summaryrefslogtreecommitdiffstats
path: root/external/poky/meta/recipes-support
diff options
context:
space:
mode:
authortakeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>2020-10-22 14:58:56 +0900
committertakeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>2020-10-22 14:58:56 +0900
commit4204309872da5cb401cbb2729d9e2d4869a87f42 (patch)
treec7415e8600205e40ff7e91e8e5f4c411f30329f2 /external/poky/meta/recipes-support
parent5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (diff)
agl-basesystem 0.1sandbox/ToshikazuOhiwa/master
Diffstat (limited to 'external/poky/meta/recipes-support')
-rw-r--r--external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb2
-rw-r--r--external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch50
-rw-r--r--external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch47
-rw-r--r--external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch55
-rw-r--r--external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch68
-rw-r--r--external/poky/meta/recipes-support/curl/curl_7.61.0.bb4
-rw-r--r--external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch31
-rw-r--r--external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch6
-rw-r--r--external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch2
-rw-r--r--external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb3
-rw-r--r--external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch39
-rw-r--r--external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch871
-rw-r--r--external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch36
-rw-r--r--external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch35
-rw-r--r--external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb4
-rw-r--r--external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch176
-rw-r--r--external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch330
-rw-r--r--external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb2
-rw-r--r--external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch161
-rw-r--r--external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb1
-rw-r--r--external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch33
-rw-r--r--external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch76
-rw-r--r--external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch128
-rw-r--r--external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb5
-rw-r--r--external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch126
-rw-r--r--external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb1
26 files changed, 2285 insertions, 7 deletions
diff --git a/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb b/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb
index 7975f58b..0bdb1e37 100644
--- a/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb
+++ b/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb
@@ -18,7 +18,7 @@ inherit meson gtk-doc gettext systemd pkgconfig distro_features_check upstream-v
REQUIRED_DISTRO_FEATURES = "x11"
EXTRA_OEMESON = " -Dsystemd_user_dir=${systemd_user_unitdir} \
- -Ddbus_daemon=${bindir}"
+ -Ddbus_daemon=${bindir}/dbus-daemon"
GTKDOC_ENABLE_FLAG = "-Denable_docs=true"
GTKDOC_DISABLE_FLAG = "-Denable_docs=false"
diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch
new file mode 100644
index 00000000..3776f362
--- /dev/null
+++ b/external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch
@@ -0,0 +1,50 @@
+From 53d3c2f92b4a7561b1006494badf8cf2ef9110c0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 2 Jan 2019 20:33:08 +0100
+Subject: [PATCH 1/3] NTLM: fix size check condition for type2 received data
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
+Reported-by: Wenxiang Qian
+CVE-2018-16890
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit
+/b780b30d1377adb10bbe774835f49e9b237fb9bb]
+
+CVE: CVE-2018-16890
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ lib/vauth/ntlm.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
+index cdb8d8f0d..0212756ab 100644
+--- a/lib/vauth/ntlm.c
++++ b/lib/vauth/ntlm.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
+ target_info_len = Curl_read16_le(&buffer[40]);
+ target_info_offset = Curl_read32_le(&buffer[44]);
+ if(target_info_len > 0) {
+- if(((target_info_offset + target_info_len) > size) ||
++ if((target_info_offset >= size) ||
++ ((target_info_offset + target_info_len) > size) ||
+ (target_info_offset < 48)) {
+ infof(data, "NTLM handshake failure (bad type-2 message). "
+- "Target Info Offset Len is set incorrect by the peer\n");
++ "Target Info Offset Len is set incorrect by the peer\n");
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+--
+2.22.0
+
diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch
new file mode 100644
index 00000000..4f612ddd
--- /dev/null
+++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch
@@ -0,0 +1,47 @@
+From 761b51f66c7b1cd2cd6c71b807bfdb6a27c49b30 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 3 Jan 2019 12:59:28 +0100
+Subject: [PATCH 2/3] ntlm: fix *_type3_message size check to avoid buffer
+ overflow
+
+Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
+Reported-by: Wenxiang Qian
+CVE-2019-3822
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit
+/50c9484278c63b958655a717844f0721263939cc]
+
+CVE: CVE-2019-3822
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ lib/vauth/ntlm.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
+index 0212756ab..3be0403d9 100644
+--- a/lib/vauth/ntlm.c
++++ b/lib/vauth/ntlm.c
+@@ -777,11 +777,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
+ });
+
+ #ifdef USE_NTRESPONSES
+- if(size < (NTLM_BUFSIZE - ntresplen)) {
+- DEBUGASSERT(size == (size_t)ntrespoff);
+- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+- size += ntresplen;
++ /* ntresplen + size should not be risking an integer overflow here */
++ if(ntresplen + size > sizeof(ntlmbuf)) {
++ failf(data, "incoming NTLM message too big");
++ return CURLE_OUT_OF_MEMORY;
+ }
++ DEBUGASSERT(size == (size_t)ntrespoff);
++ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
++ size += ntresplen;
+
+ DEBUG_OUT({
+ fprintf(stderr, "\n ntresp=");
+--
+2.22.0
+
diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch
new file mode 100644
index 00000000..194e6e64
--- /dev/null
+++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch
@@ -0,0 +1,55 @@
+From 40f6c913f63cdbfa81daa7ac7f1c7415bb99edeb Mon Sep 17 00:00:00 2001
+From: Daniel Gustafsson <daniel@yesql.se>
+Date: Sat, 19 Jan 2019 00:42:47 +0100
+Subject: [PATCH 3/3] smtp: avoid risk of buffer overflow in strtol
+
+If the incoming len 5, but the buffer does not have a termination
+after 5 bytes, the strtol() call may keep reading through the line
+buffer until is exceeds its boundary. Fix by ensuring that we are
+using a bounded read with a temporary buffer on the stack.
+
+Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
+Reported-by: Brian Carpenter (Geeknik Labs)
+CVE-2019-3823
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit
+/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484]
+
+CVE: CVE-2019-3823
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ lib/smtp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/smtp.c b/lib/smtp.c
+index ecf10a41a..1b9f92d30 100644
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
+ Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
+ only send the response code instead as per Section 4.2. */
+ if(line[3] == ' ' || len == 5) {
++ char tmpline[6];
++
+ result = TRUE;
+- *resp = curlx_sltosi(strtol(line, NULL, 10));
++ memset(tmpline, '\0', sizeof(tmpline));
++ memcpy(tmpline, line, (len == 5 ? 5 : 3));
++ *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
+
+ /* Make sure real server never sends internal value */
+ if(*resp == 1)
+--
+2.22.0
+
diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch
new file mode 100644
index 00000000..91b18669
--- /dev/null
+++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch
@@ -0,0 +1,68 @@
+From 38319e0717844c32464a6c7630de9be226f1c6f4 Mon Sep 17 00:00:00 2001
+From: Thomas Vegas <>
+Date: Sat, 31 Aug 2019 17:30:51 +0200
+Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is
+ received
+Reply-To: muislam@microsoft.com
+
+Fixes potential buffer overflow from 'recvfrom()', should the server
+return an OACK without blksize.
