[OE-core][dunfell 00/20] Patch review

[OE-core][dunfell 00/20] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Tuesday.

Passed a-full on autobuilder with exception of known intermittent failure on
oe-selftest-centos (Unable to start bitbake server)

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1547

Passed on susequent oe-selftest-centos build:

https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/1532

The following changes since commit 5f644082fc3c2bbd89b898d5ca7cd4414cda4a64:

  nasm: update 2.14.02 -> 2.15.03 for CVE fixes (2020-11-02 04:05:13 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Andrey Zhizhikin (1):
  insane: add GitLab /archive/ tests

Changqing Li (1):
  timezone: upgrade to 2020d

Chee Yang Lee (1):
  bluez5: update to 5.55 to fix CVE-2020-27153

Joshua Watt (1):
  jquery: Upgrade 3.4.1 -> 3.5.0 to fix CVE-2020-11022 and
    CVE-2020-11023

Mark Jonas (4):
  Add license text for PSF-2.0
  Map license names PSF and PSFv2 to PSF-2.0
  libsdl2: Fix directfb syntax error
  libsdl2: Fix directfb SDL_RenderFillRect

Martin Jansa (3):
  lib/oe/patch: prevent applying patches without any subject
  lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
  Revert "lib/oe/patch: fix handling of patches with no header"

Richard Leitner (1):
  xcb-proto: backport fix for python gcd function

Richard Purdie (1):
  sstatesig: Log timestamps for hashequiv in reprodubile builds for
    do_package

Steve Sakoman (5):
  sqlite3: fix CVE-2020-13434
  sqlite3: fix CVE-2020-13435
  sqlite3: fix CVE-2020-13630
  sqlite3: fix CVE-2020-13631
  sqlite3: fix CVE-2020-13632

Yann E. MORIN (2):
  common-licenses: add bzip2-1.0.4
  recipes-core/busybox: fixup licensing information

 meta/classes/insane.bbclass                   |   4 +-
 meta/conf/licenses.conf                       |   6 +-
 meta/files/common-licenses/PSF-2.0            |  49 ++++
 meta/files/common-licenses/bzip2-1.0.4        |  43 ++++
 meta/lib/oe/patch.py                          |  13 +-
 meta/lib/oe/sstatesig.py                      |   6 +
 .../bluez5/{bluez5_5.54.bb => bluez5_5.55.bb} |   4 +-
 meta/recipes-core/busybox/busybox.inc         |   7 +-
 .../{jquery_3.4.1.bb => jquery_3.5.0.bb}      |   8 +-
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../libsdl2/directfb-renderfillrect-fix.patch |  33 +++
 ...ectfb-spurious-curly-brace-missing-e.patch |  49 ++++
 .../libsdl2/libsdl2_2.0.12.bb                 |   2 +
 ...1-xcbgen-use-math-gcd-for-python-3-5.patch |  40 ++++
 .../xorg-proto/xcb-proto_1.13.bb              |   3 +-
 .../sqlite/files/CVE-2020-13434.patch         |  48 ++++
 .../sqlite/files/CVE-2020-13435.patch         | 219 ++++++++++++++++++
 .../sqlite/files/CVE-2020-13630.patch         |  32 +++
 .../sqlite/files/CVE-2020-13631.patch         |  99 ++++++++
 .../sqlite/files/CVE-2020-13632.patch         |  34 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   5 +
 21 files changed, 684 insertions(+), 26 deletions(-)
 create mode 100644 meta/files/common-licenses/PSF-2.0
 create mode 100644 meta/files/common-licenses/bzip2-1.0.4
 rename meta/recipes-connectivity/bluez5/{bluez5_5.54.bb => bluez5_5.55.bb} (91%)
 rename meta/recipes-devtools/jquery/{jquery_3.4.1.bb => jquery_3.5.0.bb} (73%)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
 create mode 100644 meta/recipes-graphics/xorg-proto/xcb-proto/0001-xcbgen-use-math-gcd-for-python-3-5.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13434.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13435.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13630.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13631.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13632.patch

-- 
2.17.1

[OE-core][dunfell 01/20] xcb-proto: backport fix for python gcd function

[Steve Sakoman]

From: Richard Leitner <richard.leitner@skidata.com>

This backports the fix [1] for the following build error for nativesdk on
Fedora 33 which is caused by the removal of fractions.gcd() in favor of
math.gcd() in python 3.9 [2]:

ImportError: cannot import name 'gcd' from 'fractions' (/usr/lib64/python3.9/fractions.py)

[1] https://gitlab.freedesktop.org/xorg/proto/xcbproto/-/commit/426ae35bee1fa0fdb8b5120b1dcd20cee6e34512
[2] https://bugs.python.org/issue39350

Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...1-xcbgen-use-math-gcd-for-python-3-5.patch | 40 +++++++++++++++++++
 .../xorg-proto/xcb-proto_1.13.bb              |  3 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-graphics/xorg-proto/xcb-proto/0001-xcbgen-use-math-gcd-for-python-3-5.patch

diff --git a/meta/recipes-graphics/xorg-proto/xcb-proto/0001-xcbgen-use-math-gcd-for-python-3-5.patch b/meta/recipes-graphics/xorg-proto/xcb-proto/0001-xcbgen-use-math-gcd-for-python-3-5.patch
new file mode 100644
index 0000000000..f9f4424da5
--- /dev/null
+++ b/meta/recipes-graphics/xorg-proto/xcb-proto/0001-xcbgen-use-math-gcd-for-python-3-5.patch
@@ -0,0 +1,40 @@
+From 426ae35bee1fa0fdb8b5120b1dcd20cee6e34512 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Mon, 1 Jun 2020 12:24:16 +0200
+Subject: [PATCH] xcbgen: Use math.gcd() for Python >= 3.5.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+fractions.gcd() has been deprecated since Python 3.5, and
+was finally dropped in Python 3.9.  It is recommended to
+use math.gcd() instead.
+
+Signed-off-by: Björn Esser <besser82@fedoraproject.org>
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/proto/xcbproto/-/commit/426ae35bee1fa0fdb8b5120b1dcd20cee6e34512]
+Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
+---
+ xcbgen/align.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/xcbgen/align.py b/xcbgen/align.py
+index d4c12ee..5c4f517 100644
+--- a/xcbgen/align.py
++++ b/xcbgen/align.py
+@@ -2,7 +2,12 @@
+ This module contains helper classes for alignment arithmetic and checks
+ '''
+ 
+-from fractions import gcd
++from sys import version_info
++
++if version_info[:2] >= (3, 5):
++    from math import gcd
++else:
++    from fractions import gcd
+ 
+ class Alignment(object):
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-proto/xcb-proto_1.13.bb b/meta/recipes-graphics/xorg-proto/xcb-proto_1.13.bb
index 7467090920..1f41821302 100644
--- a/meta/recipes-graphics/xorg-proto/xcb-proto_1.13.bb
+++ b/meta/recipes-graphics/xorg-proto/xcb-proto_1.13.bb
@@ -11,7 +11,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d763b081cb10c223435b01e00dc0aba7 \
                     file://src/dri2.xml;beginline=2;endline=28;md5=f8763b13ff432e8597e0d610cf598e65"
 
