self.assertIn(u'\uFF03', denorm_chars)
- 
-+        # bpo-36742: Verify port separators are ignored when they
-+        # existed prior to decomposition
-+        urlparse.urlsplit(u'http://\u30d5\u309a:80')
-+        with self.assertRaises(ValueError):
-+            urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
-+
-         for scheme in [u"http", u"https", u"ftp"]:
--            for c in denorm_chars:
--                url = u"{}://netloc{}false.netloc/path".format(scheme, c)
--                if test_support.verbose:
--                    print "Checking %r" % url
--                with self.assertRaises(ValueError):
--                    urlparse.urlsplit(url)
-+            for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
-+                for c in denorm_chars:
-+                    url = u"{}://{}/path".format(scheme, netloc.format(c))
-+                    if test_support.verbose:
-+                        print "Checking %r" % url
-+                    with self.assertRaises(ValueError):
-+                        urlparse.urlsplit(url)
- 
- def test_main():
-     test_support.run_unittest(UrlParseTestCase)
-diff --git a/Lib/urlparse.py b/Lib/urlparse.py
-index 54eda08..e34b368 100644
---- a/Lib/urlparse.py
-+++ b/Lib/urlparse.py
-@@ -171,14 +171,18 @@ def _checknetloc(netloc):
-     # looking for characters like \u2100 that expand to 'a/c'
-     # IDNA uses NFKC equivalence, so normalize for this check
-     import unicodedata
--    netloc2 = unicodedata.normalize('NFKC', netloc)
--    if netloc == netloc2:
-+    n = netloc.replace(u'@', u'') # ignore characters already included
-+    n = n.replace(u':', u'')      # but not the surrounding text
-+    n = n.replace(u'#', u'')
-+    n = n.replace(u'?', u'')
-+
-+    netloc2 = unicodedata.normalize('NFKC', n)
-+    if n == netloc2:
-         return
--    _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
-     for c in '/?#@:':
-         if c in netloc2:
--            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
--                             "characters under NFKC normalization")
-+            raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
-+                             u"characters under NFKC normalization")
- 
- def urlsplit(url, scheme='', allow_fragments=True):
-     """Parse a URL into 5 components:
--- 
-2.7.4
-

meta/recipes-devtools/python/python/python2-manifest.json

@@ -267,6 +267,7 @@
             "${libdir}/python2.7/lib-dynload/xreadlines.so", 
             "${libdir}/python2.7/linecache.py", 
             "${libdir}/python2.7/new.py", 
+            "${libdir}/python2.7/ntpath.py",
             "${libdir}/python2.7/os.py", 
             "${libdir}/python2.7/platform.py", 
             "${libdir}/python2.7/posixpath.py", 

meta/recipes-devtools/python/python3/0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch

@@ -70,7 +70,7 @@ index 6e81b2f..671a20e 100644
  
  Programs/python.o: $(srcdir)/Programs/python.c
 @@ -856,7 +857,7 @@ regen-opcode:
- Python/compile.o Python/symtable.o Python/ast_unparse.o Python/ast.o: $(srcdir)/Include/graminit.h $(srcdir)/Include/Python-ast.h
+ Python/compile.o Python/symtable.o Python/ast_unparse.o Python/ast.o Python/future.o Parser/parsetok.o: $(srcdir)/Include/graminit.h $(srcdir)/Include/Python-ast.h
  
  Python/getplatform.o: $(srcdir)/Python/getplatform.c
 -		$(CC) -c $(PY_CORE_CFLAGS) -DPLATFORM='"$(MACHDEP)"' -o $@ $(srcdir)/Python/getplatform.c

meta/recipes-devtools/python/python3/0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch

@@ -0,0 +1,34 @@
+From 840fda32c82550259d02a7a56a78a9c05162b1a1 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 8 May 2019 16:10:29 +0800
+Subject: [PATCH] Makefile: fix Issue36464 (parallel build race problem)
+
+When using make -j with the 'install' target, it's possible for altbininstall
+(which normally creates BINDIR) and libainstall (which doesn't, though it
+installs python-config there) to race, resulting in a failure due to
+attempting to install python-config into a nonexistent BINDIR. Ensure it also
+exists in the libainstall target.
+
+Upstream-Status: Submitted [https://github.com/python/cpython/pull/13186]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ Makefile.pre.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.pre.in b/Makefile.pre.in
+index 15f3687..7e9f173 100644
+--- a/Makefile.pre.in
++++ b/Makefile.pre.in
+@@ -1456,7 +1456,7 @@ LIBPL=		@LIBPL@
+ LIBPC=		$(LIBDIR)/pkgconfig
+ 
+ libainstall:	@DEF_MAKE_RULE@ python-config
+-	@for i in $(LIBDIR) $(LIBPL) $(LIBPC); \
++	@for i in $(LIBDIR) $(LIBPL) $(LIBPC) $(BINDIR); \
+ 	do \
+ 		if test ! -d $(DESTDIR)$$i; then \
+ 			echo "Creating directory $$i"; \
+-- 
+2.7.4
+

meta/recipes-devtools/python/python3/0001-Use-FLAG_REF-always-for-interned-strings.patch

@@ -0,0 +1,35 @@
+From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001
+From: Inada Naoki <songofacandy@gmail.com>
+Date: Sat, 14 Jul 2018 00:46:11 +0900
+Subject: [PATCH] Use FLAG_REF always for interned strings
+
+Upstream-status: Submitted [https://github.com/python/cpython/pull/8226]
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ Python/marshal.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/Python/marshal.c b/Python/marshal.c
+index 6d06266c6a..51db2e3b2e 100644
+--- a/Python/marshal.c
++++ b/Python/marshal.c
+@@ -275,9 +275,14 @@ w_ref(PyObject *v, char *flag, WFILE *p)
+     if (p->version < 3 || p->hashtable == NULL)
+         return 0; /* not writing object references */
+ 
+-    /* if it has only one reference, it definitely isn't shared */
+-    if (Py_REFCNT(v) == 1)
++    /* If it has only one reference, it definitely isn't shared.
++     * But we use TYPE_REF always for interned string, to PYC file stable
++     * as possible.
++     */
++    if (Py_REFCNT(v) == 1 &&
++            !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) {
+         return 0;
++    }
+ 
+     entry = _Py_HASHTABLE_GET_ENTRY(p->hashtable, v);
+     if (entry != NULL) {
+-- 
+2.21.0
+

meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch

@@ -0,0 +1,201 @@
+From 7535c39951b9d15dd64c4669092a8582ba555466 Mon Sep 17 00:00:00 2001
+From: Matthias Schoepfer <matthias.schoepfer@ithinx.io>
+Date: Fri, 31 May 2019 15:34:34 +0200
+Subject: [PATCH] bpo-36852: proper detection of mips architecture for soft
+ float
+
+When (cross) compiling for softfloat mips, __mips_hard_float will not be
+defined and detection of OS triplet in configure.ac / configure will fail.
+
+This also has to do with the custom detection of the build triplet. Trying
+to do this in a more autoconf/autotools manner.
+
+Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196]
+Signed-off-by: Matthias Schoepfer <matthias.schoepfer@ithinx.io>
+---
+ configure.ac | 169 ++++++---------------------------------------------
+ 1 file changed, 17 insertions(+), 152 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index a7de901e08..a73e2de51b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -727,158 +727,23 @@ fi
+ MULTIARCH=$($CC --print-multiarch 2>/dev/null)
+ AC_SUBST(MULTIARCH)
+ 
+-AC_MSG_CHECKING([for the platform triplet based on compiler characteristics])
+-cat >> conftest.c <<EOF
+-#undef bfin
+-#undef cris
+-#undef fr30
+-#undef linux
+-#undef hppa
+-#undef hpux
+-#undef i386
+-#undef mips
+-#undef powerpc
+-#undef sparc
+-#undef unix
+-#if defined(__ANDROID__)
+-    # Android is not a multiarch system.
+-#elif defined(__linux__)
+-# if defined(__x86_64__) && defined(__LP64__)
+-        x86_64-linux-gnu
+-# elif defined(__x86_64__) && defined(__ILP32__)
+-        x86_64-linux-gnux32
+-# elif defined(__i386__)
+-        i386-linux-gnu
+-# elif defined(__aarch64__) && defined(__AARCH64EL__)
+-#  if defined(__ILP32__)
+-        aarch64_ilp32-linux-gnu
+-#  else
+-        aarch64-linux-gnu
+-#  endif
+-# elif defined(__aarch64__) && defined(__AARCH64EB__)
+-#  if defined(__ILP32__)
+-        aarch64_be_ilp32-linux-gnu
+-#  else
+-        aarch64_be-linux-gnu
+-#  endif
+-# elif defined(__alpha__)
+-        alpha-linux-gnu
+-# elif defined(__ARM_EABI__) && defined(__ARM_PCS_VFP)
+-#  if defined(__ARMEL__)
+-        arm-linux-gnueabihf
+-#  else
+-        armeb-linux-gnueabihf
+-#  endif
+-# elif defined(__ARM_EABI__) && !defined(__ARM_PCS_VFP)
+-#  if defined(__ARMEL__)
+-        arm-linux-gnueabi
+-#  else
+-        armeb-linux-gnueabi
+-#  endif
+-# elif defined(__hppa__)
+-        hppa-linux-gnu
+-# elif defined(__ia64__)
+-        ia64-linux-gnu
+-# elif defined(__m68k__) && !defined(__mcoldfire__)
+-        m68k-linux-gnu
+-# elif defined(__mips_hard_float) && defined(__mips_isa_rev) && (__mips_isa_rev >=6) && defined(_MIPSEL)
+-#  if _MIPS_SIM == _ABIO32
+-        mipsisa32r6el-linux-gnu
+-#  elif _MIPS_SIM == _ABIN32
+-        mipsisa64r6el-linux-gnuabin32
+-#  elif _MIPS_SIM == _ABI64
+-        mipsisa64r6el-linux-gnuabi64
+-#  else
+-#   error unknown platform triplet
+-#  endif
+-# elif defined(__mips_hard_float) && defined(__mips_isa_rev) && (__mips_isa_rev >=6)
+-#  if _MIPS_SIM == _ABIO32
+-        mipsisa32r6-linux-gnu
+-#  elif _MIPS_SIM == _ABIN32
+-        mipsisa64r6-linux-gnuabin32
+-#  elif _MIPS_SIM == _ABI64
+-        mipsisa64r6-linux-gnuabi64
+-#  else
+-#   error unknown platform triplet
+-#  endif
+-# elif defined(__mips_hard_float) && defined(_MIPSEL)
+-#  if _MIPS_SIM == _ABIO32
+-        mipsel-linux-gnu
+-#  elif _MIPS_SIM == _ABIN32
+-        mips64el-linux-gnuabin32
+-#  elif _MIPS_SIM == _ABI64
+-        mips64el-linux-gnuabi64
+-#  else
+-#   error unknown platform triplet
+-#  endif
+-# elif defined(__mips_hard_float)
+-#  if _MIPS_SIM == _ABIO32
+-        mips-linux-gnu
+-#  elif _MIPS_SIM == _ABIN32
+-        mips64-linux-gnuabin32
+-#  elif _MIPS_SIM == _ABI64
+-        mips64-linux-gnuabi64
+-#  else
+-#   error unknown platform triplet
+-#  endif
+-# elif defined(__or1k__)
+-        or1k-linux-gnu
+-# elif defined(__powerpc__) && defined(__SPE__)
+-        powerpc-linux-gnuspe
+-# elif defined(__powerpc64__)
+-#  if defined(__LITTLE_ENDIAN__)
+-        powerpc64le-linux-gnu
+-#  else
+-        powerpc64-linux-gnu
+-#  endif
+-# elif defined(__powerpc__)
+-        powerpc-linux-gnu
+-# elif defined(__s390x__)
+-        s390x-linux-gnu
+-# elif defined(__s390__)
+-        s390-linux-gnu
+-# elif defined(__sh__) && defined(__LITTLE_ENDIAN__)
+-        sh4-linux-gnu
+-# elif defined(__sparc__) && defined(__arch64__)
+-        sparc64-linux-gnu
+-# elif defined(__sparc__)
+-        sparc-linux-gnu
+-# elif defined(__riscv)
+-#  if __riscv_xlen == 32
+-        riscv32-linux-gnu
+-#  elif __riscv_xlen == 64
+-        riscv64-linux-gnu
+-#  else
+-#   error unknown platform triplet
+-#  endif
+-# else
+-#   error unknown platform triplet
+-# endif
+-#elif defined(__FreeBSD_kernel__)
+-# if defined(__LP64__)
+-        x86_64-kfreebsd-gnu
+-# elif defined(__i386__)
+-        i386-kfreebsd-gnu
+-# else
+-#   error unknown platform triplet
+-# endif
+-#elif defined(__gnu_hurd__)
+-        i386-gnu
+-#elif defined(__APPLE__)
+-        darwin
+-#else
+-# error unknown platform triplet
+-#endif
+-
+-EOF
+-
+-if $CPP $CPPFLAGS conftest.c >conftest.out 2>/dev/null; then
+-  PLATFORM_TRIPLET=`grep -v '^#' conftest.out | grep -v '^ *$' | tr -d ' 	'`
+-  AC_MSG_RESULT([$PLATFORM_TRIPLET])
+-else
+-  AC_MSG_RESULT([none])
+-fi
+-rm -f conftest.c conftest.out
++AC_CANONICAL_TARGET
++## Not using $target to filter out vendor
++## Need to handle macos, vxworks and hurd special (?) :-/
++case ${target_os} in
++     darwin*)
++     	PLATFORM_TRIPLET=darwin
++	;;
++     hurd*)
++     	PLATFORM_TRIPLET=i386-gnu
++	;;
++     vxworks*)
++     	PLATFORM_TRIPLET=vxworks
++	;;
++     *)
++	PLATFORM_TRIPLET=${target_cpu}-${target_os}
++	;;
++esac	
+ 
+ if test x$PLATFORM_TRIPLET != x && test x$MULTIARCH != x; then
+   if test x$PLATFORM_TRIPLET != x$MULTIARCH; then
+-- 
+2.21.0
+

meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch

@@ -63,7 +63,7 @@ index a7de901..4a3681f 100644
 +  case $cc_basename in
      *clang*)
        AC_SUBST(LLVM_AR)
-       AC_PATH_TARGET_TOOL(LLVM_AR, llvm-ar, '', ${llvm_path})
+       AC_PATH_TOOL(LLVM_AR, llvm-ar, '', ${llvm_path})
 @@ -1426,7 +1427,7 @@ then
    fi
  fi

meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch

@@ -0,0 +1,46 @@
+From b94995e0c694ec9561efec0d1a59b323340e6105 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Mon, 5 Aug 2019 15:57:39 +0800
+Subject: [PATCH] test_locale.py: correct the test output format
+
+Before this patch:
+ # python3 -m test -v test_locale
+ [snip]
+ test_getsetlocale_issue1813 (test.test_locale.TestMiscellaneous) ... testing with ('tr_TR', 'ISO8859-9') ok
+ [snip]
+
+ After this patch:
+ # python3 -m test -v test_locale
+ [snip]
+ test_getsetlocale_issue1813 (test.test_locale.TestMiscellaneous) ... testing with ('tr_TR', 'ISO8859-9')... ok
+ [snip]
+
+ Make the test ended with "... ok" is common in python
+ unittest world, we should make it keep consistent
+ with other test cases in case it may be ignored to
+ record in the report if we use the common filter
+ "... ok".
+
+Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ Lib/test/test_locale.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py
+index e2c2178..558d63c 100644
+--- a/Lib/test/test_locale.py
++++ b/Lib/test/test_locale.py
+@@ -527,7 +527,7 @@ class TestMiscellaneous(unittest.TestCase):
+             self.skipTest('test needs Turkish locale')
+         loc = locale.getlocale(locale.LC_CTYPE)
+         if verbose:
+-            print('testing with %a' % (loc,), end=' ', flush=True)
++            print('testing with %a...' % (loc,), end=' ', flush=True)
+         locale.setlocale(locale.LC_CTYPE, loc)
+         self.assertEqual(loc, locale.getlocale(locale.LC_CTYPE))
+ 
+-- 
+2.7.4
+