+
+Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
+
+CVE: CVE-2019-5482
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+---
+ lib/tftp.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 064eef318..2c148e3e1 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -969,6 +969,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ {
+ tftp_state_data_t *state;
+ int blksize;
++ int need_blksize;
+
+ blksize = TFTP_BLKSIZE_DEFAULT;
+
+@@ -983,15 +984,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ return CURLE_TFTP_ILLEGAL;
+ }
+
++ need_blksize = blksize;
++ /* default size is the fallback when no OACK is received */
++ if(need_blksize < TFTP_BLKSIZE_DEFAULT)
++ need_blksize = TFTP_BLKSIZE_DEFAULT;
++
+ if(!state->rpacket.data) {
+- state->rpacket.data = calloc(1, blksize + 2 + 2);
++ state->rpacket.data = calloc(1, need_blksize + 2 + 2);
+
+ if(!state->rpacket.data)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!state->spacket.data) {
+- state->spacket.data = calloc(1, blksize + 2 + 2);
++ state->spacket.data = calloc(1, need_blksize + 2 + 2);
+
+ if(!state->spacket.data)
+ return CURLE_OUT_OF_MEMORY;
+@@ -1005,7 +1011,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ state->sockfd = state->conn->sock[FIRSTSOCKET];
+ state->state = TFTP_STATE_START;
+ state->error = TFTP_ERR_NONE;
+- state->blksize = blksize;
++ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
+ state->requested_blksize = blksize;
+
+ ((struct sockaddr *)&state->local_addr)->sa_family =
+--
+2.23.0
+
diff --git a/external/poky/meta/recipes-support/curl/curl_7.61.0.bb b/external/poky/meta/recipes-support/curl/curl_7.61.0.bb
index 1027f75e..cd880f9e 100644
--- a/external/poky/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/external/poky/meta/recipes-support/curl/curl_7.61.0.bb
@@ -13,6 +13,10 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2018-16842.patch \
file://CVE-2019-5435.patch \
file://CVE-2019-5436.patch \
+ file://CVE-2018-16890.patch \
+ file://CVE-2019-3822.patch \
+ file://CVE-2019-3823.patch \
+ file://CVE-2019-5482.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
diff --git a/external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
new file mode 100644
index 00000000..4a280f9d
--- /dev/null
+++ b/external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
@@ -0,0 +1,31 @@
+From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 20 Dec 2018 17:37:48 -0800
+Subject: [PATCH] Woverride-init is not needed with gcc 9
+
+Fixes
+| ../../gnupg-2.2.12/dirmngr/dns.h:525:16: error: lvalue required as
+unary '&' operand |
+525 | dns_rr_i_init(&dns_quietinit((struct dns_rr_i){ 0, __VA_ARGS__
+}), (P))
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ dirmngr/dns.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dirmngr/dns.h b/dirmngr/dns.h
+index 30d0b45..98fe412 100644
+--- a/dirmngr/dns.h
++++ b/dirmngr/dns.h
+@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void);
+
+ #define dns_quietinit(...) \
+ DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP
+-#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4
++#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9)
+ #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push")
+ #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"")
+ #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop")
diff --git a/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index 3f1c3aba..c43ecdf8 100644
--- a/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 8eb4d25c25a1c1323797d94e0727a3e42b7f3287 Mon Sep 17 00:00:00 2001
+From c69c3a49f3295179c247db5ceb3ef8952928a724 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 4d66af9..b9ef235 100644
+index 919ab31..cd58fdb 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1848,7 +1848,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1855,7 +1855,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
index c494ef80..1a5ea4aa 100644
--- a/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From f9fc214b0bf2f67b515ca8a5333f39c497d1b518 Mon Sep 17 00:00:00 2001
+From 6d31b04d7a75f1d73c3518bf043b5b0a2dc40cb1 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb b/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb
index 1f381c2d..a02c66a0 100644
--- a/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb
+++ b/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb
@@ -14,7 +14,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0003-dirmngr-uses-libgpg-error.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
- "
+ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
+ "
SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch
new file mode 100644
index 00000000..823869e8
--- /dev/null
+++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch
@@ -0,0 +1,39 @@
+From 367688c05988bc7257d7e1801c5acf17ef7e854d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 12 Feb 2019 15:09:11 +0100
+Subject: [PATCH 1/3] Automatically NULLify after gnutls_free()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This method prevents direct use-after-free and
+double-free issues.
+
+Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
+
+CVE: CVE-2019-3829
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/includes/gnutls/gnutls.h.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
+index 49990b5f5..fa77fd0df 100644
+--- a/lib/includes/gnutls/gnutls.h.in
++++ b/lib/includes/gnutls/gnutls.h.in
+@@ -2132,6 +2132,10 @@ extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
+ extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
+ extern _SYM_EXPORT gnutls_free_function gnutls_free;
+
++#ifdef GNUTLS_INTERNAL_BUILD
++#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL
++#endif
++
+ extern _SYM_EXPORT char *(*gnutls_strdup) (const char *);
+
+ /* a variant of memset that doesn't get optimized out */
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch
new file mode 100644
index 00000000..b3cd0477
--- /dev/null
+++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch
@@ -0,0 +1,871 @@
+From a57509ef7c4983721193ac325ad5fb1783ea0f57 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 12 Feb 2019 15:14:07 +0100
+Subject: [PATCH 2/3] Remove redundant resets of variables after free()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
+
+CVE: CVE-2019-3829
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/auth.c | 3 ---
+ lib/auth/rsa.c | 2 ++
+ lib/auth/rsa_psk.c | 1 -
+ lib/auth/srp_sb64.c | 2 --
+ lib/cert-cred-x509.c | 3 ---
+ lib/cert-cred.c | 3 ---
+ lib/hello_ext.c | 5 ++---
+ lib/mpi.c | 1 -
+ lib/nettle/mpi.c | 2 --
+ lib/nettle/pk.c | 3 ---
+ lib/ocsp-api.c | 1 -
+ lib/pk.c | 2 --
+ lib/pkcs11.c | 1 -
+ lib/pkcs11_privkey.c | 6 +-----
+ lib/pkcs11_write.c | 1 -
+ lib/session_pack.c | 2 --
+ lib/srp.c | 1 -
+ lib/str.c | 2 +-
+ lib/tls13/certificate_request.c | 2 --
+ lib/tpm.c | 2 --
+ lib/x509/ocsp.c | 15 +++------------
+ lib/x509/pkcs12_bag.c | 1 -
+ lib/x509/pkcs7-crypt.c | 1 -
+ lib/x509/pkcs7.c | 6 ------
+ lib/x509/privkey_pkcs8.c | 1 -
+ lib/x509/verify-high2.c | 1 -
+ lib/x509/virt-san.c | 1 -
+ lib/x509/x509.c | 4 ----
+ lib/x509/x509_ext.c | 1 -
+ lib/x509_b64.c | 1 -
+ tests/cert.c | 2 --
+ tests/name-constraints-ip.c | 3 +--
+ tests/pkcs11/pkcs11-import-url-privkey.c | 2 --
+ tests/pkcs11/pkcs11-privkey-always-auth.c | 2 --
+ tests/pkcs11/pkcs11-privkey-fork-reinit.c | 1 -
+ tests/pkcs11/pkcs11-privkey-fork.c | 1 -
+ tests/pkcs11/pkcs11-privkey-safenet-always-auth.c | 2 --
+ tests/pkcs7.c | 2 --
+ tests/resume-dtls.c | 1 -
+ tests/resume.c | 1 -
+ tests/sign-verify-data.c | 1 -
+ tests/sign-verify-ext.c | 2 --
+ tests/sign-verify-ext4.c | 2 --
+ tests/sign-verify.c | 1 -
+ tests/x509-extensions.c | 1 -
+ tests/x509sign-verify-error.c | 1 -
+ 46 files changed, 10 insertions(+), 92 deletions(-)
+
+diff --git a/lib/auth.c b/lib/auth.c
+index 4bdedda38..5f9b8c427 100644
+--- a/lib/auth.c
++++ b/lib/auth.c
+@@ -349,8 +349,6 @@ void _gnutls_free_auth_info(gnutls_session_t session)
+
+ gnutls_free(info->raw_certificate_list);
+ gnutls_free(info->raw_ocsp_list);
+- info->raw_certificate_list = NULL;
+- info->raw_ocsp_list = NULL;
+ info->ncerts = 0;
+ info->nocsp = 0;
+
+@@ -367,7 +365,6 @@ void _gnutls_free_auth_info(gnutls_session_t session)
+ }
+
+ gnutls_free(session->key.auth_info);
+- session->key.auth_info = NULL;
+ session->key.auth_info_size = 0;