-SRC_URI = "http://xcb.freedesktop.org/dist/${BP}.tar.bz2"
+SRC_URI = "http://xcb.freedesktop.org/dist/${BP}.tar.bz2 \
+           file://0001-xcbgen-use-math-gcd-for-python-3-5.patch"
 SRC_URI[md5sum] = "abe9aa4886138150bbc04ae4f29b90e3"
 SRC_URI[sha256sum] = "7b98721e669be80284e9bbfeab02d2d0d54cd11172b72271e47a2fe875e2bde1"
 
-- 
2.17.1

[OE-core][dunfell 02/20] lib/oe/patch: prevent applying patches without any subject

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* this was discovered with
  $ devtool finish --force-patch-refresh
  where it was removing some patches and replacing them with
  patch in filename called "patch:"

  e.g. this .patch file:
  https://github.com/OSSystems/meta-browser/blob/311067d2d8a50cee5c836892606444f63f2bb3ab/dynamic-layers/rust-layer/recipes-browser/firefox/firefox/fixes/fix-camera-permission-dialg-doesnot-close.patch
  confuses devtool which results to create new .patch file called "patch:"

  $ devtool finish --force-patch-refresh firefox meta-browser
  NOTE: Starting bitbake server...
  WARNING: Host distribution "ubuntu-20.04" has not been validated with this version of the build system; you may possibly experience unexpected failures. It is recommended that you use a tested distribution.
  Loading cache: 100% |###################################################################################################################################################################################################################################| Time: 0:00:00
  Loaded 2480 entries from dependency cache.
  Parsing recipes: 100% |#################################################################################################################################################################################################################################| Time: 0:00:00
  Parsing of 1718 .bb files complete (1717 cached, 1 parsed). 2480 targets, 68 skipped, 0 masked, 0 errors.

  Summary: There was 1 WARNING message shown.
  INFO: Updating patch 0001-Bug-1554949-Fix-WebRTC-build-failure-with-newer-linu.patch
  ...
  INFO: Updating patch pre-generated-old-configure.patch
  INFO: Adding new patch patch:
  INFO: Updating recipe firefox_68.0esr.bb
  INFO: Removing file /OE/build/test-oe-build-time/poky/meta-browser/dynamic-layers/rust-layer/recipes-browser/firefox/firefox/fixes/fix-camera-permission-dialg-doesnot-close.patch
  INFO: Cleaning sysroot for recipe firefox...
  INFO: Leaving source tree /OE/build/test-oe-build-time/poky/build/workspace/sources/firefox as-is; if you no longer need it then please delete it manually

  this looked like incorrect parsing of the git format-patch
  files exported from workspace/sources (the git format-patch
  version of fix-camera-permission-dialg-doesnot-close.patch
  starts like this:

  $ head 0008-original-patch-fix-camera-permission-dialg-doesnot-c.patch
  From 37dfa11961b48024bedcfb9336f49107c9535638 Mon Sep 17 00:00:00 2001
  From: Takuro Ashie <ashie@clear-code.com>
  Date: Mon, 20 Aug 2018 10:16:20 +0900
  Subject: [PATCH 08/34] %% original patch:
   fix-camera-permission-dialg-doesnot-close.patch

  so first I've modified GitApplyTree.extractPatches() to be able to
  parse the original patch name correctly even in this case where subject
  is wrapped, but then it still wasn't right, because we ended with
  correctly named .patch file, but all we could use for Subject line
  was the name of the original .patch file (instead of the Subject
  from metadata commit which introduced this .patch files as some other
  .patch files get when refreshed with devtool.

  In the end the issue happens even sooner in GitApplyTree.prepareCommit()
  where it correctly found the Subject from metadata commit, but then
  didn't apply it when there weren't any other outlines from patch headers.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/patch.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 2b1eee1003..fa92abe248 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -416,7 +416,7 @@ class GitApplyTree(PatchTree):
                     date = newdate
                 if not subject:
                     subject = newsubject
-        if subject and outlines and not outlines[0].strip() == subject:
+        if subject and not (outlines and outlines[0].strip() == subject):
             outlines.insert(0, '%s\n\n' % subject.strip())
 
         # Write out commit message to a file
-- 
2.17.1

[OE-core][dunfell 03/20] lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* also remove the extra blank lines which is often added to patches
  when refreshed with devtool (GitApplyTree.patch_line_prefix lines
  are ignored when refreshing .patch files, but newly added blank
  lines aren't - the leading blank line wasneeded for patches with
  just the subject line (to prevent the GitApplyTree.patch_line_prefix
  line ending appended to the commit summary), but we can add it
  in prepareCommit instead

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/patch.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index fa92abe248..bb1c40aa1e 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -508,8 +508,7 @@ class GitApplyTree(PatchTree):
         with open(commithook, 'w') as f:
             # NOTE: the formatting here is significant; if you change it you'll also need to
             # change other places which read it back
-            f.write('echo >> $1\n')
-            f.write('echo "%s: $PATCHFILE" >> $1\n' % GitApplyTree.patch_line_prefix)
+            f.write('echo "\n%s: $PATCHFILE" >> $1' % GitApplyTree.patch_line_prefix)
         os.chmod(commithook, 0o755)
         shutil.copy2(commithook, applyhook)
         try:
-- 
2.17.1

[OE-core][dunfell 04/20] Revert "lib/oe/patch: fix handling of patches with no header"

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* This reverts commit d9971f5dc8eb7de551fd6f5e058fd24770ef5d78.

* With the missing Subject line fixed in GitApplyTree.prepareCommit()
  we should be able to revert, the fix which was trying to help it by
  parsing GitApplyTree.patch_line_prefix ("%% original patch:") also
  from Subject line, now GitApplyTree.patch_line_prefix should always
  end on separate line which is then skipped when copying the lines to
  resulting patch, see original commit message from Paul:

    lib/oe/patch: fix handling of patches with no header

    If a patch applied by a recipe has no header and we turn the recipe's
    source into a git tree (when PATCHTOOL = "git" or when using devtool
    extract / modify / upgrade), the commit message ends up consisting only
    of the original filename marker ("%% original patch: filename.patch").
    When we come to do turn the commits back into a set of patches in
    extractPatches(), this first line ends up in the "Subject: " part of
    the file, but we were ignoring it because the line didn't start with the
    marker text. The end result was we weren't able to get the original
    patch name. Strip off any "Subject [PATCH x/y]" part before looking for
    the marker text to fix.

