build-appliance-image: Update to zeus head revision

(From OE-Core rev: 9bab7c1a29a58ba7f97e253e4e0ac167b77d0e65)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/utils.py

@@ -851,7 +851,7 @@ def copyfile(src, dest, newmtime = None, sstat = None):
             if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
                 os.unlink(dest)
             os.symlink(target, dest)
-            #os.lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
+            os.lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
             return os.lstat(dest)
         except Exception as e:
             logger.warning("copyfile: failed to create symlink %s to %s (%s)" % (dest, target, e))

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "3.0.2"
+DISTRO_VERSION = "3.0.3"
 DISTRO_CODENAME = "zeus"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"

meta/classes/cve-check.bbclass

@@ -52,11 +52,14 @@ python do_cve_check () {
     """
 
     if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
-        patched_cves = get_patches_cves(d)
-        patched, unpatched = check_cves(d, patched_cves)
+        try:
+            patched_cves = get_patches_cves(d)
+        except FileNotFoundError:
+            bb.fatal("Failure in searching patches")
+        whitelisted, patched, unpatched = check_cves(d, patched_cves)
         if patched or unpatched:
             cve_data = get_cve_info(d, patched + unpatched)
-            cve_write_data(d, patched, unpatched, cve_data)
+            cve_write_data(d, patched, unpatched, whitelisted, cve_data)
     else:
         bb.note("No CVE database found, skipping CVE check")
 
@@ -129,6 +132,10 @@ def get_patches_cves(d):
     for url in src_patches(d):
         patch_file = bb.fetch.decodeurl(url)[2]
 
+        if not os.path.isfile(patch_file):
+            bb.error("File Not found: %s" % patch_file)
+            raise FileNotFoundError
+
         # Check patch file name for CVE ID
         fname_match = cve_file_name_match.search(patch_file)
         if fname_match:
@@ -172,13 +179,13 @@ def check_cves(d, patched_cves):
     products = d.getVar("CVE_PRODUCT").split()
     # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
     if not products:
-        return ([], [])
+        return ([], [], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
 
     # If the recipe has been whitlisted we return empty lists
     if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():
         bb.note("Recipe has been whitelisted, skipping check")
-        return ([], [])
+        return ([], [], [])
 
     old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
     if old_cve_whitelist:
@@ -214,7 +221,7 @@ def check_cves(d, patched_cves):
                 (_, _, _, version_start, operator_start, version_end, operator_end) = row
                 #bb.debug(2, "Evaluating row " + str(row))
 
-                if (operator_start == '=' and pv == version_start):
+                if (operator_start == '=' and pv == version_start) or version_start == '-':
                     vulnerable = True
                 else:
                     if operator_start:
@@ -256,7 +263,7 @@ def check_cves(d, patched_cves):
 
     conn.close()
 
-    return (list(patched_cves), cves_unpatched)
+    return (list(cve_whitelist), list(patched_cves), cves_unpatched)
 
 def get_cve_info(d, cves):
     """
@@ -280,7 +287,7 @@ def get_cve_info(d, cves):
     conn.close()
     return cve_data
 
-def cve_write_data(d, patched, unpatched, cve_data):
+def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
     """
     Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
     CVE manifest if enabled.
@@ -296,7 +303,9 @@ def cve_write_data(d, patched, unpatched, cve_data):
         write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
         write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV")
         write_string += "CVE: %s\n" % cve
-        if cve in patched:
+        if cve in whitelisted:
+            write_string += "CVE STATUS: Whitelisted\n"
+        elif cve in patched:
             write_string += "CVE STATUS: Patched\n"
         else:
             unpatched_cves.append(cve)

meta/classes/kernel-yocto.bbclass

@@ -1,5 +1,5 @@
 # remove tasks that modify the source tree in case externalsrc is inherited
-SRCTREECOVEREDTASKS += "do_kernel_configme do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch"
+SRCTREECOVEREDTASKS += "do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch"
 PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe"
 PATCH_GIT_USER_NAME ?= "OpenEmbedded"
 
@@ -301,6 +301,7 @@ do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot"
 do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot"
 do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}gcc:do_populate_sysroot"
 do_kernel_configme[depends] += "bc-native:do_populate_sysroot bison-native:do_populate_sysroot"
+do_kernel_configme[depends] += "kern-tools-native:do_populate_sysroot"
 do_kernel_configme[dirs] += "${S} ${B}"
 do_kernel_configme() {
 	set +e

meta/classes/kernelsrc.bbclass

@@ -1,7 +1,7 @@
 S = "${STAGING_KERNEL_DIR}"
 deltask do_fetch
 deltask do_unpack
-do_patch[depends] += "virtual/kernel:do_patch"
+do_patch[depends] += "virtual/kernel:do_shared_workdir"
 do_patch[noexec] = "1"
 do_package[depends] += "virtual/kernel:do_populate_sysroot"
 KERNEL_VERSION = "${@get_kernelversion_file("${STAGING_KERNEL_BUILDDIR}")}"

meta/classes/sanity.bbclass

@@ -625,13 +625,14 @@ def check_sanity_version_change(status, d):
     # In other words, these tests run once in a given build directory and then 
     # never again until the sanity version or host distrubution id/version changes.
 
-    # Check the python install is complete. glib-2.0-natives requries
-    # xml.parsers.expat
+    # Check the python install is complete. Examples that are often removed in
+    # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu
+    # requires distutils.sysconfig.
     try:
         import xml.parsers.expat
-    except ImportError:
-        status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n')
-    import stat
+        import distutils.sysconfig
+    except ImportError as e:
+        status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name)
 
     status.addresult(check_make_version(d))
     status.addresult(check_patch_version(d))
@@ -667,6 +668,7 @@ def check_sanity_version_change(status, d):
         status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n')
 
     # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
+    import stat
     tmpdir = d.getVar('TMPDIR')
     status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
     tmpdirmode = os.stat(tmpdir).st_mode

meta/conf/distro/include/maintainers.inc

@@ -82,6 +82,7 @@ RECIPE_MAINTAINER_pn-build-appliance-image = "Richard Purdie <richard.purdie@lin
 RECIPE_MAINTAINER_pn-build-compare = "Paul Eggleton <paul.eggleton@linux.intel.com>"
 RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.org>"
+RECIPE_MAINTAINER_pn-buildtools-extended-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>"
 RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>"

meta/conf/distro/include/security_flags.inc

@@ -57,6 +57,8 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
 
 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"
 
 SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
 SECURITY_STACK_PROTECTOR_pn-glibc = ""

meta/conf/distro/include/yocto-uninative.inc

@@ -6,9 +6,9 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.30"
+UNINATIVE_MAXGLIBCVERSION = "2.31"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.7/"
-UNINATIVE_CHECKSUM[aarch64] ?= "e76a45886ee8a0b3904b761c17ac8ff91edf9811ee455f1832d10763ba794dfc"
-UNINATIVE_CHECKSUM[i686] ?= "810d027dfb1c7675226afbcec07808770516c969ee7378f6d8240281083f8924"
-UNINATIVE_CHECKSUM[x86_64] ?= "9498d8bba047499999a7310ac2576d0796461184965351a56f6d32c888a1f216"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/"
+UNINATIVE_CHECKSUM[aarch64] ?= "989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe"
+UNINATIVE_CHECKSUM[i686] ?= "cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990"
+UNINATIVE_CHECKSUM[x86_64] ?= "a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab"

meta/files/toolchain-shar-extract.sh

@@ -249,7 +249,7 @@ if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
         rm sdk.zip && exit 1
     fi
 else
-    tail -n +$payload_offset $0| $SUDO_EXEC tar xJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
+    tail -n +$payload_offset $0| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
 fi
 echo "done"
 

meta/lib/oe/package_manager.py

@@ -40,8 +40,9 @@ def opkg_query(cmd_output):
     ver = ""
     filename = ""
     dep = []
+    prov = []
     pkgarch = ""
-    for line in cmd_output.splitlines():
+    for line in cmd_output.splitlines()+['']:
         line = line.rstrip()
         if ':' in line:
             if line.startswith("Package: "):
@@ -64,6 +65,10 @@ def opkg_query(cmd_output):
                     dep.append("%s [REC]" % recommend)
             elif line.startswith("PackageArch: "):
                 pkgarch = line.split(": ")[1]
+            elif line.startswith("Provides: "):
+                provides = verregex.sub('', line.split(": ")[1])
+                for provide in provides.split(", "):
+                    prov.append(provide)
 
         # When there is a blank line save the package information
         elif not line:
@@ -72,20 +77,15 @@ def opkg_query(cmd_output):
                 filename = "%s_%s_%s.ipk" % (pkg, ver, arch)
             if pkg:
                 output[pkg] = {"arch":arch, "ver":ver,
-                        "filename":filename, "deps": dep, "pkgarch":pkgarch }
+                        "filename":filename, "deps": dep, "pkgarch":pkgarch, "provs": prov}
             pkg = ""
             arch = ""
             ver = ""
             filename = ""
             dep = []
+            prov = []
             pkgarch = ""
 
-    if pkg:
-        if not filename:
-            filename = "%s_%s_%s.ipk" % (pkg, ver, arch)
-        output[pkg] = {"arch":arch, "ver":ver,
-                "filename":filename, "deps": dep }
-
     return output
 
 def failed_postinsts_abort(pkgs, log_path):
@@ -360,7 +360,7 @@ class DpkgPkgsList(PkgsList):
                "--admindir=%s/var/lib/dpkg" % self.rootfs_dir,
                "-W"]
 
-        cmd.append("-f=Package: ${Package}\nArchitecture: ${PackageArch}\nVersion: ${Version}\nFile: ${Package}_${Version}_${Architecture}.deb\nDepends: ${Depends}\nRecommends: ${Recommends}\n\n")
+        cmd.append("-f=Package: ${Package}\nArchitecture: ${PackageArch}\nVersion: ${Version}\nFile: ${Package}_${Version}_${Architecture}.deb\nDepends: ${Depends}\nRecommends: ${Recommends}\nProvides: ${Provides}\n\n")
 
         try:
             cmd_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).strip().decode("utf-8")
@@ -578,6 +578,11 @@ class PackageManager(object, metaclass=ABCMeta):
         # oe-pkgdata-util reads it from a file
         with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs:
             pkgs = self.list_installed()
+
+            provided_pkgs = set()
+            for pkg in pkgs.values():
+                provided_pkgs |= set(pkg.get('provs', []))
+
             output = oe.utils.format_pkg_list(pkgs, "arch")
             installed_pkgs.write(output)
             installed_pkgs.flush()
@@ -589,10 +594,15 @@ class PackageManager(object, metaclass=ABCMeta):
             if exclude:
                 cmd.extend(['--exclude=' + '|'.join(exclude.split())])
             try:
-                bb.note("Installing complementary packages ...")
                 bb.note('Running %s' % cmd)
                 complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
-                self.install(complementary_pkgs.split(), attempt_only=True)
+                complementary_pkgs = set(complementary_pkgs.split())
+                skip_pkgs = sorted(complementary_pkgs & provided_pkgs)
+                install_pkgs = sorted(complementary_pkgs - provided_pkgs)
+                bb.note("Installing complementary packages ... %s (skipped already provided packages %s)" % (
+                    ' '.join(install_pkgs),
+                    ' '.join(skip_pkgs)))
+                self.install(install_pkgs, attempt_only=True)
             except subprocess.CalledProcessError as e:
                 bb.fatal("Could not compute complementary packages list. Command "
                          "'%s' returned %d:\n%s" %
@@ -1619,7 +1629,7 @@ class DpkgPM(OpkgDpkgPM):
 
         os.environ['APT_CONFIG'] = self.apt_conf_file
 
-        cmd = "%s %s install --force-yes --allow-unauthenticated %s" % \
+        cmd = "%s %s install --force-yes --allow-unauthenticated --no-remove %s" % \
               (self.apt_get_cmd, self.apt_args, ' '.join(pkgs))
 
         try:
@@ -1781,8 +1791,7 @@ class DpkgPM(OpkgDpkgPM):
             open(os.path.join(target_dpkg_dir, "available"), "w+").close()
 
     def remove_packaging_data(self):
-        bb.utils.remove(os.path.join(self.target_rootfs,
-                                     self.d.getVar('opkglibdir')), True)
+        bb.utils.remove(self.target_rootfs + self.d.getVar('opkglibdir'), True)
         bb.utils.remove(self.target_rootfs + "/var/lib/dpkg/", True)
 
     def fix_broken_dependencies(self):

meta/lib/oe/prservice.py

@@ -3,6 +3,10 @@
 #
 
 def prserv_make_conn(d, check = False):
+    # Otherwise this fails when called from recipes which e.g. inherit python3native (which sets _PYTHON_SYSCONFIGDATA_NAME) with:
+    # No module named '_sysconfigdata'
+    if '_PYTHON_SYSCONFIGDATA_NAME' in os.environ:
+        del os.environ['_PYTHON_SYSCONFIGDATA_NAME']
     import prserv.serv
     host_params = list([_f for _f in (d.getVar("PRSERV_HOST") or '').split(':') if _f])
     try:

meta/lib/oeqa/utils/qemurunner.py

@@ -396,7 +396,10 @@ class QemuRunner:
         self.qemupid = None
         self.ip = None
         if os.path.exists(self.qemu_pidfile):
-            os.remove(self.qemu_pidfile)
+            try:
+                os.remove(self.qemu_pidfile)
+            except FileNotFoundError as e:
+                self.logger.warning('qemu pidfile is no longer present')
         if self.monitorpipe:
             self.monitorpipe.close()
 

meta/recipes-bsp/u-boot/u-boot-tools.inc

@@ -0,0 +1,65 @@
+SUMMARY = "U-Boot bootloader tools"
+DEPENDS += "openssl"
+
+PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage"
+PROVIDES_class-native = "u-boot-mkimage-native u-boot-mkenvimage-native"
+
+PACKAGES += "${PN}-mkimage ${PN}-mkenvimage"
+
+# Required for backward compatibility with "u-boot-mkimage-xxx.bb"
+RPROVIDES_${PN}-mkimage = "u-boot-mkimage"
+RREPLACES_${PN}-mkimage = "u-boot-mkimage"
+RCONFLICTS_${PN}-mkimage = "u-boot-mkimage"
+
+EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
+EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
+EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
+
+SED_CONFIG_EFI = '-e "s/CONFIG_EFI_LOADER=.*/# CONFIG_EFI_LOADER is not set/"'
+SED_CONFIG_EFI_x86 = ''
+SED_CONFIG_EFI_x86-64 = ''
+SED_CONFIG_EFI_arm = ''
+SED_CONFIG_EFI_armeb = ''
+SED_CONFIG_EFI_aarch64 = ''
+
+do_compile () {
+	oe_runmake sandbox_defconfig
+
+	# Disable CONFIG_CMD_LICENSE, license.h is not used by tools and
+	# generating it requires bin2header tool, which for target build
+	# is built with target tools and thus cannot be executed on host.
+	sed -i -e "s/CONFIG_CMD_LICENSE=.*/# CONFIG_CMD_LICENSE is not set/" ${SED_CONFIG_EFI} .config
+
+	oe_runmake cross_tools NO_SDL=1
+}
+
+do_install () {
+	install -d ${D}${bindir}
+
+	# mkimage
+	install -m 0755 tools/mkimage ${D}${bindir}/uboot-mkimage
+	ln -sf uboot-mkimage ${D}${bindir}/mkimage
+
+	# mkenvimage
+	install -m 0755 tools/mkenvimage ${D}${bindir}/uboot-mkenvimage
+	ln -sf uboot-mkenvimage ${D}${bindir}/mkenvimage
+
+	# dumpimage
+	install -m 0755 tools/dumpimage ${D}${bindir}/uboot-dumpimage
+	ln -sf uboot-dumpimage ${D}${bindir}/dumpimage
+
+	# fit_check_sign
+	install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign
+	ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign
+}
+
+ALLOW_EMPTY_${PN} = "1"
+FILES_${PN} = ""
+FILES_${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign"
+FILES_${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage"
+
+RDEPENDS_${PN}-mkimage += "dtc"
+RDEPENDS_${PN} += "${PN}-mkimage ${PN}-mkenvimage"
+RDEPENDS_${PN}_class-native = ""
+
+BBCLASSEXTEND = "native nativesdk"

meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb

@@ -1,67 +1,2 @@
 require u-boot-common.inc
-
-SUMMARY = "U-Boot bootloader tools"
-DEPENDS += "openssl"
-
-PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage"
-PROVIDES_class-native = "u-boot-mkimage-native u-boot-mkenvimage-native"
-
-PACKAGES += "${PN}-mkimage ${PN}-mkenvimage"
-
-# Required for backward compatibility with "u-boot-mkimage-xxx.bb"
-RPROVIDES_${PN}-mkimage = "u-boot-mkimage"
-RREPLACES_${PN}-mkimage = "u-boot-mkimage"
-RCONFLICTS_${PN}-mkimage = "u-boot-mkimage"
-
-EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
-EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
-EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
-
-SED_CONFIG_EFI = '-e "s/CONFIG_EFI_LOADER=.*/# CONFIG_EFI_LOADER is not set/"'
-SED_CONFIG_EFI_x86 = ''
-SED_CONFIG_EFI_x86-64 = ''
-SED_CONFIG_EFI_arm = ''
-SED_CONFIG_EFI_armeb = ''
-SED_CONFIG_EFI_aarch64 = ''
-
-do_compile () {
-	oe_runmake sandbox_defconfig
-
-	# Disable CONFIG_CMD_LICENSE, license.h is not used by tools and
-	# generating it requires bin2header tool, which for target build
-	# is built with target tools and thus cannot be executed on host.
-	sed -i -e "s/CONFIG_CMD_LICENSE=.*/# CONFIG_CMD_LICENSE is not set/" ${SED_CONFIG_EFI} .config
-
-	oe_runmake cross_tools NO_SDL=1
-}
-
-do_install () {
-	install -d ${D}${bindir}
-
-	# mkimage
-	install -m 0755 tools/mkimage ${D}${bindir}/uboot-mkimage
-	ln -sf uboot-mkimage ${D}${bindir}/mkimage
-
-	# mkenvimage
-	install -m 0755 tools/mkenvimage ${D}${bindir}/uboot-mkenvimage
-	ln -sf uboot-mkenvimage ${D}${bindir}/mkenvimage
-
-	# dumpimage
-	install -m 0755 tools/dumpimage ${D}${bindir}/uboot-dumpimage
-	ln -sf uboot-dumpimage ${D}${bindir}/dumpimage
-
-	# fit_check_sign
-	install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign
-	ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign
-}
-
-ALLOW_EMPTY_${PN} = "1"
-FILES_${PN} = ""
-FILES_${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign"
-FILES_${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage"
-
-RDEPENDS_${PN}-mkimage += "dtc"
-RDEPENDS_${PN} += "${PN}-mkimage ${PN}-mkenvimage"
-RDEPENDS_${PN}_class-native = ""
-
-BBCLASSEXTEND = "native nativesdk"
+require u-boot-tools.inc

meta/recipes-connectivity/bluez5/bluez5.inc

@@ -58,6 +58,8 @@ SRC_URI = "\
     file://CVE-2018-10910.patch \
     file://gcc9-fixes.patch \
     file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \
+    file://CVE-2020-0556-1.patch \
+    file://CVE-2020-0556-2.patch \
 "
 S = "${WORKDIR}/bluez-${PV}"
 

meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch

@@ -0,0 +1,35 @@
+From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001
+From: Alain Michaud <alainm@chromium.org>
+Date: Tue, 10 Mar 2020 02:35:16 +0000
+Subject: [PATCH 1/2] HOGP must only accept data from bonded devices.
+
+HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.
+
+Reference:
+https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+CVE: CVE-2020-0556
+---
+ profiles/input/hog.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/profiles/input/hog.c b/profiles/input/hog.c
+index 83c017dcb..dfac68921 100644
+--- a/profiles/input/hog.c
++++ b/profiles/input/hog.c
+@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
+ 			return -EINVAL;
+ 	}
+ 
++	/* HOGP 1.0 Section 6.1 requires bonding */
++	if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
++		return -ECONNREFUSED;
++
+ 	/* TODO: Replace GAttrib with bt_gatt_client */
+ 	bt_hog_attach(dev->hog, attrib);
+ 
+-- 
+2.24.1
+

meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch

@@ -0,0 +1,143 @@
+From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001
+From: Alain Michaud <alainm@chromium.org>
+Date: Tue, 10 Mar 2020 02:35:18 +0000
+Subject: [PATCH 2/2] HID accepts bonded device connections only.
+
+This change adds a configuration for platforms to choose a more secure
+posture for the HID profile.  While some older mice are known to not
+support pairing or encryption, some platform may choose a more secure
+posture by requiring the device to be bonded  and require the
+connection to be encrypted when bonding is required.
+
+Reference:
+https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+CVE: CVE-2020-0556
+
+---
+ profiles/input/device.c   | 23 ++++++++++++++++++++++-
+ profiles/input/device.h   |  1 +
+ profiles/input/input.conf |  8 ++++++++
+ profiles/input/manager.c  | 13 ++++++++++++-
+ 4 files changed, 43 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index 2cb3811c8..d89da2d7c 100644
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -92,6 +92,7 @@ struct input_device {
+ 
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
++static bool classic_bonded_only = false;
+ 
+ void input_set_idle_timeout(int timeout)
+ {
+@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state)
+ 	uhid_enabled = state;
+ }
+ 
++void input_set_classic_bonded_only(bool state)
++{
++	classic_bonded_only = state;
++}
++
+ static void input_device_enter_reconnect_mode(struct input_device *idev);
+ static int connection_disconnect(struct input_device *idev, uint32_t flags);
+ 
+@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev)
+ 	if (device_name_known(idev->device))
+ 		device_get_name(idev->device, req->name, sizeof(req->name));
+ 
++	/* Make sure the device is bonded if required */
++	if (classic_bonded_only && !device_is_bonded(idev->device,
++				btd_device_get_bdaddr_type(idev->device))) {
++		error("Rejected connection from !bonded device %s", dst_addr);
++		goto cleanup;
++	}
++
+ 	/* Encryption is mandatory for keyboards */
+-	if (req->subclass & 0x40) {
++	/* Some platforms may choose to require encryption for all devices */
++	/* Note that this only matters for pre 2.1 devices as otherwise the */
++	/* device is encrypted by default by the lower layers */
++	if (classic_bonded_only || req->subclass & 0x40) {
+ 		if (!bt_io_set(idev->intr_io, &gerr,
+ 					BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
+ 					BT_IO_OPT_INVALID)) {
+@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
+ 	DBG("path=%s reconnect_mode=%s", idev->path,
+ 				reconnect_mode_to_string(idev->reconnect_mode));
+ 
++	/* Make sure the device is bonded if required */
++	if (classic_bonded_only && !device_is_bonded(idev->device,
++				btd_device_get_bdaddr_type(idev->device)))
++		return;
++
+ 	/* Only attempt an auto-reconnect when the device is required to
+ 	 * accept reconnections from the host.
+ 	 */
+diff --git a/profiles/input/device.h b/profiles/input/device.h
+index 51a9aee18..3044db673 100644
+--- a/profiles/input/device.h
++++ b/profiles/input/device.h
+@@ -29,6 +29,7 @@ struct input_conn;
+ 
+ void input_set_idle_timeout(int timeout);
+ void input_enable_userspace_hid(bool state);
++void input_set_classic_bonded_only(bool state);
+ 
+ int input_device_register(struct btd_service *service);
+ void input_device_unregister(struct btd_service *service);
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 3e1d65aae..166aff4a4 100644
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -11,3 +11,11 @@
+ # Enable HID protocol handling in userspace input profile
+ # Defaults to false (HIDP handled in HIDP kernel module)
+ #UserspaceHID=true
++
++# Limit HID connections to bonded devices
++# The HID Profile does not specify that devices must be bonded, however some
++# platforms may want to make sure that input connections only come from bonded
++# device connections. Several older mice have been known for not supporting
++# pairing/encryption.
++# Defaults to false to maximize device compatibility.
++#ClassicBondedOnly=true
+diff --git a/profiles/input/manager.c b/profiles/input/manager.c
+index 1d31b0652..5cd27b839 100644
+--- a/profiles/input/manager.c
++++ b/profiles/input/manager.c
+@@ -96,7 +96,7 @@ static int input_init(void)
+ 	config = load_config_file(CONFIGDIR "/input.conf");
+ 	if (config) {
+ 		int idle_timeout;
+-		gboolean uhid_enabled;
++		gboolean uhid_enabled, classic_bonded_only;
+ 
+ 		idle_timeout = g_key_file_get_integer(config, "General",
+ 							"IdleTimeout", &err);
+@@ -114,6 +114,17 @@ static int input_init(void)
+ 			input_enable_userspace_hid(uhid_enabled);
+ 		} else
+ 			g_clear_error(&err);
++
++		classic_bonded_only = g_key_file_get_boolean(config, "General",
++						"ClassicBondedOnly", &err);
++
++		if (!err) {
++			DBG("input.conf: ClassicBondedOnly=%s",
++					classic_bonded_only ? "true" : "false");
++			input_set_classic_bonded_only(classic_bonded_only);
++		} else
++			g_clear_error(&err);
++
+ 	}
+ 
+ 	btd_profile_register(&input_profile);
+-- 
+2.24.1
+

meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch

@@ -0,0 +1,165 @@
+From f369dbb9e67eb5ef336944af63039b6d8f838384 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 12 Sep 2019 10:35:46 -0400
+Subject: [PATCH 1/3] Ensure context is running prior to calling
+ isc_app_ctxsuspend
+
+Add a release note.
+
+includes/omapip/isclib.h
+    Added actx_running flag to global context, dhcp_gbl_ctx
+
+omapip/isclib.c
+    set_ctx_running() - new function used as the ctxonrun callback
+
+    dhcp_context_create() - installs set_ctx_running callback
+
+    dhcp_signal_handler() - modified to use act_running flag to
+    determine is context is running and should be suspended
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ RELNOTES                 |  7 +++++
+ includes/omapip/isclib.h |  3 ++-
+ omapip/isclib.c          | 57 +++++++++++++++++++++++++++++++++-------
+ 3 files changed, 57 insertions(+), 10 deletions(-)
+
+diff --git a/RELNOTES b/RELNOTES
+index f10305d..1730473 100644
+--- a/RELNOTES
++++ b/RELNOTES
+@@ -6,6 +6,13 @@
+ 
+                               NEW FEATURES
+ 
++- Closed a small window of time between the installation of graceful
++  shutdown signal handlers and application context startup, during which
++  the receipt of shutdown signal would cause a REQUIRE() assertion to
++  occur.  Note this issue is only visible when compiling with
++  ENABLE_GENTLE_SHUTDOWN defined.
++  [Gitlab #53,!18   git TBD]
++
+ Please note that that ISC DHCP is now licensed under the Mozilla Public License,
+ MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
+ license terms.
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index 6c20584..af6a6fc 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -94,7 +94,8 @@
+ typedef struct dhcp_context {
+ 	isc_mem_t	*mctx;
+ 	isc_appctx_t	*actx;
+-	int              actx_started;
++	int              actx_started; // ISC_TRUE if ctxstart has been called
++	int              actx_running; // ISC_TRUE if ctxrun has been called
+ 	isc_taskmgr_t	*taskmgr;
+ 	isc_task_t	*task;
+ 	isc_socketmgr_t *socketmgr;
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index ce4b4a1..73e017c 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -134,6 +134,35 @@ handle_signal(int sig, void (*handler)(int)) {
+ 	}
+ }
+ 
++/* Callback passed to isc_app_ctxonrun
++ *
++ * BIND9 context code will invoke this handler once the context has
++ * entered the running state.  We use it to set a global marker so that
++ * we can tell if the context is running.  Several of the isc_app_
++ * calls REQUIRE that the context is running and we need a way to
++ * know that.
++ *
++ * We also check to see if we received a shutdown signal prior to
++ * the context entering the run state.  If we did, then we can just
++ * simply shut the context down now.  This closes the relatively
++ * small window between start up and entering run via the call
++ * to dispatch().
++ *
++ */
++static void
++set_ctx_running(isc_task_t *task, isc_event_t *event) {
++        task = task; // unused;
++	dhcp_gbl_ctx.actx_running = ISC_TRUE;
++
++	if (shutdown_signal) {
++		// We got signaled shutdown before we entered running state.
++		// Now that we've reached running state, shut'er down.
++		isc_app_ctxsuspend(dhcp_gbl_ctx.actx);
++	}
++
++        isc_event_free(&event);
++}
++
+ isc_result_t
+ dhcp_context_create(int flags,
+ 		    struct in_addr  *local4,
+@@ -141,6 +170,9 @@ dhcp_context_create(int flags,
+ 	isc_result_t result;
+ 
+ 	if ((flags & DHCP_CONTEXT_PRE_DB) != 0) {
++		dhcp_gbl_ctx.actx_started = ISC_FALSE;
++		dhcp_gbl_ctx.actx_running = ISC_FALSE;
++
+ 		/*
+ 		 * Set up the error messages, this isn't the right place
+ 		 * for this call but it is convienent for now.
+@@ -204,15 +236,24 @@ dhcp_context_create(int flags,
+ 		if (result != ISC_R_SUCCESS)
+ 			goto cleanup;
+ 
+-		result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task);
++		result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0,
++					 &dhcp_gbl_ctx.task);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto cleanup;
+ 
+ 		result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+ 		if (result != ISC_R_SUCCESS)
+-			return (result);
++			goto cleanup;
++
+ 		dhcp_gbl_ctx.actx_started = ISC_TRUE;
+ 
++		// Install the onrun callback.
++		result = isc_app_ctxonrun(dhcp_gbl_ctx.actx, dhcp_gbl_ctx.mctx,
++					  dhcp_gbl_ctx.task, set_ctx_running,
++					  dhcp_gbl_ctx.actx);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
+ 		/* Not all OSs support suppressing SIGPIPE through socket
+ 		 * options, so set the sigal action to be ignore.  This allows
+ 		 * broken connections to fail gracefully with EPIPE on writes */
+@@ -335,19 +376,17 @@ isclib_make_dst_key(char          *inname,
+  * @param signal signal code that we received
+  */
+ void dhcp_signal_handler(int signal) {
+-	isc_appctx_t *ctx = dhcp_gbl_ctx.actx;
+-	int prev = shutdown_signal;
+-
+-	if (prev != 0) {
++	if (shutdown_signal != 0) {
+ 		/* Already in shutdown. */
+ 		return;
+ 	}
++
+ 	/* Possible race but does it matter? */
+ 	shutdown_signal = signal;
+ 
+-	/* Use reload (aka suspend) for easier dispatch() reenter. */
+-	if (ctx && ctx->methods && ctx->methods->ctxsuspend) {
+-		(void) isc_app_ctxsuspend(ctx);
++	/* If the application context is running tell it to shut down */
++	if (dhcp_gbl_ctx.actx_running == ISC_TRUE) {
++		(void) isc_app_ctxsuspend(dhcp_gbl_ctx.actx);
+ 	}
+ }
+ 
+-- 
+2.23.0
+

meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch

@@ -0,0 +1,29 @@
+From adcd34ae1f56b16d7e9696d980332b4cf6c7ce91 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 13 Sep 2019 15:03:31 -0400
+Subject: [PATCH 2/3] Added shutdown log statment to dhcrelay
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ relay/dhcrelay.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+index d8caaaf..4bd1d47 100644
+--- a/relay/dhcrelay.c
++++ b/relay/dhcrelay.c
+@@ -2076,6 +2076,9 @@ dhcp_set_control_state(control_object_state_t oldstate,
+ 	if (newstate != server_shutdown)
+ 		return ISC_R_SUCCESS;
+ 
++	/* Log shutdown on signal. */
++	log_info("Received signal %d, initiating shutdown.", shutdown_signal);
++
+ 	if (no_pid_file == ISC_FALSE)
+ 		(void) unlink(path_dhcrelay_pid);
+ 
+-- 
+2.23.0
+

meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch

@@ -0,0 +1,31 @@
+From e4b54b4d676783152d487103714cba2913661ef8 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Wed, 6 Nov 2019 15:53:50 -0500
+Subject: [PATCH 3/3] Addressed review comment.
+
+omapip/isclib.c
+    Added use of IGNORE_UNUSED()
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ omapip/isclib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index 73e017c..1d52463 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -151,7 +151,7 @@ handle_signal(int sig, void (*handler)(int)) {
+  */
+ static void
+ set_ctx_running(isc_task_t *task, isc_event_t *event) {
+-        task = task; // unused;
++    IGNORE_UNUSED(task);
+ 	dhcp_gbl_ctx.actx_running = ISC_TRUE;
+ 
+ 	if (shutdown_signal) {
+-- 
+2.23.0
+

meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb

@@ -11,6 +11,9 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
             file://0013-fixup_use_libbind.patch \
             file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \
             file://0001-Fix-a-NSUPDATE-compiling-issue.patch \
+            file://0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch \
+            file://0002-Added-shutdown-log-statment-to-dhcrelay.patch \
+            file://0003-Addressed-review-comment.patch \
 "
 
 SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"

meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb

@@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute"
 ALTERNATIVE_${PN}-hostname = "hostname"
 ALTERNATIVE_LINK_NAME[hostname]  = "${base_bindir}/hostname"
 
-ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8"
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
+                         tftpd.8 tftp.1 telnetd.8"
 ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
 ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
 ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
 ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
+ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
 
 ALTERNATIVE_${PN}-ifconfig = "ifconfig"
 ALTERNATIVE_LINK_NAME[ifconfig]  = "${base_sbindir}/ifconfig"

meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch

@@ -0,0 +1,34 @@
+From ff3ad88c233ecd87f7983ad13836323f944540ec Mon Sep 17 00:00:00 2001
+From: Doug Nazar <nazard@nazar.ca>
+Date: Mon, 9 Dec 2019 10:53:37 -0500
+Subject: [PATCH] Disable statx if using glibc emulation
+
+On older kernels without statx, glibc with statx support will attempt
+to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and
+will return EINVAL. This causes all xstat/xlstat calls to fail.
+
+Upstream-Status: Backport
+
+Signed-off-by: Doug Nazar <nazard@nazar.ca>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/misc/xstat.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/misc/xstat.c b/support/misc/xstat.c
+index 661e29e4..a438fbcc 100644
+--- a/support/misc/xstat.c
++++ b/support/misc/xstat.c
+@@ -51,6 +51,9 @@ statx_do_stat(int fd, const char *pathname, struct stat *statbuf, int flags)
+ 			statx_copy(statbuf, &stxbuf);
+ 			return 0;
+ 		}
++		/* glibc emulation doesn't support AT_STATX_DONT_SYNC */
++		if (errno == EINVAL)
++			errno = ENOSYS;
+ 		if (errno == ENOSYS)
+ 			statx_supported = 0;
+ 	} else
+-- 
+2.19.1
+

meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb

@@ -33,6 +33,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
            file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
            file://0001-Fix-include-order-between-config.h-and-stat.h.patch \
+           file://0001-Disable-statx-if-using-glibc-emulation.patch \
 "
 SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
 SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"

meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch

@@ -0,0 +1,46 @@
+From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 3 Jan 2020 03:02:26 +0000
+Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
+ regress
+
+test?
+
+OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
+
+[Dropped the script version and copyright year change at the top]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ regress/cert-hostkey.sh | 2 +-
+ regress/cert-userkey.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
+index 3ce7779..74d5a53 100644
+--- a/regress/cert-hostkey.sh
++++ b/regress/cert-hostkey.sh
+@@ -248,7 +248,7 @@ test_one() {
+ test_one "user-certificate"	failure "-n $HOSTS"
+ test_one "empty principals"	success "-h"
+ test_one "wrong principals"	failure "-h -n foo"
+-test_one "cert not yet valid"	failure "-h -V20200101:20300101"
++test_one "cert not yet valid"	failure "-h -V20300101:20320101"
+ test_one "cert expired"		failure "-h -V19800101:19900101"
+ test_one "cert valid interval"	success "-h -V-1w:+2w"
+ test_one "cert has constraints"	failure "-h -Oforce-command=false"
+diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
+index 6849e99..de455b8 100644
+--- a/regress/cert-userkey.sh
++++ b/regress/cert-userkey.sh
+@@ -327,7 +327,7 @@ test_one() {
+ test_one "correct principal"	success "-n ${USER}"
+ test_one "host-certificate"	failure "-n ${USER} -h"
+ test_one "wrong principals"	failure "-n foo"
+-test_one "cert not yet valid"	failure "-n ${USER} -V20200101:20300101"
++test_one "cert not yet valid"	failure "-n ${USER} -V20300101:20320101"
+ test_one "cert expired"		failure "-n ${USER} -V19800101:19900101"
+ test_one "cert valid interval"	success "-n ${USER} -V-1w:+2w"
+ test_one "wrong source-address"	failure "-n ${USER} -Osource-address=10.0.0.0/8"

meta/recipes-connectivity/openssh/openssh_8.0p1.bb

@@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
            file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
+           file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
            "
 SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
 SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"

meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch

@@ -1,758 +0,0 @@
-From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Wed, 4 Dec 2019 12:48:21 +0100
-Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
-
-There is an overflow bug in the x64_64 Montgomery squaring procedure used in
-exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
-suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
-result of this defect would be very difficult to perform and are not believed
-likely. Attacks against DH512 are considered just feasible. However, for an
-attack the target would have to re-use the DH512 private key, which is not
-recommended anyway. Also applications directly using the low level API
-BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
-
-CVE-2019-1551
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/10575)
-
-CVE: CVE-2019-1551
-Upstream-Status: Backport
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
- 1 file changed, 197 insertions(+), 184 deletions(-)
-
-diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
-index b1797b649f0..7534d5cd03e 100755
---- a/crypto/bn/asm/rsaz-x86_64.pl
-+++ b/crypto/bn/asm/rsaz-x86_64.pl
-@@ -116,7 +116,7 @@
- 	subq	\$128+24, %rsp
- .cfi_adjust_cfa_offset	128+24
- .Lsqr_body:
--	movq	$mod, %rbp		# common argument
-+	movq	$mod, %xmm1		# common off-load
- 	movq	($inp), %rdx
- 	movq	8($inp), %rax
- 	movq	$n0, 128(%rsp)
-@@ -134,7 +134,8 @@
- .Loop_sqr:
- 	movl	$times,128+8(%rsp)
- #first iteration
--	movq	%rdx, %rbx
-+	movq	%rdx, %rbx		# 0($inp)
-+	mov	%rax, %rbp		# 8($inp)
- 	mulq	%rdx
- 	movq	%rax, %r8
- 	movq	16($inp), %rax
-@@ -173,31 +174,29 @@
- 	mulq	%rbx
- 	addq	%rax, %r14
- 	movq	%rbx, %rax
--	movq	%rdx, %r15
--	adcq	\$0, %r15
-+	adcq	\$0, %rdx
- 
--	addq	%r8, %r8		#shlq	\$1, %r8
--	movq	%r9, %rcx
--	adcq	%r9, %r9		#shld	\$1, %r8, %r9
-+	xorq	%rcx,%rcx		# rcx:r8 = r8 << 1
-+	addq	%r8, %r8
-+	 movq	%rdx, %r15
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
--	movq	%rax, (%rsp)
--	addq	%rdx, %r8
--	adcq	\$0, %r9
-+	addq	%r8, %rdx
-+	adcq	\$0, %rcx
- 
--	movq	%r8, 8(%rsp)
--	shrq	\$63, %rcx
-+	movq	%rax, (%rsp)
-+	movq	%rdx, 8(%rsp)
- 
- #second iteration
--	movq	8($inp), %r8
- 	movq	16($inp), %rax
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r10
- 	movq	24($inp), %rax
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r11
- 	movq	32($inp), %rax
- 	adcq	\$0, %rdx
-@@ -205,7 +204,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r12
- 	movq	40($inp), %rax
- 	adcq	\$0, %rdx
-@@ -213,7 +212,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r13
- 	movq	48($inp), %rax
- 	adcq	\$0, %rdx
-@@ -221,7 +220,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r14
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -229,39 +228,39 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r15
--	movq	%r8, %rax
-+	movq	%rbp, %rax
- 	adcq	\$0, %rdx
- 	addq	%rbx, %r15
--	movq	%rdx, %r8
--	movq	%r10, %rdx
--	adcq	\$0, %r8
-+	adcq	\$0, %rdx
- 
--	add	%rdx, %rdx
--	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
--	movq	%r11, %rbx
--	adcq	%r11, %r11		#shld	\$1, %r10, %r11
-+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
-+	addq	%r9, %r9
-+	 movq	%rdx, %r8
-+	adcq	%r10, %r10
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	 movq	16($inp), %rbp
-+	adcq	\$0, %rdx
- 	addq	%rax, %r9
-+	 movq	24($inp), %rax
- 	adcq	%rdx, %r10
--	adcq	\$0, %r11
-+	adcq	\$0, %rbx
- 
- 	movq	%r9, 16(%rsp)
- 	movq	%r10, 24(%rsp)
--	shrq	\$63, %rbx
- 
- #third iteration
--	movq	16($inp), %r9
--	movq	24($inp), %rax
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r12
- 	movq	32($inp), %rax
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r13
- 	movq	40($inp), %rax
- 	adcq	\$0, %rdx
-@@ -269,7 +268,7 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r14
- 	movq	48($inp), %rax
- 	adcq	\$0, %rdx
-@@ -277,9 +276,7 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
--	 movq	%r12, %r10
--	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
-+	mulq	%rbp
- 	addq	%rax, %r15
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -287,36 +284,40 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
--	 shrq	\$63, %r10
-+	mulq	%rbp
- 	addq	%rax, %r8
--	movq	%r9, %rax
-+	movq	%rbp, %rax
- 	adcq	\$0, %rdx
- 	addq	%rcx, %r8
--	movq	%rdx, %r9
--	adcq	\$0, %r9
-+	adcq	\$0, %rdx
- 
--	movq	%r13, %rcx
--	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
-+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
-+	addq	%r11, %r11
-+	 movq	%rdx, %r9
-+	adcq	%r12, %r12
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	 movq	24($inp), %r10
-+	adcq	\$0, %rdx
- 	addq	%rax, %r11
-+	 movq	32($inp), %rax
- 	adcq	%rdx, %r12
--	adcq	\$0, %r13
-+	adcq	\$0, %rcx
- 
- 	movq	%r11, 32(%rsp)
- 	movq	%r12, 40(%rsp)
--	shrq	\$63, %rcx
- 
- #fourth iteration
--	movq	24($inp), %r10
--	movq	32($inp), %rax
-+	mov	%rax, %r11		# 32($inp)
- 	mulq	%r10
- 	addq	%rax, %r14
- 	movq	40($inp), %rax
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
-+	mov	%rax, %r12		# 40($inp)
- 	mulq	%r10
- 	addq	%rax, %r15
- 	movq	48($inp), %rax
-@@ -325,9 +326,8 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
-+	mov	%rax, %rbp		# 48($inp)
- 	mulq	%r10
--	 movq	%r14, %r12
--	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
- 	addq	%rax, %r8
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -336,32 +336,33 @@
- 	adcq	\$0, %rbx
- 
- 	mulq	%r10
--	 shrq	\$63, %r12
- 	addq	%rax, %r9
- 	movq	%r10, %rax
- 	adcq	\$0, %rdx
- 	addq	%rbx, %r9
--	movq	%rdx, %r10
--	adcq	\$0, %r10
-+	adcq	\$0, %rdx
- 
--	movq	%r15, %rbx
--	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
-+	xorq	%rbx, %rbx		# rbx:r13:r14 = r13:r14 << 1
-+	addq	%r13, %r13
-+	 movq	%rdx, %r10
-+	adcq	%r14, %r14
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r13
-+	 movq	%r12, %rax		# 40($inp)
- 	adcq	%rdx, %r14
--	adcq	\$0, %r15
-+	adcq	\$0, %rbx
- 
- 	movq	%r13, 48(%rsp)
- 	movq	%r14, 56(%rsp)
--	shrq	\$63, %rbx
- 
- #fifth iteration
--	movq	32($inp), %r11
--	movq	40($inp), %rax
- 	mulq	%r11
- 	addq	%rax, %r8
--	movq	48($inp), %rax
-+	movq	%rbp, %rax		# 48($inp)
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
-@@ -369,97 +370,99 @@
- 	addq	%rax, %r9
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
--	 movq	%r8, %r12
--	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
- 	addq	%rcx, %r9
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
-+	mov	%rax, %r14		# 56($inp)
- 	mulq	%r11
--	 shrq	\$63, %r12
- 	addq	%rax, %r10
- 	movq	%r11, %rax
- 	adcq	\$0, %rdx
- 	addq	%rcx, %r10
--	movq	%rdx, %r11
--	adcq	\$0, %r11
-+	adcq	\$0, %rdx
- 
--	movq	%r9, %rcx
--	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
-+	xorq	%rcx, %rcx		# rcx:r8:r15 = r8:r15 << 1
-+	addq	%r15, %r15
-+	 movq	%rdx, %r11
-+	adcq	%r8, %r8
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r15
-+	 movq	%rbp, %rax		# 48($inp)
- 	adcq	%rdx, %r8
--	adcq	\$0, %r9
-+	adcq	\$0, %rcx
- 
- 	movq	%r15, 64(%rsp)
- 	movq	%r8, 72(%rsp)
--	shrq	\$63, %rcx
- 
- #sixth iteration
--	movq	40($inp), %r12
--	movq	48($inp), %rax
- 	mulq	%r12
- 	addq	%rax, %r10
--	movq	56($inp), %rax
-+	movq	%r14, %rax		# 56($inp)
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
- 	mulq	%r12
- 	addq	%rax, %r11
- 	movq	%r12, %rax
--	 movq	%r10, %r15
--	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
- 	adcq	\$0, %rdx
--	 shrq	\$63, %r15
- 	addq	%rbx, %r11
--	movq	%rdx, %r12
--	adcq	\$0, %r12
-+	adcq	\$0, %rdx
- 
--	movq	%r11, %rbx
--	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
-+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
-+	addq	%r9, %r9
-+	 movq	%rdx, %r12
-+	adcq	%r10, %r10
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r9
-+	 movq	%r14, %rax		# 56($inp)
- 	adcq	%rdx, %r10
--	adcq	\$0, %r11
-+	adcq	\$0, %rbx
- 
- 	movq	%r9, 80(%rsp)
- 	movq	%r10, 88(%rsp)
- 
- #seventh iteration
--	movq	48($inp), %r13
--	movq	56($inp), %rax
--	mulq	%r13
-+	mulq	%rbp
- 	addq	%rax, %r12
--	movq	%r13, %rax
--	movq	%rdx, %r13
--	adcq	\$0, %r13
-+	movq	%rbp, %rax
-+	adcq	\$0, %rdx
- 
--	xorq	%r14, %r14
--	shlq	\$1, %rbx
--	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
--	adcq	%r13, %r13		#shld	\$1, %r12, %r13
--	adcq	%r14, %r14		#shld	\$1, %r13, %r14
-+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
-+	addq	%r11, %r11
-+	 movq	%rdx, %r13
-+	adcq	%r12, %r12
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r11
-+	 movq	%r14, %rax		# 56($inp)
- 	adcq	%rdx, %r12
--	adcq	\$0, %r13
-+	adcq	\$0, %rcx
- 
- 	movq	%r11, 96(%rsp)
- 	movq	%r12, 104(%rsp)
- 
- #eighth iteration
--	movq	56($inp), %rax
-+	xorq	%rbx, %rbx		# rbx:r13 = r13 << 1
-+	addq	%r13, %r13
-+	adcq	\$0, %rbx
-+
- 	mulq	%rax
--	addq	%rax, %r13
-+	addq	%rcx, %rax
- 	adcq	\$0, %rdx
--
--	addq	%rdx, %r14
--
--	movq	%r13, 112(%rsp)
--	movq	%r14, 120(%rsp)
-+	addq	%r13, %rax
-+	adcq	%rbx, %rdx
- 
- 	movq	(%rsp), %r8
- 	movq	8(%rsp), %r9
-@@ -469,6 +472,10 @@
- 	movq	40(%rsp), %r13
- 	movq	48(%rsp), %r14
- 	movq	56(%rsp), %r15
-+	movq	%xmm1, %rbp
-+
-+	movq	%rax, 112(%rsp)
-+	movq	%rdx, 120(%rsp)
- 
- 	call	__rsaz_512_reduce
- 
-@@ -500,9 +507,9 @@
- .Loop_sqrx:
- 	movl	$times,128+8(%rsp)
- 	movq	$out, %xmm0		# off-load
--	movq	%rbp, %xmm1		# off-load
- #first iteration
- 	mulx	%rax, %r8, %r9
-+	mov	%rax, %rbx
- 
- 	mulx	16($inp), %rcx, %r10
- 	xor	%rbp, %rbp		# cf=0, of=0
-@@ -510,40 +517,39 @@
- 	mulx	24($inp), %rax, %r11
- 	adcx	%rcx, %r9
- 
--	mulx	32($inp), %rcx, %r12
-+	.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($inp), %rcx, %r12
- 	adcx	%rax, %r10
- 
--	mulx	40($inp), %rax, %r13
-+	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00	# mulx	40($inp), %rax, %r13
- 	adcx	%rcx, %r11
- 
--	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
-+	mulx	48($inp), %rcx, %r14
- 	adcx	%rax, %r12
- 	adcx	%rcx, %r13
- 
--	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
-+	mulx	56($inp), %rax, %r15
- 	adcx	%rax, %r14
- 	adcx	%rbp, %r15		# %rbp is 0
- 
--	mov	%r9, %rcx
--	shld	\$1, %r8, %r9
--	shl	\$1, %r8
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
--	adcx	%rdx, %r8
--	 mov	8($inp), %rdx
--	adcx	%rbp, %r9
-+	mulx	%rdx, %rax, $out
-+	 mov	%rbx, %rdx		# 8($inp)
-+	xor	%rcx, %rcx
-+	adox	%r8, %r8
-+	adcx	$out, %r8
-+	adox	%rbp, %rcx
-+	adcx	%rbp, %rcx
- 
- 	mov	%rax, (%rsp)
- 	mov	%r8, 8(%rsp)
- 
- #second iteration
--	mulx	16($inp), %rax, %rbx
-+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00	# mulx	16($inp), %rax, %rbx
- 	adox	%rax, %r10
- 	adcx	%rbx, %r11
- 
--	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
-+	mulx	24($inp), $out, %r8
- 	adox	$out, %r11
-+	.byte	0x66
- 	adcx	%r8, %r12
- 
- 	mulx	32($inp), %rax, %rbx
-@@ -561,24 +567,25 @@
- 	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
- 	adox	$out, %r15
- 	adcx	%rbp, %r8
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r8
-+	 .byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00		# mov	16($inp), %rdx
- 
--	mov	%r11, %rbx
--	shld	\$1, %r10, %r11
--	shld	\$1, %rcx, %r10
--
--	xor	%ebp,%ebp
--	mulx	%rdx, %rax, %rcx
--	 mov	16($inp), %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r9, %r9
-+	adcx	%rbp, $out
-+	adox	%r10, %r10
- 	adcx	%rax, %r9
--	adcx	%rcx, %r10
--	adcx	%rbp, %r11
-+	adox	%rbp, %rbx
-+	adcx	$out, %r10
-+	adcx	%rbp, %rbx
- 
- 	mov	%r9, 16(%rsp)
- 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
- 
- #third iteration
--	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
-+	mulx	24($inp), $out, %r9
- 	adox	$out, %r12
- 	adcx	%r9, %r13
- 
-@@ -586,7 +593,7 @@
- 	adox	%rax, %r13
- 	adcx	%rcx, %r14
- 
--	mulx	40($inp), $out, %r9
-+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r9
- 	adox	$out, %r14
- 	adcx	%r9, %r15
- 
-@@ -594,27 +601,28 @@
- 	adox	%rax, %r15
- 	adcx	%rcx, %r8
- 
--	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
-+	mulx	56($inp), $out, %r9
- 	adox	$out, %r8
- 	adcx	%rbp, %r9
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r9
-+	 mov	24($inp), %rdx
- 
--	mov	%r13, %rcx
--	shld	\$1, %r12, %r13
--	shld	\$1, %rbx, %r12
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rcx, %rcx
-+	adcx	%rbx, %rax
-+	adox	%r11, %r11
-+	adcx	%rbp, $out
-+	adox	%r12, %r12
- 	adcx	%rax, %r11
--	adcx	%rdx, %r12
--	 mov	24($inp), %rdx
--	adcx	%rbp, %r13
-+	adox	%rbp, %rcx
-+	adcx	$out, %r12
-+	adcx	%rbp, %rcx
- 
- 	mov	%r11, 32(%rsp)
--	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
-+	mov	%r12, 40(%rsp)
- 
- #fourth iteration
--	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
-+	mulx	32($inp), %rax, %rbx
- 	adox	%rax, %r14
- 	adcx	%rbx, %r15
- 
-@@ -629,25 +637,25 @@
- 	mulx	56($inp), $out, %r10
- 	adox	$out, %r9
- 	adcx	%rbp, %r10
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r10
-+	 mov	32($inp), %rdx
- 
--	.byte	0x66
--	mov	%r15, %rbx
--	shld	\$1, %r14, %r15
--	shld	\$1, %rcx, %r14
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r13, %r13
-+	adcx	%rbp, $out
-+	adox	%r14, %r14
- 	adcx	%rax, %r13
--	adcx	%rdx, %r14
--	 mov	32($inp), %rdx
--	adcx	%rbp, %r15
-+	adox	%rbp, %rbx
-+	adcx	$out, %r14
-+	adcx	%rbp, %rbx
- 
- 	mov	%r13, 48(%rsp)
- 	mov	%r14, 56(%rsp)
- 
- #fifth iteration
--	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
-+	mulx	40($inp), $out, %r11
- 	adox	$out, %r8
- 	adcx	%r11, %r9
- 
-@@ -658,18 +666,19 @@
- 	mulx	56($inp), $out, %r11
- 	adox	$out, %r10
- 	adcx	%rbp, %r11
-+	 mulx	%rdx, %rax, $out
-+	 mov	40($inp), %rdx
- 	adox	%rbp, %r11
- 
--	mov	%r9, %rcx
--	shld	\$1, %r8, %r9
--	shld	\$1, %rbx, %r8
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rcx, %rcx
-+	adcx	%rbx, %rax
-+	adox	%r15, %r15
-+	adcx	%rbp, $out
-+	adox	%r8, %r8
- 	adcx	%rax, %r15
--	adcx	%rdx, %r8
--	 mov	40($inp), %rdx
--	adcx	%rbp, %r9
-+	adox	%rbp, %rcx
-+	adcx	$out, %r8
-+	adcx	%rbp, %rcx
- 
- 	mov	%r15, 64(%rsp)
- 	mov	%r8, 72(%rsp)
-@@ -682,18 +691,19 @@
- 	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
- 	adox	$out, %r11
- 	adcx	%rbp, %r12
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r12
-+	 mov	48($inp), %rdx
- 
--	mov	%r11, %rbx
--	shld	\$1, %r10, %r11
--	shld	\$1, %rcx, %r10
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r9, %r9
-+	adcx	%rbp, $out
-+	adox	%r10, %r10
- 	adcx	%rax, %r9
--	adcx	%rdx, %r10
--	 mov	48($inp), %rdx
--	adcx	%rbp, %r11
-+	adcx	$out, %r10
-+	adox	%rbp, %rbx
-+	adcx	%rbp, %rbx
- 
- 	mov	%r9, 80(%rsp)
- 	mov	%r10, 88(%rsp)
-@@ -703,31 +713,31 @@
- 	adox	%rax, %r12
- 	adox	%rbp, %r13
- 
--	xor	%r14, %r14
--	shld	\$1, %r13, %r14
--	shld	\$1, %r12, %r13
--	shld	\$1, %rbx, %r12
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
--	adcx	%rax, %r11
--	adcx	%rdx, %r12
-+	mulx	%rdx, %rax, $out
-+	xor	%rcx, %rcx
- 	 mov	56($inp), %rdx
--	adcx	%rbp, %r13
-+	adcx	%rbx, %rax
-+	adox	%r11, %r11
-+	adcx	%rbp, $out
-+	adox	%r12, %r12
-+	adcx	%rax, %r11
-+	adox	%rbp, %rcx
-+	adcx	$out, %r12
-+	adcx	%rbp, %rcx
- 
- 	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
- 	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
- 
- #eighth iteration
- 	mulx	%rdx, %rax, %rdx
--	adox	%rax, %r13
--	adox	%rbp, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r13, %r13
-+	adcx	%rbp, %rdx
-+	adox	%rbp, %rbx
-+	adcx	%r13, %rax
-+	adcx	%rdx, %rbx
- 
--	.byte	0x66
--	add	%rdx, %r14
--
--	movq	%r13, 112(%rsp)
--	movq	%r14, 120(%rsp)
- 	movq	%xmm0, $out
- 	movq	%xmm1, %rbp
- 
-@@ -741,6 +751,9 @@
- 	movq	48(%rsp), %r14
- 	movq	56(%rsp), %r15
- 
-+	movq	%rax, 112(%rsp)
-+	movq	%rbx, 120(%rsp)
-+
- 	call	__rsaz_512_reducex
- 
- 	addq	64(%rsp), %r8

meta/recipes-connectivity/openssl/openssl_1.1.1g.bb

@@ -16,7 +16,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-skip-test_symbol_presence.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
-           file://CVE-2019-1551.patch \
            file://reproducible.patch \
            "
 