meta/recipes-devtools/python/python3/crosspythonpath.patch

@@ -0,0 +1,25 @@
+configure.ac: add CROSSPYTHONPATH into PYTHONPATH for PYTHON_FOR_BUILD
+
+When building x86->x86 the system will try to execute .so and related items
+from the default PYTHONPATH.  This will fail if the target CPU contains
+instructions that the host CPU does not have, add CROSSPYTHONPATH
+into PYTHONPATH so we can prepend the list to find correct libs.
+
+Upstream-Status: Inappropriate [OE-Core integration specific]
+
+Credits-to: Mark Hatle <mark.hatle@windriver.com>
+Credits-to: Jackie Huang <jackie.huang@windriver.com>
+Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com>
+diff --git a/configure.ac b/configure.ac
+index 4ab19a6..7036a53 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -76,7 +76,7 @@ if test "$cross_compiling" = yes; then
+ 	    AC_MSG_ERROR([python$PACKAGE_VERSION interpreter not found])
+ 	fi
+         AC_MSG_RESULT($interp)
+-	PYTHON_FOR_BUILD='_PYTHON_PROJECT_BASE=$(abs_builddir) _PYTHON_HOST_PLATFORM=$(_PYTHON_HOST_PLATFORM) PYTHONPATH=$(shell test -f pybuilddir.txt && echo $(abs_builddir)/`cat pybuilddir.txt`:)$(srcdir)/Lib _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata_$(ABIFLAGS)_$(MACHDEP)_$(MULTIARCH) '$interp
++	PYTHON_FOR_BUILD='_PYTHON_PROJECT_BASE=$(abs_builddir) _PYTHON_HOST_PLATFORM=$(_PYTHON_HOST_PLATFORM) PYTHONPATH=$(CROSSPYTHONPATH):$(shell test -f pybuilddir.txt && echo $(abs_builddir)/`cat pybuilddir.txt`:)$(srcdir)/Lib _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata_$(ABIFLAGS)_$(MACHDEP)_$(MULTIARCH) '$interp
+     fi
+ elif test "$cross_compiling" = maybe; then
+     AC_MSG_ERROR([Cross compiling required --host=HOST-TUPLE and --build=ARCH])

meta/recipes-devtools/python/python3/reformat_sysconfig.py

@@ -0,0 +1,21 @@
+#! /usr/bin/env python3
+#
+# SPDX-License-Identifier: MIT
+#
+# Copyright 2019 by Garmin Ltd. or its subsidiaries
+#
+# A script to reformat python sysconfig
+
+import sys
+import pprint
+l = {}
+g = {}
+with open(sys.argv[1], 'r') as f:
+    exec(f.read(), g, l)
+
+with open(sys.argv[1], 'w') as f:
+    for k in sorted(l.keys()):
+        f.write('%s = ' % k)
+        pprint.pprint(l[k], stream=f, width=sys.maxsize)
+        f.write('\n')
+

meta/recipes-devtools/python/python3_3.7.6.bb

@@ -22,6 +22,12 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0002-Don-t-do-runtime-test-to-get-float-byte-order.patch \
            file://0003-setup.py-pass-missing-libraries-to-Extension-for-mul.patch \
            file://0001-Lib-sysconfig.py-fix-another-place-where-lib-is-hard.patch \
+           file://0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch \
+	   file://0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch \
+	   file://crosspythonpath.patch \
+           file://reformat_sysconfig.py \
+           file://0001-Use-FLAG_REF-always-for-interned-strings.patch \
+           file://0001-test_locale.py-correct-the-test-output-format.patch \
            "
 
 SRC_URI_append_class-native = " \
@@ -32,14 +38,17 @@ SRC_URI_append_class-nativesdk = " \
            file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
            "
 
-SRC_URI[md5sum] = "d33e4aae66097051c2eca45ee3604803"
-SRC_URI[sha256sum] = "fb799134b868199930b75f26678f18932214042639cd52b16da7fd134cd9b13f"
+SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c"
+SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
 
 CVE_PRODUCT = "python"
 
+# This is not exploitable when glibc has CVE-2016-10739 fixed.
+CVE_CHECK_WHITELIST += "CVE-2019-18348"
+
 PYTHON_MAJMIN = "3.7"
 PYTHON_BINABI = "${PYTHON_MAJMIN}m"
 