    This caused "devtool modify openssl" followed by "devtool update-recipe
    openssl" (without any changes in-between) to remove version-script.patch
    because that patch has no header and we weren't able to determine the
    original filename.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/patch.py | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index bb1c40aa1e..7ca2e28b1f 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -439,7 +439,6 @@ class GitApplyTree(PatchTree):
     def extractPatches(tree, startcommit, outdir, paths=None):
         import tempfile
         import shutil
-        import re
         tempdir = tempfile.mkdtemp(prefix='oepatch')
         try:
             shellcmd = ["git", "format-patch", "--no-signature", "--no-numbered", startcommit, "-o", tempdir]
@@ -455,13 +454,10 @@ class GitApplyTree(PatchTree):
                         try:
                             with open(srcfile, 'r', encoding=encoding) as f:
                                 for line in f:
-                                    checkline = line
-                                    if checkline.startswith('Subject: '):
-                                        checkline = re.sub(r'\[.+?\]\s*', '', checkline[9:])
-                                    if checkline.startswith(GitApplyTree.patch_line_prefix):
+                                    if line.startswith(GitApplyTree.patch_line_prefix):
                                         outfile = line.split()[-1].strip()
                                         continue
-                                    if checkline.startswith(GitApplyTree.ignore_commit_prefix):
+                                    if line.startswith(GitApplyTree.ignore_commit_prefix):
                                         continue
                                     patchlines.append(line)
                         except UnicodeDecodeError:
-- 
2.17.1

[OE-core][dunfell 05/20] sstatesig: Log timestamps for hashequiv in reprodubile builds for do_package

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Currently if a task generates the same output with different timestamps,
hasequiv won't detect it but reproducibile builds will fail tests due
to the different timestamps.

Add do_package timestamps to the hash when reproducibile builds are enabled
to avoid this.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 11e8200ccec765ff6a4263e06512e5751eca261a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/sstatesig.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index d24e3738ae..d5a6200562 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -477,6 +477,9 @@ def OEOuthashBasic(path, sigfile, task, d):
     h = hashlib.sha256()
     prev_dir = os.getcwd()
     include_owners = os.environ.get('PSEUDO_DISABLED') == '0'
+    include_timestamps = False
+    if task == "package":
+        include_timestamps = d.getVar('BUILD_REPRODUCIBLE_BINARIES') == '1'
     extra_content = d.getVar('HASHEQUIV_HASH_VERSION')
 
     try:
@@ -551,6 +554,9 @@ def OEOuthashBasic(path, sigfile, task, d):
                         bb.warn("KeyError in %s" % path)
                         raise
 
+                if include_timestamps:
+                    update_hash(" %10d" % s.st_mtime)
+
                 update_hash(" ")
                 if stat.S_ISBLK(s.st_mode) or stat.S_ISCHR(s.st_mode):
                     update_hash("%9s" % ("%d.%d" % (os.major(s.st_rdev), os.minor(s.st_rdev))))
-- 
2.17.1

[OE-core][dunfell 06/20] timezone: upgrade to 2020d

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 365787658cffc3b2dedb88db311a33012be9d70d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/timezone/timezone.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 8eb17c5eaf..5368464f30 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
 LICENSE = "PD & BSD & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
 
-PV = "2020b"
+PV = "2020d"
 
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,5 +14,5 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
 
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzcode.sha256sum] = "47eff8944de4a64f7629b851e4a32338ab12c9b73edd62063795167ff1fe43da"
-SRC_URI[tzdata.sha256sum] = "9b053f951d245ce89d850b96ee4711d82d833559b1fc96ba19f90bc4d745e809"
+SRC_URI[tzcode.sha256sum] = "6cf050ba28e8053029d3f32d71341d11a794c6b5dd51a77fc769d6dae364fad5"
+SRC_URI[tzdata.sha256sum] = "8d813957de363387696f05af8a8889afa282ab5016a764c701a20758d39cbaf3"
-- 
2.17.1

[OE-core][dunfell 07/20] common-licenses: add bzip2-1.0.4

[Steve Sakoman]

From: "Yann E. MORIN" <yann.morin.1998@free.fr>

The bzip2 license changes with each version; the changes are subtle, but
that makes it a different license everytime:
  - copyright year
  - authorship identification and address
  - version of the release
  - date of the release

Although we currently only have bzip2 and pbzip2 packages, we're going
to need this license for busybox, which uses code from bzip2-1.0.4.

Add it, as copied from the upstream bzip2 git tree at tag 'bzip2-1.0.4'
(commit f10a33538e9bab6deb61779b3d8aae168824ef48).

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f303c31b813f371737c9a9d7a93e9f920f84e75a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/common-licenses/bzip2-1.0.4 | 43 ++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 meta/files/common-licenses/bzip2-1.0.4

diff --git a/meta/files/common-licenses/bzip2-1.0.4 b/meta/files/common-licenses/bzip2-1.0.4
new file mode 100644
index 0000000000..4458e35bb5
--- /dev/null
+++ b/meta/files/common-licenses/bzip2-1.0.4
@@ -0,0 +1,43 @@
+
+--------------------------------------------------------------------------
+
+This program, "bzip2", the associated library "libbzip2", and all
+documentation, are copyright (C) 1996-2006 Julian R Seward.  All
+rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. The origin of this software must not be misrepresented; you must 
+   not claim that you wrote the original software.  If you use this 
+   software in a product, an acknowledgment in the product 
+   documentation would be appreciated but is not required.
+
+3. Altered source versions must be plainly marked as such, and must
+   not be misrepresented as being the original software.
+
+4. The name of the author may not be used to endorse or promote 
+   products derived from this software without specific prior written 
+   permission.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Julian Seward, Cambridge, UK.
+jseward@bzip.org
+bzip2/libbzip2 version 1.0.4 of 20 December 2006
+
+--------------------------------------------------------------------------
-- 
2.17.1

[OE-core][dunfell 08/20] recipes-core/busybox: fixup licensing information

[Steve Sakoman]

From: "Yann E. MORIN" <yann.morin.1998@free.fr>

Commit 7d32417b4d (busybox: Correct the name of the bzip2 license)
changes the licesne from 'bzip2' to 'bzip2-1.0.6' on the rationale
that the 'bzip2 license was renamed from "bzip2" to "bzip2-1.0.6"
[...] to match the official SPDX identifier.'

Though the above is true for the bzip2 and pbzip2 packages, the bzip2
code bundled in busybox is a copy from the bzip2 1.0.4 version, not the
1.0.6 version.

As such, using bzip2-1.0.6 is wrong.

Unfortunately, there is no official SPDX license identifier for this
bzip2 1.0.4 version, so we just mimick the existing ones (bzip2-1.0.5
and bzip2-1.0.6) by using bzip2-1.0.4.

Also, there is a license file attached to that, so we add it to the
list.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Alexandre BELLONI <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6238ee3ecd385cbadd8e75eb8b22a96d9cb13639)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/busybox/busybox.inc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 45aaa2b41c..e0522be729 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -5,10 +5,11 @@ BUGTRACKER = "https://bugs.busybox.net/"
 
 DEPENDS += "kern-tools-native virtual/crypt"
 
-# bzip2 applet in busybox is based on lightly-modified bzip2 source
+# bzip2 applet in busybox is based on lightly-modified bzip2-1.0.4 source
 # the GPL is version 2 only
-LICENSE = "GPLv2 & bzip2-1.0.6"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb"
+LICENSE = "GPLv2 & bzip2-1.0.4"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb \
+                    file://archival/libarchive/bz/LICENSE;md5=28e3301eae987e8cfe19988e98383dae"
 
 SECTION = "base"
 
-- 
2.17.1

[OE-core][dunfell 09/20] insane: add GitLab /archive/ tests

[Steve Sakoman]

From: Andrey Zhizhikin <andrey.z@gmail.com>

Archives produced by GitLab should be avoided in the same way as those
produced by GitHub.

Extend SRC_URI check to include GitLab and inform user that recipe
should be converted to use git protocol.

Link: https://www.mail-archive.com/openembedded-devel@lists.openembedded.org/msg73109.html
Link: https://lists.openembedded.org/g/openembedded-core/message/144035
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d76b33c6a8489378a1f5500554367127199ae19d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/insane.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 601b6b65bf..b5c6b2186f 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -975,8 +975,8 @@ def package_qa_check_src_uri(pn, d, messages):
         package_qa_handle_error("src-uri-bad", "%s: SRC_URI uses PN not BPN" % pn, d)
 
     for url in d.getVar("SRC_URI").split():
-        if re.search(r"github\.com/.+/.+/archive/.+", url):
-            package_qa_handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub archives" % pn, d)
+        if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url):
+            package_qa_handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol" % pn, d)
 
 QARECIPETEST[unhandled-features-check] = "package_qa_check_unhandled_features_check"
 def package_qa_check_unhandled_features_check(pn, d, messages):
-- 
2.17.1

[OE-core][dunfell 10/20] Add license text for PSF-2.0

[Steve Sakoman]

From: Mark Jonas <toertel@gmail.com>

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37983b3706bda0c466e7e99e1d088089854f5648)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/common-licenses/PSF-2.0 | 49 ++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 meta/files/common-licenses/PSF-2.0

diff --git a/meta/files/common-licenses/PSF-2.0 b/meta/files/common-licenses/PSF-2.0
new file mode 100644
index 0000000000..4e673e93fc
--- /dev/null
+++ b/meta/files/common-licenses/PSF-2.0
@@ -0,0 +1,49 @@
+
+PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+--------------------------------------------
+
+1. This LICENSE AGREEMENT is between the Python Software Foundation
+("PSF"), and the Individual or Organization ("Licensee") accessing and
+otherwise using this software ("Python") in source or binary form and
+its associated documentation.
+
+2. Subject to the terms and conditions of this License Agreement, PSF
+hereby grants Licensee a nonexclusive, royalty-free, world-wide
+license to reproduce, analyze, test, perform and/or display publicly,
+prepare derivative works, distribute, and otherwise use Python
+alone or in any derivative version, provided, however, that PSF's
+License Agreement and PSF's notice of copyright, i.e., "Copyright (c)
+2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights
+Reserved" are retained in Python alone or in any derivative version
+prepared by Licensee.
+
+3. In the event Licensee prepares a derivative work that is based on
+or incorporates Python or any part thereof, and wants to make
+the derivative work available to others as provided herein, then
+Licensee hereby agrees to include in any such work a brief summary of
+the changes made to Python.
+
+4. PSF is making Python available to Licensee on an "AS IS"
+basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+INFRINGE ANY THIRD PARTY RIGHTS.
+
+5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+6. This License Agreement will automatically terminate upon a material
+breach of its terms and conditions.
+
+7. Nothing in this License Agreement shall be deemed to create any
+relationship of agency, partnership, or joint venture between PSF and
+Licensee. This License Agreement does not grant permission to use PSF
+trademarks or trade name in a trademark sense to endorse or promote
+products or services of Licensee, or any third party.
+
+8. By copying, installing or otherwise using Python, Licensee
+agrees to be bound by the terms and conditions of this License
+Agreement.
-- 
2.17.1

[OE-core][dunfell 11/20] Map license names PSF and PSFv2 to PSF-2.0

[Steve Sakoman]

From: Mark Jonas <toertel@gmail.com>

According to SDPX.org "Python License 2.0" is the overall Python
license, which is comprised of several licenses. "Python Software
Foundation License 2.0" is part of the complete Python license, but is
also used independently by some projects.

So far the license names PSF and PSFv2 found in LICENSE are mapped to
to Python-2.0. This patch maps PSF and PSFv2 to PSF-2.0 und thus
corrects the impression that Python-2.0 and PSF-2.0 are synonymous.

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ef89f176d10ee82738aa050282d93b68dd2c4eb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/licenses.conf | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 751424d1b6..5b309eb385 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -45,9 +45,11 @@ SPDXLICENSEMAP[MIT-style] = "MIT"
 #Openssl variations
 SPDXLICENSEMAP[openssl] = "OpenSSL"
 
+#PSF variations
+SPDXLICENSEMAP[PSF] = "PSF-2.0"
+SPDXLICENSEMAP[PSFv2] = "PSF-2.0"
+
 #Python variations
-SPDXLICENSEMAP[PSF] = "Python-2.0"
-SPDXLICENSEMAP[PSFv2] = "Python-2.0"
 SPDXLICENSEMAP[Python-2] = "Python-2.0"
 
 #Apache variations
-- 
2.17.1

[OE-core][dunfell 12/20] libsdl2: Fix directfb syntax error

[Steve Sakoman]

From: Mark Jonas <toertel@gmail.com>

Build of libsdl2 with directfb is broken due to a spurious '}' and a
missing 'E' since version 2.0.12. The upstream is already fixed.

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8963daba093c3c5e2c60e1e4e057862971b84cb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ectfb-spurious-curly-brace-missing-e.patch | 49 +++++++++++++++++++
 .../libsdl2/libsdl2_2.0.12.bb                 |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch b/meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
new file mode 100644
index 0000000000..aa351a89ba
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
@@ -0,0 +1,49 @@
+# HG changeset patch
+# User Fabrice Fontaine <fontaine.fabrice@gmail.com>
+# Date 1585069551 25200
+# Node ID 769f800952179633ec6c3e6bc1bc1d40e401750a
+# Parent  63387e8920f58f608288f247824ec5f4c286691f
+src/video/directfb/SDL_DirectFB_render.c: fix build
+Build with directfb is broken due to a spurious '}' and a missing 'E'
+since version 2.0.12 and https://hg.libsdl.org/SDL/rev/2d5b5a5ccbfb:
+
+/home/buildroot/autobuild/run/instance-2/output-1/build/sdl2-2.0.12/src/video/directfb/SDL_DirectFB_render.c: In function 'SetBlendMode':
+/home/buildroot/autobuild/run/instance-2/output-1/build/sdl2-2.0.12/src/video/directfb/SDL_DirectFB_render.c:202:9: error: case label not within a switch statement
+  202 |         case SDL_BLENDMODE_MUL:
+      |         ^~~~
+
+/home/buildroot/autobuild/run/instance-2/output-1/build/sdl2-2.0.12/src/video/directfb/SDL_DirectFB_render.c:205:67: error: 'DSBF_DSTCOLOR' undeclared (first use in this function); did you mean 'DSBF_DESTCOLOR'?
+  205 |             SDL_DFB_CHECK(destsurf->SetSrcBlendFunction(destsurf, DSBF_DSTCOLOR));
+      |                                                                   ^~~~~~~~~~~~~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/83ccefee68c2800c0544e6f40fa8bc8ee6b67b77
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+--
+
+The patch was imported from the libsdl Mercurial repository
+(https://hg.libsdl.org/SDL) as of changeset id 769f80095217.
+
+Upstream-Status: Backport
+
+Signed-off-by: Mark Jonas <toertel@gmail.com>
+
+
+diff -r 63387e8920f5 -r 769f80095217 src/video/directfb/SDL_DirectFB_render.c
+--- a/src/video/directfb/SDL_DirectFB_render.c	Mon Mar 23 14:10:25 2020 -0700
++++ b/src/video/directfb/SDL_DirectFB_render.c	Tue Mar 24 10:05:51 2020 -0700
+@@ -198,11 +198,10 @@
+             SDL_DFB_CHECK(destsurf->SetDstBlendFunction(destsurf, DSBF_SRCCOLOR));
+
+             break;
+-        }
+         case SDL_BLENDMODE_MUL:
+             data->blitFlags = DSBLIT_BLEND_ALPHACHANNEL;
+             data->drawFlags = DSDRAW_BLEND;
+-            SDL_DFB_CHECK(destsurf->SetSrcBlendFunction(destsurf, DSBF_DSTCOLOR));
++            SDL_DFB_CHECK(destsurf->SetSrcBlendFunction(destsurf, DSBF_DESTCOLOR));
+             SDL_DFB_CHECK(destsurf->SetDstBlendFunction(destsurf, DSBF_INVSRCALPHA));
+
+             break;
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index c1c941e452..6285477921 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -18,6 +18,7 @@ PROVIDES = "virtual/libsdl2"
 
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
            file://more-gen-depends.patch \
+           file://directfb-spurious-curly-brace-missing-e.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
-- 
2.17.1

[OE-core][dunfell 13/20] libsdl2: Fix directfb SDL_RenderFillRect

[Steve Sakoman]

From: Mark Jonas <toertel@gmail.com>

Refactoring of SDL2 internal API has broken SDL_RenderFillRect for
DirectFB. The problem has already been fixed upstream.

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a7c8dfc1f9beebeb9da7f61b323d85fba82ec1cb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsdl2/directfb-renderfillrect-fix.patch | 33 +++++++++++++++++++
 .../libsdl2/libsdl2_2.0.12.bb                 |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch b/meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
new file mode 100644
index 0000000000..83d4f4b1ec
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Sam Lantinga <slouken@libsdl.org>
+# Date 1590793369 25200
+# Node ID a90089f75990e8b07a1dcf931c5f8a580ae343bf
+# Parent  a9b4bd264f3cbedc4f3287b3ec6b32311370ba85
+Fixed bug 5146 - SDL_RenderFillRect doesn't work in DirectFB
+
+Lacky
+
+It looks like refactoring of SDL2 internal API has broken SDL_RenderFillRect for DirectFB. In new version function SDL_RenderFillRect returns 0, but rectangle is not visible.
+
+Replacing "count" with "len" in the argument list for SDL_memcpy in DirectFB_QueueFillRects fixes problem.
+
+--
+
+The patch was imported from the libsdl Mercurial repository
+(https://hg.libsdl.org/SDL) as of changeset id a90089f75990.
+
+Upstream-Status: Backport
+
+Signed-off-by: Mark Jonas <toertel@gmail.com>
+
+diff -r a9b4bd264f3c -r a90089f75990 src/video/directfb/SDL_DirectFB_render.c
+--- a/src/video/directfb/SDL_DirectFB_render.c	Thu May 21 00:06:09 2020 -0400
++++ b/src/video/directfb/SDL_DirectFB_render.c	Fri May 29 16:02:49 2020 -0700
+@@ -626,7 +626,7 @@
+     }
+
+     cmd->data.draw.count = count;
+-    SDL_memcpy(verts, rects, count);
++    SDL_memcpy(verts, rects, len);
+     return 0;
+ }
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index 6285477921..1049aa548a 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -19,6 +19,7 @@ PROVIDES = "virtual/libsdl2"
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
            file://more-gen-depends.patch \
            file://directfb-spurious-curly-brace-missing-e.patch \
+           file://directfb-renderfillrect-fix.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
-- 
2.17.1

[OE-core][dunfell 14/20] jquery: Upgrade 3.4.1 -> 3.5.0 to fix CVE-2020-11022 and CVE-2020-11023

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

Version 3.5.0 is a security release

Reference:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

The primary purpose of the jquery recipe is to make the diffoscope
output from the autobuilder easier to navigate.

Master branch has been using 3.5.X for some time now so this should
be a safe upgrade.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0f883c4cbdcf722767b437a69002244be4cf8d9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../jquery/{jquery_3.4.1.bb => jquery_3.5.0.bb}           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/jquery/{jquery_3.4.1.bb => jquery_3.5.0.bb} (73%)

diff --git a/meta/recipes-devtools/jquery/jquery_3.4.1.bb b/meta/recipes-devtools/jquery/jquery_3.5.0.bb
similarity index 73%
rename from meta/recipes-devtools/jquery/jquery_3.4.1.bb
rename to meta/recipes-devtools/jquery/jquery_3.5.0.bb
index 1bf6ef5c98..5c6f9cddbe 100644
--- a/meta/recipes-devtools/jquery/jquery_3.4.1.bb
+++ b/meta/recipes-devtools/jquery/jquery_3.5.0.bb
@@ -2,7 +2,7 @@ SUMMARY = "jQuery is a fast, small, and feature-rich JavaScript library"
 HOMEPAGE = "https://jquery.com/"
 LICENSE = "MIT"
 SECTION = "devel"
-LIC_FILES_CHKSUM = "file://${WORKDIR}/${BP}.js;startline=8;endline=10;md5=cdb86f5bda90caec023592d2e768357c"
+LIC_FILES_CHKSUM = "file://${WORKDIR}/${BP}.js;startline=8;endline=10;md5=b1e67ece919e852643f1541a54492d65"
 
 SRC_URI = "\
     https://code.jquery.com/${BP}.js;name=js \
@@ -10,9 +10,9 @@ SRC_URI = "\
     https://code.jquery.com/${BP}.min.map;name=map \
     "
 
-SRC_URI[js.sha256sum] = "5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55"
-SRC_URI[min.sha256sum] = "0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a"
-SRC_URI[map.sha256sum] = "8da74aec0fcdd7678a2663b3cc9bafbaf009e6d6929b28bb3dd95bced18206f6"
+SRC_URI[js.sha256sum] = "aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37"
+SRC_URI[min.sha256sum] = "c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4"
+SRC_URI[map.sha256sum] = "3149351c8cbc3fb230bbf6188617c7ffda77d9e14333f4f5f0aa1aae379df892"
 
 UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
 
-- 
2.17.1

[OE-core][dunfell 15/20] bluez5: update to 5.55 to fix CVE-2020-27153

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

Version 5.55 is a security/bug fix release

Release note:
https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07

CVE reference:

https://nvd.nist.gov/vuln/detail/CVE-2020-27153

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c2895e3e4eabca64cbcc8682e72d25026df5e5f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../bluez5/{bluez5_5.54.bb => bluez5_5.55.bb}                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-connectivity/bluez5/{bluez5_5.54.bb => bluez5_5.55.bb} (91%)

diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
similarity index 91%
rename from meta/recipes-connectivity/bluez5/bluez5_5.54.bb
rename to meta/recipes-connectivity/bluez5/bluez5_5.55.bb
index 260eee1402..8190924562 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
@@ -1,7 +1,7 @@
 require bluez5.inc
 
-SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
-SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
+SRC_URI[md5sum] = "94972b8bc7ade60c72b0ffa6ccff2c0a"
+SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e0894e9b88"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
-- 
2.17.1

[OE-core][dunfell 16/20] sqlite3: fix CVE-2020-13434

[Steve Sakoman]

CVE: CVE-2020-13434

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13434

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sqlite/files/CVE-2020-13434.patch         | 48 +++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13434.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13434.patch b/meta/recipes-support/sqlite/files/CVE-2020-13434.patch
new file mode 100644
index 0000000000..40c5e6f2ce
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13434.patch
@@ -0,0 +1,48 @@
+From dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Sat, 23 May 2020 19:58:07 +0000
+Subject: [PATCH] Limit the "precision" of floating-point to text conversions
+ in the printf() function to 100,000,000.  Fix for ticket [23439ea582241138].
+
+FossilOrigin-Name: d08d3405878d394e08e5d3af281246edfbd81ca74cc8d16458808591512fb93d
+
+Upstream-Status: Backport
+CVE: CVE-2020-13434
+
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
+
+Patch converted to amalgamation format
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+diff --git a/sqlite3.c b/sqlite3.c
+index 55dc686..5ff2c14 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -28147,6 +28147,13 @@ static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){
+ #endif
+ #define etBUFSIZE SQLITE_PRINT_BUF_SIZE  /* Size of the output buffer */
+ 
++/*
++** Hard limit on the precision of floating-point conversions.
++*/
++#ifndef SQLITE_PRINTF_PRECISION_LIMIT
++# define SQLITE_FP_PRECISION_LIMIT 100000000
++#endif
++
+ /*
+ ** Render a string given by "fmt" into the StrAccum object.
+ */
+@@ -28468,6 +28475,11 @@ SQLITE_API void sqlite3_str_vappendf(
+         length = 0;
+ #else
+         if( precision<0 ) precision = 6;         /* Set default precision */
++#ifdef SQLITE_FP_PRECISION_LIMIT
++        if( precision>SQLITE_FP_PRECISION_LIMIT ){
++          precision = SQLITE_FP_PRECISION_LIMIT;
++        }
++#endif
+         if( realvalue<0.0 ){
+           realvalue = -realvalue;
+           prefix = '-';
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index e5071b48bb..c8225fff15 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -8,6 +8,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2020-11656.patch \
            file://CVE-2020-11655.patch \
            file://CVE-2020-15358.patch \
+           file://CVE-2020-13434.patch \
            "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1

[OE-core][dunfell 17/20] sqlite3: fix CVE-2020-13435

[Steve Sakoman]

CVE: CVE-2020-13435

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13435

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sqlite/files/CVE-2020-13435.patch         | 219 ++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   1 +
 2 files changed, 220 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13435.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13435.patch b/meta/recipes-support/sqlite/files/CVE-2020-13435.patch
new file mode 100644
index 0000000000..d726e50a27
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13435.patch
@@ -0,0 +1,219 @@
+From e40cc16b472071f553700c7208394e6cf73d5688 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Sun, 24 May 2020 03:01:36 +0000
+Subject: [PATCH] Combination of patches to fix CVE2020-13435
+
+Combines:
+
+Move some utility Walker callbacks into the walker.c source file, as they seem to belong there better.
+When rewriting a query for window functions, if the rewrite changes the depth of TK_AGG_FUNCTION nodes, be sure to adjust the Expr.op2 field appropriately. Fix for ticket [7a5279a25c57adf1]
+Defensive code that tries to prevent a recurrence of problems like the one described in ticket [7a5279a25c57adf1]
+
+FossilOrigin-Name: dac438236f7c5419d4e7e094e8b3f19f83cd3b1a18bc8acb14aee90d4514fa3c
+FossilOrigin-Name: ad7bb70af9bb68d192137188bb2528f1e9e43ad164c925174ca1dafc9e1f5339
+FossilOrigin-Name: 572105de1d44bca4f18c99d373458889163611384eebbc9659474874ee1701f4
+
+Upstream-Status: Backport
+CVE: CVE-2020-13435
+
+Reference to upstream patches:
+https://github.com/sqlite/sqlite/commit/e40cc16b472071f553700c7208394e6cf73d5688
+https://github.com/sqlite/sqlite/commit/c37577bb2dfb602a5cdbba8322a01b548c34c185
+https://github.com/sqlite/sqlite/commit/0934d640456bb168a8888ae388643c5160afe501
+
+Patches combined and converted to amalgamation format
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+diff --git a/sqlite3.c b/sqlite3.c
+index 5ff2c14..02892f8 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -18965,6 +18965,9 @@ SQLITE_PRIVATE int sqlite3WalkSelectFrom(Walker*, Select*);
+ SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker*, Expr*);
+ SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker*, Select*);
+ SQLITE_PRIVATE int sqlite3SelectWalkFail(Walker*, Select*);
++SQLITE_PRIVATE int sqlite3WalkerDepthIncrease(Walker*,Select*);
++SQLITE_PRIVATE void sqlite3WalkerDepthDecrease(Walker*,Select*);
++
+ #ifdef SQLITE_DEBUG
+ SQLITE_PRIVATE void sqlite3SelectWalkAssert2(Walker*, Select*);
+ #endif
+@@ -96773,6 +96776,43 @@ SQLITE_PRIVATE int sqlite3WalkSelect(Walker *pWalker, Select *p){
+   return WRC_Continue;
+ }
+ 
++/* Increase the walkerDepth when entering a subquery, and
++** descrease when leaving the subquery.
++*/
++SQLITE_PRIVATE int sqlite3WalkerDepthIncrease(Walker *pWalker, Select *pSelect){
++  UNUSED_PARAMETER(pSelect);
++  pWalker->walkerDepth++;
++  return WRC_Continue;
++}
++SQLITE_PRIVATE void sqlite3WalkerDepthDecrease(Walker *pWalker, Select *pSelect){
++  UNUSED_PARAMETER(pSelect);
++  pWalker->walkerDepth--;
++}
++
++
++/*
++** No-op routine for the parse-tree walker.
++**
++** When this routine is the Walker.xExprCallback then expression trees
++** are walked without any actions being taken at each node.  Presumably,
++** when this routine is used for Walker.xExprCallback then 
++** Walker.xSelectCallback is set to do something useful for every 
++** subquery in the parser tree.
++*/
++SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker *NotUsed, Expr *NotUsed2){
++  UNUSED_PARAMETER2(NotUsed, NotUsed2);
++  return WRC_Continue;
++}
++
++/*
++** No-op routine for the parse-tree walker for SELECT statements.
++** subquery in the parser tree.
++*/
++SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker *NotUsed, Select *NotUsed2){
++  UNUSED_PARAMETER2(NotUsed, NotUsed2);
++  return WRC_Continue;
++}
++
+ /************** End of walker.c **********************************************/
+ /************** Begin file resolve.c *****************************************/
+ /*
+@@ -96801,6 +96841,8 @@ SQLITE_PRIVATE int sqlite3WalkSelect(Walker *pWalker, Select *p){
+ **
+ ** incrAggFunctionDepth(pExpr,n) is the main routine.  incrAggDepth(..)
+ ** is a helper function - a callback for the tree walker.
++**
++** See also the sqlite3WindowExtraAggFuncDepth() routine in window.c
+ */
+ static int incrAggDepth(Walker *pWalker, Expr *pExpr){
+   if( pExpr->op==TK_AGG_FUNCTION ) pExpr->op2 += pWalker->u.n;
+@@ -102459,7 +102501,10 @@ expr_code_doover:
+   switch( op ){
+     case TK_AGG_COLUMN: {
+       AggInfo *pAggInfo = pExpr->pAggInfo;
+-      struct AggInfo_col *pCol = &pAggInfo->aCol[pExpr->iAgg];
++      struct AggInfo_col *pCol;
++      assert( pAggInfo!=0 );
++      assert( pExpr->iAgg>=0 && pExpr->iAgg<pAggInfo->nColumn );
++      pCol = &pAggInfo->aCol[pExpr->iAgg];
+       if( !pAggInfo->directMode ){
+         assert( pCol->iMem>0 );
+         return pCol->iMem;
+@@ -102753,7 +102798,10 @@ expr_code_doover:
+     }
+     case TK_AGG_FUNCTION: {
+       AggInfo *pInfo = pExpr->pAggInfo;
+-      if( pInfo==0 ){
++      if( pInfo==0
++       || NEVER(pExpr->iAgg<0)
++       || NEVER(pExpr->iAgg>=pInfo->nFunc)
++      ){
+         assert( !ExprHasProperty(pExpr, EP_IntValue) );
+         sqlite3ErrorMsg(pParse, "misuse of aggregate: %s()", pExpr->u.zToken);
+       }else{
+@@ -104492,15 +104540,6 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
+   }
+   return WRC_Continue;
+ }
+-static int analyzeAggregatesInSelect(Walker *pWalker, Select *pSelect){
+-  UNUSED_PARAMETER(pSelect);
+-  pWalker->walkerDepth++;
+-  return WRC_Continue;
+-}
+-static void analyzeAggregatesInSelectEnd(Walker *pWalker, Select *pSelect){
+-  UNUSED_PARAMETER(pSelect);
+-  pWalker->walkerDepth--;
+-}
+ 
+ /*
+ ** Analyze the pExpr expression looking for aggregate functions and
+@@ -104514,8 +104553,8 @@ static void analyzeAggregatesInSelectEnd(Walker *pWalker, Select *pSelect){
+ SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext *pNC, Expr *pExpr){
+   Walker w;
+   w.xExprCallback = analyzeAggregate;
+-  w.xSelectCallback = analyzeAggregatesInSelect;
+-  w.xSelectCallback2 = analyzeAggregatesInSelectEnd;
++  w.xSelectCallback = sqlite3WalkerDepthIncrease;
++  w.xSelectCallback2 = sqlite3WalkerDepthDecrease;
+   w.walkerDepth = 0;
+   w.u.pNC = pNC;
+   w.pParse = 0;
+@@ -133065,29 +133104,6 @@ static int selectExpander(Walker *pWalker, Select *p){
+   return WRC_Continue;
+ }
+ 
+-/*
+-** No-op routine for the parse-tree walker.
+-**
+-** When this routine is the Walker.xExprCallback then expression trees
+-** are walked without any actions being taken at each node.  Presumably,
+-** when this routine is used for Walker.xExprCallback then 
+-** Walker.xSelectCallback is set to do something useful for every 
+-** subquery in the parser tree.
+-*/
+-SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker *NotUsed, Expr *NotUsed2){
+-  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+-  return WRC_Continue;
+-}
+-
+-/*
+-** No-op routine for the parse-tree walker for SELECT statements.
+-** subquery in the parser tree.
+-*/
+-SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker *NotUsed, Select *NotUsed2){
+-  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+-  return WRC_Continue;
+-}
+-
+ #if SQLITE_DEBUG
+ /*
+ ** Always assert.  This xSelectCallback2 implementation proves that the
+@@ -150225,6 +150241,23 @@ static ExprList *exprListAppendList(
+   return pList;
+ }
+ 
++/*
++** When rewriting a query, if the new subquery in the FROM clause
++** contains TK_AGG_FUNCTION nodes that refer to an outer query,
++** then we have to increase the Expr->op2 values of those nodes
++** due to the extra subquery layer that was added.
++**
++** See also the incrAggDepth() routine in resolve.c
++*/
++static int sqlite3WindowExtraAggFuncDepth(Walker *pWalker, Expr *pExpr){
++  if( pExpr->op==TK_AGG_FUNCTION
++   && pExpr->op2>=pWalker->walkerDepth
++  ){
++    pExpr->op2++;
++  }
++  return WRC_Continue;
++}
++
+ /*
+ ** If the SELECT statement passed as the second argument does not invoke
+ ** any SQL window functions, this function is a no-op. Otherwise, it 
+@@ -150333,6 +150366,7 @@ SQLITE_PRIVATE int sqlite3WindowRewrite(Parse *pParse, Select *p){
+     p->pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
+     if( p->pSrc ){
+       Table *pTab2;
++      Walker w;
+       p->pSrc->a[0].pSelect = pSub;
+       sqlite3SrcListAssignCursors(pParse, p->pSrc);
+       pSub->selFlags |= SF_Expanded;
+@@ -150347,6 +150381,11 @@ SQLITE_PRIVATE int sqlite3WindowRewrite(Parse *pParse, Select *p){
+         pTab->tabFlags |= TF_Ephemeral;
+         p->pSrc->a[0].pTab = pTab;
+         pTab = pTab2;
++        memset(&w, 0, sizeof(w));
++        w.xExprCallback = sqlite3WindowExtraAggFuncDepth;
++        w.xSelectCallback = sqlite3WalkerDepthIncrease;
++        w.xSelectCallback2 = sqlite3WalkerDepthDecrease;
++        sqlite3WalkSelect(&w, pSub);
+       }
+     }else{
+       sqlite3SelectDelete(db, pSub);
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index c8225fff15..4ef1da703b 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2020-11655.patch \
            file://CVE-2020-15358.patch \
            file://CVE-2020-13434.patch \
+           file://CVE-2020-13435.patch \
            "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1

[OE-core][dunfell 18/20] sqlite3: fix CVE-2020-13630

[Steve Sakoman]

CVE: CVE-2020-13630

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13630

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sqlite/files/CVE-2020-13630.patch         | 32 +++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13630.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13630.patch b/meta/recipes-support/sqlite/files/CVE-2020-13630.patch
new file mode 100644
index 0000000000..31916a1939
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13630.patch
@@ -0,0 +1,32 @@
+From becd68ba0dac41904aa817d96a67fb4685734b41 Mon Sep 17 00:00:00 2001
+From: dan <dan@noemail.net>
+Date: Sat, 16 May 2020 17:26:58 +0000
+Subject: [PATCH] Fix a use-after-free bug in the fts3 snippet() function.
+
+FossilOrigin-Name: 0d69f76f0865f9626078bee087a22fb826407279e78cf9d5382e1c985c9f64a9
+
+Upstream-Status: Backport
+CVE: CVE-2020-13630
+
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41
+
+Patch converted to amalgamation format
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ sqlite3.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 02892f8..e72fabb 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -170257,6 +170257,7 @@ static void fts3EvalNextRow(
+                 fts3EvalNextRow(pCsr, pLeft, pRc);
+               }
+             }
++            pRight->bEof = pLeft->bEof = 1;
+           }
+         }
+         break;
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 4ef1da703b..ace9423e8d 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -10,6 +10,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2020-15358.patch \
            file://CVE-2020-13434.patch \
            file://CVE-2020-13435.patch \
+           file://CVE-2020-13630.patch \
            "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1

[OE-core][dunfell 19/20] sqlite3: fix CVE-2020-13631

[Steve Sakoman]

CVE: CVE-2020-13631

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13631

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sqlite/files/CVE-2020-13631.patch         | 99 +++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13631.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13631.patch b/meta/recipes-support/sqlite/files/CVE-2020-13631.patch
new file mode 100644
index 0000000000..0277c0cf22
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13631.patch
@@ -0,0 +1,99 @@
+From 3d863b5e4efb2305d64f87a2128289d1c3ce09b6 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Thu, 14 May 2020 21:16:52 +0000
+Subject: [PATCH] Do not allow a virtual table to be renamed into the name of
+ one of its shadows.
+
+FossilOrigin-Name: eca0ba2cf4c0fdf757bae19c6397a48245adb99e8017ddc28f01804072a30b2c
+
+Upstream-Status: Backport
+CVE: CVE-2020-13631
+
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/3d863b5e4efb2305d64f87a2128289d1c3ce09b6
+
+Patch converted to amalgamation format
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ sqlite3.c | 39 ++++++++++++++++++++++++++++++---------
+ 1 file changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index e72fabb..282e106 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -19948,8 +19948,10 @@ SQLITE_PRIVATE    Module *sqlite3VtabCreateModule(
+ SQLITE_PRIVATE int sqlite3ReadOnlyShadowTables(sqlite3 *db);
+ #ifndef SQLITE_OMIT_VIRTUALTABLE
+ SQLITE_PRIVATE   int sqlite3ShadowTableName(sqlite3 *db, const char *zName);
++SQLITE_PRIVATE   int sqlite3IsShadowTableOf(sqlite3*,Table*,const char*);
+ #else
+ # define sqlite3ShadowTableName(A,B) 0
++# define sqlite3IsShadowTableOf(A,B,C) 0
+ #endif
+ SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse*,Module*);
+ SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
+@@ -104793,7 +104795,10 @@ SQLITE_PRIVATE void sqlite3AlterRenameTable(
+   /* Check that a table or index named 'zName' does not already exist
+   ** in database iDb. If so, this is an error.
+   */
+-  if( sqlite3FindTable(db, zName, zDb) || sqlite3FindIndex(db, zName, zDb) ){
++  if( sqlite3FindTable(db, zName, zDb)
++   || sqlite3FindIndex(db, zName, zDb)
++   || sqlite3IsShadowTableOf(db, pTab, zName)
++  ){
+     sqlite3ErrorMsg(pParse, 
+         "there is already another table or index with this name: %s", zName);
+     goto exit_rename_table;
+@@ -111303,6 +111308,28 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
+   recomputeColumnsNotIndexed(pPk);
+ }
+ 
++
++#ifndef SQLITE_OMIT_VIRTUALTABLE
++/*
++** Return true if pTab is a virtual table and zName is a shadow table name
++** for that virtual table.
++*/
++SQLITE_PRIVATE int sqlite3IsShadowTableOf(sqlite3 *db, Table *pTab, const char *zName){
++  int nName;                    /* Length of zName */
++  Module *pMod;                 /* Module for the virtual table */
++
++  if( !IsVirtual(pTab) ) return 0;
++  nName = sqlite3Strlen30(pTab->zName);
++  if( sqlite3_strnicmp(zName, pTab->zName, nName)!=0 ) return 0;
++  if( zName[nName]!='_' ) return 0;
++  pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
++  if( pMod==0 ) return 0;
++  if( pMod->pModule->iVersion<3 ) return 0;
++  if( pMod->pModule->xShadowName==0 ) return 0;
++  return pMod->pModule->xShadowName(zName+nName+1);
++}
++#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
++
+ #ifndef SQLITE_OMIT_VIRTUALTABLE
+ /*
+ ** Return true if zName is a shadow table name in the current database
+@@ -111314,8 +111341,6 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
+ SQLITE_PRIVATE int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
+   char *zTail;                  /* Pointer to the last "_" in zName */
+   Table *pTab;                  /* Table that zName is a shadow of */
+-  Module *pMod;                 /* Module for the virtual table */
+-
+   zTail = strrchr(zName, '_');
+   if( zTail==0 ) return 0;
+   *zTail = 0;
+@@ -111323,11 +111348,7 @@ SQLITE_PRIVATE int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
+   *zTail = '_';
+   if( pTab==0 ) return 0;
+   if( !IsVirtual(pTab) ) return 0;
+-  pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
+-  if( pMod==0 ) return 0;
+-  if( pMod->pModule->iVersion<3 ) return 0;
+-  if( pMod->pModule->xShadowName==0 ) return 0;
+-  return pMod->pModule->xShadowName(zTail+1);
++  return sqlite3IsShadowTableOf(db, pTab, zName);
+ }
+ #endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
+ 
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index ace9423e8d..5d45d1f1ab 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2020-13434.patch \
            file://CVE-2020-13435.patch \
            file://CVE-2020-13630.patch \
+           file://CVE-2020-13631.patch \
            "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1

[OE-core][dunfell 20/20] sqlite3: fix CVE-2020-13632

[Steve Sakoman]

CVE: CVE-2020-13632

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sqlite/files/CVE-2020-13632.patch         | 34 +++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13632.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13632.patch b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
new file mode 100644
index 0000000000..c28bf10e37
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
@@ -0,0 +1,34 @@
+From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Thu, 14 May 2020 23:59:24 +0000
+Subject: [PATCH] Fix a null pointer deference that can occur on a strange
+ matchinfo() query.
+
+FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
+
+Upstream-Status: Backport
+CVE: CVE-2020-13632
+
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
+
+Patch converted to amalgamation format
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ sqlite3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 282e106..5ae8c8b 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -181820,7 +181820,7 @@ static int fts3ExprLHits(
+     iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
+   }
+ 
+-  while( 1 ){
++  if( pIter ) while( 1 ){
+     int nHit = fts3ColumnlistCount(&pIter);
+     if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
+       if( p->flag==FTS3_MATCHINFO_LHITS ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 5d45d1f1ab..c289affd60 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2020-13435.patch \
            file://CVE-2020-13630.patch \
            file://CVE-2020-13631.patch \
+           file://CVE-2020-13632.patch \
            "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1