@@ -24,8 +23,7 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
-SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
+SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
 
 inherit lib_package multilib_header multilib_script ptest
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -34,7 +32,7 @@ PACKAGECONFIG ?= ""
 PACKAGECONFIG_class-native = ""
 PACKAGECONFIG_class-nativesdk = ""
 
-PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
 
 B = "${WORKDIR}/build"
 do_configure[cleandirs] = "${B}"

meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch

@@ -0,0 +1,47 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname).  This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
+
+CVE: CVE-2020-8597
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f5..1b93db0 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+-- 
+2.17.1
+

meta/recipes-connectivity/ppp/ppp_2.4.7.bb

@@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
            file://0001-ppp-Remove-unneeded-include.patch \
            file://ppp-2.4.7-DES-openssl.patch \
+           file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
 "
 
 SRC_URI_append_libc-musl = "\

meta/recipes-core/busybox/busybox.inc

@@ -431,6 +431,32 @@ fi
     d.prependVar('pkg_postinst_%s' % pkg, postinst)
 }
 
+pkg_postinst_${PN}_prepend () {
+        # Need path to saved utils, but they may have be removed on upgrade of busybox
+        # Only use shell to get paths. Also capture if busybox was saved.
+        BUSYBOX=""
+        if [ "x$D" = "x" ] ; then 
+           for busybox_rmdir in /tmp/busyboxrm-*; do
+               if [ "$busybox_rmdir" != '/tmp/busyboxrm-*' ] ; then
+                  export PATH=$busybox_rmdir:$PATH
+                  if [ -e $busybox_rmdir/busybox* ] ; then
+                    BUSYBOX="$busybox_rmdir/busybox*"
+                  fi
+               fi
+           done
+        fi
+}
+
+pkg_postinst_${PN}_append () {
+        # If busybox exists in the remove directory it is because it was the only shell left.
+        if [ "x$D" = "x" ] ; then
+           if [ "x$BUSYBOX" != "x" ] ; then
+              update-alternatives --remove sh $BUSYBOX
+              rm -f $BUSYBOX
+           fi
+        fi
+} 
+
 pkg_prerm_${PN} () {
 	# This is so you can make busybox commit suicide - removing busybox with no other packages
 	# providing its files, this will make update-alternatives work, but the update-rc.d part
@@ -451,9 +477,26 @@ pkg_prerm_${PN} () {
 	ln -s ${base_bindir}/busybox $tmpdir/grep
 	ln -s ${base_bindir}/busybox $tmpdir/tail
 	export PATH=$PATH:$tmpdir
+
+        # If busybox is the shell, we need to save it since its the lowest priority shell
+        # Register saved bitbake as the lowest priority shell possible as back up.
+        if [ -n "$(readlink -f /bin/sh | grep busybox)" ] ; then
+           BUSYBOX=$(readlink -f /bin/sh)
+           cp $BUSYBOX $tmpdir/$(basename $BUSYBOX)
+           update-alternatives --install /bin/sh sh $tmpdir/$(basename $BUSYBOX) 1 
+        fi
 }
 
 pkg_postrm_${PN} () {
+        # Add path to remove dir in case we removed our only grep
+        if [ "x$D" = "x" ] ; then
+           for busybox_rmdir in /tmp/busyboxrm-*; do
+               if [ "$busybox_rmdir" != '/tmp/busyboxrm-*' ] ; then
+                  export PATH=$busybox_rmdir:$PATH
+               fi
+           done
+        fi
+
 	if grep -q "^${base_bindir}/bash$" $D${sysconfdir}/busybox.links* && [ ! -e $D${base_bindir}/bash ]; then
 		printf "$(grep -v "^${base_bindir}/bash$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells
 	fi

meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch

@@ -0,0 +1,741 @@
+From 747f2c646f5a86ac58ad59be08036e81388e971d Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <tingping@tingping.se>
+Date: Thu, 23 Jan 2020 19:58:41 -0800
+Subject: [PATCH] Refactor g_socket_client_connect_async()
+
+This is a fairly large refactoring. The highlights are:
+
+- Removing in-progress connections/addresses from GSocketClientAsyncConnectData:
+
+  This caused issues where multiple ConnectionAttempt's would step over eachother
+  and modify shared state causing bugs like accidentally bypassing a set proxy.
+
+  Fixes #1871
+  Fixes #1989
+  Fixes #1902
+
+- Cancelling address enumeration on error/completion
+
+- Queuing successful TCP connections and doing application layer work serially:
+
+  This is more in the spirit of Happy Eyeballs but it also greatly simplifies
+  the flow of connection handling so fewer tasks are happening in parallel
+  when they don't need to be.
+
+  The behavior also should more closely match that of g_socket_client_connect().
+
+- Better track the state of address enumeration:
+
+  Previously we were over eager to treat enumeration finishing as an error.
+
+  Fixes #1872
+  See also #1982
+
+- Add more detailed documentation and logging.
+
+Closes #1995
+
+CVE: CVE-2020-6750
+
+Upstream-Status: Backport [ https://gitlab.gnome.org/GNOME/glib.git;
+commit=2722620e3291b930a3a228100d7c0e07b69534e3 ]
+
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+---
+ gio/gsocketclient.c | 459 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 296 insertions(+), 163 deletions(-)
+
+diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
+index 81767c0..b1d5f6c 100644
+--- a/gio/gsocketclient.c
++++ b/gio/gsocketclient.c
+@@ -1332,13 +1332,15 @@ typedef struct
+ 
+   GSocketConnectable *connectable;
+   GSocketAddressEnumerator *enumerator;
+-  GProxyAddress *proxy_addr;
+-  GSocket *socket;
+-  GIOStream *connection;
++  GCancellable *enumeration_cancellable;
+ 
+   GSList *connection_attempts;
++  GSList *successful_connections;
+   GError *last_error;
+ 
++  gboolean enumerated_at_least_once;
++  gboolean enumeration_completed;
++  gboolean connection_in_progress;
+   gboolean completed;
+ } GSocketClientAsyncConnectData;
+ 
+@@ -1350,10 +1352,9 @@ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
+   data->task = NULL;
+   g_clear_object (&data->connectable);
+   g_clear_object (&data->enumerator);
+-  g_clear_object (&data->proxy_addr);
+-  g_clear_object (&data->socket);
+-  g_clear_object (&data->connection);
++  g_clear_object (&data->enumeration_cancellable);
+   g_slist_free_full (data->connection_attempts, connection_attempt_unref);
++  g_slist_free_full (data->successful_connections, connection_attempt_unref);
+ 
+   g_clear_error (&data->last_error);
+ 
+@@ -1365,6 +1366,7 @@ typedef struct
+   GSocketAddress *address;
+   GSocket *socket;
+   GIOStream *connection;
++  GProxyAddress *proxy_addr;
+   GSocketClientAsyncConnectData *data; /* unowned */
+   GSource *timeout_source;
+   GCancellable *cancellable;
+@@ -1396,6 +1398,7 @@ connection_attempt_unref (gpointer pointer)
+       g_clear_object (&attempt->socket);
+       g_clear_object (&attempt->connection);
+       g_clear_object (&attempt->cancellable);
++      g_clear_object (&attempt->proxy_addr);
+       if (attempt->timeout_source)
+         {
+           g_source_destroy (attempt->timeout_source);
+@@ -1413,37 +1416,59 @@ connection_attempt_remove (ConnectionAttempt *attempt)
+ }
+ 
+ static void
+-g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
++cancel_all_attempts (GSocketClientAsyncConnectData *data)
+ {
+-  g_assert (data->connection);
++  GSList *l;
+ 
+-  if (!G_IS_SOCKET_CONNECTION (data->connection))
++  for (l = data->connection_attempts; l; l = g_slist_next (l))
+     {
+-      GSocketConnection *wrapper_connection;
+-
+-      wrapper_connection = g_tcp_wrapper_connection_new (data->connection, data->socket);
+-      g_object_unref (data->connection);
+-      data->connection = (GIOStream *)wrapper_connection;
++      ConnectionAttempt *attempt_entry = l->data;
++      g_cancellable_cancel (attempt_entry->cancellable);
++      connection_attempt_unref (attempt_entry);
+     }
++  g_slist_free (data->connection_attempts);
++  data->connection_attempts = NULL;
+ 
+-  if (!data->completed)
++  g_slist_free_full (data->successful_connections, connection_attempt_unref);
++  data->successful_connections = NULL;
++
++  g_cancellable_cancel (data->enumeration_cancellable);
++}
++
++static void
++g_socket_client_async_connect_complete (ConnectionAttempt *attempt)
++{
++  GSocketClientAsyncConnectData *data = attempt->data;
++  GError *error = NULL;
++  g_assert (attempt->connection);
++  g_assert (!data->completed);
++
++  if (!G_IS_SOCKET_CONNECTION (attempt->connection))
+     {
+-      GError *error = NULL;
++      GSocketConnection *wrapper_connection;
+ 
+-      if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error))
+-        {
+-          g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+-          g_task_return_error (data->task, g_steal_pointer (&error));
+-        }
+-      else
+-        {
+-          g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, data->connection);
+-          g_task_return_pointer (data->task, g_steal_pointer (&data->connection), g_object_unref);
+-        }
++      wrapper_connection = g_tcp_wrapper_connection_new (attempt->connection, attempt->socket);
++      g_object_unref (attempt->connection);
++      attempt->connection = (GIOStream *)wrapper_connection;
++    }
+ 
+-      data->completed = TRUE;
++  data->completed = TRUE;
++  cancel_all_attempts (data);
++
++  if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error))
++    {
++      g_debug ("GSocketClient: Connection cancelled!");
++      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
++      g_task_return_error (data->task, g_steal_pointer (&error));
++    }
++  else
++    {
++      g_debug ("GSocketClient: Connection successful!");
++      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, attempt->connection);
++      g_task_return_pointer (data->task, g_steal_pointer (&attempt->connection), g_object_unref);
+     }
+ 
++  connection_attempt_unref (attempt);
+   g_object_unref (data->task);
+ }
+ 
+@@ -1465,59 +1490,63 @@ static void
+ enumerator_next_async (GSocketClientAsyncConnectData *data,
+                        gboolean                       add_task_ref)
+ {
+-  /* We need to cleanup the state */
+-  g_clear_object (&data->socket);
+-  g_clear_object (&data->proxy_addr);
+-  g_clear_object (&data->connection);
+-
+   /* Each enumeration takes a ref. This arg just avoids repeated unrefs when
+      an enumeration starts another enumeration */
+   if (add_task_ref)
+     g_object_ref (data->task);
+ 
+   g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL);
++  g_debug ("GSocketClient: Starting new address enumeration");
+   g_socket_address_enumerator_next_async (data->enumerator,
+-					  g_task_get_cancellable (data->task),
++					  data->enumeration_cancellable,
+ 					  g_socket_client_enumerator_callback,
+ 					  data);
+ }
+ 
++static void try_next_connection_or_finish (GSocketClientAsyncConnectData *, gboolean);
++
+ static void
+ g_socket_client_tls_handshake_callback (GObject      *object,
+ 					GAsyncResult *result,
+ 					gpointer      user_data)
+ {
+-  GSocketClientAsyncConnectData *data = user_data;
++  ConnectionAttempt *attempt = user_data;
++  GSocketClientAsyncConnectData *data = attempt->data;
+ 
+   if (g_tls_connection_handshake_finish (G_TLS_CONNECTION (object),
+ 					 result,
+ 					 &data->last_error))
+     {
+-      g_object_unref (data->connection);
+-      data->connection = G_IO_STREAM (object);
++      g_object_unref (attempt->connection);
++      attempt->connection = G_IO_STREAM (object);
+ 
+-      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, data->connection);
+-      g_socket_client_async_connect_complete (data);
++      g_debug ("GSocketClient: TLS handshake succeeded");
++      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, attempt->connection);
++      g_socket_client_async_connect_complete (attempt);
+     }
+   else
+     {
+       g_object_unref (object);
+-      enumerator_next_async (data, FALSE);
++      connection_attempt_unref (attempt);
++      g_debug ("GSocketClient: TLS handshake failed: %s", data->last_error->message);
++      try_next_connection_or_finish (data, TRUE);
+     }
+ }
+ 
+ static void
+-g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data)
++g_socket_client_tls_handshake (ConnectionAttempt *attempt)
+ {
++  GSocketClientAsyncConnectData *data = attempt->data;
+   GIOStream *tlsconn;
+ 
+   if (!data->client->priv->tls)
+     {
+-      g_socket_client_async_connect_complete (data);
++      g_socket_client_async_connect_complete (attempt);
+       return;
+     }
+ 
+-  tlsconn = g_tls_client_connection_new (data->connection,
++  g_debug ("GSocketClient: Starting TLS handshake");
++  tlsconn = g_tls_client_connection_new (attempt->connection,
+ 					 data->connectable,
+ 					 &data->last_error);
+   if (tlsconn)
+@@ -1529,11 +1558,12 @@ g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data)
+ 					G_PRIORITY_DEFAULT,
+ 					g_task_get_cancellable (data->task),
+ 					g_socket_client_tls_handshake_callback,
+-					data);
++					attempt);
+     }
+   else
+     {
+-      enumerator_next_async (data, FALSE);
++      connection_attempt_unref (attempt);
++      try_next_connection_or_finish (data, TRUE);
+     }
+ }
+ 
+@@ -1542,23 +1572,38 @@ g_socket_client_proxy_connect_callback (GObject      *object,
+ 					GAsyncResult *result,
+ 					gpointer      user_data)
+ {
+-  GSocketClientAsyncConnectData *data = user_data;
++  ConnectionAttempt *attempt = user_data;
++  GSocketClientAsyncConnectData *data = attempt->data;
+ 
+-  g_object_unref (data->connection);
+-  data->connection = g_proxy_connect_finish (G_PROXY (object),
+-					     result,
+-					     &data->last_error);
+-  if (data->connection)
++  g_object_unref (attempt->connection);
++  attempt->connection = g_proxy_connect_finish (G_PROXY (object),
++                                                result,
++                                                &data->last_error);
++  if (attempt->connection)
+     {
+-      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, data->connection);
++      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, attempt->connection);
+     }
+   else
+     {
+-      enumerator_next_async (data, FALSE);
++      connection_attempt_unref (attempt);
++      try_next_connection_or_finish (data, TRUE);
+       return;
+     }
+ 
+-  g_socket_client_tls_handshake (data);
++  g_socket_client_tls_handshake (attempt);
++}
++
++static void
++complete_connection_with_error (GSocketClientAsyncConnectData *data,
++                                GError                        *error)
++{
++  g_debug ("GSocketClient: Connection failed: %s", error->message);
++  g_assert (!data->completed);
++
++  g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
++  data->completed = TRUE;
++  cancel_all_attempts (data);
++  g_task_return_error (data->task, error);
+ }
+ 
+ static gboolean
+@@ -1572,15 +1617,114 @@ task_completed_or_cancelled (GSocketClientAsyncConnectData *data)
+     return TRUE;
+   else if (g_cancellable_set_error_if_cancelled (cancellable, &error))
+     {
+-      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+-      g_task_return_error (task, g_steal_pointer (&error));
+-      data->completed = TRUE;
++      complete_connection_with_error (data, g_steal_pointer (&error));
+       return TRUE;
+     }
+   else
+     return FALSE;
+ }
+ 
++static gboolean
++try_next_successful_connection (GSocketClientAsyncConnectData *data)
++{
++  ConnectionAttempt *attempt;
++  const gchar *protocol;
++  GProxy *proxy;
++
++  if (data->connection_in_progress)
++    return FALSE;
++
++  g_assert (data->successful_connections != NULL);
++  attempt = data->successful_connections->data;
++  g_assert (attempt != NULL);
++  data->successful_connections = g_slist_remove (data->successful_connections, attempt);
++  data->connection_in_progress = TRUE;
++
++  g_debug ("GSocketClient: Starting application layer connection");
++
++  if (!attempt->proxy_addr)
++    {
++      g_socket_client_tls_handshake (g_steal_pointer (&attempt));
++      return TRUE;
++    }
++
++  protocol = g_proxy_address_get_protocol (attempt->proxy_addr);
++
++  /* The connection should not be anything other than TCP,
++   * but let's put a safety guard in case
++   */
++  if (!G_IS_TCP_CONNECTION (attempt->connection))
++    {
++      g_critical ("Trying to proxy over non-TCP connection, this is "
++          "most likely a bug in GLib IO library.");
++
++      g_set_error_literal (&data->last_error,
++          G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
++          _("Proxying over a non-TCP connection is not supported."));
++    }
++  else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
++    {
++      /* Simply complete the connection, we don't want to do TLS handshake
++       * as the application proxy handling may need proxy handshake first */
++      g_socket_client_async_connect_complete (g_steal_pointer (&attempt));
++      return TRUE;
++    }
++  else if ((proxy = g_proxy_get_default_for_protocol (protocol)))
++    {
++      GIOStream *connection = attempt->connection;
++      GProxyAddress *proxy_addr = attempt->proxy_addr;
++
++      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, attempt->connection);
++      g_debug ("GSocketClient: Starting proxy connection");
++      g_proxy_connect_async (proxy,
++                             connection,
++                             proxy_addr,
++                             g_task_get_cancellable (data->task),
++                             g_socket_client_proxy_connect_callback,
++                             g_steal_pointer (&attempt));
++      g_object_unref (proxy);
++      return TRUE;
++    }
++  else
++    {
++      g_clear_error (&data->last_error);
++
++      g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
++          _("Proxy protocol “%s” is not supported."),
++          protocol);
++    }
++
++  data->connection_in_progress = FALSE;
++  g_clear_pointer (&attempt, connection_attempt_unref);
++  return FALSE; /* All non-return paths are failures */
++}
++
++static void
++try_next_connection_or_finish (GSocketClientAsyncConnectData *data,
++                               gboolean                       end_current_connection)
++{
++  if (end_current_connection)
++    data->connection_in_progress = FALSE;
++
++  if (data->connection_in_progress)
++    return;
++
++  /* Keep trying successful connections until one works, each iteration pops one */
++  while (data->successful_connections)
++    {
++      if (try_next_successful_connection (data))
++        return;
++    }
++
++  if (!data->enumeration_completed)
++    {
++      enumerator_next_async (data, FALSE);
++      return;
++    }
++
++  complete_connection_with_error (data, data->last_error);
++}
++
+ static void
+ g_socket_client_connected_callback (GObject      *source,
+ 				    GAsyncResult *result,
+@@ -1588,10 +1732,7 @@ g_socket_client_connected_callback (GObject      *source,
+ {
+   ConnectionAttempt *attempt = user_data;
+   GSocketClientAsyncConnectData *data = attempt->data;
+-  GSList *l;
+   GError *error = NULL;
+-  GProxy *proxy;
+-  const gchar *protocol;
+ 
+   if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable))
+     {
+@@ -1613,11 +1754,12 @@ g_socket_client_connected_callback (GObject      *source,
+         {
+           clarify_connect_error (error, data->connectable, attempt->address);
+           set_last_error (data, error);
++          g_debug ("GSocketClient: Connection attempt failed: %s", error->message);
+           connection_attempt_remove (attempt);
+-          enumerator_next_async (data, FALSE);
+           connection_attempt_unref (attempt);
++          try_next_connection_or_finish (data, FALSE);
+         }
+-      else
++      else /* Silently ignore cancelled attempts */
+         {
+           g_clear_error (&error);
+           g_object_unref (data->task);
+@@ -1627,74 +1769,21 @@ g_socket_client_connected_callback (GObject      *source,
+       return;
+     }
+ 
+-  data->socket = g_steal_pointer (&attempt->socket);
+-  data->connection = g_steal_pointer (&attempt->connection);
+-
+-  for (l = data->connection_attempts; l; l = g_slist_next (l))
+-    {
+-      ConnectionAttempt *attempt_entry = l->data;
+-      g_cancellable_cancel (attempt_entry->cancellable);
+-      connection_attempt_unref (attempt_entry);
+-    }
+-  g_slist_free (data->connection_attempts);
+-  data->connection_attempts = NULL;
+-  connection_attempt_unref (attempt);
+-
+-  g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, NULL);
+-  g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, data->connection);
++  g_socket_connection_set_cached_remote_address ((GSocketConnection*)attempt->connection, NULL);
++  g_debug ("GSocketClient: TCP connection successful");
++  g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, attempt->connection);
+ 
+   /* wrong, but backward compatible */
+-  g_socket_set_blocking (data->socket, TRUE);
++  g_socket_set_blocking (attempt->socket, TRUE);
+ 
+-  if (!data->proxy_addr)
+-    {
+-      g_socket_client_tls_handshake (data);
+-      return;
+-    }
+-
+-  protocol = g_proxy_address_get_protocol (data->proxy_addr);
+-
+-  /* The connection should not be anything other than TCP,
+-   * but let's put a safety guard in case
++  /* This ends the parallel "happy eyeballs" portion of connecting.
++     Now that we have a successful tcp connection we will attempt to connect
++     at the TLS/Proxy layer. If those layers fail we will move on to the next
++     connection.
+    */
+-  if (!G_IS_TCP_CONNECTION (data->connection))
+-    {
+-      g_critical ("Trying to proxy over non-TCP connection, this is "
+-          "most likely a bug in GLib IO library.");
+-
+-      g_set_error_literal (&data->last_error,
+-          G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+-          _("Proxying over a non-TCP connection is not supported."));
+-
+-      enumerator_next_async (data, FALSE);
+-    }
+-  else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
+-    {
+-      /* Simply complete the connection, we don't want to do TLS handshake
+-       * as the application proxy handling may need proxy handshake first */
+-      g_socket_client_async_connect_complete (data);
+-    }
+-  else if ((proxy = g_proxy_get_default_for_protocol (protocol)))
+-    {
+-      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, data->connection);
+-      g_proxy_connect_async (proxy,
+-                             data->connection,
+-                             data->proxy_addr,
+-                             g_task_get_cancellable (data->task),
+-                             g_socket_client_proxy_connect_callback,
+-                             data);
+-      g_object_unref (proxy);
+-    }
+-  else
+-    {
+-      g_clear_error (&data->last_error);
+-
+-      g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+-          _("Proxy protocol “%s” is not supported."),
+-          protocol);
+-
+-      enumerator_next_async (data, FALSE);
+-    }
++  connection_attempt_remove (attempt);
++  data->successful_connections = g_slist_append (data->successful_connections, g_steal_pointer (&attempt));
++  try_next_connection_or_finish (data, FALSE);
+ }
+ 
+ static gboolean
+@@ -1702,7 +1791,11 @@ on_connection_attempt_timeout (gpointer data)
+ {
+   ConnectionAttempt *attempt = data;
+ 
+-  enumerator_next_async (attempt->data, TRUE);
++  if (!attempt->data->enumeration_completed)
++    {
++      g_debug ("GSocketClient: Timeout reached, trying another enumeration");
++      enumerator_next_async (attempt->data, TRUE);
++    }
+ 
+   g_clear_pointer (&attempt->timeout_source, g_source_unref);
+   return G_SOURCE_REMOVE;
+@@ -1712,9 +1805,9 @@ static void
+ on_connection_cancelled (GCancellable *cancellable,
+                          gpointer      data)
+ {
+-  GCancellable *attempt_cancellable = data;
++  GCancellable *linked_cancellable = G_CANCELLABLE (data);
+ 
+-  g_cancellable_cancel (attempt_cancellable);
++  g_cancellable_cancel (linked_cancellable);
+ }
+ 
+ static void
+@@ -1738,39 +1831,49 @@ g_socket_client_enumerator_callback (GObject      *object,
+ 						     result, &error);
+   if (address == NULL)
+     {
+-      if (data->connection_attempts)
++      if (G_UNLIKELY (data->enumeration_completed))
++        return;
++
++      data->enumeration_completed = TRUE;
++      g_debug ("GSocketClient: Address enumeration completed (out of addresses)");
++
++      /* As per API docs: We only care about error if its the first call,
++         after that the enumerator is done.
++
++         Note that we don't care about cancellation errors because
++         task_completed_or_cancelled() above should handle that.
++
++         If this fails and nothing is in progress then we will complete task here.
++       */
++      if ((data->enumerated_at_least_once && !data->connection_attempts && !data->connection_in_progress) ||
++          !data->enumerated_at_least_once)
+         {
+-          g_object_unref (data->task);
+-          return;
++          g_debug ("GSocketClient: Address enumeration failed: %s", error ? error->message : NULL);
++          if (data->last_error)
++            {
++              g_clear_error (&error);
++              error = data->last_error;
++              data->last_error = NULL;
++            }
++          else if (!error)
++            {
++              g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
++                _("Unknown error on connect"));
++            }
++
++          complete_connection_with_error (data, error);
+         }
+ 
+-      g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+-      data->completed = TRUE;
+-      if (!error)
+-	{
+-	  if (data->last_error)
+-	    {
+-	      error = data->last_error;
+-	      data->last_error = NULL;
+-	    }
+-	  else
+-	    {
+-	      g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
+-				   _("Unknown error on connect"));
+-	    }
+-	}
+-      g_task_return_error (data->task, error);
++      /* Enumeration should never trigger again, drop our ref */
+       g_object_unref (data->task);
+       return;
+     }
+ 
++  data->enumerated_at_least_once = TRUE;
++  g_debug ("GSocketClient: Address enumeration succeeded");
+   g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVED,
+ 			      data->connectable, NULL);
+ 
+-  if (G_IS_PROXY_ADDRESS (address) &&
+-      data->client->priv->enable_proxy)
+-    data->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address));
+-
+   g_clear_error (&data->last_error);
+ 
+   socket = create_socket (data->client, address, &data->last_error);
+@@ -1788,6 +1891,10 @@ g_socket_client_enumerator_callback (GObject      *object,
+   attempt->cancellable = g_cancellable_new ();
+   attempt->connection = (GIOStream *)g_socket_connection_factory_create_connection (socket);
+   attempt->timeout_source = g_timeout_source_new (HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS);
++
++  if (G_IS_PROXY_ADDRESS (address) && data->client->priv->enable_proxy)
++    attempt->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address));
++
+   g_source_set_callback (attempt->timeout_source, on_connection_attempt_timeout, attempt, NULL);
+   g_source_attach (attempt->timeout_source, g_main_context_get_thread_default ());
+   data->connection_attempts = g_slist_append (data->connection_attempts, attempt);
+@@ -1797,6 +1904,7 @@ g_socket_client_enumerator_callback (GObject      *object,
+                            g_object_ref (attempt->cancellable), g_object_unref);
+ 
+   g_socket_connection_set_cached_remote_address ((GSocketConnection *)attempt->connection, address);
++  g_debug ("GSocketClient: Starting TCP connection attempt");
+   g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, attempt->connection);
+   g_socket_connection_connect_async (G_SOCKET_CONNECTION (attempt->connection),
+ 				     address,
+@@ -1849,24 +1957,48 @@ g_socket_client_connect_async (GSocketClient       *client,
+   else
+     data->enumerator = g_socket_connectable_enumerate (connectable);
+ 
+-  /* The flow and ownership here isn't quite obvious:
+-    - The task starts an async attempt to connect.
+-      - Each attempt holds a single ref on task.
+-      - Each attempt may create new attempts by timing out (not a failure) so
+-        there are multiple attempts happening in parallel.
+-      - Upon failure an attempt will start a new attempt that steals its ref
+-        until there are no more attempts left and it drops its ref.
+-      - Upon success it will cancel all other attempts and continue on
+-        to the rest of the connection (tls, proxies, etc) which do not
+-        happen in parallel and at the very end drop its ref.
+-      - Upon cancellation an attempt drops its ref.
+-   */
++  /* This function tries to match the behavior of g_socket_client_connect ()
++     which is simple enough but much of it is done in parallel to be as responsive
++     as possible as per Happy Eyeballs (RFC 8305). This complicates flow quite a
++     bit but we can describe it in 3 sections:
++
++     Firstly we have address enumeration (DNS):
++       - This may be triggered multiple times by enumerator_next_async().
++       - It also has its own cancellable (data->enumeration_cancellable).
++       - Enumeration is done lazily because GNetworkAddressAddressEnumerator
++         also does work in parallel and may lazily add new addresses.
++       - If the first enumeration errors then the task errors. Otherwise all enumerations
++         will potentially be used (until task or enumeration is cancelled).
++
++      Then we start attempting connections (TCP):
++        - Each connection is independent and kept in a ConnectionAttempt object.
++          - They each hold a ref on the main task and have their own cancellable.
++        - Multiple attempts may happen in parallel as per Happy Eyeballs.
++        - Upon failure or timeouts more connection attempts are made.
++          - If no connections succeed the task errors.
++        - Upon success they are kept in a list of successful connections.
++
++      Lastly we connect at the application layer (TLS, Proxies):
++        - These are done in serial.
++          - The reasoning here is that Happy Eyeballs is about making bad connections responsive
++            at the IP/TCP layers. Issues at the application layer are generally not due to
++            connectivity issues but rather misconfiguration.
++        - Upon failure it will try the next TCP connection until it runs out and
++          the task errors.
++        - Upon success it cancels everything remaining (enumeration and connections)
++          and returns the connection.
++  */
+ 
+   data->task = g_task_new (client, cancellable, callback, user_data);
+   g_task_set_check_cancellable (data->task, FALSE); /* We handle this manually */
+   g_task_set_source_tag (data->task, g_socket_client_connect_async);
+   g_task_set_task_data (data->task, data, (GDestroyNotify)g_socket_client_async_connect_data_free);
+ 
++  data->enumeration_cancellable = g_cancellable_new ();
++  if (cancellable)
++    g_cancellable_connect (cancellable, G_CALLBACK (on_connection_cancelled),
++                           g_object_ref (data->enumeration_cancellable), g_object_unref);
++
+   enumerator_next_async (data, FALSE);
+ }
+ 
+@@ -1985,6 +2117,7 @@ g_socket_client_connect_to_uri_async (GSocketClient        *client,
+     }
+   else
+     {
++      g_debug("g_socket_client_connect_to_uri_async");
+       g_socket_client_connect_async (client,
+ 				     connectable, cancellable,
+ 				     callback, user_data);
+-- 
+2.23.0
+

meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb

@@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
            file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
            file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
+           file://CVE-2020-6750.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"

meta/recipes-core/glibc/glibc-testsuite_2.30.bb

@@ -1,5 +1,7 @@
 require glibc_${PV}.bb
 
+EXCLUDE_FROM_WORLD = "1"
+
 # handle PN differences
 FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:"
 
@@ -58,3 +60,4 @@ addtask do_check after do_compile
 
 inherit nopackages
 deltask do_stash_locale
+deltask do_install

meta/recipes-core/glibc/glibc/CVE-2020-10029.patch

@@ -0,0 +1,128 @@
+From ce265ec5bc25ec35fba53807abac1b0c8469895e Mon Sep 17 00:00:00 2001
+From: Joseph Myers <joseph@codesourcery.com>
+Date: Wed, 12 Feb 2020 23:31:56 +0000
+Subject: [PATCH] Avoid ldbl-96 stack corruption from range reduction of
+
+ pseudo-zero (bug 25487).
+
+Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero
+argument (an representation where all the significand bits, including
+the explicit high bit, are zero, but the exponent is not zero, which
+is not a valid representation for the long double type).
+
+Although this is not a valid long double representation, existing
+practice in this area (see bug 4586, originally marked invalid but
+subsequently fixed) is that we still seek to avoid invalid memory
+accesses as a result, in case of programs that treat arbitrary binary
+data as long double representations, although the invalid
+representations of the ldbl-96 format do not need to be consistently
+handled the same as any particular valid representation.
+
+This patch makes the range reduction detect pseudo-zero and unnormal
+representations that would otherwise go to __kernel_rem_pio2, and
+returns a NaN for them instead of continuing with the range reduction
+process.  (Pseudo-zero and unnormal representations whose unbiased
+exponent is less than -1 have already been safely returned from the
+function before this point without going through the rest of range
+reduction.)  Pseudo-zero representations would previously result in
+the value passed to __kernel_rem_pio2 being all-zero, which is
+definitely unsafe; unnormal representations would previously result in
+a value passed whose high bit is zero, which might well be unsafe
+since that is not a form of input expected by __kernel_rem_pio2.
+
+Tested for x86_64.
+
+CVE: CVE-2020-10029
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;
+a=patch;h=9333498794cde1d5cca518badf79533a24114b6f]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+
+---
+ sysdeps/ieee754/ldbl-96/Makefile           |  3 ++-
+ sysdeps/ieee754/ldbl-96/e_rem_pio2l.c      | 12 +++++++++
+ sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c | 41 ++++++++++++++++++++++++++++++
+ 3 files changed, 55 insertions(+), 1 deletion(-)
+ create mode 100644 sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
+
+diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
+index b103254..052c1c7 100644
+--- a/sysdeps/ieee754/ldbl-96/Makefile
++++ b/sysdeps/ieee754/ldbl-96/Makefile
+@@ -17,5 +17,6 @@
+ # <http://www.gnu.org/licenses/>.
+ 
+ ifeq ($(subdir),math)
+-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
++tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
++CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
+ endif
+diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
+index 805de22..1aeccb4 100644
+--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
++++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
+@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
+       return 0;
+     }
+ 
++  if ((i0 & 0x80000000) == 0)
++    {
++      /* Pseudo-zero and unnormal representations are not valid
++	 representations of long double.  We need to avoid stack
++	 corruption in __kernel_rem_pio2, which expects input in a
++	 particular normal form, but those representations do not need
++	 to be consistently handled like any particular floating-point
++	 value.  */
++      y[1] = y[0] = __builtin_nanl ("");
++      return 0;
++    }
++
+   /* Split the 64 bits of the mantissa into three 24-bit integers
+      stored in a double array.  */
+   exp = j0 - 23;
+diff --git a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
+new file mode 100644
+index 0000000..f59b977
+--- /dev/null
++++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
+@@ -0,0 +1,41 @@
++/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
++   Copyright (C) 2020 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <math.h>
++#include <math_ldbl.h>
++#include <stdint.h>
++
++static int
++do_test (void)
++{
++  for (int i = 0; i < 64; i++)
++    {
++      uint64_t sig = i == 63 ? 0 : 1ULL << i;
++      long double ld;
++      SET_LDOUBLE_WORDS (ld, 0x4141,
++			 sig >> 32, sig & 0xffffffffULL);
++      /* The requirement is that no stack overflow occurs when the
++	 pseudo-zero or unnormal goes through range reduction.  */
++      volatile long double ldr;
++      ldr = sinl (ld);
++      (void) ldr;
++    }
++  return 0;
++}
++
++#include <support/test-driver.c>

meta/recipes-core/glibc/glibc/CVE-2020-1751.patch

@@ -0,0 +1,70 @@
+From d93769405996dfc11d216ddbe415946617b5a494 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Mon, 20 Jan 2020 17:01:50 +0100
+Subject: [PATCH] Fix array overflow in backtrace on PowerPC (bug 25423)
+
+When unwinding through a signal frame the backtrace function on PowerPC
+didn't check array bounds when storing the frame address.  Fixes commit
+d400dcac5e ("PowerPC: fix backtrace to handle signal trampolines").
+
+CVE: CVE-2020-1751
+Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ debug/tst-backtrace5.c                | 12 ++++++++++++
+ sysdeps/powerpc/powerpc32/backtrace.c |  2 ++
+ sysdeps/powerpc/powerpc64/backtrace.c |  2 ++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/debug/tst-backtrace5.c b/debug/tst-backtrace5.c
+index e7ce410845..b2f46160e7 100644
+--- a/debug/tst-backtrace5.c
++++ b/debug/tst-backtrace5.c
+@@ -89,6 +89,18 @@ handle_signal (int signum)
+       }
+   /* Symbol names are not available for static functions, so we do not
+      check do_test.  */
++
++  /* Check that backtrace does not return more than what fits in the array
++     (bug 25423).  */
++  for (int j = 0; j < NUM_FUNCTIONS; j++)
++    {
++      n = backtrace (addresses, j);
++      if (n > j)
++	{
++	  FAIL ();
++	  return;
++	}
++    }
+ }
+ 
+ NO_INLINE int
+diff --git a/sysdeps/powerpc/powerpc32/backtrace.c b/sysdeps/powerpc/powerpc32/backtrace.c
+index 7c2d4726f8..d1456c8ae4 100644
+--- a/sysdeps/powerpc/powerpc32/backtrace.c
++++ b/sysdeps/powerpc/powerpc32/backtrace.c
+@@ -114,6 +114,8 @@ __backtrace (void **array, int size)
+         }
+       if (gregset)
+ 	{
++	  if (count + 1 == size)
++	    break;
+ 	  array[++count] = (void*)((*gregset)[PT_NIP]);
+ 	  current = (void*)((*gregset)[PT_R1]);
+ 	}
+diff --git a/sysdeps/powerpc/powerpc64/backtrace.c b/sysdeps/powerpc/powerpc64/backtrace.c
+index 65c260ab76..8a53a1088f 100644
+--- a/sysdeps/powerpc/powerpc64/backtrace.c
++++ b/sysdeps/powerpc/powerpc64/backtrace.c
+@@ -87,6 +87,8 @@ __backtrace (void **array, int size)
+       if (is_sigtramp_address (current->return_address))
+         {
+ 	  struct signal_frame_64 *sigframe = (struct signal_frame_64*) current;
++	  if (count + 1 == size)
++	    break;
+           array[++count] = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_NIP];
+ 	  current = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_R1];
+ 	}
+-- 
+2.23.0
+

meta/recipes-core/glibc/glibc_2.30.bb

@@ -42,6 +42,8 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0027-inject-file-assembly-directives.patch \
            file://0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
            file://CVE-2019-19126.patch \
+           file://CVE-2020-10029.patch \
+           file://CVE-2020-1751.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "65d341daaf1edf7241b0ea518ef9beb4328f16e9"
+SRCREV ?= "0ae1964fb16a0e92b163f48ceb127a40e8397339"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=zeus \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch

@@ -0,0 +1,37 @@
+From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a]
+CVE: CVE-2019-20388
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+     vctxt->nberrors = 0;
+     vctxt->depth = -1;
+     vctxt->skipDepth = -1;
+-    vctxt->xsiAssemble = 0;
+     vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+     vctxt->createIDCNodeTables = 1;
+-- 
+2.24.1
+

meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch

@@ -0,0 +1,36 @@
+From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Thu, 12 Dec 2019 17:30:55 +0800
+Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
+
+When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
+return NULL which cause a infinite loop in xmlStringLenDecodeEntities
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076]
+CVE: CVE-2020-7595
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> 
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index d1c31963..a34bb6cd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+     else
+         c = 0;
+     while ((c != 0) && (c != end) && /* non input consuming loop */
+-	   (c != end2) && (c != end3)) {
++           (c != end2) && (c != end3) &&
++           (ctxt->instate != XML_PARSER_EOF)) {
+ 
+ 	if (c == 0) break;
+         if ((c == '&') && (str[1] == '#')) {
+-- 
+2.24.1
+

meta/recipes-core/libxml/libxml2_2.9.9.bb

@@ -21,6 +21,8 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
            file://fix-execution-of-ptests.patch \
            file://Fix-CVE-2019-19956.patch \
+           file://CVE-2020-7595.patch \
+           file://CVE-2019-20388.patch \
            "
 
 SRC_URI[libtar.md5sum] = "c04a5a0a042eaa157e8e8c9eabe76bd6"

meta/recipes-core/meta/cve-update-db-native.bb

@@ -13,8 +13,15 @@ deltask do_install
 deltask do_populate_sysroot
 
 python () {
-    if not d.getVar("CVE_CHECK_DB_FILE"):
+    cve_check_db_file = d.getVar("CVE_CHECK_DB_FILE")
+    if not cve_check_db_file:
         raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
+
+    if os.path.exists("%s-journal" % cve_check_db_file ):
+        os.remove("%s-journal" % cve_check_db_file)
+
+        if os.path.exists(cve_check_db_file):
+            os.remove(cve_check_db_file)
 }
 
 python do_populate_cve_db() {
@@ -122,7 +129,7 @@ def parse_node_and_insert(c, node, cveId):
             product = cpe23[4]
             version = cpe23[5]
 
-            if version != '*':
+            if version != '*' and version != '-':
                 # Version is defined, this is a '=' match
                 yield [cveId, vendor, product, version, '=', '', '']
             else:

meta/recipes-core/meta/dummy-sdk-package.inc

@@ -17,6 +17,9 @@ ALLOW_EMPTY_${PN} = "1"
 
 PR[vardeps] += "DUMMYPROVIDES"
 
+DUMMYPROVIDES_PACKAGES ??= ""
+DUMMYPROVIDES += "${@' '.join([multilib_pkg_extend(d, pkg) for pkg in d.getVar('DUMMYPROVIDES_PACKAGES').split()])}"
+
 python populate_packages_prepend() {
     p = d.getVar("PN")
     d.appendVar("RPROVIDES_%s" % p, "${DUMMYPROVIDES}")

meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb

@@ -1,6 +1,6 @@
 DUMMYARCH = "buildtools-dummy-${SDKPKGSUFFIX}"
 
-DUMMYPROVIDES = "\
+DUMMYPROVIDES_PACKAGES = "\
     nativesdk-perl \
     nativesdk-libxml-parser-perl \
     nativesdk-perl-module-bytes \
@@ -21,6 +21,9 @@ DUMMYPROVIDES = "\
     nativesdk-perl-module-posix \
     nativesdk-perl-module-thread-queue \
     nativesdk-perl-module-threads \
+"
+
+DUMMYPROVIDES = "\
     /usr/bin/perl \
     "
 

meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb

@@ -1,10 +1,13 @@
 DUMMYARCH = "sdk-provides-dummy-${SDKPKGSUFFIX}"
 
+DUMMYPROVIDES_PACKAGES = "\
+    pkgconfig \
+"
+
 # Add /bin/sh?
 DUMMYPROVIDES = "\
     /bin/bash \
     /usr/bin/env \
-    pkgconfig \
     libGL.so()(64bit) \
     libGL.so \
 "

meta/recipes-core/meta/target-sdk-provides-dummy.bb

@@ -48,7 +48,6 @@ DUMMYPROVIDES_PACKAGES = "\
 "
 
 DUMMYPROVIDES = "\
-    ${@' '.join([multilib_pkg_extend(d, pkg) for pkg in d.getVar('DUMMYPROVIDES_PACKAGES').split()])} \
     /bin/sh \
     /bin/bash \
     /usr/bin/env \

meta/recipes-core/ncurses/ncurses_6.1+20190803.bb

@@ -10,3 +10,5 @@ SRCREV = "3c9b2677c96c645496997321bf2fe465a5e7e21f"
 S = "${WORKDIR}/git"
 EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)"
+
+CVE_VERSION = "6.1.${@d.getVar("PV").split('+')[1]}"

meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch

@@ -0,0 +1,520 @@
+From 0062d795bf29301ae054e1826a7189198a2565c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 14 Apr 2020 09:06:53 +0000
+Subject: [PATCH] Merge branch 'polkit-ref-count'
+
+Upsteam-Status: Backport [https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2]
+CVE: CVE-2020-1712
+
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+---
+ TODO                            |   2 +-
+ man/rules/meson.build           |   1 +
+ man/sd_bus_enqueue_for_read.xml |  88 ++++++++++++++++
+ src/libsystemd/libsystemd.sym   |   1 +
+ src/libsystemd/sd-bus/sd-bus.c  |  24 +++++
+ src/shared/bus-util.c           | 179 +++++++++++++++++++++-----------
+ src/systemd/sd-bus.h            |   1 +
+ 7 files changed, 235 insertions(+), 61 deletions(-)
+ create mode 100644 man/sd_bus_enqueue_for_read.xml
+
+diff --git a/TODO b/TODO
+index c5b5b86057..5c5ea1f568 100644
+--- a/TODO
++++ b/TODO
+@@ -184,7 +184,7 @@ Features:
+ 
+ * the a-posteriori stopping of units bound to units that disappeared logic
+   should be reworked: there should be a queue of units, and we should only
+-  enqeue stop jobs from a defer event that processes queue instead of
++  enqueue stop jobs from a defer event that processes queue instead of
+   right-away when we find a unit that is bound to one that doesn't exist
+   anymore. (similar to how the stop-unneeded queue has been reworked the same
+   way)
+diff --git a/man/rules/meson.build b/man/rules/meson.build
+index 3b63311d7b..e80ed98c34 100644
+--- a/man/rules/meson.build
++++ b/man/rules/meson.build
+@@ -192,6 +192,7 @@ manpages = [
+    'sd_bus_open_user_with_description',
+    'sd_bus_open_with_description'],
+   ''],
++ ['sd_bus_enqueue_for_read', '3', [], ''],
+  ['sd_bus_error',
+   '3',
+   ['SD_BUS_ERROR_MAKE_CONST',
+diff --git a/man/sd_bus_enqueue_for_read.xml b/man/sd_bus_enqueue_for_read.xml
+new file mode 100644
+index 0000000000..3318a3031b
+--- /dev/null
++++ b/man/sd_bus_enqueue_for_read.xml
+@@ -0,0 +1,88 @@
++<?xml version='1.0'?>
++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
++  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
++<!-- SPDX-License-Identifier: LGPL-2.1+ -->
++
++<refentry id="sd_bus_enqueue_for_read"
++          xmlns:xi="http://www.w3.org/2001/XInclude">
++
++  <refentryinfo>
++    <title>sd_bus_enqueue_for_read</title>
++    <productname>systemd</productname>
++  </refentryinfo>
++
++  <refmeta>
++    <refentrytitle>sd_bus_enqueue_for_read</refentrytitle>
++    <manvolnum>3</manvolnum>
++  </refmeta>
++
++  <refnamediv>
++    <refname>sd_bus_enqueue_for_read</refname>
++
++    <refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose>
++  </refnamediv>
++
++  <refsynopsisdiv>
++    <funcsynopsis>
++      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
++
++      <funcprototype>
++        <funcdef>int <function>sd_bus_enqueue_for_read</function></funcdef>
++        <paramdef>sd_bus *<parameter>bus</parameter></paramdef>
++        <paramdef>sd_bus_message *<parameter>message</parameter></paramdef>
++      </funcprototype>
++
++    </funcsynopsis>
++  </refsynopsisdiv>
++
++  <refsect1>
++    <title>Description</title>
++
++    <para><function>sd_bus_enqueue_for_read()</function> may be used to re-enqueue an incoming bus message on
++    the local read queue, so that it is processed and dispatched locally again, similar to how an incoming
++    message from the peer is processed. Takes a bus connection object and the message to enqueue. A reference
++    is taken of the message and the caller's reference thus remains in possession of the caller. The message
++    is enqueued at the end of the queue, thus will be dispatched after all other already queued messages are
++    dispatched.</para>
++
++    <para>This call is primarily useful for dealing with incoming method calls that may be processed only
++    after an additional asynchronous operation completes. One example are PolicyKit authorization requests
++    that are determined to be necessary to authorize a newly incoming method call: when the PolicyKit response
++    is received the original method call may be re-enqueued to process it again, this time with the
++    authorization result known.</para>
++  </refsect1>
++
++  <refsect1>
++    <title>Return Value</title>
++
++    <para>On success, this function return 0 or a positive integer. On failure, it returns a negative errno-style
++    error code.</para>
++
++    <refsect2>
++      <title>Errors</title>
++
++      <para>Returned errors may indicate the following problems:</para>
++
++      <variablelist>
++        <varlistentry>
++          <term><constant>-ECHILD</constant></term>
++
++          <listitem><para>The bus connection has been created in a different process.</para></listitem>
++        </varlistentry>
++      </variablelist>
++    </refsect2>
++  </refsect1>
++
++  <xi:include href="libsystemd-pkgconfig.xml" />
++
++  <refsect1>
++    <title>See Also</title>
++
++    <para>
++      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
++      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
++      <citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
++    </para>
++  </refsect1>
++
++</refentry>
+diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
+index 5ec42e0f1f..c40f1b7d1a 100644
+--- a/src/libsystemd/libsystemd.sym
++++ b/src/libsystemd/libsystemd.sym
+@@ -679,6 +679,7 @@ global:
+ 
+ LIBSYSTEMD_243 {
+ global:
++        sd_bus_enqueue_for_read;
+         sd_bus_object_vtable_format;
+         sd_event_source_disable_unref;
+ } LIBSYSTEMD_241;
+diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
+index 026ac8cb94..07bc145f37 100644
+--- a/src/libsystemd/sd-bus/sd-bus.c
++++ b/src/libsystemd/sd-bus/sd-bus.c
+@@ -4194,3 +4194,27 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) {
+ 
+         return bus->close_on_exit;
+ }
++
++_public_ int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) {
++        int r;
++
++        assert_return(bus, -EINVAL);
++        assert_return(bus = bus_resolve(bus), -ENOPKG);
++        assert_return(m, -EINVAL);
++        assert_return(m->sealed, -EINVAL);
++        assert_return(!bus_pid_changed(bus), -ECHILD);
++
++        if (!BUS_IS_OPEN(bus->state))
++                return -ENOTCONN;
++
++        /* Re-enqueue a message for reading. This is primarily useful for PolicyKit-style authentication,
++         * where we accept a message, then determine we need to interactively authenticate the user, and then
++         * we want to process the message again. */
++
++        r = bus_rqueue_make_room(bus);
++        if (r < 0)
++                return r;
++
++        bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus);
++        return 0;
++}
+diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
+index e9b0b8a99d..88cad9cd0a 100644
+--- a/src/shared/bus-util.c
++++ b/src/shared/bus-util.c
+@@ -212,6 +212,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
+         return sender_uid == good_user;
+ }
+ 
++#if ENABLE_POLKIT
++static int bus_message_append_strv_key_value(
++                sd_bus_message *m,
++                const char **l) {
++
++        const char **k, **v;
++        int r;
++
++        assert(m);
++
++        r = sd_bus_message_open_container(m, 'a', "{ss}");
++        if (r < 0)
++                return r;
++
++        STRV_FOREACH_PAIR(k, v, l) {
++                r = sd_bus_message_append(m, "{ss}", *k, *v);
++                if (r < 0)
++                        return r;
++        }
++
++        r = sd_bus_message_close_container(m);
++        if (r < 0)
++                return r;
++
++        return r;
++}
++#endif
++
+ int bus_test_polkit(
+                 sd_bus_message *call,
+                 int capability,
+@@ -219,7 +247,7 @@ int bus_test_polkit(
+                 const char **details,
+                 uid_t good_user,
+                 bool *_challenge,
+-                sd_bus_error *e) {
++                sd_bus_error *ret_error) {
+ 
+         int r;
+ 
+@@ -242,7 +270,7 @@ int bus_test_polkit(
+                 _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL;
+                 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                 int authorized = false, challenge = false;
+-                const char *sender, **k, **v;
++                const char *sender;
+ 
+                 sender = sd_bus_message_get_sender(call);
+                 if (!sender)
+@@ -266,17 +294,7 @@ int bus_test_polkit(
+                 if (r < 0)
+                         return r;
+ 
+-                r = sd_bus_message_open_container(request, 'a', "{ss}");
+-                if (r < 0)
+-                        return r;
+-
+-                STRV_FOREACH_PAIR(k, v, details) {
+-                        r = sd_bus_message_append(request, "{ss}", *k, *v);
+-                        if (r < 0)
+-                                return r;
+-                }
+-
+-                r = sd_bus_message_close_container(request);
++                r = bus_message_append_strv_key_value(request, details);
+                 if (r < 0)
+                         return r;
+ 
+@@ -284,11 +302,11 @@ int bus_test_polkit(
+                 if (r < 0)
+                         return r;
+ 
+-                r = sd_bus_call(call->bus, request, 0, e, &reply);
++                r = sd_bus_call(call->bus, request, 0, ret_error, &reply);
+                 if (r < 0) {
+                         /* Treat no PK available as access denied */
+-                        if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
+-                                sd_bus_error_free(e);
++                        if (sd_bus_error_has_name(ret_error, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
++                                sd_bus_error_free(ret_error);
+                                 return -EACCES;
+                         }
+ 
+@@ -319,15 +337,17 @@ int bus_test_polkit(
+ #if ENABLE_POLKIT
+ 
+ typedef struct AsyncPolkitQuery {
++        char *action;
++        char **details;
++
+         sd_bus_message *request, *reply;
+-        sd_bus_message_handler_t callback;
+-        void *userdata;
+         sd_bus_slot *slot;
++
+         Hashmap *registry;
++        sd_event_source *defer_event_source;
+ } AsyncPolkitQuery;
+ 
+ static void async_polkit_query_free(AsyncPolkitQuery *q) {
+-
+         if (!q)
+                 return;
+ 
+@@ -339,9 +359,25 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) {
+         sd_bus_message_unref(q->request);
+         sd_bus_message_unref(q->reply);
+ 
++        free(q->action);
++        strv_free(q->details);
++
++        sd_event_source_disable_unref(q->defer_event_source);
+         free(q);
+ }
+ 
++static int async_polkit_defer(sd_event_source *s, void *userdata) {
++        AsyncPolkitQuery *q = userdata;
++
++        assert(s);
++
++        /* This is called as idle event source after we processed the async polkit reply, hopefully after the
++         * method call we re-enqueued has been properly processed. */
++
++        async_polkit_query_free(q);
++        return 0;
++}
++
+ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
+         _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+         AsyncPolkitQuery *q = userdata;
+@@ -350,21 +386,46 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
+         assert(reply);
+         assert(q);
+ 
++        assert(q->slot);
+         q->slot = sd_bus_slot_unref(q->slot);
++
++        assert(!q->reply);
+         q->reply = sd_bus_message_ref(reply);
+ 
++        /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the
++         * whole message processing again, and thus re-validating and re-retrieving the "userdata" field
++         * again.
++         *
++         * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again,
++         * i.e. after the second time the message is processed is complete. */
++
++        assert(!q->defer_event_source);
++        r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q);
++        if (r < 0)
++                goto fail;
++
++        r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE);
++        if (r < 0)
++                goto fail;
++
++        r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT);
++        if (r < 0)
++                goto fail;
++
+         r = sd_bus_message_rewind(q->request, true);
+-        if (r < 0) {
+-                r = sd_bus_reply_method_errno(q->request, r, NULL);
+-                goto finish;
+-        }
++        if (r < 0)
++                goto fail;
+ 
+-        r = q->callback(q->request, q->userdata, &error_buffer);
+-        r = bus_maybe_reply_error(q->request, r, &error_buffer);
++        r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request);
++        if (r < 0)
++                goto fail;
+ 
+-finish:
+-        async_polkit_query_free(q);
++        return 1;
+ 
++fail:
++        log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m");
++        (void) sd_bus_reply_method_errno(q->request, r, NULL);
++        async_polkit_query_free(q);
+         return r;
+ }
+ 
+@@ -378,16 +439,14 @@ int bus_verify_polkit_async(
+                 bool interactive,
+                 uid_t good_user,
+                 Hashmap **registry,
+-                sd_bus_error *error) {
++                sd_bus_error *ret_error) {
+ 
+ #if ENABLE_POLKIT
+         _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
+         AsyncPolkitQuery *q;
+-        const char *sender, **k, **v;
+-        sd_bus_message_handler_t callback;
+-        void *userdata;
+         int c;
+ #endif
++        const char *sender;
+         int r;
+ 
+         assert(call);
+@@ -403,11 +462,17 @@ int bus_verify_polkit_async(
+         if (q) {
+                 int authorized, challenge;
+ 
+-                /* This is the second invocation of this function, and
+-                 * there's already a response from polkit, let's
+-                 * process it */
++                /* This is the second invocation of this function, and there's already a response from
++                 * polkit, let's process it */
+                 assert(q->reply);
+ 
++                /* If the operation we want to authenticate changed between the first and the second time,
++                 * let's not use this authentication, it might be out of date as the object and context we
++                 * operate on might have changed. */
++                if (!streq(q->action, action) ||
++                    !strv_equal(q->details, (char**) details))
++                        return -ESTALE;
++
+                 if (sd_bus_message_is_method_error(q->reply, NULL)) {
+                         const sd_bus_error *e;
+ 
+@@ -418,7 +483,7 @@ int bus_verify_polkit_async(
+                                 return -EACCES;
+ 
+                         /* Copy error from polkit reply */
+-                        sd_bus_error_copy(error, e);
++                        sd_bus_error_copy(ret_error, e);
+                         return -sd_bus_error_get_errno(e);
+                 }
+ 
+@@ -433,7 +498,7 @@ int bus_verify_polkit_async(
+                         return 1;
+ 
+                 if (challenge)
+-                        return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
++                        return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+ 
+                 return -EACCES;
+         }
+@@ -445,20 +510,12 @@ int bus_verify_polkit_async(
+         else if (r > 0)
+                 return 1;
+ 
+-#if ENABLE_POLKIT
+-        if (sd_bus_get_current_message(call->bus) != call)
+-                return -EINVAL;
+-
+-        callback = sd_bus_get_current_handler(call->bus);
+-        if (!callback)
+-                return -EINVAL;
+-
+-        userdata = sd_bus_get_current_userdata(call->bus);
+ 
+         sender = sd_bus_message_get_sender(call);
+         if (!sender)
+                 return -EBADMSG;
+ 
++#if ENABLE_POLKIT
+         c = sd_bus_message_get_allow_interactive_authorization(call);
+         if (c < 0)
+                 return c;
+@@ -487,17 +544,7 @@ int bus_verify_polkit_async(
+         if (r < 0)
+                 return r;
+ 
+-        r = sd_bus_message_open_container(pk, 'a', "{ss}");
+-        if (r < 0)
+-                return r;
+-
+-        STRV_FOREACH_PAIR(k, v, details) {
+-                r = sd_bus_message_append(pk, "{ss}", *k, *v);
+-                if (r < 0)
+-                        return r;
+-        }
+-
+-        r = sd_bus_message_close_container(pk);
++        r = bus_message_append_strv_key_value(pk, details);
+         if (r < 0)
+                 return r;
+ 
+@@ -505,13 +552,25 @@ int bus_verify_polkit_async(
+         if (r < 0)
+                 return r;
+ 
+-        q = new0(AsyncPolkitQuery, 1);
++        q = new(AsyncPolkitQuery, 1);
+         if (!q)
+                 return -ENOMEM;
+ 
+-        q->request = sd_bus_message_ref(call);
+-        q->callback = callback;
+-        q->userdata = userdata;
++        *q = (AsyncPolkitQuery) {
++                .request = sd_bus_message_ref(call),
++        };
++
++        q->action = strdup(action);
++        if (!q->action) {
++                async_polkit_query_free(q);
++                return -ENOMEM;
++        }
++
++        q->details = strv_copy((char**) details);
++        if (!q->details) {
++                async_polkit_query_free(q);
++                return -ENOMEM;
++        }
+ 
+         r = hashmap_put(*registry, call, q);
+         if (r < 0) {
+diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
+index 84ceb62dc7..0e5c761f83 100644
+--- a/src/systemd/sd-bus.h
++++ b/src/systemd/sd-bus.h
+@@ -201,6 +201,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r);
+ int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
+ int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
+ int sd_bus_flush(sd_bus *bus);
++int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m);
+ 
+ sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
+ sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
+-- 
+2.23.0
+

meta/recipes-core/systemd/systemd_243.2.bb

@@ -24,6 +24,7 @@ SRC_URI += "file://touchscreen.rules \
            file://0005-rules-watch-metadata-changes-in-ide-devices.patch \
            file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \
            file://99-default.preset \
+           file://0001-Merge-branch-polkit-ref-count.patch \
            "
 
 # patches needed by musl

meta/recipes-devtools/apt/files/apt.conf

@@ -39,4 +39,4 @@ APT
   };
 };
 
-DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-debsig"};
+DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-force-overwrite";"--no-debsig"};

meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch

@@ -0,0 +1,49 @@
+From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:45:06 -0500
+Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
+
+If directory has been deleted in pass1[bcd] processing, then we
+shouldn't try to rehash the directory in pass 3a when we try to
+rehash/reoptimize directories.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ e2fsck/pass1b.c | 4 ++++
+ e2fsck/rehash.c | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
+index 5693b9cf..bca701ca 100644
+--- a/e2fsck/pass1b.c
++++ b/e2fsck/pass1b.c
+@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
+ 		fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
+ 	if (ctx->inode_bad_map)
+ 		ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
++	if (ctx->inode_reg_map)
++		ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
++	ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
++	ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
+ 	ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
+ 	quota_data_sub(ctx->qctx, &dp->inode, ino,
+ 		       pb.dup_blocks * fs->blocksize);
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 3dd1e941..2c908be0 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
+ 			if (!ext2fs_u32_list_iterate(iter, &ino))
+ 				break;
+ 		}
++		if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
++			continue;
+ 
+ 		pctx.dir = ino;
+ 		if (first) {
+-- 
+2.24.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch

@@ -0,0 +1,57 @@
+From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:37:34 -0500
+Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
+ rehashing
+
+In e2fsck pass 3a, when we are rehashing directories, at least in
+theory, all of the directories should have had corruptions with
+respect to directory entry structure fixed.  However, it's possible
+(for example, if the user declined a fix) that we can reach this stage
+of processing with a corrupted directory entries.
+
+So check for that case and don't try to process a corrupted directory
+block so we don't run into trouble in mutate_name() if there is a
+zero-length file name.
+
+Addresses: TALOS-2019-0973
+Addresses: CVE-2019-5188
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+CVE: CVE-2019-5188
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
+---
+ e2fsck/rehash.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index a5fc1be1..3dd1e941 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
+ 		dir_offset += rec_len;
+ 		if (dirent->inode == 0)
+ 			continue;
++		if ((name_len) == 0) {
++			fd->err = EXT2_ET_DIR_CORRUPTED;
++			return BLOCK_ABORT;
++		}
+ 		if (!fd->compress && (name_len == 1) &&
+ 		    (dirent->name[0] == '.'))
+ 			continue;
+@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
+ 			continue;
+ 		}
+ 		new_len = ext2fs_dirent_name_len(ent->dir);
++		if (new_len == 0) {
++			 /* should never happen */
++			ext2fs_unmark_valid(fs);
++			continue;
++		}
+ 		memcpy(new_name, ent->dir->name, new_len);
+ 		mutate_name(new_name, &new_len);
+ 		for (j=0; j < fd->num_array; j++) {
+-- 
+2.24.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch

@@ -0,0 +1,76 @@
+From: Wang Shilong <wshilong@ddn.com>
+Date: Mon, 30 Dec 2019 19:52:39 -0500
+Subject: e2fsck: fix use after free in calculate_tree()
+
+The problem is alloc_blocks() will call get_next_block() which might
+reallocate outdir->buf, and memory address could be changed after
+this.  To fix this, pointers that point into outdir->buf, such as
+int_limit and root need to be recaulated based on the new starting
+address of outdir->buf.
+
+[ Changed to correctly recalculate int_limit, and to optimize how we
+  reallocate outdir->buf.  -TYT ]
+
+Addresses-Debian-Bug: 948517
+Signed-off-by: Wang Shilong <wshilong@ddn.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01)
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01]
+---
+ e2fsck/rehash.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 0a5888a9..2574e151 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir,
+ 	errcode_t	retval;
+ 
+ 	if (outdir->num >= outdir->max) {
+-		retval = alloc_size_dir(fs, outdir, outdir->max + 50);
++		int increment = outdir->max / 10;
++
++		if (increment < 50)
++			increment = 50;
++		retval = alloc_size_dir(fs, outdir, outdir->max + increment);
+ 		if (retval)
+ 			return retval;
+ 	}
+@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs,
+ 	if (retval)
+ 		return retval;
+ 
++	/* outdir->buf might be reallocated */
++	*prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset);
++
+ 	*next_ent = set_int_node(fs, block_start);
+ 	*limit = (struct ext2_dx_countlimit *)(*next_ent);
+ 	if (next_offset)
+@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ 					return retval;
+ 			}
+ 			if (c3 == 0) {
++				int delta1 = (char *)int_limit - outdir->buf;
++				int delta2 = (char *)root - outdir->buf;
++
+ 				retval = alloc_blocks(fs, &limit, &int_ent,
+ 						      &dx_ent, &int_offset,
+ 						      NULL, outdir, i, &c2,
+@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ 				if (retval)
+ 					return retval;
+ 
++				/* outdir->buf might be reallocated */
++				int_limit = (struct ext2_dx_countlimit *)
++					(outdir->buf + delta1);
++				root = (struct ext2_dx_entry *)
++					(outdir->buf + delta2);
+ 			}
+ 			dx_ent->block = ext2fs_cpu_to_le32(i);
+ 			if (c3 != limit->limit)
+-- 
+2.24.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb

@@ -6,6 +6,9 @@ SRC_URI += "file://remove.ldconfig.call.patch \
             file://mkdir_p.patch \
             file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
             file://CVE-2019-5094.patch \
+            file://CVE-2019-5188.patch \
+            file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
+            file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
             "
 
 SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \

meta/recipes-devtools/gcc/gcc-cross-canadian.inc

@@ -158,7 +158,7 @@ SYSTEMLIBS1 = "${target_libdir}/"
 EXTRA_OECONF += "--enable-poison-system-directories"
 EXTRA_OECONF_remove_elf = "--with-sysroot=/not/exist"
 EXTRA_OECONF_remove_eabi = "--with-sysroot=/not/exist"
-EXTRA_OECONF_append_elf = "--without-headers --with-newlib"
-EXTRA_OECONF_append_eabi = "--without-headers --with-newlib"
+EXTRA_OECONF_append_elf = " --without-headers --with-newlib"
+EXTRA_OECONF_append_eabi = " --without-headers --with-newlib"
 # gcc 4.7 needs -isystem
 export ARCH_FLAGS_FOR_TARGET = "--sysroot=${STAGING_DIR_TARGET} -isystem=${target_includedir}"

meta/recipes-devtools/gcc/gcc-cross.inc

@@ -61,6 +61,13 @@ do_compile () {
 	export CXXFLAGS_FOR_TARGET="${TARGET_CXXFLAGS}"
 	export LDFLAGS_FOR_TARGET="${TARGET_LDFLAGS}"
 
+	# Prevent native/host sysroot path from being used in configargs.h header,
+	# as it will be rewritten when used by other sysroots preventing support
+	# for gcc plugins
+	oe_runmake configure-gcc
+	sed -i 's@${STAGING_DIR_TARGET}@/host@g' ${B}/gcc/configargs.h
+	sed -i 's@${STAGING_DIR_HOST}@/host@g' ${B}/gcc/configargs.h
+
 	oe_runmake all-host configure-target-libgcc
 	(cd ${B}/${TARGET_SYS}/libgcc; oe_runmake enable-execute-stack.c unwind.h md-unwind-support.h sfp-machine.h gthr-default.h)
 	# now generate script to drive testing

meta/recipes-devtools/gcc/gcc-runtime.inc

@@ -302,10 +302,6 @@ do_check() {
 
     # HACK: this works around the configure setting CXX with -nostd* args
     sed -i 's/-nostdinc++ -nostdlib++//g' $(find ${B} -name testsuite_flags | head -1)
-    # HACK: this works around the de-stashing changes to configargs.h, as well as recipe-sysroot changing the content
-    sed -i '/static const char configuration_arguments/d' ${B}/gcc/configargs.h
-    ${CC} -v 2>&1 | grep "^Configured with:" | \
-        sed 's/Configured with: \(.*\)/static const char configuration_arguments[] = "\1";/g' >> ${B}/gcc/configargs.h
 
     if [ "${TOOLCHAIN_TEST_TARGET}" = "user" ]; then
         # qemu user has issues allocating large amounts of memory

meta/recipes-devtools/gcc/gcc-target.inc

@@ -137,6 +137,14 @@ FILES_${PN}-doc = "\
 "
 
 do_compile () {
+	# Prevent full target sysroot path from being used in configargs.h header,
+	# as it will be rewritten when used by other sysroots preventing support
+	# for gcc plugins. Additionally the path is embeddeded into the output
+	# binary, this prevents building a reproducible binary.
+	oe_runmake configure-gcc
+	sed -i 's@${STAGING_DIR_TARGET}@/@g' ${B}/gcc/configargs.h
+	sed -i 's@${STAGING_DIR_HOST}@/@g' ${B}/gcc/configargs.h
+
 	oe_runmake all-host
 }
 

meta/recipes-devtools/git/git.inc

@@ -7,7 +7,21 @@ DEPENDS = "openssl curl zlib expat"
 PROVIDES_append_class-native = " git-replacement-native"
 
 SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
-           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages"
+           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
+           file://CVE-2020-5260.patch \
+           file://0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch \
+           file://0002-credential-detect-unrepresentable-values-when-parsin.patch \
+           file://0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch \
+           file://CVE-2020-11008-1.patch \
+           file://CVE-2020-11008-2.patch \
+           file://CVE-2020-11008-3.patch \
+           file://CVE-2020-11008-4.patch \
+           file://CVE-2020-11008-5.patch \
+           file://CVE-2020-11008-6.patch \
+           file://CVE-2020-11008-7.patch \
+           file://CVE-2020-11008-8.patch \
+           file://CVE-2020-11008-9.patch \
+          "
 
 S = "${WORKDIR}/git-${PV}"
 

meta/recipes-devtools/git/git/0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch

@@ -0,0 +1,35 @@
+From 70ef9c6ce884b2d466d3d36563f1d2aa31b56443 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Wed, 11 Mar 2020 18:11:37 -0400
+Subject: [PATCH 01/12] t/lib-credential: use test_i18ncmp to check stderr
+
+The credential tests have a "check" function which feeds some input to
+git-credential and checks the stdout and stderr. We look for exact
+matches in the output. For stdout, this makes sense; the output is
+the credential protocol. But for stderr, we may be showing various
+diagnostic messages, or the prompts fed to the askpass program, which
+could be translated. Let's mark them as such.
+
+Upstream-Status: Backport
+
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ t/lib-credential.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/t/lib-credential.sh b/t/lib-credential.sh
+index 937b831..bb88cc0 100755
+--- a/t/lib-credential.sh
++++ b/t/lib-credential.sh
+@@ -19,7 +19,7 @@ check() {
+ 		false
+ 	fi &&
+ 	test_cmp expect-stdout stdout &&
+-	test_cmp expect-stderr stderr
++	test_i18ncmp expect-stderr stderr
+ }
+ 
+ read_chunk() {
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/0002-credential-detect-unrepresentable-values-when-parsin.patch

@@ -0,0 +1,156 @@
+From 43803880b954a020dbffa5250a5b7fd893442c7c Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Thu, 12 Mar 2020 01:31:11 -0400
+Subject: [PATCH 02/12] credential: detect unrepresentable values when parsing
+ urls
+
+The credential protocol can't represent newlines in values, but URLs can
+embed percent-encoded newlines in various components. A previous commit
+taught the low-level writing routines to die() when encountering this,
+but we can be a little friendlier to the user by detecting them earlier
+and handling them gracefully.
+
+This patch teaches credential_from_url() to notice such components,
+issue a warning, and blank the credential (which will generally result
+in prompting the user for a username and password). We blank the whole
+credential in this case. Another option would be to blank only the
+invalid component. However, we're probably better off not feeding a
+partially-parsed URL result to a credential helper. We don't know how a
+given helper would handle it, so we're better off to err on the side of
+matching nothing rather than something unexpected.
+
+The die() call in credential_write() is _probably_ impossible to reach
+after this patch. Values should end up in credential structs only by URL
+parsing (which is covered here), or by reading credential protocol input
+(which by definition cannot read a newline into a value). But we should
+definitely keep the low-level check, as it's our final and most accurate
+line of defense against protocol injection attacks. Arguably it could
+become a BUG(), but it probably doesn't matter much either way.
+
+Note that the public interface of credential_from_url() grows a little
+more than we need here. We'll use the extra flexibility in a future
+patch to help fsck catch these cases.
+
+Upstream-Status: Backport
+
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c           | 36 ++++++++++++++++++++++++++++++++++--
+ credential.h           | 16 ++++++++++++++++
+ t/t0300-credentials.sh | 12 ++++++++++--
+ 3 files changed, 60 insertions(+), 4 deletions(-)
+
+diff --git a/credential.c b/credential.c
+index a79aff0..2482382 100644
+--- a/credential.c
++++ b/credential.c
+@@ -324,7 +324,22 @@ void credential_reject(struct credential *c)
+ 	c->approved = 0;
+ }
+ 
+-void credential_from_url(struct credential *c, const char *url)
++static int check_url_component(const char *url, int quiet,
++			       const char *name, const char *value)
++{
++	if (!value)
++		return 0;
++	if (!strchr(value, '\n'))
++		return 0;
++
++	if (!quiet)
++		warning(_("url contains a newline in its %s component: %s"),
++			name, url);
++	return -1;
++}
++
++int credential_from_url_gently(struct credential *c, const char *url,
++			       int quiet)
+ {
+ 	const char *at, *colon, *cp, *slash, *host, *proto_end;
+ 
+@@ -338,7 +353,7 @@ void credential_from_url(struct credential *c, const char *url)
+ 	 */
+ 	proto_end = strstr(url, "://");
+ 	if (!proto_end)
+-		return;
++		return 0;
+ 	cp = proto_end + 3;
+ 	at = strchr(cp, '@');
+ 	colon = strchr(cp, ':');
+@@ -373,4 +388,21 @@ void credential_from_url(struct credential *c, const char *url)
+ 		while (p > c->path && *p == '/')
+ 			*p-- = '\0';
+ 	}
++
++	if (check_url_component(url, quiet, "username", c->username) < 0 ||
++	    check_url_component(url, quiet, "password", c->password) < 0 ||
++	    check_url_component(url, quiet, "protocol", c->protocol) < 0 ||
++	    check_url_component(url, quiet, "host", c->host) < 0 ||
++	    check_url_component(url, quiet, "path", c->path) < 0)
++		return -1;
++
++	return 0;
++}
++
++void credential_from_url(struct credential *c, const char *url)
++{
++	if (credential_from_url_gently(c, url, 0) < 0) {
++		warning(_("skipping credential lookup for url: %s"), url);
++		credential_clear(c);
++	}
+ }
+diff --git a/credential.h b/credential.h
+index 6b0cd16..122a23c 100644
+--- a/credential.h
++++ b/credential.h
+@@ -28,7 +28,23 @@ struct credential {
+ 
+ int credential_read(struct credential *, FILE *);
+ void credential_write(const struct credential *, FILE *);
++
++/*
++ * Parse a url into a credential struct, replacing any existing contents.
++ *
++ * Ifthe url can't be parsed (e.g., a missing "proto://" component), the
++ * resulting credential will be empty but we'll still return success from the
++ * "gently" form.
++ *
++ * If we encounter a component which cannot be represented as a credential
++ * value (e.g., because it contains a newline), the "gently" form will return
++ * an error but leave the broken state in the credential object for further
++ * examination.  The non-gentle form will issue a warning to stderr and return
++ * an empty credential.
++ */
+ void credential_from_url(struct credential *, const char *url);
++int credential_from_url_gently(struct credential *, const char *url, int quiet);
++
+ int credential_match(const struct credential *have,
+ 		     const struct credential *want);
+ 
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index 26f3c3a..b9c0f1f 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -308,9 +308,17 @@ test_expect_success 'empty helper spec resets helper list' '
+ 	EOF
+ '
+ 
+-test_expect_success 'url parser rejects embedded newlines' '
+-	test_must_fail git credential fill <<-\EOF
++test_expect_success 'url parser ignores embedded newlines' '
++	check fill <<-EOF
+ 	url=https://one.example.com?%0ahost=two.example.com/
++	--
++	username=askpass-username
++	password=askpass-password
++	--
++	warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
++	warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
++	askpass: Username:
++	askpass: Password:
+ 	EOF
+ '
+ 
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch

@@ -0,0 +1,103 @@
+From 1c9f8cedd34302575db40016231bdf502f17901e Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Mon, 27 Apr 2020 13:49:39 +0800
+Subject: [PATCH 03/12] fsck: detect gitmodules URLs with embedded newlines
+
+The credential protocol can't handle values with newlines. We already
+detect and block any such URLs from being used with credential helpers,
+but let's also add an fsck check to detect and block gitmodules files
+with such URLs. That will let us notice the problem earlier when
+transfer.fsckObjects is turned on. And in particular it will prevent bad
+objects from spreading, which may protect downstream users running older
+versions of Git.
+
+We'll file this under the existing gitmodulesUrl flag, which covers URLs
+with option injection. There's really no need to distinguish the exact
+flaw in the URL in this context. Likewise, I've expanded the description
+of t7416 to cover all types of bogus URLs.
+
+Upstream-Status: Backport
+
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ fsck.c                        | 16 +++++++++++++++-
+ t/t7416-submodule-dash-url.sh | 18 +++++++++++++++++-
+ 2 files changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/fsck.c b/fsck.c
+index ef8b343..ea46eea 100644
+--- a/fsck.c
++++ b/fsck.c
+@@ -15,6 +15,7 @@
+ #include "packfile.h"
+ #include "submodule-config.h"
+ #include "config.h"
++#include "credential.h"
+ #include "help.h"
+ 
+ static struct oidset gitmodules_found = OIDSET_INIT;
+@@ -947,6 +948,19 @@ static int fsck_tag(struct tag *tag, const char *data,
+ 	return fsck_tag_buffer(tag, data, size, options);
+ }
+ 
++static int check_submodule_url(const char *url)
++{
++	struct credential c = CREDENTIAL_INIT;
++	int ret;
++
++	if (looks_like_command_line_option(url))
++		return -1;
++
++	ret = credential_from_url_gently(&c, url, 1);
++	credential_clear(&c);
++	return ret;
++}
++
+ struct fsck_gitmodules_data {
+ 	struct object *obj;
+ 	struct fsck_options *options;
+@@ -971,7 +985,7 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
+ 				    "disallowed submodule name: %s",
+ 				    name);
+ 	if (!strcmp(key, "url") && value &&
+-	    looks_like_command_line_option(value))
++	    check_submodule_url(value) < 0)
+ 		data->ret |= report(data->options, data->obj,
+ 				    FSCK_MSG_GITMODULES_URL,
+ 				    "disallowed submodule url: %s",
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index 5ba041f..41431b1 100755
+--- a/t/t7416-submodule-dash-url.sh
++++ b/t/t7416-submodule-dash-url.sh
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+ 
+-test_description='check handling of .gitmodule url with dash'
++test_description='check handling of disallowed .gitmodule urls'
+ . ./test-lib.sh
+ 
+ test_expect_success 'create submodule with protected dash in url' '
+@@ -60,4 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
+ 	test_i18ngrep ! "unknown option" err
+ '
+ 
++test_expect_success 'fsck rejects embedded newline in url' '
++	# create an orphan branch to avoid existing .gitmodules objects
++	git checkout --orphan newline &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++	url = "https://one.example.com?%0ahost=two.example.com/foo.git"
++	EOF
++	git add .gitmodules &&
++	git commit -m "gitmodules with newline" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
+ test_done
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-1.patch