@@ -63,6 +72,7 @@ DEPENDS_append_class-nativesdk = " python3-native"
 EXTRA_OECONF = " --without-ensurepip --enable-shared"
 EXTRA_OECONF_append_class-native = " --bindir=${bindir}/${PN}"
 
+export CROSSPYTHONPATH="${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/"
 
 EXTRANATIVEPATH += "python3-native"
 
@@ -153,6 +163,12 @@ py_package_preprocess () {
                 ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata*.py \
                 ${PKGD}/${bindir}/python${PYTHON_BINABI}-config
 
+        # Reformat _sysconfigdata after modifying it so that it remains
+        # reproducible
+        for c in ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata*.py; do
+            python3 ${WORKDIR}/reformat_sysconfig.py $c
+        done
+
         # Recompile _sysconfigdata after modifying it
         cd ${PKGD}
         sysconfigfile=`find . -name _sysconfigdata_*.py`
@@ -292,6 +308,8 @@ FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN} ${libdir}/python${PYTHON_MA
 PACKAGES += "${PN}-man"
 FILES_${PN}-man = "${datadir}/man"
 
+# See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395
+RDEPENDS_libpython3_append_libc-glibc = " libgcc"
 RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed"
 RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9"
 RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}"

meta/recipes-devtools/python/python_2.7.17.bb

@@ -30,8 +30,6 @@ SRC_URI += " \
            file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
            file://float-endian.patch \
            file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
-           file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
-           file://bpo-36742-cve-2019-10160.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"

meta/recipes-devtools/rsync/rsync_3.1.3.bb

@@ -20,6 +20,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
 SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"
 SRC_URI[sha256sum] = "55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0"
 
+# -16548 required for v3.1.3pre1. Already in v3.1.3.
+CVE_CHECK_WHITELIST += " CVE-2017-16548 "
+
 inherit autotools
 
 PACKAGECONFIG ??= "acl attr \

meta/recipes-devtools/subversion/subversion_1.11.1.bb

@@ -18,6 +18,8 @@ SRC_URI[sha256sum] = "9efd2750ca4d72ec903431a24b9c732b6cbb84aad9b7563f59dd96dea5
 
 inherit autotools pkgconfig gettext
 
+CVE_PRODUCT = "apache:subversion"
+
 PACKAGECONFIG ?= ""
 
 PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl"

meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch

@@ -0,0 +1,316 @@
+CVE: CVE-2019-14866
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+From a052401293e45a13cded5959b258204dae6d0af5 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sun, 3 Nov 2019 23:59:39 +0200
+Subject: [PATCH] Fix CVE-2019-14866
+
+* src/copyout.c (to_ascii): Additional argument nul controls whether
+to add the terminating nul character.
+(field_width_error): Improve diagnostics: print the actual and the
+maximum allowed field value.
+* src/extern.h (to_ascii, field_width_error): New prototypes.
+* src/tar.c (to_oct): Remove.
+(to_oct_or_error): New function.
+(TO_OCT): New macro.
+(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on
+success, 1 on error.
+---
+ src/copyout.c | 49 ++++++++++++++++++++++--------------
+ src/extern.h  | 15 +++++++++--
+ src/tar.c     | 69 ++++++++++++++++++++++++---------------------------
+ 3 files changed, 75 insertions(+), 58 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..1ae5477 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -269,26 +269,32 @@ writeout_final_defers (int out_des)
+    so it should be moved to paxutils too.
+    Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
+ int
+-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)
+ {
+   static char codetab[] = "0123456789ABCDEF";
+-  int i = digits;
+-  
+-  do
++
++  if (nul)
++    where[--digits] = 0;
++  while (digits > 0)
+     {
+-      where[--i] = codetab[(v & ((1 << logbase) - 1))];
++      where[--digits] = codetab[(v & ((1 << logbase) - 1))];
+       v >>= logbase;
+     }
+-  while (i);
+ 
+   return v != 0;
+ }
+ 
+-static void
+-field_width_error (const char *filename, const char *fieldname)
++void
++field_width_error (const char *filename, const char *fieldname,
++		   uintmax_t value, size_t width, bool nul)
+ {
+-  error (0, 0, _("%s: field width not sufficient for storing %s"),
+-	 filename, fieldname);
++  char valbuf[UINTMAX_STRSIZE_BOUND + 1];
++  char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++  error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
++	 filename, fieldname,
++	 STRINGIFY_BIGINT (value, valbuf),
++	 STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
++			   maxbuf));
+ }
+ 
+ static void
+@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits,
+ 		  unsigned logbase,
+ 		  const char *filename, const char *fieldname)
+ {
+-  if (to_ascii (where, n, digits, logbase))
++  if (to_ascii (where, n, digits, logbase, false))
+     field_width_warning (filename, fieldname);
+ }    
+ 
+@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits,
+ 		   unsigned logbase,
+ 		   const char *filename, const char *fieldname)
+ {
+-  if (to_ascii (where, n, digits, logbase))
++  if (to_ascii (where, n, digits, logbase, false))
+     {
+-      field_width_error (filename, fieldname);
++      field_width_error (filename, fieldname, n, digits, false);
+       return 1;
+     }
+   return 0;
+@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string,
+ 			 _("name size")))
+     return 1;
+   p += 8;
+-  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
++  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);
+ 
+   tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
+ 
+@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev,
+   char ascii_header[76];
+   char *p = ascii_header;
+   
+-  to_ascii (p, file_hdr->c_magic, 6, LG_8);
++  to_ascii (p, file_hdr->c_magic, 6, LG_8, false);
+   p += 6;
+   to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
+   p += 6;
+@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev,
+   short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;
+   if (short_hdr.c_namesize != file_hdr->c_namesize)
+     {
+-      field_width_error (file_hdr->c_name, _("name size"));
++      char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++      error (0, 0, _("%s: value %s %s out of allowed range 0..%u"),
++	     file_hdr->c_name, _("name size"),
++	     STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);
+       return 1;
+     }
+ 		      
+@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev,
+   if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]
+        != file_hdr->c_filesize)
+     {
+-      field_width_error (file_hdr->c_name, _("file size"));
++      char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++      error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"),
++	     file_hdr->c_name, _("file size"),
++	     STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);
+       return 1;
+     }
+ 		      
+@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des)
+ 	  error (0, 0, _("%s: file name too long"), file_hdr->c_name);
+ 	  return 1;
+ 	}
+-      write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */
+-      return 0;
++      return write_out_tar_header (file_hdr, out_des);
+ 
+     case arf_binary:
+       return write_out_binary_header (makedev (file_hdr->c_rdev_maj,
+diff --git a/src/extern.h b/src/extern.h
+index e27d662..f9ef56a 100644
+--- a/src/extern.h
++++ b/src/extern.h
+@@ -117,6 +117,10 @@ void print_name_with_quoting (char *p);
+ /* copyout.c */
+ int write_out_header (struct cpio_file_stat *file_hdr, int out_des);
+ void process_copy_out (void);
++int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase,
++	      bool nul);
++void field_width_error (const char *filename, const char *fieldname,
++			uintmax_t value, size_t width, bool nul);
+ 
+ /* copypass.c */
+ void process_copy_pass (void);
+@@ -145,7 +149,7 @@ int make_path (char *argpath, uid_t owner, gid_t group,
+ 	       const char *verbose_fmt_string);
+ 
+ /* tar.c */
+-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
++int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