+ session->key.auth_info_type = 0;
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 6afc91ae6..df6bd7bc6 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -196,6 +196,8 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data,
+ rndkey.size);
+ if (ret < 0) {
++ gnutls_free(session->key.key.data);
++ session->key.key.size = 0;
+ gnutls_assert();
+ goto cleanup;
+ }
+diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
+index 5a29f9183..590ff0f71 100644
+--- a/lib/auth/rsa_psk.c
++++ b/lib/auth/rsa_psk.c
+@@ -341,7 +341,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ ("auth_rsa_psk: Possible PKCS #1 format attack\n");
+ if (ret >= 0) {
+ gnutls_free(plaintext.data);
+- plaintext.data = NULL;
+ }
+ randomize_key = 1;
+ } else {
+diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c
+index 1177e7671..7bfffdf07 100644
+--- a/lib/auth/srp_sb64.c
++++ b/lib/auth/srp_sb64.c
+@@ -263,7 +263,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result)
+ tmp = decode(tmpres, datrev);
+ if (tmp < 0) {
+ gnutls_free((*result));
+- *result = NULL;
+ return tmp;
+ }
+
+@@ -277,7 +276,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result)
+ tmp = decode(tmpres, (uint8_t *) & data[i]);
+ if (tmp < 0) {
+ gnutls_free((*result));
+- *result = NULL;
+ return tmp;
+ }
+ memcpy(&(*result)[j], tmpres, tmp);
+diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c
+index f342a420b..da9cd647e 100644
+--- a/lib/cert-cred-x509.c
++++ b/lib/cert-cred-x509.c
+@@ -296,7 +296,6 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res,
+ gnutls_pcert_import_x509_list(pcerts, unsorted, &ncerts, GNUTLS_X509_CRT_LIST_SORT);
+ if (ret < 0) {
+ gnutls_free(pcerts);
+- pcerts = NULL;
+ gnutls_assert();
+ goto cleanup;
+ }
+@@ -540,7 +539,6 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const
+ goto cleanup;
+ }
+ gnutls_free(t.data);
+- t.data = NULL;
+ }
+
+ ret = certificate_credential_append_crt_list(res, key, names, ccert, count);
+@@ -991,7 +989,6 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
+ while (i--)
+ gnutls_x509_crt_deinit((*crt_list)[i]);
+ gnutls_free(*crt_list);
+- *crt_list = NULL;
+
+ return gnutls_assert_val(ret);
+ }
+diff --git a/lib/cert-cred.c b/lib/cert-cred.c
+index 2150e903f..190a8b3a2 100644
+--- a/lib/cert-cred.c
++++ b/lib/cert-cred.c
+@@ -63,7 +63,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc)
+
+ for (j = 0; j < sc->certs[i].ocsp_data_length; j++) {
+ gnutls_free(sc->certs[i].ocsp_data[j].response.data);
+- sc->certs[i].ocsp_data[j].response.data = NULL;
+ }
+ _gnutls_str_array_clear(&sc->certs[i].names);
+ gnutls_privkey_deinit(sc->certs[i].pkey);
+@@ -71,8 +70,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc)
+
+ gnutls_free(sc->certs);
+ gnutls_free(sc->sorted_cert_idx);
+- sc->certs = NULL;
+- sc->sorted_cert_idx = NULL;
+
+ sc->ncerts = 0;
+ }
+diff --git a/lib/hello_ext.c b/lib/hello_ext.c
+index c4907aace..fb2b4db67 100644
+--- a/lib/hello_ext.c
++++ b/lib/hello_ext.c
+@@ -464,9 +464,8 @@ void _gnutls_hello_ext_deinit(void)
+ continue;
+
+ if (extfunc[i]->free_struct != 0) {
+- gnutls_free((void*)extfunc[i]->name);
+- gnutls_free((void*)extfunc[i]);
+- extfunc[i] = NULL;
++ gnutls_free(((hello_ext_entry_st *)extfunc[i])->name);
++ gnutls_free(extfunc[i]);
+ }
+ }
+ }
+diff --git a/lib/mpi.c b/lib/mpi.c
+index 2bc970d7c..ed208d511 100644
+--- a/lib/mpi.c
++++ b/lib/mpi.c
+@@ -88,7 +88,6 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p,
+
+ if (buf_release != 0) {
+ gnutls_free(buf);
+- buf = NULL;
+ }
+
+ if (r != NULL) {
+diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
+index 8a93ac278..96bec4aa4 100644
+--- a/lib/nettle/mpi.c
++++ b/lib/nettle/mpi.c
+@@ -122,7 +122,6 @@ static int wrap_nettle_mpi_init_multi(bigint_t *w, ...)
+ fail:
+ mpz_clear(TOMPZ(*w));
+ gnutls_free(*w);
+- *w = NULL;
+
+ va_start(args, w);
+
+@@ -131,7 +130,6 @@ fail:
+ if (next != last_failed) {
+ mpz_clear(TOMPZ(*next));
+ gnutls_free(*next);
+- *next = NULL;
+ }
+ } while(next != last_failed);
+
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index 6dcd2fdd0..f010493c0 100644
+--- a/lib/nettle/pk.c
++++ b/lib/nettle/pk.c
+@@ -371,7 +371,6 @@ dh_cleanup:
+
+ if (_gnutls_mem_is_zero(out->data, out->size)) {
+ gnutls_free(out->data);
+- out->data = NULL;
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto cleanup;
+@@ -2203,8 +2202,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ params->params_nr = 0;
+ gnutls_free(params->raw_priv.data);
+ gnutls_free(params->raw_pub.data);
+- params->raw_priv.data = NULL;
+- params->raw_pub.data = NULL;
+
+ FAIL_IF_LIB_ERROR;
+ return ret;
+diff --git a/lib/ocsp-api.c b/lib/ocsp-api.c
+index d18a1f0c2..a0005e99d 100644
+--- a/lib/ocsp-api.c
++++ b/lib/ocsp-api.c
+@@ -473,7 +473,6 @@ gnutls_certificate_set_ocsp_status_request_mem(gnutls_certificate_credentials_t
+ nresp++;
+
+ gnutls_free(der.data);
+- der.data = NULL;
+
+ p.data++;
+ p.size--;
+diff --git a/lib/pk.c b/lib/pk.c
+index 1f137f71c..a5bb58b73 100644
+--- a/lib/pk.c
++++ b/lib/pk.c
+@@ -537,8 +537,6 @@ void gnutls_pk_params_release(gnutls_pk_params_st * p)
+ }
+ gnutls_free(p->raw_priv.data);
+ gnutls_free(p->raw_pub.data);
+- p->raw_priv.data = NULL;
+- p->raw_pub.data = NULL;
+
+ p->params_nr = 0;
+ }
+diff --git a/lib/pkcs11.c b/lib/pkcs11.c
+index 990912790..fa1b65884 100644
+--- a/lib/pkcs11.c
++++ b/lib/pkcs11.c
+@@ -1233,7 +1233,6 @@ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj)
+ (*obj)->info = p11_kit_uri_new();
+ if ((*obj)->info == NULL) {
+ gnutls_free(*obj);
+- *obj = NULL;
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
+index b721ed125..560a732e3 100644
+--- a/lib/pkcs11_privkey.c
++++ b/lib/pkcs11_privkey.c
+@@ -443,7 +443,6 @@ _gnutls_pkcs11_privkey_sign(gnutls_pkcs11_privkey_t key,
+ }
+
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+ } else {
+ signature->size = siglen;
+ signature->data = tmp.data;
+@@ -521,10 +520,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+
+ memset(&pkey->sinfo, 0, sizeof(pkey->sinfo));
+
+- if (pkey->url) {
++ if (pkey->url)
+ gnutls_free(pkey->url);
+- pkey->url = NULL;
+- }
+
+ if (pkey->uinfo) {
+ p11_kit_uri_free(pkey->uinfo);
+@@ -613,7 +610,6 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+ pkey->uinfo = NULL;
+ }
+ gnutls_free(pkey->url);
+- pkey->url = NULL;
+
+ return ret;
+ }
+diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
+index 35207d554..6e866e2d4 100644
+--- a/lib/pkcs11_write.c
++++ b/lib/pkcs11_write.c
+@@ -268,7 +268,6 @@ static void clean_pubkey(struct ck_attribute *a, unsigned a_val)
+ case CKA_EC_PARAMS:
+ case CKA_EC_POINT:
+ gnutls_free(a[i].value);
+- a[i].value = NULL;
+ break;
+ }
+ }
+diff --git a/lib/session_pack.c b/lib/session_pack.c
+index c5801fb32..5d475ea59 100644
+--- a/lib/session_pack.c
++++ b/lib/session_pack.c
+@@ -562,8 +562,6 @@ unpack_certificate_auth_info(gnutls_session_t session,
+
+ gnutls_free(info->raw_certificate_list);
+ gnutls_free(info->raw_ocsp_list);
+- info->raw_certificate_list = NULL;
+- info->raw_ocsp_list = NULL;
+ }
+
+ return ret;
+diff --git a/lib/srp.c b/lib/srp.c
+index c3eb8e684..670642d64 100644
+--- a/lib/srp.c
++++ b/lib/srp.c
+@@ -608,7 +608,6 @@ gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t res,
+ if (res->password_conf_file == NULL) {
+ gnutls_assert();
+ gnutls_free(res->password_file);
+- res->password_file = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+diff --git a/lib/str.c b/lib/str.c
+index c8d742e91..7408ea6ac 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -81,7 +81,7 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str)
+ return;
+ gnutls_free(str->allocd);
+
+- str->data = str->allocd = NULL;
++ str->data = NULL;
+ str->max_length = 0;
+ str->length = 0;
+ }
+diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
+index a7ec0e2fd..823adc87f 100644
+--- a/lib/tls13/certificate_request.c
++++ b/lib/tls13/certificate_request.c
+@@ -152,7 +152,6 @@ int _gnutls13_recv_certificate_request_int(gnutls_session_t session, gnutls_buff
+ return gnutls_assert_val(ret);
+
+ gnutls_free(session->internals.post_handshake_cr_context.data);
+- session->internals.post_handshake_cr_context.data = NULL;
+ ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context,
+ context.data, context.size);
+ if (ret < 0)
+@@ -279,7 +278,6 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again)