@@ -0,0 +1,70 @@
+From 863f8067d8b4012904ca3bb881c659ac9894df97 Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Mon, 27 Apr 2020 14:36:03 +0800
+Subject: [PATCH 04/12] t0300: make "quit" helper more realistic
+
+We test a toy credential helper that writes "quit=1" and confirms that
+we stop running other helpers. However, that helper is unrealistic in
+that it does not bother to read its stdin at all.
+
+For now we don't send any input to it, because we feed git-credential a
+blank credential. But that will change in the next patch, which will
+cause this test to racily fail, as git-credential will get SIGPIPE
+writing to the helper rather than exiting because it was asked to.
+
+Let's make this one-off helper more like our other sample helpers, and
+have it source the "dump" script. That will read stdin, fixing the
+SIGPIPE problem. But it will also write what it sees to stderr. We can
+make the test more robust by checking that output, which confirms that
+we do run the quit helper, don't run any other helpers, and exit for the
+reason we expected.
+
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (1)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ t/t0300-credentials.sh | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index b9c0f1f..0206b3b 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -22,6 +22,11 @@ test_expect_success 'setup helper scripts' '
+ 	exit 0
+ 	EOF
+ 
++	write_script git-credential-quit <<-\EOF &&
++	. ./dump
++	echo quit=1
++	EOF
++
+ 	write_script git-credential-verbatim <<-\EOF &&
+ 	user=$1; shift
+ 	pass=$1; shift
+@@ -291,10 +296,16 @@ test_expect_success 'http paths can be part of context' '
+ 
+ test_expect_success 'helpers can abort the process' '
+ 	test_must_fail git \
+-		-c credential.helper="!f() { echo quit=1; }; f" \
++		-c credential.helper=quit \
+ 		-c credential.helper="verbatim foo bar" \
+-		credential fill >stdout &&
+-	test_must_be_empty stdout
++		credential fill >stdout 2>stderr &&
++	>expect &&
++	test_cmp expect stdout &&
++	cat >expect <<-\EOF &&
++	quit: get
++	fatal: credential helper '\''quit'\'' told us to quit
++	EOF
++	test_i18ncmp expect stderr
+ '
+ 
+ test_expect_success 'empty helper spec resets helper list' '
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-2.patch

@@ -0,0 +1,292 @@
+From 5588659069214aa0f7fea75a69687078e2f7a817 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Sat, 18 Apr 2020 20:47:30 -0700
+Subject: [PATCH 05/12] t0300: use more realistic inputs
+
+Many of the tests in t0300 give partial inputs to git-credential,
+omitting a protocol or hostname. We're checking only high-level things
+like whether and how helpers are invoked at all, and we don't care about
+specific hosts. However, in preparation for tightening up the rules
+about when we're willing to run a helper, let's start using input that's
+a bit more realistic: pretend as if http://example.com is being
+examined.
+
+This shouldn't change the point of any of the tests, but do note we have
+to adjust the expected output to accommodate this (filling a credential
+will repeat back the protocol/host fields to stdout, and the helper
+debug messages and askpass prompt will change on stderr).
+
+Signed-off-by: Jeff King <peff@peff.net>
+Reviewed-by: Taylor Blau <me@ttaylorr.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (2)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ t/t0300-credentials.sh | 89 +++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 85 insertions(+), 4 deletions(-)
+
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index 0206b3b..f4c5d7f 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -40,43 +40,71 @@ test_expect_success 'setup helper scripts' '
+ 
+ test_expect_success 'credential_fill invokes helper' '
+ 	check fill "verbatim foo bar" <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	password=bar
+ 	--
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	EOF
+ '
+ 
+ test_expect_success 'credential_fill invokes multiple helpers' '
+ 	check fill useless "verbatim foo bar" <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	password=bar
+ 	--
+ 	useless: get
++	useless: protocol=http
++	useless: host=example.com
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	EOF
+ '
+ 
+ test_expect_success 'credential_fill stops when we get a full response' '
+ 	check fill "verbatim one two" "verbatim three four" <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=one
+ 	password=two
+ 	--
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	EOF
+ '
+ 
+ test_expect_success 'credential_fill continues through partial response' '
+ 	check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=two
+ 	password=three
+ 	--
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	verbatim: username=one
+ 	EOF
+ '
+@@ -102,14 +130,20 @@ test_expect_success 'credential_fill passes along metadata' '
+ 
+ test_expect_success 'credential_approve calls all helpers' '
+ 	check approve useless "verbatim one two" <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	password=bar
+ 	--
+ 	--
+ 	useless: store
++	useless: protocol=http
++	useless: host=example.com
+ 	useless: username=foo
+ 	useless: password=bar
+ 	verbatim: store
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	verbatim: username=foo
+ 	verbatim: password=bar
+ 	EOF
+@@ -117,6 +151,8 @@ test_expect_success 'credential_approve calls all helpers' '
+ 
+ test_expect_success 'do not bother storing password-less credential' '
+ 	check approve useless <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	--
+ 	--
+@@ -126,14 +162,20 @@ test_expect_success 'do not bother storing password-less credential' '
+ 
+ test_expect_success 'credential_reject calls all helpers' '
+ 	check reject useless "verbatim one two" <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	password=bar
+ 	--
+ 	--
+ 	useless: erase
++	useless: protocol=http
++	useless: host=example.com
+ 	useless: username=foo
+ 	useless: password=bar
+ 	verbatim: erase
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	verbatim: username=foo
+ 	verbatim: password=bar
+ 	EOF
+@@ -141,33 +183,49 @@ test_expect_success 'credential_reject calls all helpers' '
+ 
+ test_expect_success 'usernames can be preserved' '
+ 	check fill "verbatim \"\" three" <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=one
+ 	--
++	protocol=http
++	host=example.com
+ 	username=one
+ 	password=three
+ 	--
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	verbatim: username=one
+ 	EOF
+ '
+ 
+ test_expect_success 'usernames can be overridden' '
+ 	check fill "verbatim two three" <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=one
+ 	--
++	protocol=http
++	host=example.com
+ 	username=two
+ 	password=three
+ 	--
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	verbatim: username=one
+ 	EOF
+ '
+ 
+ test_expect_success 'do not bother completing already-full credential' '
+ 	check fill "verbatim three four" <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=one
+ 	password=two
+ 	--
++	protocol=http
++	host=example.com
+ 	username=one
+ 	password=two
+ 	--
+@@ -179,23 +237,31 @@ test_expect_success 'do not bother completing already-full credential' '
+ # askpass helper is run, we know the internal getpass is working.
+ test_expect_success 'empty helper list falls back to internal getpass' '
+ 	check fill <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=askpass-username
+ 	password=askpass-password
+ 	--
+-	askpass: Username:
+-	askpass: Password:
++	askpass: Username for '\''http://example.com'\'':
++	askpass: Password for '\''http://askpass-username@example.com'\'':
+ 	EOF
+ '
+ 
+ test_expect_success 'internal getpass does not ask for known username' '
+ 	check fill <<-\EOF
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	--
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	password=askpass-password
+ 	--
+-	askpass: Password:
++	askpass: Password for '\''http://foo@example.com'\'':
+ 	EOF
+ '
+ 
+@@ -207,7 +273,11 @@ HELPER="!f() {
+ test_expect_success 'respect configured credentials' '
+ 	test_config credential.helper "$HELPER" &&
+ 	check fill <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=foo
+ 	password=bar
+ 	--
+@@ -298,11 +368,16 @@ test_expect_success 'helpers can abort the process' '
+ 	test_must_fail git \
+ 		-c credential.helper=quit \
+ 		-c credential.helper="verbatim foo bar" \
+-		credential fill >stdout 2>stderr &&
++		credential fill >stdout 2>stderr <<-\EOF &&
++	protocol=http
++	host=example.com
++	EOF
+ 	>expect &&
+ 	test_cmp expect stdout &&
+ 	cat >expect <<-\EOF &&
+ 	quit: get
++	quit: protocol=http
++	quit: host=example.com
+ 	fatal: credential helper '\''quit'\'' told us to quit
+ 	EOF
+ 	test_i18ncmp expect stderr
+@@ -311,11 +386,17 @@ test_expect_success 'helpers can abort the process' '
+ test_expect_success 'empty helper spec resets helper list' '
+ 	test_config credential.helper "verbatim file file" &&
+ 	check fill "" "verbatim cmdline cmdline" <<-\EOF
++	protocol=http
++	host=example.com
+ 	--
++	protocol=http
++	host=example.com
+ 	username=cmdline
+ 	password=cmdline
+ 	--
+ 	verbatim: get
++	verbatim: protocol=http
++	verbatim: host=example.com
+ 	EOF
+ '
+ 
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-3.patch

@@ -0,0 +1,97 @@
+From 22f28251ae575dd7a60f7a46853469025d004ca7 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Sat, 18 Apr 2020 20:48:05 -0700
+Subject: [PATCH 06/12] credential: parse URL without host as empty host, not
+ unset
+
+We may feed a URL like "cert:///path/to/cert.pem" into the credential
+machinery to get the key for a client-side certificate. That
+credential has no hostname field, which is about to be disallowed (to
+avoid confusion with protocols where a helper _would_ expect a
+hostname).
+
+This means as of the next patch, credential helpers won't work for
+unlocking certs. Let's fix that by doing two things:
+
+  - when we parse a url with an empty host, set the host field to the
+    empty string (asking only to match stored entries with an empty
+    host) rather than NULL (asking to match _any_ host).
+
+  - when we build a cert:// credential by hand, similarly assign an
+    empty string
+
+It's the latter that is more likely to impact real users in practice,
+since it's what's used for http connections. But we don't have good
+infrastructure to test it.
+
+The url-parsing version will help anybody using git-credential in a
+script, and is easy to test.
+
+Signed-off-by: Jeff King <peff@peff.net>
+Reviewed-by: Taylor Blau <me@ttaylorr.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (3)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c           |  3 +--
+ http.c                 |  1 +
+ t/t0300-credentials.sh | 17 +++++++++++++++++
+ 3 files changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/credential.c b/credential.c
+index 2482382..f2413ce 100644
+--- a/credential.c
++++ b/credential.c
+@@ -376,8 +376,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
+ 
+ 	if (proto_end - url > 0)
+ 		c->protocol = xmemdupz(url, proto_end - url);
+-	if (slash - host > 0)
+-		c->host = url_decode_mem(host, slash - host);
++	c->host = url_decode_mem(host, slash - host);
+ 	/* Trim leading and trailing slashes from path */
+ 	while (*slash == '/')
+ 		slash++;
+diff --git a/http.c b/http.c
+index 27aa0a3..c4dfdac 100644
+--- a/http.c
++++ b/http.c
+@@ -558,6 +558,7 @@ static int has_cert_password(void)
+ 		return 0;
+ 	if (!cert_auth.password) {
+ 		cert_auth.protocol = xstrdup("cert");
++		cert_auth.host = xstrdup("");
+ 		cert_auth.username = xstrdup("");
+ 		cert_auth.path = xstrdup(ssl_cert);
+ 		credential_fill(&cert_auth);
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index f4c5d7f..1c1010b 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -414,4 +414,21 @@ test_expect_success 'url parser ignores embedded newlines' '
+ 	EOF
+ '
+ 
++test_expect_success 'host-less URLs are parsed as empty host' '
++	check fill "verbatim foo bar" <<-\EOF
++	url=cert:///path/to/cert.pem
++	--
++	protocol=cert
++	host=
++	path=path/to/cert.pem
++	username=foo
++	password=bar
++	--
++	verbatim: get
++	verbatim: protocol=cert
++	verbatim: host=
++	verbatim: path=path/to/cert.pem
++	EOF
++'
++
+ test_done
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-4.patch

@@ -0,0 +1,173 @@
+From f8bf7099379990ad974c1ca8f51e1f28bf18cf2a Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Sat, 18 Apr 2020 20:50:48 -0700
+Subject: [PATCH 07/12] credential: refuse to operate when missing host or
+ protocol
+
+The credential helper protocol was designed to be very flexible: the
+fields it takes as input are treated as a pattern, and any missing
+fields are taken as wildcards. This allows unusual things like:
+
+  echo protocol=https | git credential reject
+
+to delete all stored https credentials (assuming the helpers themselves
+treat the input that way). But when helpers are invoked automatically by
+Git, this flexibility works against us. If for whatever reason we don't
+have a "host" field, then we'd match _any_ host. When you're filling a
+credential to send to a remote server, this is almost certainly not what
+you want.
+
+Prevent this at the layer that writes to the credential helper. Add a
+check to the credential API that the host and protocol are always passed
+in, and add an assertion to the credential_write function that speaks
+credential helper protocol to be doubly sure.
+
+There are a few ways this can be triggered in practice:
+
+  - the "git credential" command passes along arbitrary credential
+    parameters it reads from stdin.
+
+  - until the previous patch, when the host field of a URL is empty, we
+    would leave it unset (rather than setting it to the empty string)
+
+  - a URL like "example.com/foo.git" is treated by curl as if "http://"
+    was present, but our parser sees it as a non-URL and leaves all
+    fields unset
+
+  - the recent fix for URLs with embedded newlines blanks the URL but
+    otherwise continues. Rather than having the desired effect of
+    looking up no credential at all, many helpers will return _any_
+    credential
+
+Our earlier test for an embedded newline didn't catch this because it
+only checked that the credential was cleared, but didn't configure an
+actual helper. Configuring the "verbatim" helper in the test would show
+that it is invoked (it's obviously a silly helper which doesn't look at
+its input, but the point is that it shouldn't be run at all). Since
+we're switching this case to die(), we don't need to bother with a
+helper. We can see the new behavior just by checking that the operation
+fails.
+
+We'll add new tests covering partial input as well (these can be
+triggered through various means with url-parsing, but it's simpler to
+just check them directly, as we know we are covered even if the url
+parser changes behavior in the future).
+
+[jn: changed to die() instead of logging and showing a manual
+ username/password prompt]
+
+Reported-by: Carlo Arenas <carenas@gmail.com>
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (4)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c           | 20 ++++++++++++++------
+ t/t0300-credentials.sh | 34 ++++++++++++++++++++++++++--------
+ 2 files changed, 40 insertions(+), 14 deletions(-)
+
+diff --git a/credential.c b/credential.c
+index f2413ce..e08ed84 100644
+--- a/credential.c
++++ b/credential.c
+@@ -89,6 +89,11 @@ static int proto_is_http(const char *s)
+ 
+ static void credential_apply_config(struct credential *c)
+ {
++	if (!c->host)
++		die(_("refusing to work with credential missing host field"));
++	if (!c->protocol)
++		die(_("refusing to work with credential missing protocol field"));
++
+ 	if (c->configured)
+ 		return;
+ 	git_config(credential_config_callback, c);
+@@ -191,8 +196,11 @@ int credential_read(struct credential *c, FILE *fp)
+ 	return 0;
+ }
+ 
+-static void credential_write_item(FILE *fp, const char *key, const char *value)
++static void credential_write_item(FILE *fp, const char *key, const char *value,
++				  int required)
+ {
++	if (!value && required)
++		BUG("credential value for %s is missing", key);
+ 	if (!value)
+ 		return;
+ 	if (strchr(value, '\n'))
+@@ -202,11 +210,11 @@ static void credential_write_item(FILE *fp, const char *key, const char *value)
+ 
+ void credential_write(const struct credential *c, FILE *fp)
+ {
+-	credential_write_item(fp, "protocol", c->protocol);
+-	credential_write_item(fp, "host", c->host);
+-	credential_write_item(fp, "path", c->path);
+-	credential_write_item(fp, "username", c->username);
+-	credential_write_item(fp, "password", c->password);
++	credential_write_item(fp, "protocol", c->protocol, 1);
++	credential_write_item(fp, "host", c->host, 1);
++	credential_write_item(fp, "path", c->path, 0);
++	credential_write_item(fp, "username", c->username, 0);
++	credential_write_item(fp, "password", c->password, 0);
+ }
+ 
+ static int run_credential_helper(struct credential *c,
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index 1c1010b..646f845 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -400,18 +400,16 @@ test_expect_success 'empty helper spec resets helper list' '
+ 	EOF
+ '
+ 
+-test_expect_success 'url parser ignores embedded newlines' '
+-	check fill <<-EOF
++test_expect_success 'url parser rejects embedded newlines' '
++	test_must_fail git credential fill 2>stderr <<-\EOF &&
+ 	url=https://one.example.com?%0ahost=two.example.com/
+-	--
+-	username=askpass-username
+-	password=askpass-password
+-	--
++	EOF
++	cat >expect <<-\EOF &&
+ 	warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
+ 	warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
+-	askpass: Username:
+-	askpass: Password:
++	fatal: refusing to work with credential missing host field
+ 	EOF
++	test_i18ncmp expect stderr
+ '
+ 
+ test_expect_success 'host-less URLs are parsed as empty host' '
+@@ -431,4 +429,24 @@ test_expect_success 'host-less URLs are parsed as empty host' '
+ 	EOF
+ '
+ 
++test_expect_success 'credential system refuses to work with missing host' '
++	test_must_fail git credential fill 2>stderr <<-\EOF &&
++	protocol=http
++	EOF
++	cat >expect <<-\EOF &&
++	fatal: refusing to work with credential missing host field
++	EOF
++	test_i18ncmp expect stderr
++'
++
++test_expect_success 'credential system refuses to work with missing protocol' '
++	test_must_fail git credential fill 2>stderr <<-\EOF &&
++	host=example.com
++	EOF
++	cat >expect <<-\EOF &&
++	fatal: refusing to work with credential missing protocol field
++	EOF
++	test_i18ncmp expect stderr
++'
++
+ test_done
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-5.patch

@@ -0,0 +1,211 @@
+From 3431abe8c0f64f4049a31298c0b1056baa7d81dc Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Mon, 27 Apr 2020 14:45:49 +0800
+Subject: [PATCH 08/12] fsck: convert gitmodules url to URL passed to curl
+
+In 07259e74ec1 (fsck: detect gitmodules URLs with embedded newlines,
+2020-03-11), git fsck learned to check whether URLs in .gitmodules could
+be understood by the credential machinery when they are handled by
+git-remote-curl.
+
+However, the check is overbroad: it checks all URLs instead of only
+URLs that would be passed to git-remote-curl. In principle a git:// or
+file:/// URL does not need to follow the same conventions as an http://
+URL; in particular, git:// and file:// protocols are not succeptible to
+issues in the credential API because they do not support attaching
+credentials.
+
+In the HTTP case, the URL in .gitmodules does not always match the URL
+that would be passed to git-remote-curl and the credential machinery:
+Git's URL syntax allows specifying a remote helper followed by a "::"
+delimiter and a URL to be passed to it, so that
+
+	git ls-remote http::https://example.com/repo.git
+
+invokes git-remote-http with https://example.com/repo.git as its URL
+argument. With today's checks, that distinction does not make a
+difference, but for a check we are about to introduce (for empty URL
+schemes) it will matter.
+
+.gitmodules files also support relative URLs. To ensure coverage for the
+https based embedded-newline attack, urldecode and check them directly
+for embedded newlines.
+
+Helped-by: Jeff King <peff@peff.net>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+Reviewed-by: Jeff King <peff@peff.net>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (5)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ fsck.c                        | 94 ++++++++++++++++++++++++++++++++++++++++---
+ t/t7416-submodule-dash-url.sh | 29 +++++++++++++
+ 2 files changed, 118 insertions(+), 5 deletions(-)
+
+diff --git a/fsck.c b/fsck.c
+index ea46eea..0f21eb1 100644
+--- a/fsck.c
++++ b/fsck.c
+@@ -9,6 +9,7 @@
+ #include "tag.h"
+ #include "fsck.h"
+ #include "refs.h"
++#include "url.h"
+ #include "utf8.h"
+ #include "decorate.h"
+ #include "oidset.h"
+@@ -948,17 +949,100 @@ static int fsck_tag(struct tag *tag, const char *data,
+ 	return fsck_tag_buffer(tag, data, size, options);
+ }
+ 
++/*
++ * Like builtin/submodule--helper.c's starts_with_dot_slash, but without
++ * relying on the platform-dependent is_dir_sep helper.
++ *
++ * This is for use in checking whether a submodule URL is interpreted as
++ * relative to the current directory on any platform, since \ is a
++ * directory separator on Windows but not on other platforms.
++ */
++static int starts_with_dot_slash(const char *str)
++{
++	return str[0] == '.' && (str[1] == '/' || str[1] == '\\');
++}
++
++/*
++ * Like starts_with_dot_slash, this is a variant of submodule--helper's
++ * helper of the same name with the twist that it accepts backslash as a
++ * directory separator even on non-Windows platforms.
++ */
++static int starts_with_dot_dot_slash(const char *str)
++{
++	return str[0] == '.' && starts_with_dot_slash(str + 1);
++}
++
++static int submodule_url_is_relative(const char *url)
++{
++	return starts_with_dot_slash(url) || starts_with_dot_dot_slash(url);
++}
++
++/*
++ * Check whether a transport is implemented by git-remote-curl.
++ *
++ * If it is, returns 1 and writes the URL that would be passed to
++ * git-remote-curl to the "out" parameter.
++ *
++ * Otherwise, returns 0 and leaves "out" untouched.
++ *
++ * Examples:
++ *   http::https://example.com/repo.git -> 1, https://example.com/repo.git
++ *   https://example.com/repo.git -> 1, https://example.com/repo.git
++ *   git://example.com/repo.git -> 0
++ *
++ * This is for use in checking for previously exploitable bugs that
++ * required a submodule URL to be passed to git-remote-curl.
++ */
++static int url_to_curl_url(const char *url, const char **out)
++{
++	/*
++	 * We don't need to check for case-aliases, "http.exe", and so
++	 * on because in the default configuration, is_transport_allowed
++	 * prevents URLs with those schemes from being cloned
++	 * automatically.
++	 */
++	if (skip_prefix(url, "http::", out) ||
++	    skip_prefix(url, "https::", out) ||
++	    skip_prefix(url, "ftp::", out) ||
++	    skip_prefix(url, "ftps::", out))
++		return 1;
++	if (starts_with(url, "http://") ||
++	    starts_with(url, "https://") ||
++	    starts_with(url, "ftp://") ||
++	    starts_with(url, "ftps://")) {
++		*out = url;
++		return 1;
++	}
++	return 0;
++}
++
+ static int check_submodule_url(const char *url)
+ {
+-	struct credential c = CREDENTIAL_INIT;
+-	int ret;
++	const char *curl_url;
+ 
+ 	if (looks_like_command_line_option(url))
+ 		return -1;
+ 
+-	ret = credential_from_url_gently(&c, url, 1);
+-	credential_clear(&c);
+-	return ret;
++	if (submodule_url_is_relative(url)) {
++		/*
++		 * This could be appended to an http URL and url-decoded;
++		 * check for malicious characters.
++		 */
++		char *decoded = url_decode(url);
++		int has_nl = !!strchr(decoded, '\n');
++		free(decoded);
++		if (has_nl)
++			return -1;
++	}
++
++	else if (url_to_curl_url(url, &curl_url)) {
++		struct credential c = CREDENTIAL_INIT;
++		int ret = credential_from_url_gently(&c, curl_url, 1);
++		credential_clear(&c);
++		return ret;
++	}
++
++	return 0;
+ }
+ 
+ struct fsck_gitmodules_data {
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index 41431b1..afdd255 100755
+--- a/t/t7416-submodule-dash-url.sh
++++ b/t/t7416-submodule-dash-url.sh
+@@ -60,6 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
+ 	test_i18ngrep ! "unknown option" err
+ '
+ 
++test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
++	git checkout --orphan newscheme &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = "data://acjbkd%0akajfdickajkd"
++	EOF
++	git add .gitmodules &&
++	git commit -m "gitmodules with unrecognized scheme" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	git push dst HEAD
++'
++
+ test_expect_success 'fsck rejects embedded newline in url' '
+ 	# create an orphan branch to avoid existing .gitmodules objects
+ 	git checkout --orphan newline &&
+@@ -76,4 +90,19 @@ test_expect_success 'fsck rejects embedded newline in url' '
+ 	grep gitmodulesUrl err
+ '
+ 
++test_expect_success 'fsck rejects embedded newline in relative url' '
++	git checkout --orphan relative-newline &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = "./%0ahost=two.example.com/foo.git"
++	EOF
++	git add .gitmodules &&
++	git commit -m "relative url with newline" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
+ test_done
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-6.patch

@@ -0,0 +1,84 @@
+From 883508bcebe87fbe7fb7392272e930c27c30fdc2 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Sat, 18 Apr 2020 20:53:09 -0700
+Subject: [PATCH 09/12] credential: die() when parsing invalid urls
+
+When we try to initialize credential loading by URL and find that the
+URL is invalid, we set all fields to NULL in order to avoid acting on
+malicious input. Later when we request credentials, we diagonse the
+erroneous input:
+
+	fatal: refusing to work with credential missing host field
+
+This is problematic in two ways:
+
+- The message doesn't tell the user *why* we are missing the host
+  field, so they can't tell from this message alone how to recover.
+  There can be intervening messages after the original warning of
+  bad input, so the user may not have the context to put two and two
+  together.
+
+- The error only occurs when we actually need to get a credential.  If
+  the URL permits anonymous access, the only encouragement the user gets
+  to correct their bogus URL is a quiet warning.
+
+  This is inconsistent with the check we perform in fsck, where any use
+  of such a URL as a submodule is an error.
+
+When we see such a bogus URL, let's not try to be nice and continue
+without helpers. Instead, die() immediately. This is simpler and
+obviously safe. And there's very little chance of disrupting a normal
+workflow.
+
+It's _possible_ that somebody has a legitimate URL with a raw newline in
+it. It already wouldn't work with credential helpers, so this patch
+steps that up from an inconvenience to "we will refuse to work with it
+at all". If such a case does exist, we should figure out a way to work
+with it (especially if the newline is only in the path component, which
+we normally don't even pass to helpers). But until we see a real report,
+we're better off being defensive.
+
+Reported-by: Carlo Arenas <carenas@gmail.com>
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (6)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c           | 6 ++----
+ t/t0300-credentials.sh | 3 +--
+ 2 files changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/credential.c b/credential.c
+index e08ed84..22649d5 100644
+--- a/credential.c
++++ b/credential.c
+@@ -408,8 +408,6 @@ int credential_from_url_gently(struct credential *c, const char *url,
+ 
+ void credential_from_url(struct credential *c, const char *url)
+ {
+-	if (credential_from_url_gently(c, url, 0) < 0) {
+-		warning(_("skipping credential lookup for url: %s"), url);
+-		credential_clear(c);
+-	}
++	if (credential_from_url_gently(c, url, 0) < 0)
++		die(_("credential url cannot be parsed: %s"), url);
+ }
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index 646f845..efed3ea 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -406,8 +406,7 @@ test_expect_success 'url parser rejects embedded newlines' '
+ 	EOF
+ 	cat >expect <<-\EOF &&
+ 	warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
+-	warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
+-	fatal: refusing to work with credential missing host field
++	fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
+ 	EOF
+ 	test_i18ncmp expect stderr
+ '
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-7.patch