+ int null_block (long *block, int size);
+ void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des);
+ int otoa (char *s, unsigned long *n);
+@@ -204,9 +208,16 @@ void cpio_safer_name_suffix (char *name, bool link_target,
+ int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir);
+ void change_dir (void);
+ 
+-/* FIXME: These two defines should be defined in paxutils */
++/* FIXME: The following three should be defined in paxutils */
+ #define LG_8  3
+ #define LG_16 4
++/* The maximum uintmax_t value that can be represented with DIGITS digits,
++   assuming that each digit is BITS_PER_DIGIT wide.  */
++#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \
++   ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \
++    ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \
++    : (uintmax_t) -1)
++
+ 
+ uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase);
+ 
+diff --git a/src/tar.c b/src/tar.c
+index a2ce171..ef58027 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -79,36 +79,17 @@ stash_tar_filename (char *prefix, char *filename)
+   return hold_tar_filename;
+ }
+ 
+-/* Convert a number into a string of octal digits.
+-   Convert long VALUE into a DIGITS-digit field at WHERE,
+-   including a trailing space and room for a NUL.  DIGITS==3 means
+-   1 digit, a space, and room for a NUL.
+-
+-   We assume the trailing NUL is already there and don't fill it in.
+-   This fact is used by start_header and finish_header, so don't change it!
+-
+-   This is be equivalent to:
+-   sprintf (where, "%*lo ", digits - 2, value);
+-   except that sprintf fills in the trailing NUL and we don't.  */
+-
+-static void
+-to_oct (register long value, register int digits, register char *where)
++static int
++to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field,
++		 char const *file)
+ {
+-  --digits;			/* Leave the trailing NUL slot alone.  */
+-
+-  /* Produce the digits -- at least one.  */
+-  do
++  if (to_ascii (where, value, digits, LG_8, true))
+     {
+-      where[--digits] = '0' + (char) (value & 7); /* One octal digit.  */
+-      value >>= 3;
++      field_width_error (file, field, value, digits, true);
++      return 1;
+     }
+-  while (digits > 0 && value != 0);
+-
+-  /* Add leading zeroes, if necessary.  */
+-  while (digits > 0)
+-    where[--digits] = '0';
++  return 0;
+ }
+-
+ 
+ 
+ /* Compute and return a checksum for TAR_HDR,
+@@ -134,10 +115,22 @@ tar_checksum (struct tar_header *tar_hdr)
+   return sum;
+ }
+ 
++#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \
++  do							    \
++    {							    \
++       if (to_oct_or_error (file_hdr -> c_fld,		    \
++			    digits,			    \
++			    tar_hdr -> tar_field,	    \
++			    #tar_field,			    \
++			    file_hdr->c_name))		    \
++	 return 1;					    \
++    }							    \
++  while (0)
++
+ /* Write out header FILE_HDR, including the file name, to file
+    descriptor OUT_DES.  */
+ 
+-void
++int
+ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ {
+   int name_len;
+@@ -166,11 +159,11 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ 
+   /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal
+      digits */
+-  to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode);
+-  to_oct (file_hdr->c_uid, 8, tar_hdr->uid);
+-  to_oct (file_hdr->c_gid, 8, tar_hdr->gid);
+-  to_oct (file_hdr->c_filesize, 12, tar_hdr->size);
+-  to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime);
++  TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode);
++  TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid);
++  TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid);
++  TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size);
++  TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime);
+ 
+   switch (file_hdr->c_mode & CP_IFMT)
+     {
+@@ -182,7 +175,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ 	  strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
+ 		   TARLINKNAMESIZE);
+ 	  tar_hdr->typeflag = LNKTYPE;
+-	  to_oct (0, 12, tar_hdr->size);
++	  to_ascii (tar_hdr->size, 0, 12, LG_8, true);
+ 	}
+       else
+ 	tar_hdr->typeflag = REGTYPE;
+@@ -208,7 +201,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ 	 than TARLINKNAMESIZE.  */
+       strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
+ 	       TARLINKNAMESIZE);
+-      to_oct (0, 12, tar_hdr->size);
++      to_ascii (tar_hdr->size, 0, 12, LG_8, true);
+       break;
+ #endif /* CP_IFLNK */
+     }
+@@ -227,13 +220,15 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+       if (name)
+ 	strcpy (tar_hdr->gname, name);
+ 
+-      to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor);
+-      to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor);
++      TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor);
++      TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor);
+     }
+ 
+-  to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum);
++  to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true);
+ 
+   tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE);
++
++  return 0;
+ }
+ 
+ /* Return nonzero iff all the bytes in BLOCK are NUL.
+-- 
+2.24.1
+

meta/recipes-extended/cpio/cpio_2.12.bb

@@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
            file://0001-Fix-CVE-2015-1197.patch \
            file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
            file://0001-Fix-segfault-with-append.patch \
+           file://CVE-2019-14866.patch \
            "
 
 SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"

meta/recipes-extended/ed/ed_1.15.bb

@@ -9,6 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7 \
 
 SECTION = "base"
 
+CVE_PRODUCT = "gnu:ed"
+
 # LSB states that ed should be in /bin/
 bindir = "${base_bindir}"