+ }
+
+ gnutls_free(session->internals.post_handshake_cr_context.data);
+- session->internals.post_handshake_cr_context.data = NULL;
+ ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context,
+ rnd, sizeof(rnd));
+ if (ret < 0) {
+diff --git a/lib/tpm.c b/lib/tpm.c
+index ee53c7154..03565acb0 100644
+--- a/lib/tpm.c
++++ b/lib/tpm.c
+@@ -1645,10 +1645,8 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ gnutls_pubkey_deinit(pub);
+ privkey_cleanup:
+ gnutls_free(privkey->data);
+- privkey->data = NULL;
+ cleanup:
+ gnutls_free(tmpkey.data);
+- tmpkey.data = NULL;
+ err_sa:
+ pTspi_Context_CloseObject(s.tpm_ctx, key_ctx);
+ err_cc:
+diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
+index db54b3ea2..55cae94c3 100644
+--- a/lib/x509/ocsp.c
++++ b/lib/x509/ocsp.c
+@@ -162,7 +162,6 @@ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp)
+ asn1_delete_structure(&resp->basicresp);
+
+ resp->resp = NULL;
+- resp->response_type_oid.data = NULL;
+ resp->basicresp = NULL;
+
+ gnutls_free(resp->der.data);
+@@ -299,7 +298,6 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp,
+ }
+
+ gnutls_free(resp->der.data);
+- resp->der.data = NULL;
+ }
+
+ resp->init = 1;
+@@ -1668,18 +1666,12 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+
+ return GNUTLS_E_SUCCESS;
+ fail:
+- if (issuer_name_hash) {
++ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+- issuer_name_hash->data = NULL;
+- }
+- if (issuer_key_hash) {
++ if (issuer_key_hash)
+ gnutls_free(issuer_key_hash->data);
+- issuer_key_hash->data = NULL;
+- }
+- if (serial_number) {
++ if (serial_number)
+ gnutls_free(serial_number->data);
+- serial_number->data = NULL;
+- }
+ return ret;
+ }
+
+@@ -1955,7 +1947,6 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+ }
+
+ gnutls_free(c.data);
+- c.data = NULL;
+ }
+
+ tmpcerts[ctr] = NULL;
+diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
+index 26d2142ea..35d12ac4b 100644
+--- a/lib/x509/pkcs12_bag.c
++++ b/lib/x509/pkcs12_bag.c
+@@ -62,7 +62,6 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag)
+ _gnutls_free_datum(&bag->element[i].data);
+ _gnutls_free_datum(&bag->element[i].local_key_id);
+ gnutls_free(bag->element[i].friendly_name);
+- bag->element[i].friendly_name = NULL;
+ bag->element[i].type = 0;
+ }
+
+diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
+index c2b00e61c..39eb7784b 100644
+--- a/lib/x509/pkcs7-crypt.c
++++ b/lib/x509/pkcs7-crypt.c
+@@ -1269,7 +1269,6 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
+ _gnutls_cipher_init(&ch, ce, &dkey, &d_iv, 0);
+
+ gnutls_free(key);
+- key = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
+index 955cb5ae9..8ae7b3e78 100644
+--- a/lib/x509/pkcs7.c
++++ b/lib/x509/pkcs7.c
+@@ -692,7 +692,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+
+ ret = gnutls_pkcs7_add_attr(&info->signed_attrs, oid, &tmp, 0);
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+@@ -730,7 +729,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+ ret =
+ gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+@@ -842,9 +840,7 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
+ }
+
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+ gnutls_free(tmp2.data);
+- tmp2.data = NULL;
+ }
+
+ if (msg_digest_ok)
+@@ -1087,7 +1083,6 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_deinit(issuer);
+ issuer = NULL;
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+ continue;
+ }
+
+@@ -1204,7 +1199,6 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_deinit(crt);
+ crt = NULL;
+ gnutls_free(tmpdata.data);
+- tmpdata.data = NULL;
+ continue;
+ }
+ } else {
+diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
+index 92dea06b0..56000ff12 100644
+--- a/lib/x509/privkey_pkcs8.c
++++ b/lib/x509/privkey_pkcs8.c
+@@ -600,7 +600,6 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format,
+ cleanup:
+ if (ret != GNUTLS_E_UNKNOWN_CIPHER_TYPE && oid) {
+ gnutls_free(*oid);
+- *oid = NULL;
+ }
+ if (need_free)
+ _gnutls_free_datum(&_data);
+diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
+index 8ba2f2a3e..b9aed5cf4 100644
+--- a/lib/x509/verify-high2.c
++++ b/lib/x509/verify-high2.c
+@@ -178,7 +178,6 @@ int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file)
+ {
+ if (strcmp(ca_file, list->pkcs11_token) == 0) {
+ gnutls_free(list->pkcs11_token);
+- list->pkcs11_token = NULL;
+ }
+ return 0;
+ }
+diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c
+index f3b87135b..a81337e25 100644
+--- a/lib/x509/virt-san.c
++++ b/lib/x509/virt-san.c
+@@ -70,7 +70,6 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ gnutls_free(san->data);
+- san->data = NULL;
+
+ if (othername_oid) {
+ name->othername_oid.data = (uint8_t *) othername_oid;
+diff --git a/lib/x509/x509.c b/lib/x509/x509.c
+index 4aff55eba..c149881f6 100644
+--- a/lib/x509/x509.c
++++ b/lib/x509/x509.c
+@@ -383,7 +383,6 @@ static int cache_alt_names(gnutls_x509_crt_t cert)
+ if (ret >= 0) {
+ ret = gnutls_x509_ext_import_subject_alt_names(&tmpder, cert->san, 0);
+ gnutls_free(tmpder.data);
+- tmpder.data = NULL;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+@@ -3680,7 +3679,6 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
+
+ if (ret < 0) {
+ gnutls_free(*certs);
+- *certs = NULL;
+ return ret;
+ }
+
+@@ -4310,7 +4308,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs,
+
+ if (gnutls_x509_crt_equals2(crts[i-1], &issuer)) {
+ gnutls_free(issuer.data);
+- issuer.data = NULL;
+ break;
+ }
+
+@@ -4331,7 +4328,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs,
+ }
+
+ gnutls_free(issuer.data);
+- issuer.data = NULL;
+ }
+
+ *certs = gnutls_malloc(total*sizeof(gnutls_x509_crt_t));
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index 58c3263d1..477cf03c4 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -1994,7 +1994,6 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext,
+ ret =
+ decode_user_notice(td.data, td.size, &txt);
+ gnutls_free(td.data);
+- td.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/x509_b64.c b/lib/x509_b64.c
+index 9a1037405..3117843be 100644
+--- a/lib/x509_b64.c
++++ b/lib/x509_b64.c
+@@ -302,7 +302,6 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size,
+
+ fail:
+ gnutls_free(result->data);
+- result->data = NULL;
+
+ cleanup:
+ gnutls_free(pdata.data);
+diff --git a/tests/cert.c b/tests/cert.c
+index da0ab23df..ec566a4a4 100644
+--- a/tests/cert.c
++++ b/tests/cert.c
+@@ -89,7 +89,6 @@ static int getnextcert(DIR **dirp, gnutls_datum_t *der, int *exp_ret)
+ *exp_ret = atoi((char*)local.data);
+ success("expecting error code %d\n", *exp_ret);
+ gnutls_free(local.data);
+- local.data = NULL;
+ }
+
+ return 0;
+@@ -135,7 +134,6 @@ void doit(void)
+
+ gnutls_x509_crt_deinit(cert);
+ gnutls_free(der.data);
+- der.data = NULL;
+ der.size = 0;
+ exp_ret = -1;
+ }
+diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c
+index 3dd4ff2cb..ed96109c7 100644
+--- a/tests/name-constraints-ip.c
++++ b/tests/name-constraints-ip.c
+@@ -78,7 +78,6 @@ static void check_test_result(int ret, int expected_outcome,
+ static void parse_cidr(const char* cidr, gnutls_datum_t *datum) {
+ if (datum->data != NULL) {
+ gnutls_free(datum->data);
+- datum->data = NULL;
+ }
+ int ret = gnutls_x509_cidr_to_rfc5280(cidr, datum);
+ check_for_error(ret);
+@@ -699,7 +698,7 @@ static int teardown(void **state) {
+ gnutls_free(test_vars->ip.data);
+ gnutls_x509_name_constraints_deinit(test_vars->nc);
+ gnutls_x509_name_constraints_deinit(test_vars->nc2);
+- gnutls_free(test_vars);
++ gnutls_free(*state);
+ return 0;
+ }
+
+diff --git a/tests/pkcs11/pkcs11-import-url-privkey.c b/tests/pkcs11/pkcs11-import-url-privkey.c
+index cb44fb1e5..c7e06eb1a 100644
+--- a/tests/pkcs11/pkcs11-import-url-privkey.c
++++ b/tests/pkcs11/pkcs11-import-url-privkey.c
+@@ -85,7 +85,6 @@ void doit(void)
+ for (i=0;i<obj_list_size;i++)
+ gnutls_pkcs11_obj_deinit(obj_list[i]);
+ gnutls_free(obj_list);
+- obj_list = NULL;
+ obj_list_size = 0;
+
+ #ifndef _WIN32
+@@ -116,7 +115,6 @@ void doit(void)
+ for (i=0;i<obj_list_size;i++)
+ gnutls_pkcs11_obj_deinit(obj_list[i]);
+ gnutls_free(obj_list);
+- obj_list = NULL;
+ obj_list_size = 0;
+ }
+ #endif
+diff --git a/tests/pkcs11/pkcs11-privkey-always-auth.c b/tests/pkcs11/pkcs11-privkey-always-auth.c
+index 3561c412f..441f63722 100644
+--- a/tests/pkcs11/pkcs11-privkey-always-auth.c
++++ b/tests/pkcs11/pkcs11-privkey-always-auth.c
+@@ -175,7 +175,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ /* call again - should re-authenticate */
+ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
+@@ -190,7 +189,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ if (debug)
+ printf("done\n\n\n");
+diff --git a/tests/pkcs11/pkcs11-privkey-fork-reinit.c b/tests/pkcs11/pkcs11-privkey-fork-reinit.c
+index 1535d644f..a72584225 100644
+--- a/tests/pkcs11/pkcs11-privkey-fork-reinit.c
++++ b/tests/pkcs11/pkcs11-privkey-fork-reinit.c
+@@ -123,7 +123,6 @@ void doit(void)
+ }
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ pid = fork();
+ if (pid != 0) {
+diff --git a/tests/pkcs11/pkcs11-privkey-fork.c b/tests/pkcs11/pkcs11-privkey-fork.c
+index 9d301d7d6..b99755c73 100644
+--- a/tests/pkcs11/pkcs11-privkey-fork.c
++++ b/tests/pkcs11/pkcs11-privkey-fork.c
+@@ -123,7 +123,6 @@ void doit(void)
+ }
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ pid = fork();
+ if (pid != 0) {
+diff --git a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c
+index 1b5b34054..a4ab5b5aa 100644
+--- a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c
++++ b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c
+@@ -157,7 +157,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ /* call again - should re-authenticate */
+ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
+@@ -172,7 +171,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ if (debug)
+ printf("done\n\n\n");
+diff --git a/tests/pkcs7.c b/tests/pkcs7.c
+index a490976fc..2d5a5548d 100644
+--- a/tests/pkcs7.c
++++ b/tests/pkcs7.c
+@@ -90,7 +90,6 @@ static int getnextfile(DIR **dirp, gnutls_datum_t *der, int *exp_ret)
+ *exp_ret = atoi((char*)local.data);
+ success("expecting error code %d\n", *exp_ret);
+ gnutls_free(local.data);
+- local.data = NULL;
+ }
+
+ return 0;
+@@ -134,7 +133,6 @@ void doit(void)
+
+ gnutls_pkcs7_deinit(cert);
+ gnutls_free(der.data);
+- der.data = NULL;
+ der.size = 0;
+ exp_ret = -1;
+ }
+diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c
+index 9e6327c7f..b5b214313 100644
+--- a/tests/resume-dtls.c
++++ b/tests/resume-dtls.c
+@@ -363,7 +363,6 @@ static void server(int sds[], struct params_res *params)
+ }
+
+ gnutls_free(session_ticket_key.data);
+- session_ticket_key.data = NULL;
+ gnutls_anon_free_server_credentials(anoncred);
+
+ if (debug)
+diff --git a/tests/resume.c b/tests/resume.c
+index 84314b836..3dc225136 100644
+--- a/tests/resume.c
++++ b/tests/resume.c
+@@ -873,7 +873,6 @@ static void server(int sds[], struct params_res *params)
+ }
+
+ gnutls_free(session_ticket_key.data);
+- session_ticket_key.data = NULL;
+
+ if (debug)
+ success("server: finished\n");
+diff --git a/tests/sign-verify-data.c b/tests/sign-verify-data.c
+index 3aa261175..558ad2253 100644
+--- a/tests/sign-verify-data.c
++++ b/tests/sign-verify-data.c
+@@ -153,7 +153,6 @@ void doit(void)
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+- signature.data = NULL;
+
+ gnutls_free(signature.data);
+ gnutls_x509_crt_deinit(crt);
+diff --git a/tests/sign-verify-ext.c b/tests/sign-verify-ext.c
+index eecb1f357..cc80bf907 100644
+--- a/tests/sign-verify-ext.c
++++ b/tests/sign-verify-ext.c
+@@ -186,9 +186,7 @@ void doit(void)
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+- signature.data = NULL;
+ gnutls_free(signature2.data);
+- signature2.data = NULL;
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+ GNUTLS_PK_RSA) {
+diff --git a/tests/sign-verify-ext4.c b/tests/sign-verify-ext4.c
+index 81aa345bf..be582ec14 100644
+--- a/tests/sign-verify-ext4.c
++++ b/tests/sign-verify-ext4.c
+@@ -227,7 +227,6 @@ void doit(void)
+ testfail("gnutls_pubkey_verify_data2\n");
+
+ gnutls_free(signature.data);
+- signature.data = NULL;
+
+
+ if (!tests[i].data_only) {
+@@ -243,7 +242,6 @@ void doit(void)
+ testfail("gnutls_pubkey_verify_hash2-1 (hashed data)\n");
+
+ gnutls_free(signature2.data);
+- signature2.data = NULL;
+ }
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+diff --git a/tests/sign-verify.c b/tests/sign-verify.c
+index 1fbed5ece..5a14741fc 100644
+--- a/tests/sign-verify.c
++++ b/tests/sign-verify.c
+@@ -206,7 +206,6 @@ void doit(void)
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+- signature.data = NULL;
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+ GNUTLS_PK_RSA) {
+diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c
+index d480f8364..a062c1ba8 100644
+--- a/tests/x509-extensions.c
++++ b/tests/x509-extensions.c
+@@ -767,7 +767,6 @@ void doit(void)
+ }
+ }
+ gnutls_free(ext.data);
+- ext.data = NULL;
+ }
+
+ if (debug)
+diff --git a/tests/x509sign-verify-error.c b/tests/x509sign-verify-error.c
+index 54bdc40ab..97c966685 100644
+--- a/tests/x509sign-verify-error.c
++++ b/tests/x509sign-verify-error.c
+@@ -181,7 +181,6 @@ void doit(void)
+ fail("gnutls_privkey_sign_hash\n");
+
+ gnutls_free(signature2.data);
+- signature2.data = NULL;
+
+ _gnutls_lib_simulate_error();
+ ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0,
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch
new file mode 100644
index 00000000..d27ea4a9
--- /dev/null
+++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch
@@ -0,0 +1,36 @@
+From bf616850cf20af2bec3d68b82e6ac610ee8fc404 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 12 Feb 2019 15:20:23 +0100
+Subject: [PATCH 3/3] gnutls_x509_crt_init: Fix dereference of NULL pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
+
+CVE: CVE-2019-3829
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/x509/x509.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/x509/x509.c b/lib/x509/x509.c
+index c149881f6..cc232ea50 100644
+--- a/lib/x509/x509.c
++++ b/lib/x509/x509.c
+@@ -224,8 +224,8 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert)
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&tmp->cert);
+- gnutls_free(tmp);
+ gnutls_subject_alt_names_deinit(tmp->san);
++ gnutls_free(tmp);
+ return result;
+ }
+
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch
new file mode 100644
index 00000000..4aeb6893
--- /dev/null
+++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch
@@ -0,0 +1,35 @@
+From c68195f0ff65144d7e0c32f4de5f264c4012983a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Mon, 25 Mar 2019 16:06:39 +0100
+Subject: [PATCH] handshake: add missing initialization of local variable
+
+Resolves: #704
+
+Signed-off-by: Daiki Ueno <dueno@redhat.com>
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+CVE: CVE-2019-3836
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/handshake-tls13.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
+index 06c7c01d2..82689b5d8 100644
+--- a/lib/handshake-tls13.c
++++ b/lib/handshake-tls13.c
+@@ -534,6 +534,8 @@ _gnutls13_recv_async_handshake(gnutls_session_t session)
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ do {
++ _gnutls_handshake_buffer_init(&hsk);
++
+ /* the received handshake message has already been pushed into
+ * handshake buffers. As we do not need to use the handshake hash
+ * buffers we call the lower level receive functions */
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb b/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb
index 6d2a11df..30873f00 100644
--- a/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb
+++ b/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb
@@ -19,6 +19,10 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
+ file://CVE-2019-3829_p1.patch \
+ file://CVE-2019-3829_p2.patch \
+ file://CVE-2019-3829_p3.patch \
+ file://CVE-2019-3836.patch \
"
SRC_URI[md5sum] = "63363d1c00601f4d11a5cadc8b5e0799"
diff --git a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch
new file mode 100644
index 00000000..cda52119
--- /dev/null
+++ b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch
@@ -0,0 +1,176 @@
+From 263ad8ae08f287e32656d4e3e0116479f3d9ad9d Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:27:25 +0300
+Subject: [PATCH] GCM: move look-up table to .data section and unshare between processes
+Reply-To: shuagr@microsoft.com
+
+CVE: CVE-2019-12904_p1
+Upstream-Status: Backport
+Signed-off-by: Shubham Agrawal<shuagr@microsoft.com>
+Upstream-commit : https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
+
+* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
+(gcmR): Move to 'gcm_table' structure.
+(gcm_table): New structure for look-up table with counters before and
+after.
+(gcmR): New macro.
+(prefetch_table): Handle input with length not multiple of 256.
+(do_prefetch_tables): Modify pre- and post-table counters to unshare
+look-up table pages between processes.
+--
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ cipher/cipher-gcm.c | 129 ++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 95 insertions(+), 34 deletions(-)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index 6169d14..97a8015 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -30,6 +30,14 @@
+ #include "./cipher-internal.h"
+
+
++/* Helper macro to force alignment to 16 or 64 bytes. */
++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64)))
++#else
++# define ATTR_ALIGNED_64
++#endif
++
++
+ #ifdef GCM_USE_INTEL_PCLMUL
+ extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c);
+
+@@ -63,40 +71,93 @@ ghash_armv8_ce_pmull (gcry_cipher_hd_t c, byte *result, const byte *buf,
+
+
+ #ifdef GCM_USE_TABLES
+-static const u16 gcmR[256] = {
+- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
+- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
+- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
+- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
+- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
+- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
+- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
+- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
+- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
+- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
+- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
+- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
+- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
+- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
+- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
+- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
+- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
+- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
+- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
+- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
+- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
+- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
+- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
+- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
+- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
+- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
+- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
+- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
+- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
+- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
+- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
+- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+-};
++static struct
++{
++ volatile u32 counter_head;
++ u32 cacheline_align[64 / 4 - 1];
++ u16 R[256];
++ volatile u32 counter_tail;
++} gcm_table ATTR_ALIGNED_64 =
++ {
++ 0,
++ { 0, },
++ {
++ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
++ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
++ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
++ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
++ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
++ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
++ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
++ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
++ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
++ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
++ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
++ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
++ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
++ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
++ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
++ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
++ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
++ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
++ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
++ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
++ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
++ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
++ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
++ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
++ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
++ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
++ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
++ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
++ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
++ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
++ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
++ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
++ },
++ 0
++ };
++
++#define gcmR gcm_table.R
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++ const volatile byte *vtab = tab;
++ size_t i;
++
++ for (i = 0; len - i >= 8 * 32; i += 8 * 32)
++ {
++ (void)vtab[i + 0 * 32];
++ (void)vtab[i + 1 * 32];
++ (void)vtab[i + 2 * 32];
++ (void)vtab[i + 3 * 32];
++ (void)vtab[i + 4 * 32];
++ (void)vtab[i + 5 * 32];
++ (void)vtab[i + 6 * 32];
++ (void)vtab[i + 7 * 32];
++ }
++ for (; i < len; i += 32)
++ {
++ (void)vtab[i];
++ }
++
++ (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++ /* Modify counters to trigger copy-on-write and unsharing if physical pages
++ * of look-up table are shared between processes. Modifying counters also
++ * causes checksums for pages to change and hint same-page merging algorithm
++ * that these pages are frequently changing. */
++ gcm_table.counter_head++;
++ gcm_table.counter_tail++;
++
++ /* Prefetch look-up tables to cache. */
++ prefetch_table(gcmM, gcmM_size);
++ prefetch_table(&gcm_table, sizeof(gcm_table));
++}
+
+ #ifdef GCM_TABLES_USE_U64
+ static void
+--
+2.7.4
+
diff --git a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch
new file mode 100644
index 00000000..0cb503ed
--- /dev/null
+++ b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch
@@ -0,0 +1,330 @@
+From a5c359cc68a4def9bf39f63070837d89711b4e17 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH] AES: move look-up tables to .data section and unshare between processes
+Reply-To: shuagr@microsoft.com
+
+CVE: CVE-2019-12904_p2
+Upstream-status: Backport
+Signed-off-by: Shubham Agrawal<shuagr@microsoft.com>
+Upstream-commit: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
+
+* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+(enc_tables): New structure for encryption table with counters before
+and after.
+(encT): New macro.
+(dec_tables): Add counters before and after encryption table; Move
+from .rodata to .data section.
+(do_encrypt): Change 'encT' to 'enc_tables.T'.
+(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+with length not multiple of 256.
+(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+to unshare look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ cipher/rijndael-internal.h | 4 +-
+ cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++--------------------
+ cipher/rijndael.c | 35 ++++++++--
+ 3 files changed, 118 insertions(+), 76 deletions(-)
+
+diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h
+index 160fb8c..a62d4b7 100644
+--- a/cipher/rijndael-internal.h
++++ b/cipher/rijndael-internal.h
+@@ -29,11 +29,13 @@
+ #define BLOCKSIZE (128/8)
+
+
+-/* Helper macro to force alignment to 16 bytes. */
++/* Helper macro to force alignment to 16 or 64 bytes. */
+ #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
+ # define ATTR_ALIGNED_16 __attribute__ ((aligned (16)))
++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64)))
+ #else
+ # define ATTR_ALIGNED_16
++# define ATTR_ALIGNED_64
+ #endif
+
+
+diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
+index 8359470..b54d959 100644
+--- a/cipher/rijndael-tables.h
++++ b/cipher/rijndael-tables.h
+@@ -21,80 +21,98 @@
+ /* To keep the actual implementation at a readable size we use this
+ include file to define the tables. */
+
+-static const u32 encT[256] =
++static struct
++{
++ volatile u32 counter_head;
++ u32 cacheline_align[64 / 4 - 1];
++ u32 T[256];
++ volatile u32 counter_tail;
++} enc_tables ATTR_ALIGNED_64 =
+ {
+- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
+- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
+- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
+- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++ 0,
++ { 0, },
++ {
++ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
++ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
++ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
++ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
++ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
++ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
++ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
++ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
++ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
++ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
++ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
++ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
++ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
++ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
++ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
++ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
++ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
++ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
++ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
++ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
++ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
++ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
++ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
++ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
++ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
++ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
++ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
++ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
++ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
++ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
++ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
++ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
++ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
++ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
++ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
++ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
++ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
++ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
++ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
++ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
++ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
++ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
++ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
++ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
++ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
++ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
++ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
++ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
++ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
++ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
++ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
++ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
++ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
++ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
++ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
++ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
++ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
++ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
++ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
++ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
++ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
++ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
++ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
++ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++ },
++ 0
+ };
+
+-static const struct
++#define encT enc_tables.T
++
++static struct
+ {
++ volatile u32 counter_head;
++ u32 cacheline_align[64 / 4 - 1];
+ u32 T[256];
+ byte inv_sbox[256];
+-} dec_tables =
++ volatile u32 counter_tail;
++} dec_tables ATTR_ALIGNED_64 =
+ {
++ 0,
++ { 0, },
+ {
+ 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+ 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+@@ -194,7 +212,8 @@ static const struct
+ 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+ 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+ 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+- }
++ },
++ 0
+ };
+
+ #define decT dec_tables.T
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 8637195..d0edab2 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -227,11 +227,11 @@ static const char *selftest(void);
+
+
+ /* Prefetching for encryption/decryption tables. */
+-static void prefetch_table(const volatile byte *tab, size_t len)
++static inline void prefetch_table(const volatile byte *tab, size_t len)
+ {
+ size_t i;
+
+- for (i = 0; i < len; i += 8 * 32)
++ for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+ {
+ (void)tab[i + 0 * 32];
+ (void)tab[i + 1 * 32];
+@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len)
+ (void)tab[i + 6 * 32];
+ (void)tab[i + 7 * 32];
+ }
++ for (; i < len; i += 32)
++ {
++ (void)tab[i];
++ }
+
+ (void)tab[len - 1];
+ }
+
+ static void prefetch_enc(void)
+ {
+- prefetch_table((const void *)encT, sizeof(encT));
++ /* Modify counters to trigger copy-on-write and unsharing if physical pages
++ * of look-up table are shared between processes. Modifying counters also
++ * causes checksums for pages to change and hint same-page merging algorithm
++ * that these pages are frequently changing. */
++ enc_tables.counter_head++;
++ enc_tables.counter_tail++;
++
++ /* Prefetch look-up tables to cache. */
++ prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
+ }
+
+ static void prefetch_dec(void)
+ {
++ /* Modify counters to trigger copy-on-write and unsharing if physical pages
++ * of look-up table are shared between processes. Modifying counters also
++ * causes checksums for pages to change and hint same-page merging algorithm
++ * that these pages are frequently changing. */
++ dec_tables.counter_head++;
++ dec_tables.counter_tail++;
++
++ /* Prefetch look-up tables to cache. */
+ prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
+ }
+
+@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+ return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
+- encT);
++ enc_tables.T);
+ # else
+ /* Call SystemV ABI function without storing non-volatile XMM registers,
+ * as target function does not use vector instruction sets. */
+@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ return ret;
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT);
++ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
++ enc_tables.T);
+ #else
+ return do_encrypt_fn (ctx, bx, ax);
+ #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/
+@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+ return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+- &dec_tables);
++ dec_tables.T);
+ # else
+ /* Call SystemV ABI function without storing non-volatile XMM registers,
+ * as target function does not use vector instruction sets. */
+@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+ return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+- &dec_tables);
++ dec_tables.T);
+ #else
+ return do_decrypt_fn (ctx, bx, ax);
+ #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/
+--
+2.7.4
+
diff --git a/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
index fda68a29..13d03788 100644
--- a/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
+++ b/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
@@ -21,6 +21,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+ file://CVE-2019-12904_p1.patch \
+ file://CVE-2019-12904_p2.patch \
"
SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573"
SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227"
diff --git a/external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch b/external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch
new file mode 100644
index 00000000..dc3d558e
--- /dev/null
+++ b/external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch
@@ -0,0 +1,161 @@
+Upstream-Status: Backport [https://dev.gnupg.org/T4459]
+Signed-off-by: Sean Nyekjaer <sean@geanix.com>
+
+From 37069826e497d6af01e3e48fe5d2220ae7f85449 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 15 Apr 2019 15:10:44 +0900
+Subject: [PATCH] awk: Prepare for Gawk 5.0.
+
+* src/Makefile.am: Use pkg_namespace (instead of namespace).
+* src/mkerrnos.awk: Likewise.
+* lang/cl/mkerrcodes.awk: Don't escape # in regexp.
+* src/mkerrcodes.awk, src/mkerrcodes1.awk, src/mkerrcodes2.awk: Ditto.
+
+--
+
+In Gawk 5.0, regexp routines are replaced by Gnulib implementation,
+which only allows escaping specific characters.
+
+GnuPG-bug-id: 4459
+Reported-by: Marius Schamschula
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ lang/cl/mkerrcodes.awk | 2 +-
+ src/Makefile.am | 2 +-
+ src/mkerrcodes.awk | 2 +-
+ src/mkerrcodes1.awk | 2 +-
+ src/mkerrcodes2.awk | 2 +-
+ src/mkerrnos.awk | 2 +-
+ src/mkstrtable.awk | 10 +++++-----
+ 7 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lang/cl/mkerrcodes.awk b/lang/cl/mkerrcodes.awk
+index ae29043..9a1fc18 100644
+--- a/lang/cl/mkerrcodes.awk
++++ b/lang/cl/mkerrcodes.awk
+@@ -122,7 +122,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 42998e4..0ceac9f 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -281,7 +281,7 @@ code-from-errno.h: mkerrcodes Makefile
+
+ errnos-sym.h: Makefile mkstrtable.awk errnos.in
+ $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \
+- -v prefix=GPG_ERR_ -v namespace=errnos_ \
++ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \
+ $(srcdir)/errnos.in >$@
+
+
+diff --git a/src/mkerrcodes.awk b/src/mkerrcodes.awk
+index 46d436c..e9c857c 100644
+--- a/src/mkerrcodes.awk
++++ b/src/mkerrcodes.awk
+@@ -85,7 +85,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkerrcodes1.awk b/src/mkerrcodes1.awk
+index a771a73..4578e29 100644
+--- a/src/mkerrcodes1.awk
++++ b/src/mkerrcodes1.awk
+@@ -81,7 +81,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkerrcodes2.awk b/src/mkerrcodes2.awk
+index ea58503..188f7a4 100644
+--- a/src/mkerrcodes2.awk
++++ b/src/mkerrcodes2.awk
+@@ -91,7 +91,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkerrnos.awk b/src/mkerrnos.awk
+index f79df66..15b1aad 100644
+--- a/src/mkerrnos.awk
++++ b/src/mkerrnos.awk
+@@ -83,7 +83,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkstrtable.awk b/src/mkstrtable.awk
+index c9de9c1..285e45f 100644
+--- a/src/mkstrtable.awk
++++ b/src/mkstrtable.awk
+@@ -77,7 +77,7 @@
+ #
+ # The variable prefix can be used to prepend a string to each message.
+ #
+-# The variable namespace can be used to prepend a string to each
++# The variable pkg_namespace can be used to prepend a string to each
+ # variable and macro name.
+
+ BEGIN {
+@@ -102,7 +102,7 @@ header {
+ print "/* The purpose of this complex string table is to produce";
+ print " optimal code with a minimum of relocations. */";
+ print "";
+- print "static const char " namespace "msgstr[] = ";
++ print "static const char " pkg_namespace "msgstr[] = ";
+ header = 0;
+ }
+ else
+@@ -110,7 +110,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+@@ -150,7 +150,7 @@ END {
+ else
+ print " gettext_noop (\"" last_msgstr "\");";
+ print "";
+- print "static const int " namespace "msgidx[] =";
++ print "static const int " pkg_namespace "msgidx[] =";
+ print " {";
+ for (i = 0; i < coded_msgs; i++)
+ print " " pos[i] ",";
+@@ -158,7 +158,7 @@ END {
+ print " };";
+ print "";
+ print "static GPG_ERR_INLINE int";
+- print namespace "msgidxof (int code)";
++ print pkg_namespace "msgidxof (int code)";
+ print "{";
+ print " return (0 ? 0";
+
+--
+2.23.0
+
diff --git a/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb b/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb
index e552001c..52ae11a9 100644
--- a/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb
+++ b/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgpg-error/libgpg-error-${PV}.tar.bz2 \
file://pkgconfig.patch \
file://0001-syscfg-Support-ARC-CPUs-and-simplify-aliasing-table.patch \
file://0002-syscfg-Add-support-for-arc-unknown-linux-gnu.patch \
+ file://libgpg-error-1.35-gawk5-support.patch \
"
SRC_URI[md5sum] = "ef3d928a5a453fa701ecc3bb22be1c64"
SRC_URI[sha256sum] = "c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca"
diff --git a/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch
new file mode 100644
index 00000000..ef3f2709
--- /dev/null
+++ b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch
@@ -0,0 +1,33 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+
+CVE: CVE-2019-13117
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ tokens->tokens[tokens->nTokens].token = val - 1;
+ ix += len;
+ val = xmlStringCurrentChar(NULL, format+ix, &len);
+- }
++ } else {
++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++ tokens->tokens[tokens->nTokens].width = 1;
++ }
+ } else if ( (val == (xmlChar)'A') ||
+ (val == (xmlChar)'a') ||
+ (val == (xmlChar)'I') ||
+--
+2.21.0
+
diff --git a/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch
new file mode 100644
index 00000000..595e6c2f
--- /dev/null
+++ b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch
@@ -0,0 +1,76 @@
+From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Jun 2019 13:14:45 +0200
+Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
+
+The character type in xsltFormatNumberConversion was too narrow and
+an invalid character/length combination could be passed to
+xsltNumberFormatDecimal, resulting in an uninitialized read.
+
+Found by OSS-Fuzz.
+
+CVE: CVE-2019-13118
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ libxslt/numbers.c | 5 +++--
+ tests/docs/bug-222.xml | 1 +
+ tests/general/bug-222.out | 2 ++
+ tests/general/bug-222.xsl | 6 ++++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+ create mode 100644 tests/docs/bug-222.xml
+ create mode 100644 tests/general/bug-222.out
+ create mode 100644 tests/general/bug-222.xsl
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index f1ed8846..20b99d5a 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
+ number = floor((scale * number + 0.5)) / scale;
+ if ((self->grouping != NULL) &&
+ (self->grouping[0] != 0)) {
++ int gchar;
+
+ len = xmlStrlen(self->grouping);
+- pchar = xsltGetUTF8Char(self->grouping, &len);
++ gchar = xsltGetUTF8Char(self->grouping, &len);
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+ format_info.group,
+- pchar, len);
++ gchar, len);
+ } else
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
+new file mode 100644
+index 00000000..69d62f2c
+--- /dev/null
++++ b/tests/docs/bug-222.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
+new file mode 100644
+index 00000000..e3139698
+--- /dev/null
++++ b/tests/general/bug-222.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++1⠢0
+diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
+new file mode 100644
+index 00000000..e32dc473
+--- /dev/null
++++ b/tests/general/bug-222.xsl
+@@ -0,0 +1,6 @@
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++ <xsl:decimal-format name="f" grouping-separator="⠢"/>
++ <xsl:template match="/">
++ <xsl:value-of select="format-number(10,'#⠢0','f')"/>
++ </xsl:template>
++</xsl:stylesheet>
+--
+2.21.0
+
diff --git a/external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch b/external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch
new file mode 100644
index 00000000..83ca8a3c
--- /dev/null
+++ b/external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch
@@ -0,0 +1,128 @@
+From aed812d8dbbb6d1337312652aa72aa7f44d2b07d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: [PATCH] Fix security framework bypass
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+
+Signed-off-by: Muminul Islam <muminul.islam@microsoft.com>
+
+CVE: CVE-2019-11068
+
+Upstream-Status: Backport
+
+https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
+---
+ libxslt/documents.c | 18 ++++++++++--------
+ libxslt/imports.c | 9 +++++----
+ libxslt/transform.c | 9 +++++----
+ libxslt/xslt.c | 9 +++++----
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/libxslt/documents.c b/libxslt/documents.c
+index 3f3a7312..4aad11bb 100644
+--- a/libxslt/documents.c
++++ b/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
+ int res;
+
+ res = xsltCheckRead(ctxt->sec, ctxt, URI);
+- if (res == 0) {
+- xsltTransformError(ctxt, NULL, NULL,
+- "xsltLoadDocument: read rights for %s denied\n",
+- URI);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(ctxt, NULL, NULL,
++ "xsltLoadDocument: read rights for %s denied\n",
++ URI);
+ return(NULL);
+ }
+ }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
+ int res;
+
+ res = xsltCheckRead(sec, NULL, URI);
+- if (res == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsltLoadStyleDocument: read rights for %s denied\n",
+- URI);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsltLoadStyleDocument: read rights for %s denied\n",
++ URI);
+ return(NULL);
+ }
+ }
+diff --git a/libxslt/imports.c b/libxslt/imports.c
+index 7262aab9..b62e0877 100644
+--- a/libxslt/imports.c
++++ b/libxslt/imports.c
+@@ -131,10 +131,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
+ int secres;
+
+ secres = xsltCheckRead(sec, NULL, URI);
+- if (secres == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsl:import: read rights for %s denied\n",
+- URI);
++ if (secres <= 0) {
++ if (secres == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsl:import: read rights for %s denied\n",
++ URI);
+ goto error;
+ }
+ }
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 560f43ca..46eef553 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -3485,10 +3485,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ */
+ if (ctxt->sec != NULL) {
+ ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
+- if (ret == 0) {
+- xsltTransformError(ctxt, NULL, inst,
+- "xsltDocumentElem: write rights for %s denied\n",
+- filename);
++ if (ret <= 0) {
++ if (ret == 0)
++ xsltTransformError(ctxt, NULL, inst,
++ "xsltDocumentElem: write rights for %s denied\n",
++ filename);
+ xmlFree(URL);
+ xmlFree(filename);
+ return;
+diff --git a/libxslt/xslt.c b/libxslt/xslt.c
+index 54a39de9..359913e4 100644
+--- a/libxslt/xslt.c
++++ b/libxslt/xslt.c
+@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
+ int res;
+
+ res = xsltCheckRead(sec, NULL, filename);
+- if (res == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsltParseStylesheetFile: read rights for %s denied\n",
+- filename);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsltParseStylesheetFile: read rights for %s denied\n",
++ filename);
+ return(NULL);
+ }
+ }
+--
+2.23.0
+
diff --git a/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb b/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb
index f0fa5e72..e2a515f8 100644
--- a/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb
+++ b/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb
@@ -10,7 +10,10 @@ DEPENDS = "libxml2"
SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
file://fix-rvts-handling.patch \
- "
+ file://CVE-2019-11068.patch \
+ file://CVE-2019-13117.patch \
+ file://CVE-2019-13118.patch \
+"
SRC_URI[md5sum] = "1fc72f98e98bf4443f1651165f3aa146"
SRC_URI[sha256sum] = "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch
new file mode 100644
index 00000000..5883774e
--- /dev/null
+++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch
@@ -0,0 +1,126 @@
+From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001
+From: Shubham Agrawal <shuagr@microsoft.com>
+Date: Mon, 23 Sep 2019 20:58:47 +0000
+Subject: [PATCH] sqlite: fix for CVE-2019-8457
+
+Upstream-Status: Backport
+CVE: CVE-2019-8457
+Signed-off-by: Shubham Agrawal <shuagr@microsoft.com>
+---
+ sqlite3.c | 50 +++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 31 insertions(+), 19 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 00513d4..5c8c7f4 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -172325,6 +172325,33 @@
+ }
+
+
++/* Allocate and initialize a new dynamic string object */
++StrAccum *sqlite3_str_new(sqlite3 *db){
++ StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p));
++ if( p ){
++ sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH);
++ }
++ return p;
++}
++
++/* Finalize a string created using sqlite3_str_new().
++*/
++
++char *sqlite3_str_finish(StrAccum *p){
++ char *z;
++ if( p ){
++ z = sqlite3StrAccumFinish(p);
++ sqlite3DbFree(p->db, p);
++ }else{
++ z = 0;
++ }
++ return z;
++}
++/* Return any error code associated with p */
++int sqlite3_str_errcode(StrAccum *p){
++ return p ? p->accError : SQLITE_NOMEM;
++}
++
+ /*
+ ** Implementation of a scalar function that decodes r-tree nodes to
+ ** human readable strings. This can be used for debugging and analysis.
+@@ -172342,49 +172369,53 @@
+ ** <num-dimension>*2 coordinates.
+ */
+ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+- char *zText = 0;
++
+ RtreeNode node;
+ Rtree tree;
+ int ii;
++ int nData;
++ int errCode;
++ StrAccum *pOut;
+
+ UNUSED_PARAMETER(nArg);
+ memset(&node, 0, sizeof(RtreeNode));
+ memset(&tree, 0, sizeof(Rtree));
+ tree.nDim = (u8)sqlite3_value_int(apArg[0]);
++ if( tree.nDim<1 || tree.nDim>5 ) return;
+ tree.nDim2 = tree.nDim*2;
+ tree.nBytesPerCell = 8 + 8 * tree.nDim;
+ node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
++ nData = sqlite3_value_bytes(apArg[1]);
++ if( nData<4 ) return;
++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+
++ pOut = sqlite3_str_new(0);
+ for(ii=0; ii<NCELL(&node); ii++){
+- char zCell[512];
+- int nCell = 0;
++
++
+ RtreeCell cell;
+ int jj;
+
+ nodeGetCell(&tree, &node, ii, &cell);
+- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+- nCell = (int)strlen(zCell);
++ if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1);
++ sqlite3XPrintf(pOut, "{%lld", cell.iRowid);
++
+ for(jj=0; jj<tree.nDim2; jj++){
+ #ifndef SQLITE_RTREE_INT_ONLY
+- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
+- (double)cell.aCoord[jj].f);
++
++ sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f);
+ #else
+- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
+- cell.aCoord[jj].i);
++
++ sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i);
+ #endif
+- nCell = (int)strlen(zCell);
+- }
+
+- if( zText ){
+- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+- sqlite3_free(zText);
+- zText = zTextNew;
+- }else{
+- zText = sqlite3_mprintf("{%s}", zCell);
+ }
++ sqlite3StrAccumAppend(pOut, "}", 1);
+ }
+-
+- sqlite3_result_text(ctx, zText, -1, sqlite3_free);
++
++ errCode = sqlite3_str_errcode(pOut);
++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
++ sqlite3_result_error_code(ctx, errCode);
+ }
+
+ /* This routine implements an SQL function that returns the "depth" parameter
+--
+2.7.4
+
diff --git a/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
index d214ea15..7df61cd1 100644
--- a/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
+++ b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
@@ -7,6 +7,7 @@ SRC_URI = "\
http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2018-20505.patch \
file://CVE-2018-20506.patch \
+ file://CVE-2019-8457.patch \
"
SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa"
SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25"