@@ -0,0 +1,206 @@
+From 68acf8724e9cb2f67664dd980581c0022401daf0 Mon Sep 17 00:00:00 2001
+From: Jonathan Nieder <jrnieder@gmail.com>
+Date: Sat, 18 Apr 2020 20:54:13 -0700
+Subject: [PATCH 10/12] credential: treat URL without scheme as invalid
+
+libcurl permits making requests without a URL scheme specified.  In
+this case, it guesses the URL from the hostname, so I can run
+
+	git ls-remote http::ftp.example.com/path/to/repo
+
+and it would make an FTP request.
+
+Any user intentionally using such a URL is likely to have made a typo.
+Unfortunately, credential_from_url is not able to determine the host and
+protocol in order to determine appropriate credentials to send, and
+until "credential: refuse to operate when missing host or protocol",
+this resulted in another host's credentials being leaked to the named
+host.
+
+Teach credential_from_url_gently to consider such a URL to be invalid
+so that fsck can detect and block gitmodules files with such URLs,
+allowing server operators to avoid serving them to downstream users
+running older versions of Git.
+
+This also means that when such URLs are passed on the command line, Git
+will print a clearer error so affected users can switch to the simpler
+URL that explicitly specifies the host and protocol they intend.
+
+One subtlety: .gitmodules files can contain relative URLs, representing
+a URL relative to the URL they were cloned from.  The relative URL
+resolver used for .gitmodules can follow ".." components out of the path
+part and past the host part of a URL, meaning that such a relative URL
+can be used to traverse from a https://foo.example.com/innocent
+superproject to a https::attacker.example.com/exploit submodule.
+Fortunately a leading ':' in the first path component after a series of
+leading './' and '../' components is unlikely to show up in other
+contexts, so we can catch this by detecting that pattern.
+
+Reported-by: Jeff King <peff@peff.net>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+Reviewed-by: Jeff King <peff@peff.net>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (7)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c                  |  7 +++++--
+ fsck.c                        | 47 +++++++++++++++++++++++++++++++++++++++++--
+ t/t5550-http-fetch-dumb.sh    |  7 ++-----
+ t/t7416-submodule-dash-url.sh | 32 +++++++++++++++++++++++++++++
+ 4 files changed, 84 insertions(+), 9 deletions(-)
+
+diff --git a/credential.c b/credential.c
+index 22649d5..1e1aed5 100644
+--- a/credential.c
++++ b/credential.c
+@@ -360,8 +360,11 @@ int credential_from_url_gently(struct credential *c, const char *url,
+ 	 *   (3) proto://<user>:<pass>@<host>/...
+ 	 */
+ 	proto_end = strstr(url, "://");
+-	if (!proto_end)
+-		return 0;
++	if (!proto_end) {
++		if (!quiet)
++			warning(_("url has no scheme: %s"), url);
++		return -1;
++	}
+ 	cp = proto_end + 3;
+ 	at = strchr(cp, '@');
+ 	colon = strchr(cp, ':');
+diff --git a/fsck.c b/fsck.c
+index 0f21eb1..30eac29 100644
+--- a/fsck.c
++++ b/fsck.c
+@@ -978,6 +978,34 @@ static int submodule_url_is_relative(const char *url)
+ }
+ 
+ /*
++ * Count directory components that a relative submodule URL should chop
++ * from the remote_url it is to be resolved against.
++ *
++ * In other words, this counts "../" components at the start of a
++ * submodule URL.
++ *
++ * Returns the number of directory components to chop and writes a
++ * pointer to the next character of url after all leading "./" and
++ * "../" components to out.
++ */
++static int count_leading_dotdots(const char *url, const char **out)
++{
++	int result = 0;
++	while (1) {
++		if (starts_with_dot_dot_slash(url)) {
++			result++;
++			url += strlen("../");
++			continue;
++		}
++		if (starts_with_dot_slash(url)) {
++			url += strlen("./");
++			continue;
++		}
++		*out = url;
++		return result;
++	}
++}
++/*
+  * Check whether a transport is implemented by git-remote-curl.
+  *
+  * If it is, returns 1 and writes the URL that would be passed to
+@@ -1024,15 +1052,30 @@ static int check_submodule_url(const char *url)
+ 		return -1;
+ 
+ 	if (submodule_url_is_relative(url)) {
++		char *decoded;
++		const char *next;
++		int has_nl;
++
+ 		/*
+ 		 * This could be appended to an http URL and url-decoded;
+ 		 * check for malicious characters.
+ 		 */
+-		char *decoded = url_decode(url);
+-		int has_nl = !!strchr(decoded, '\n');
++		decoded = url_decode(url);
++		has_nl = !!strchr(decoded, '\n');
++
+ 		free(decoded);
+ 		if (has_nl)
+ 			return -1;
++
++		/*
++		 * URLs which escape their root via "../" can overwrite
++		 * the host field and previous components, resolving to
++		 * URLs like https::example.com/submodule.git that were
++		 * susceptible to CVE-2020-11008.
++		 */
++		if (count_leading_dotdots(url, &next) > 0 &&
++		    *next == ':')
++			return -1;
+ 	}
+ 
+ 	else if (url_to_curl_url(url, &curl_url)) {
+diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
+index b811d89..1c9e5d3 100755
+--- a/t/t5550-http-fetch-dumb.sh
++++ b/t/t5550-http-fetch-dumb.sh
+@@ -321,11 +321,8 @@ test_expect_success 'git client does not send an empty Accept-Language' '
+ '
+ 
+ test_expect_success 'remote-http complains cleanly about malformed urls' '
+-	# do not actually issue "list" or other commands, as we do not
+-	# want to rely on what curl would actually do with such a broken
+-	# URL. This is just about making sure we do not segfault during
+-	# initialization.
+-	test_must_fail git remote-http http::/example.com/repo.git
++	test_must_fail git remote-http http::/example.com/repo.git 2>stderr &&
++	test_i18ngrep "url has no scheme" stderr
+ '
+ 
+ test_expect_success 'redirects can be forbidden/allowed' '
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index afdd255..249dc3d 100755
+--- a/t/t7416-submodule-dash-url.sh
++++ b/t/t7416-submodule-dash-url.sh
+@@ -60,6 +60,38 @@ test_expect_success 'trailing backslash is handled correctly' '
+ 	test_i18ngrep ! "unknown option" err
+ '
+ 
++test_expect_success 'fsck rejects missing URL scheme' '
++	git checkout --orphan missing-scheme &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = http::one.example.com/foo.git
++	EOF
++	git add .gitmodules &&
++	test_tick &&
++	git commit -m "gitmodules with missing URL scheme" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
++test_expect_success 'fsck rejects relative URL resolving to missing scheme' '
++	git checkout --orphan relative-missing-scheme &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = "..\\../.\\../:one.example.com/foo.git"
++	EOF
++	git add .gitmodules &&
++	test_tick &&
++	git commit -m "gitmodules with relative URL that strips off scheme" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
+ test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
+ 	git checkout --orphan newscheme &&
+ 	cat >.gitmodules <<-\EOF &&
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-8.patch

@@ -0,0 +1,114 @@
+From 5e06d0781a963d62413ae7eab4eb78cc7195af8b Mon Sep 17 00:00:00 2001
+From: Jonathan Nieder <jrnieder@gmail.com>
+Date: Sat, 18 Apr 2020 20:54:57 -0700
+Subject: [PATCH 11/12] credential: treat URL with empty scheme as invalid
+
+Until "credential: refuse to operate when missing host or protocol",
+Git's credential handling code interpreted URLs with empty scheme to
+mean "give me credentials matching this host for any protocol".
+
+Luckily libcurl does not recognize such URLs (it tries to look for a
+protocol named "" and fails). Just in case that changes, let's reject
+them within Git as well. This way, credential_from_url is guaranteed to
+always produce a "struct credential" with protocol and host set.
+
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (8)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c                  |  5 ++---
+ t/t5550-http-fetch-dumb.sh    |  9 +++++++++
+ t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++
+ 3 files changed, 43 insertions(+), 3 deletions(-)
+
+diff --git a/credential.c b/credential.c
+index 1e1aed5..cf11cc9 100644
+--- a/credential.c
++++ b/credential.c
+@@ -360,7 +360,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
+ 	 *   (3) proto://<user>:<pass>@<host>/...
+ 	 */
+ 	proto_end = strstr(url, "://");
+-	if (!proto_end) {
++	if (!proto_end || proto_end == url) {
+ 		if (!quiet)
+ 			warning(_("url has no scheme: %s"), url);
+ 		return -1;
+@@ -385,8 +385,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
+ 		host = at + 1;
+ 	}
+ 
+-	if (proto_end - url > 0)
+-		c->protocol = xmemdupz(url, proto_end - url);
++	c->protocol = xmemdupz(url, proto_end - url);
+ 	c->host = url_decode_mem(host, slash - host);
+ 	/* Trim leading and trailing slashes from path */
+ 	while (*slash == '/')
+diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
+index 1c9e5d3..ea2688b 100755
+--- a/t/t5550-http-fetch-dumb.sh
++++ b/t/t5550-http-fetch-dumb.sh
+@@ -325,6 +325,15 @@ test_expect_success 'remote-http complains cleanly about malformed urls' '
+ 	test_i18ngrep "url has no scheme" stderr
+ '
+ 
++# NEEDSWORK: Writing commands to git-remote-curl can race against the latter
++# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has
++# learned to handle early remote helper failures more cleanly.
++test_expect_success 'remote-http complains cleanly about empty scheme' '
++	test_must_fail ok=sigpipe git ls-remote \
++		http::${HTTPD_URL#http}/dumb/repo.git 2>stderr &&
++	test_i18ngrep "url has no scheme" stderr
++'
++
+ test_expect_success 'redirects can be forbidden/allowed' '
+ 	test_must_fail git -c http.followRedirects=false \
+ 		clone $HTTPD_URL/dumb-redir/repo.git dumb-redir &&
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index 249dc3d..9309040 100755
+--- a/t/t7416-submodule-dash-url.sh
++++ b/t/t7416-submodule-dash-url.sh
+@@ -92,6 +92,38 @@ test_expect_success 'fsck rejects relative URL resolving to missing scheme' '
+ 	grep gitmodulesUrl err
+ '
+ 
++test_expect_success 'fsck rejects empty URL scheme' '
++	git checkout --orphan empty-scheme &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = http::://one.example.com/foo.git
++	EOF
++	git add .gitmodules &&
++	test_tick &&
++	git commit -m "gitmodules with empty URL scheme" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
++test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
++	git checkout --orphan relative-empty-scheme &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = ../../../:://one.example.com/foo.git
++	EOF
++	git add .gitmodules &&
++	test_tick &&
++	git commit -m "relative gitmodules URL resolving to empty scheme" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
+ test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
+ 	git checkout --orphan newscheme &&
+ 	cat >.gitmodules <<-\EOF &&
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-11008-9.patch

@@ -0,0 +1,114 @@
+From 2e084e25fa454c58a600c9434f776f2150037a76 Mon Sep 17 00:00:00 2001
+From: Jonathan Nieder <jrnieder@gmail.com>
+Date: Sat, 18 Apr 2020 20:57:22 -0700
+Subject: [PATCH 12/12] fsck: reject URL with empty host in .gitmodules
+
+Git's URL parser interprets
+
+	https:///example.com/repo.git
+
+to have no host and a path of "example.com/repo.git".  Curl, on the
+other hand, internally redirects it to https://example.com/repo.git.  As
+a result, until "credential: parse URL without host as empty host, not
+unset", tricking a user into fetching from such a URL would cause Git to
+send credentials for another host to example.com.
+
+Teach fsck to block and detect .gitmodules files using such a URL to
+prevent sharing them with Git versions that are not yet protected.
+
+A relative URL in a .gitmodules file could also be used to trigger this.
+The relative URL resolver used for .gitmodules does not normalize
+sequences of slashes and can follow ".." components out of the path part
+and to the host part of a URL, meaning that such a relative URL can be
+used to traverse from a https://foo.example.com/innocent superproject to
+a https:///attacker.example.com/exploit submodule. Fortunately,
+redundant extra slashes in .gitmodules are rare, so we can catch this by
+detecting one after a leading sequence of "./" and "../" components.
+
+Helped-by: Jeff King <peff@peff.net>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+Reviewed-by: Jeff King <peff@peff.net>
+
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (9)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ fsck.c                        | 10 +++++++---
+ t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++
+ 2 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/fsck.c b/fsck.c
+index 30eac29..00077b1 100644
+--- a/fsck.c
++++ b/fsck.c
+@@ -1070,17 +1070,21 @@ static int check_submodule_url(const char *url)
+ 		/*
+ 		 * URLs which escape their root via "../" can overwrite
+ 		 * the host field and previous components, resolving to
+-		 * URLs like https::example.com/submodule.git that were
++		 * URLs like https::example.com/submodule.git and
++		 * https:///example.com/submodule.git that were
+ 		 * susceptible to CVE-2020-11008.
+ 		 */
+ 		if (count_leading_dotdots(url, &next) > 0 &&
+-		    *next == ':')
++		    (*next == ':' || *next == '/'))
+ 			return -1;
+ 	}
+ 
+ 	else if (url_to_curl_url(url, &curl_url)) {
+ 		struct credential c = CREDENTIAL_INIT;
+-		int ret = credential_from_url_gently(&c, curl_url, 1);
++		int ret = 0;
++		if (credential_from_url_gently(&c, curl_url, 1) ||
++		    !*c.host)
++			ret = -1;
+ 		credential_clear(&c);
+ 		return ret;
+ 	}
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index 9309040..eec96e0 100755
+--- a/t/t7416-submodule-dash-url.sh
++++ b/t/t7416-submodule-dash-url.sh
+@@ -124,6 +124,38 @@ test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
+ 	grep gitmodulesUrl err
+ '
+ 
++test_expect_success 'fsck rejects empty hostname' '
++	git checkout --orphan empty-host &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = http:///one.example.com/foo.git
++	EOF
++	git add .gitmodules &&
++	test_tick &&
++	git commit -m "gitmodules with extra slashes" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
++test_expect_success 'fsck rejects relative url that produced empty hostname' '
++	git checkout --orphan messy-relative &&
++	cat >.gitmodules <<-\EOF &&
++	[submodule "foo"]
++		url = ../../..//one.example.com/foo.git
++	EOF
++	git add .gitmodules &&
++	test_tick &&
++	git commit -m "gitmodules abusing relative_path" &&
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
+ test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
+ 	git checkout --orphan newscheme &&
+ 	cat >.gitmodules <<-\EOF &&
+-- 
+1.9.1
+

meta/recipes-devtools/git/git/CVE-2020-5260.patch

@@ -0,0 +1,65 @@
+From 9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Wed, 11 Mar 2020 17:53:41 -0400
+Subject: [PATCH] credential: avoid writing values with newlines
+
+The credential protocol that we use to speak to helpers can't represent
+values with newlines in them. This was an intentional design choice to
+keep the protocol simple, since none of the values we pass should
+generally have newlines.
+
+However, if we _do_ encounter a newline in a value, we blindly transmit
+it in credential_write(). Such values may break the protocol syntax, or
+worse, inject new valid lines into the protocol stream.
+
+The most likely way for a newline to end up in a credential struct is by
+decoding a URL with a percent-encoded newline. However, since the bug
+occurs at the moment we write the value to the protocol, we'll catch it
+there. That should leave no possibility of accidentally missing a code
+path that can trigger the problem.
+
+At this level of the code we have little choice but to die(). However,
+since we'd not ever expect to see this case outside of a malicious URL,
+that's an acceptable outcome.
+
+Reported-by: Felix Wilhelm <fwilhelm@google.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-5260
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c           | 2 ++
+ t/t0300-credentials.sh | 6 ++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/credential.c b/credential.c
+index 9747f47..00ee4d6 100644
+--- a/credential.c
++++ b/credential.c
+@@ -194,6 +194,8 @@ static void credential_write_item(FILE *fp, const char *key, const char *value)
+ {
+ 	if (!value)
+ 		return;
++	if (strchr(value, '\n'))
++		die("credential value for %s contains newline", key);
+ 	fprintf(fp, "%s=%s\n", key, value);
+ }
+ 
+diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
+index 03bd31e..15cc3c5 100755
+--- a/t/t0300-credentials.sh
++++ b/t/t0300-credentials.sh
+@@ -309,4 +309,10 @@ test_expect_success 'empty helper spec resets helper list' '
+ 	EOF
+ '
+ 
++test_expect_success 'url parser rejects embedded newlines' '
++	test_must_fail git credential fill <<-\EOF
++	url=https://one.example.com?%0ahost=two.example.com/
++	EOF
++'
++
+ test_done
+-- 
+1.9.1
+

meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch

@@ -0,0 +1,27 @@
+From b0d53cfd785f64002128ac5eecc4aed0663d9c30 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Thu, 9 Jan 2020 17:26:55 +0100
+Subject: [PATCH] tests: adjust to correctly exclude unbuilt extensions
+
+Issue is reported here:
+https://github.com/arsv/perl-cross/issues/85
+
+Upstream-Status: Inappropriate [issue caused by perl-cross]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ t/TEST | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/t/TEST b/t/TEST
+index a9c844f..8d3505f 100755
+--- a/t/TEST
++++ b/t/TEST
+@@ -419,7 +419,7 @@ sub _tests_from_manifest {
+ 	while (<MANI>) {
+ 	    if (m!^((?:cpan|dist|ext)/(\S+)/+(?:[^/\s]+\.t|test\.pl)|lib/\S+?(?:\.t|test\.pl))\s!) {
+ 		my $t = $1;
+-		my $extension = $2;
++		my $extension = $1."/".$2;
+ 
+ 		# XXX Generates way too many error lines currently.  Skip for
+ 		# v5.22

meta/recipes-devtools/perl/files/encodefix.patch

@@ -0,0 +1,20 @@
+The code is encoding host compiler parameters into target builds. Avoid
+this for our target builds (patch is target specific, not native)
+
+Upstream-Status: Inappropriate [Cross compile hack]
+RP 2020/2/18
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: perl-5.30.1/cpan/Encode/bin/enc2xs
+===================================================================
+--- perl-5.30.1.orig/cpan/Encode/bin/enc2xs
++++ perl-5.30.1/cpan/Encode/bin/enc2xs
+@@ -195,7 +195,7 @@ sub compiler_info {
+     # above becomes false.
+     my $sized  = $declaration && !($compat && !$pedantic);
+ 
+-    return ($cpp, $static, $sized);
++    return (0, 1, 1);
+ }
+ 
+ 

meta/recipes-devtools/perl/files/fix-setgroup.patch

@@ -1,49 +0,0 @@
-Test script to reproduce the problem:
-
-#!/usr/bin/env perl
-$) = "2 2";
-print $!;
-
-Result from perl 5.28 under strace:
-
-setgroups(1, [2])                       = 0
-setresgid(-1, 2, -1)                    = 0
-
-Result from perl 5.30 under strace:
-
-setgroups(1, [-1])                      = -1 EINVAL (Invalid argument)
-setresgid(-1, 2, -1)                    = 0
-
-Patch which broke this upstream:
-https://perl5.git.perl.org/perl.git/commitdiff/5d4a52b5c68a11bfc97c2e24806993b84a61eade
-
-Issue is that the new function changes the endptr to the end of the
-scanned number and needs to be reset to the end of the string for 
-each iteration of the loop.
-
-[YOCTO #13391]
-
-RP
-2019/6/14
-Upstream-Status: Pending
-
-Index: perl-5.30.0/mg.c
-===================================================================
---- perl-5.30.0.orig/mg.c
-+++ perl-5.30.0/mg.c
-@@ -3179,6 +3256,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
- 	    const char *p = SvPV_const(sv, len);
-             Groups_t *gary = NULL;
-             const char* endptr = p + len;
-+            const char* realend = p + len;
-             UV uv;
- #ifdef _SC_NGROUPS_MAX
-            int maxgrp = sysconf(_SC_NGROUPS_MAX);
-@@ -3209,6 +3287,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
-                     Newx(gary, i + 1, Groups_t);
-                 else
-                     Renew(gary, i + 1, Groups_t);
-+                endptr = realend;
-                 if (grok_atoUV(p, &uv, &endptr))
-                     gary[i] = (Groups_t)uv;
-                 else {

meta/recipes-devtools/perl/files/perl-configpm-switch.patch

@@ -1,4 +1,4 @@
-From 7f313cac31c55cbe62a4d0cdfa8321cc05a8eb3a Mon Sep 17 00:00:00 2001
+From 5120acaa2be5787d9657f6b91bc8ee3c2d664fbe Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Sun, 27 May 2007 21:04:11 +0000
 Subject: [PATCH] perl: 5.8.7 -> 5.8.8 (from OE)
@@ -20,7 +20,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 16 insertions(+), 2 deletions(-)
 
 diff --git a/configpm b/configpm
-index 09c4a3b..6a0a680 100755
+index c8de8bf..204613c 100755
 --- a/configpm
 +++ b/configpm
 @@ -687,7 +687,7 @@ sub FETCH {

meta/recipes-devtools/perl/files/racefix.patch

@@ -0,0 +1,24 @@
+In our builds Config_heavy.pl sometimes has lines:
+cwarnflags=XXX
+ccstdflags=XXX
+and sometimes does not.
+The reason is that this information is pulled from cflags by configpm and yet
+there is no dependency in the Makefile. Add one to fix this.
+
+Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/89]
+RP 2020/2/19
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: perl-5.30.1/Makefile
+===================================================================
+--- perl-5.30.1.orig/Makefile
++++ perl-5.30.1/Makefile
+@@ -204,7 +204,7 @@ configpod: $(CONFIGPOD)
+ git_version.h lib/Config_git.pl: make_patchnum.pl | miniperl$X
+ 	./miniperl_top make_patchnum.pl
+ 
+-lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh \
++lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh cflags \
+ 		lib/Config_git.pl Porting/Glossary | miniperl$X
+ 	./miniperl_top configpm
+ 

meta/recipes-devtools/perl/liberror-perl_0.17029.bb

@@ -32,8 +32,8 @@ RDEPENDS_${PN}-ptest += " \
 
 SRC_URI = "http://cpan.metacpan.org/authors/id/S/SH/SHLOMIF/Error-${PV}.tar.gz"
 
-SRC_URI[md5sum] = "ec3522c60a43a368f19c0f89e2205cb1"
-SRC_URI[sha256sum] = "3ad85c5e58b31c8903006298424a51bba39f1840e324f5ae612eabc8b935e960"
+SRC_URI[md5sum] = "6732b1c6207e4a9a3e2987c88368039a"
+SRC_URI[sha256sum] = "1a23f7913032aed6d4b68321373a3899ca66590f4727391a091ec19c95bf7adc"
 
 S = "${WORKDIR}/Error-${PV}"
 

meta/recipes-devtools/perl/libmodule-build-perl/run-ptest

@@ -6,8 +6,6 @@ for case in `find t -type f -name '*.t'`; do
     cat $case.output
     if [ $ret -ne 0 ]; then
         echo "FAIL: ${case%.t}"
-    elif grep -i 'SKIP' $case.output; then
-        echo "SKIP: ${case%.t}"
     else
         echo "PASS: ${case%.t}"
     fi

meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb

@@ -36,7 +36,10 @@ do_patch[postfuncs] += "do_patch_module_build"
 do_install_ptest() {
 	cp -r ${B}/inc ${D}${PTEST_PATH}
 	cp -r ${B}/blib ${D}${PTEST_PATH}
+	cp -r ${B}/_build ${D}${PTEST_PATH}
+	cp -r ${B}/lib ${D}${PTEST_PATH}
 	chown -R root:root ${D}${PTEST_PATH}
+	sed -i -e "s,'perl' => .*,'perl' => '/usr/bin/perl'\,,g" ${D}${PTEST_PATH}/_build/build_params
 }
 
 RDEPENDS_${PN} += " \

meta/recipes-devtools/perl/perl_5.30.1.bb

@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=5b122a36d0f6dc55279a0ebc69f3c60b \
 
 
 SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
-           https://github.com/arsv/perl-cross/releases/download/1.3/perl-cross-1.3.tar.gz;name=perl-cross \
+           https://github.com/arsv/perl-cross/releases/download/1.3.1/perl-cross-1.3.1.tar.gz;name=perl-cross \
            file://perl-rdepends.txt \
            file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \
            file://0001-ExtUtils-MakeMaker-add-LDFLAGS-when-linking-binary-m.patch \
@@ -18,19 +18,23 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
            file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
            file://perl-dynloader.patch \
            file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \
-           file://fix-setgroup.patch \
            file://0001-enc2xs-Add-environment-variable-to-suppress-comments.patch \
            file://0002-Constant-Fix-up-shebang.patch \
+           file://0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch \
            file://determinism.patch  \
+           file://racefix.patch \
            "
 SRC_URI_append_class-native = " \
            file://perl-configpm-switch.patch \
 "
+SRC_URI_append_class-target = " \
+           file://encodefix.patch \
+"
 
-SRC_URI[perl.md5sum] = "9770584cdf9b5631c38097645ce33549"
-SRC_URI[perl.sha256sum] = "851213c754d98ccff042caa40ba7a796b2cee88c5325f121be5cbb61bbf975f2"
-SRC_URI[perl-cross.md5sum] = "4dda3daf9c4fe42b3d6a5dd052852a48"
-SRC_URI[perl-cross.sha256sum] = "49edea1ea2cd6c5c47386ca71beda8d150c748835781354dbe7f75b1df27e703"
+SRC_URI[perl.md5sum] = "6438eb7b8db9bbde28e01086de376a46"
+SRC_URI[perl.sha256sum] = "bf3d25571ff1ee94186177c2cdef87867fd6a14aa5a84f0b1fb7bf798f42f964"
+SRC_URI[perl-cross.md5sum] = "1e463b105cfa56d251a86979af23e3a7"
+SRC_URI[perl-cross.sha256sum] = "edce0b0c2f725e2db3f203d6d8e9f3f7161256f5d1590551e40694f21200141d"
 
 S = "${WORKDIR}/perl-${PV}"
 
@@ -113,6 +117,14 @@ print(datetime.fromtimestamp($SOURCE_DATE_EPOCH, timezone.utc).strftime('%a %b %
 
 do_compile() {
     oe_runmake
+    # This isn't generated reliably so delete and re-generate.
+    # https://github.com/arsv/perl-cross/issues/86
+
+    if [ -e pod/perltoc.pod ]; then
+        bbnote Rebuilding perltoc.pod
+        rm -f pod/perltoc.pod
+        oe_runmake pod/perltoc.pod
+    fi
 }
 
 do_install() {
@@ -202,6 +214,7 @@ require perl-ptest.inc
 FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/libperl.so* \
                ${libdir}/perl5/site_perl \
                ${libdir}/perl5/${PV}/Config.pm \
+               ${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config.pm \
                ${libdir}/perl5/${PV}/*/Config_git.pl \
                ${libdir}/perl5/${PV}/*/Config_heavy-target.pl \
                ${libdir}/perl5/config.sh \
@@ -210,6 +223,9 @@ FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/
                ${libdir}/perl5/${PV}/warnings \
                ${libdir}/perl5/${PV}/vars.pm \
                ${libdir}/perl5/site_perl \
+               ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \
+               ${libdir}/perl5/${PV}/ExtUtils/xsubpp \
+               ${libdir}/perl5/${PV}/ExtUtils/typemap \
                "
 RPROVIDES_${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \
                     perl-module-warnings-register"
@@ -220,9 +236,6 @@ FILES_${PN}-dev_append = " ${libdir}/perl5/${PV}/*/CORE"
 
 FILES_${PN}-doc_append = " ${libdir}/perl5/${PV}/Unicode/Collate/*.txt \
                            ${libdir}/perl5/${PV}/*/.packlist \
-                           ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \
-                           ${libdir}/perl5/${PV}/ExtUtils/xsubpp \
-                           ${libdir}/perl5/${PV}/ExtUtils/typemap \
                            ${libdir}/perl5/${PV}/Encode/encode.h \
                          "
 PACKAGES += "${PN}-misc"

meta/recipes-devtools/pseudo/pseudo.inc

@@ -16,6 +16,7 @@ INSANE_SKIP_${PN}-dbg += "libdir"
 PROVIDES += "virtual/fakeroot"
 
 MAKEOPTS = ""
+MAKEOPTS_class-native = "'RPATH=-Wl,--rpath=XORIGIN/../../../sqlite3-native/usr/lib/'"
 
 inherit siteinfo pkgconfig
 
@@ -115,6 +116,7 @@ do_install () {
 }
 
 do_install_append_class-native () {
+	chrpath ${D}${bindir}/pseudo -r `chrpath ${D}${bindir}/pseudo | cut -d = -f 2 | sed s/XORIGIN/\\$ORIGIN/`
 	install -d ${D}${sysconfdir}
 	# The fallback files should never be modified
 	install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd

meta/recipes-devtools/python/python.inc

@@ -5,13 +5,13 @@ SECTION = "devel/python"
 # bump this on every change in contrib/python/generate-manifest-2.7.py
 INC_PR = "r1"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            "
 
-SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd"
-SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41"
+SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a"
+SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43"
 
 # python recipe is actually python 2.x
 # also, exclude pre-releases for both python 2.x and 3.x

meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch

@@ -0,0 +1,29 @@
+From 85e8f86ad2b7dec0848cd55b8e810a5e2722b20a Mon Sep 17 00:00:00 2001
+From: Jeremy Puhlman <jpuhlman@mvista.com>
+Date: Wed, 4 Mar 2020 00:06:42 +0000
+Subject: [PATCH] Don't search system for headers/libraries
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+---
+ setup.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 9da1b3a..59782c0 100644
+--- a/setup.py
++++ b/setup.py
+@@ -674,8 +674,8 @@ class PyBuildExt(build_ext):
+             add_dir_to_list(self.compiler.include_dirs,
+                             sysconfig.get_config_var("INCLUDEDIR"))
+ 
+-        system_lib_dirs = ['/lib64', '/usr/lib64', '/lib', '/usr/lib']
+-        system_include_dirs = ['/usr/include']
++        system_lib_dirs = []
++        system_include_dirs = []
+         # lib_dirs and inc_dirs are used to search for files;
+         # if a file is found in one of those directories, it can
+         # be assumed that no additional -I,-L directives are needed.
+-- 
+2.24.1
+

meta/recipes-devtools/python/python3_3.7.7.bb

@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.python.org"
 LICENSE = "PSFv2"
 SECTION = "devel/python"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://run-ptest \
@@ -33,13 +33,14 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 SRC_URI_append_class-native = " \
            file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \
            file://12-distutils-prefix-is-inside-staging-area.patch \
+           file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 SRC_URI_append_class-nativesdk = " \
            file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
            "
 
-SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c"
-SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f"
+SRC_URI[md5sum] = "172c650156f7bea68ce31b2fd01fa766"
+SRC_URI[sha256sum] = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"

meta/recipes-devtools/qemu/qemu.inc

@@ -27,9 +27,16 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
            file://0009-Fix-webkitgtk-builds.patch \
            file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
+           file://0011-linux-user-remove-host-stime-syscall.patch \
            file://CVE-2019-15890.patch \
            file://CVE-2019-12068.patch \
-           "
+           file://CVE-2020-1711.patch \
+           file://CVE-2019-20382.patch \
+           file://CVE-2020-7039-1.patch \
+           file://CVE-2020-7039-2.patch \
+           file://CVE-2020-7039-3.patch \
+	   file://CVE-2020-7211.patch \
+	   "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
 SRC_URI[md5sum] = "cdf2b5ca52b9abac9bacb5842fa420f8"
@@ -164,6 +171,7 @@ PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice"
 # usbredir will be in meta-networking layer
 PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir"
 PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy"
+PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs,glusterfs"
 
 INSANE_SKIP_${PN} = "arch"
 

meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch

@@ -0,0 +1,61 @@
+From 0f1f2d4596aee037d3ccbcf10592466daa54107f Mon Sep 17 00:00:00 2001
+From: Laurent Vivier <laurent@vivier.eu>
+Date: Tue, 12 Nov 2019 15:25:56 +0100
+Subject: [PATCH] linux-user: remove host stime() syscall
+
+stime() has been withdrawn from glibc
+(12cbde1dae6f "Use clock_settime to implement stime; withdraw stime.")
+
+Implement the target stime() syscall using host
+clock_settime(CLOCK_REALTIME, ...) as it is done internally in glibc.
+
+Tested qemu-ppc/x86_64 with:
+
+	#include <time.h>
+	#include <stdio.h>
+
+	int main(void)
+	{
+		time_t t;
+		int ret;
+
+		/* date -u -d"2019-11-12T15:11:00" "+%s" */
+		t = 1573571460;
+		ret = stime(&t);
+		printf("ret %d\n", ret);
+		return 0;
+	}
+
+        # date; ./stime; date
+        Tue Nov 12 14:18:32 UTC 2019
+        ret 0
+        Tue Nov 12 15:11:00 UTC 2019
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0f1f2d4596aee037d3ccbcf10592466daa54107f]
+Buglink: https://bugs.launchpad.net/qemu/+bug/1852115
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-Id: <20191112142556.6335-1-laurent@vivier.eu>
+---
+ linux-user/syscall.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -7651,10 +7651,12 @@ static abi_long do_syscall1(void *cpu_en
+ #ifdef TARGET_NR_stime /* not on alpha */
+     case TARGET_NR_stime:
+         {
+-            time_t host_time;
+-            if (get_user_sal(host_time, arg1))
++            struct timespec ts;
++            ts.tv_nsec = 0;
++            if (get_user_sal(ts.tv_sec, arg1)) {
+                 return -TARGET_EFAULT;
+-            return get_errno(stime(&host_time));
++            }
++            return get_errno(clock_settime(CLOCK_REALTIME, &ts));
+         }
+ #endif
+ #ifdef TARGET_NR_alarm /* not on alpha */

meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch

@@ -0,0 +1,64 @@
+From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001
+From: Felipe Franciosi <felipe@nutanix.com>
+Date: Thu, 23 Jan 2020 12:44:59 +0000
+Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
+
+When querying an iSCSI server for the provisioning status of blocks (via
+GET LBA STATUS), Qemu only validates that the response descriptor zero's
+LBA matches the one requested. Given the SCSI spec allows servers to
+respond with the status of blocks beyond the end of the LUN, Qemu may
+have its heap corrupted by clearing/setting too many bits at the end of
+its allocmap for the LUN.
+
+A malicious guest in control of the iSCSI server could carefully program
+Qemu's heap (by selectively setting the bitmap) and then smash it.
+
+This limits the number of bits that iscsi_co_block_status() will try to
+update in the allocmap so it can't overflow the bitmap.
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc]
+CVE: CVE-2020-1711
+
+Fixes: CVE-2020-1711
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
+Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
+Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ block/iscsi.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/block/iscsi.c b/block/iscsi.c
+index 2aea7e3..cbd5729 100644
+--- a/block/iscsi.c
++++ b/block/iscsi.c
+@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
+     struct scsi_get_lba_status *lbas = NULL;
+     struct scsi_lba_status_descriptor *lbasd = NULL;
+     struct IscsiTask iTask;
+-    uint64_t lba;
++    uint64_t lba, max_bytes;
+     int ret;
+ 
+     iscsi_co_init_iscsitask(iscsilun, &iTask);
+@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
+     }
+ 
+     lba = offset / iscsilun->block_size;
++    max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size;
+ 
+     qemu_mutex_lock(&iscsilun->mutex);
+ retry:
+@@ -764,7 +765,7 @@ retry:
+         goto out_unlock;
+     }
+ 
+-    *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size;
++    *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes);
+ 
+     if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED ||
+         lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {
+-- 
+1.8.3.1

meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch

@@ -0,0 +1,44 @@
+From b2663d527a1992ba98c0266458b21ada3b9d0d2e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 27 Feb 2020 12:07:35 +0800
+Subject: [PATCH] tcp_emu: Fix oob access
+
+The main loop only checks for one available byte, while we sometimes
+need two bytes.
+
+CVE: CVE-2020-7039
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ slirp/src/tcp_subr.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c
+index d6dd133..4bea2d4 100644
+--- a/slirp/src/tcp_subr.c
++++ b/slirp/src/tcp_subr.c
+@@ -886,6 +886,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+                 break;
+ 
+             case 5:
++                if (bptr == m->m_data + m->m_len - 1)
++                        return 1; /* We need two bytes */
+                 /*
+                  * The difference between versions 1.0 and
+                  * 2.0 is here. For future versions of
+@@ -901,6 +903,10 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+                 /* This is the field containing the port
+                  * number that RA-player is listening to.
+                  */
++
++                if (bptr == m->m_data + m->m_len - 1)
++                        return 1; /* We need two bytes */
++
+                 lport = (((uint8_t *)bptr)[0] << 8) + ((uint8_t *)bptr)[1];
+                 if (lport < 6970)
+                     lport += 256; /* don't know why */
+-- 
+2.7.4
+

meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch

@@ -0,0 +1,59 @@
+From 8f67e76e4148e37f3d8d2bcbdee7417fdedb7669 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 27 Feb 2020 12:10:34 +0800
+Subject: [PATCH] slirp: use correct size while emulating commands
+
+While emulating services in tcp_emu(), it uses 'mbuf' size
+'m->m_size' to write commands via snprintf(3). Use M_FREEROOM(m)
+size to avoid possible OOB access.
+Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Samuel Thibault's avatarSamuel Thibault
+<samuel.thibault@ens-lyon.org>
+Message-Id: <20200109094228.79764-3-ppandit@redhat.com>
+
+CVE: CVE-2020-7039
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ slirp/src/tcp_subr.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c
+index 4bea2d4..e8ed4ef 100644
+--- a/slirp/src/tcp_subr.c
++++ b/slirp/src/tcp_subr.c
+@@ -696,7 +696,7 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+             n4 = (laddr & 0xff);
+ 
+             m->m_len = bptr - m->m_data; /* Adjust length */
+-            m->m_len += snprintf(bptr, m->m_size - m->m_len,
++            m->m_len += snprintf(bptr, M_FREEROOM(m),
+                                  "ORT %d,%d,%d,%d,%d,%d\r\n%s", n1, n2, n3, n4,
+                                  n5, n6, x == 7 ? buff : "");
+             return 1;
+@@ -731,8 +731,7 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+             n4 = (laddr & 0xff);
+ 
+             m->m_len = bptr - m->m_data; /* Adjust length */
+-            m->m_len +=
+-                snprintf(bptr, m->m_size - m->m_len,
++            m->m_len += snprintf(bptr, M_FREEROOM(m),
+                          "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
+                          n1, n2, n3, n4, n5, n6, x == 7 ? buff : "");
+ 
+@@ -758,8 +757,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+         if (m->m_data[m->m_len - 1] == '\0' && lport != 0 &&
+             (so = tcp_listen(slirp, INADDR_ANY, 0, so->so_laddr.s_addr,
+                              htons(lport), SS_FACCEPTONCE)) != NULL)
+-            m->m_len =
+-                snprintf(m->m_data, m->m_size, "%d", ntohs(so->so_fport)) + 1;
++            m->m_len = snprintf(m->m_data, M_ROOM(m),
++                                "%d", ntohs(so->so_fport)) + 1;
+         return 1;
+ 
+     case EMU_IRC:
+-- 
+2.7.4
+

meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch

@@ -0,0 +1,64 @@
+From 0b03959b72036afce151783720d9e54988cf76ef Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 27 Feb 2020 12:15:04 +0800
+Subject: [PATCH] slirp: use correct size while emulating IRC commands
+
+While emulating IRC DCC commands, tcp_emu() uses 'mbuf' size
+'m->m_size' to write DCC commands via snprintf(3). This may
+lead to OOB write access, because 'bptr' points somewhere in
+the middle of 'mbuf' buffer, not at the start. Use M_FREEROOM(m)
+size to avoid OOB access.
+Reported-by: default avatarVishnu Dev TJ <vishnudevtj@gmail.com>
+Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Samuel Thibault's avatarSamuel Thibault
+<samuel.thibault@ens-lyon.org>
+Message-Id: <20200109094228.79764-2-ppandit@redhat.com>
+
+CVE: CVE-2020-7039
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ slirp/src/tcp_subr.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c
+index e8ed4ef..3a4a8ee 100644
+--- a/slirp/src/tcp_subr.c
++++ b/slirp/src/tcp_subr.c
+@@ -777,7 +777,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+                 return 1;
+             }
+             m->m_len = bptr - m->m_data; /* Adjust length */
+-            m->m_len += snprintf(bptr, m->m_size, "DCC CHAT chat %lu %u%c\n",
++            m->m_len += snprintf(bptr, M_FREEROOM(m),
++                                 "DCC CHAT chat %lu %u%c\n",
+                                  (unsigned long)ntohl(so->so_faddr.s_addr),
+                                  ntohs(so->so_fport), 1);
+         } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport,
+@@ -787,8 +788,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+                 return 1;
+             }
+             m->m_len = bptr - m->m_data; /* Adjust length */
+-            m->m_len +=
+-                snprintf(bptr, m->m_size, "DCC SEND %s %lu %u %u%c\n", buff,
++            m->m_len += snprintf(bptr, M_FREEROOM(m),
++                         "DCC SEND %s %lu %u %u%c\n", buff,
+                          (unsigned long)ntohl(so->so_faddr.s_addr),
+                          ntohs(so->so_fport), n1, 1);
+         } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport,
+@@ -798,8 +799,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
+                 return 1;
+             }
+             m->m_len = bptr - m->m_data; /* Adjust length */
+-            m->m_len +=
+-                snprintf(bptr, m->m_size, "DCC MOVE %s %lu %u %u%c\n", buff,
++            m->m_len += snprintf(bptr, M_FREEROOM(m),
++                         "DCC MOVE %s %lu %u %u%c\n", buff,
+                          (unsigned long)ntohl(so->so_faddr.s_addr),
+                          ntohs(so->so_fport), n1, 1);
+         }
+-- 
+2.7.4
+

meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch

@@ -0,0 +1,46 @@
+From 14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 13 Jan 2020 17:44:31 +0530
+Subject: [PATCH] slirp: tftp: restrict relative path access
+
+tftp restricts relative or directory path access on Linux systems.
+Apply same restrictions on Windows systems too. It helps to avoid
+directory traversal issue.
+
+Fixes: https://bugs.launchpad.net/qemu/+bug/1812451
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Message-Id: <20200113121431.156708-1-ppandit@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/slirp/libslirp/-/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.patch]
+CVE: CVE-2020-7211
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ slirp/src/tftp.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c
+index 093c2e0..e52e71b 100644
+--- a/slirp/src/tftp.c
++++ b/slirp/src/tftp.c
+@@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
+     k += 6; /* skipping octet */
+ 
+     /* do sanity checks on the filename */
+-    if (!strncmp(req_fname, "../", 3) ||
+-        req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) {
++    if (
++#ifdef G_OS_WIN32
++        strstr(req_fname, "..\\") ||
++        req_fname[strlen(req_fname) - 1] == '\\' ||
++#endif
++        strstr(req_fname, "../") ||
++        req_fname[strlen(req_fname) - 1] == '/') {
+         tftp_send_error(spt, 2, "Access violation", tp);
+         return;
+     }
+-- 
+2.24.1
+

meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch

@@ -0,0 +1,106 @@
+From 18d5289b4579822e391b3f5c16541e6552e9f06c Mon Sep 17 00:00:00 2001
+From: Yusuke Endoh <mame@ruby-lang.org>
+Date: Tue, 1 Oct 2019 12:29:18 +0900
+Subject: [PATCH] WEBrick: prevent response splitting and header injection
+
+This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
+The commit prevented CRLR, but did not address an isolated CR or an
+isolated LF.
+
+Upstream-Status: Backport https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
+CVE: CVE-2019-16254
+
+Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
+Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com>
+---
+ lib/webrick/httpresponse.rb       |  3 ++-
+ test/webrick/test_httpresponse.rb | 46 +++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 46 insertions(+), 3 deletions(-)
+
+diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
+index 6d77692..d26324c 100644
+--- a/lib/webrick/httpresponse.rb
++++ b/lib/webrick/httpresponse.rb
+@@ -367,7 +367,8 @@ def set_error(ex, backtrace=false)
+     private
+
+     def check_header(header_value)
+-      if header_value =~ /\r\n/
++      header_value = header_value.to_s
++      if /[\r\n]/ =~ header_value
+         raise InvalidHeader
+       else
+         header_value
+diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb
+index 6263e0a..24a6968 100644
+--- a/test/webrick/test_httpresponse.rb
++++ b/test/webrick/test_httpresponse.rb
+@@ -29,7 +29,7 @@ def setup
+       @res.keep_alive  = true
+     end
+
+-    def test_prevent_response_splitting_headers
++    def test_prevent_response_splitting_headers_crlf
+       res['X-header'] = "malicious\r\nCookie: hack"
+       io = StringIO.new
+       res.send_response io
+@@ -39,7 +39,7 @@ def test_prevent_response_splitting_headers
+       refute_match 'hack', io.string
+     end
+
+-    def test_prevent_response_splitting_cookie_headers
++    def test_prevent_response_splitting_cookie_headers_crlf
+       user_input = "malicious\r\nCookie: hack"
+       res.cookies << WEBrick::Cookie.new('author', user_input)
+       io = StringIO.new
+@@ -50,6 +50,48 @@ def test_prevent_response_splitting_cookie_headers
+       refute_match 'hack', io.string
+     end
+
++    def test_prevent_response_splitting_headers_cr
++      res['X-header'] = "malicious\rCookie: hack"
++      io = StringIO.new
++      res.send_response io
++      io.rewind
++      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
++      assert_equal '500', res.code
++      refute_match 'hack', io.string
++    end
++
++    def test_prevent_response_splitting_cookie_headers_cr
++      user_input = "malicious\rCookie: hack"
++      res.cookies << WEBrick::Cookie.new('author', user_input)
++      io = StringIO.new
++      res.send_response io
++      io.rewind
++      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
++      assert_equal '500', res.code
++      refute_match 'hack', io.string
++    end
++
++    def test_prevent_response_splitting_headers_lf
++      res['X-header'] = "malicious\nCookie: hack"
++      io = StringIO.new
++      res.send_response io
++      io.rewind
++      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
++      assert_equal '500', res.code
++      refute_match 'hack', io.string
++    end
++
++    def test_prevent_response_splitting_cookie_headers_lf
++      user_input = "malicious\nCookie: hack"
++      res.cookies << WEBrick::Cookie.new('author', user_input)
++      io = StringIO.new
++      res.send_response io
++      io.rewind
++      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
++      assert_equal '500', res.code
++      refute_match 'hack', io.string
++    end
++
+     def test_304_does_not_log_warning
+       res.status      = 304
+       res.setup_header
+--
+2.7.4

meta/recipes-devtools/ruby/ruby_2.5.5.bb

@@ -3,6 +3,7 @@ require ruby.inc
 SRC_URI += " \
            file://0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch \
            file://run-ptest \
+           file://fix-CVE-2019-16254.patch \
            "
 
 SRC_URI[md5sum] = "7e156fb526b8f4bb1b30a3dd8a7ce400"

meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch

@@ -0,0 +1,124 @@
+From c1fe0a8cc8dde8ba3eae3d17e34060d2d6e4eb96 Mon Sep 17 00:00:00 2001
+From: Grzegorz Antoniak <ga@anadoxin.org>
+Date: Sun, 2 Feb 2020 08:04:41 +0100
+Subject: [PATCH] RAR5 reader: reject files that declare invalid header flags
+
+One of the fields in RAR5's base block structure is the size of the
+header. Some invalid files declare a 0 header size setting, which can
+confuse the unpacker. Minimum header size for RAR5 base blocks is 7
+bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0
+bytes should be rejected at header parsing stage.
+
+The fix adds an error condition if header size of 0 bytes is detected.
+In this case, the unpacker will not attempt to unpack the file, as the
+header is corrupted.
+
+The commit also adds OSSFuzz #20459 sample to test further regressions
+in this area.
+
+Upstream-Status: Backport[https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a]
+CVE: CVE-2020-9308
+
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+---
+ Makefile.am                                     |  1 +
+ libarchive/archive_read_support_format_rar5.c   | 17 +++++++++++++++--
+ libarchive/test/test_read_format_rar5.c         | 15 +++++++++++++++
+ ...d_format_rar5_block_size_is_too_small.rar.uu |  8 ++++++++
+ 4 files changed, 39 insertions(+), 2 deletions(-)
+ create mode 100644 libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu
+
+diff --git a/Makefile.am b/Makefile.am
+index da78b24..01abf20 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -863,6 +863,7 @@ libarchive_test_EXTRA_DIST=\
+ 	libarchive/test/test_read_format_rar5_symlink.rar.uu \
+ 	libarchive/test/test_read_format_rar5_truncated_huff.rar.uu \
+ 	libarchive/test/test_read_format_rar5_win32.rar.uu \
++	libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \
+ 	libarchive/test/test_read_format_raw.bufr.uu \
+ 	libarchive/test/test_read_format_raw.data.gz.uu \
+ 	libarchive/test/test_read_format_raw.data.Z.uu \
+diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
+index 7c24627..f73393c 100644
+--- a/libarchive/archive_read_support_format_rar5.c
++++ b/libarchive/archive_read_support_format_rar5.c
+@@ -2034,6 +2034,8 @@ static int scan_for_signature(struct archive_read* a);
+ static int process_base_block(struct archive_read* a,
+     struct archive_entry* entry)
+ {
++	const size_t SMALLEST_RAR5_BLOCK_SIZE = 3;
++
+ 	struct rar5* rar = get_context(a);
+ 	uint32_t hdr_crc, computed_crc;
+ 	size_t raw_hdr_size = 0, hdr_size_len, hdr_size;
+@@ -2057,15 +2059,26 @@ static int process_base_block(struct archive_read* a,
+ 		return ARCHIVE_EOF;
+ 	}
+ 
++	hdr_size = raw_hdr_size + hdr_size_len;
++
+ 	/* Sanity check, maximum header size for RAR5 is 2MB. */
+-	if(raw_hdr_size > (2 * 1024 * 1024)) {
++	if(hdr_size > (2 * 1024 * 1024)) {
+ 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ 		    "Base block header is too large");
+ 
+ 		return ARCHIVE_FATAL;
+ 	}
+ 
+-	hdr_size = raw_hdr_size + hdr_size_len;
++	/* Additional sanity checks to weed out invalid files. */
++	if(raw_hdr_size == 0 || hdr_size_len == 0 ||
++		hdr_size < SMALLEST_RAR5_BLOCK_SIZE)
++	{
++		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++			"Too small block encountered (%ld bytes)",
++			raw_hdr_size);
++
++		return ARCHIVE_FATAL;
++	}
+ 
+ 	/* Read the whole header data into memory, maximum memory use here is
+ 	 * 2MB. */
+diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c
+index 1408f37..32e7ed8 100644
+--- a/libarchive/test/test_read_format_rar5.c
++++ b/libarchive/test/test_read_format_rar5.c
+@@ -1194,3 +1194,18 @@ DEFINE_TEST(test_read_format_rar5_fileattr)
+ 
+ 	EPILOGUE();
+ }
++
++DEFINE_TEST(test_read_format_rar5_block_size_is_too_small)
++{
++	char buf[4096];
++	PROLOGUE("test_read_format_rar5_block_size_is_too_small.rar");
++
++	/* This file is damaged, so those functions should return failure.
++	 * Additionally, SIGSEGV shouldn't be raised during execution
++	 * of those functions. */
++
++	assertA(archive_read_next_header(a, &ae) != ARCHIVE_OK);
++	assertA(archive_read_data(a, buf, sizeof(buf)) <= 0);
++
++	EPILOGUE();
++}
+diff --git a/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu
+new file mode 100644
+index 0000000..5cad219
+--- /dev/null
++++ b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu
+@@ -0,0 +1,8 @@
++begin 644 test_read_format_rar5_block_size_is_too_small.rar
++M4F%R(1H'`0"-[P+2``+'(!P,("`@N`,!`B`@("`@("`@("`@("`@("#_("`@
++M("`@("`@("`@((:Q;2!4-'-^4B`!((WO`M(``O\@$/\@-R`@("`@("`@("`@
++M``X@("`@("`@____("`@("`@(/\@("`@("`@("`@("#_(+6U,2"UM;6UM[CU
++M)B`@*(0G(`!.`#D\3R``(/__(,+_````-0#_($&%*/HE=C+N`"```"```"`D
++J`)$#("#_("#__P`@__\@_R#_("`@("`@("#_("#__R`@(/__("#__R`"
++`
++end
+-- 
+2.23.0
+

meta/recipes-extended/libarchive/libarchive_3.4.0.bb

@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile"
 
 SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
            file://CVE-2019-19221.patch \
+           file://0001-RAR5-reader-reject-files-that-declare-invalid-header.patch \
 "
 
 SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac"