build-appliance-image: Update to dunfell head revision

(From OE-Core rev: b39bda4cc62db12c0edfbe489d5a7f5988ede6a9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/server/process.py

@@ -47,6 +47,7 @@ class ProcessServer(multiprocessing.Process):
         self.next_heartbeat = time.time()
 
         self.event_handle = None
+        self.hadanyui = False
         self.haveui = False
         self.maxuiwait = 30
         self.xmlrpc = False
@@ -188,6 +189,7 @@ class ProcessServer(multiprocessing.Process):
                     self.command_channel_reply = writer
 
                     self.haveui = True
+                    self.hadanyui = True
 
                 except (EOFError, OSError):
                     disconnect_client(self, fds)
@@ -200,7 +202,7 @@ class ProcessServer(multiprocessing.Process):
             # If we don't see a UI connection within maxuiwait, its unlikely we're going to see
             # one. We have had issue with processes hanging indefinitely so timing out UI-less
             # servers is useful.
-            if not self.haveui and not self.timeout and (self.lastui + self.maxuiwait) < time.time():
+            if not self.hadanyui and not self.xmlrpc and not self.timeout and (self.lastui + self.maxuiwait) < time.time():
                 print("No UI connection within max timeout, exiting to avoid infinite loop.")
                 self.quit = True
 

bitbake/lib/bb/siggen.py

@@ -706,7 +706,7 @@ def clean_basepath(a):
         _, mc, a = a.split(":", 2)
     b = a.rsplit("/", 2)[1] + '/' + a.rsplit("/", 2)[2]
     if a.startswith("virtual:"):
-        b = b + ":" + a.rsplit(":", 1)[0]
+        b = b + ":" + a.rsplit(":", 2)[0]
     if mc:
         b = b + ":mc:" + mc
     return b

bitbake/lib/bb/tests/fetch.py

@@ -1156,7 +1156,8 @@ class FetchLatestVersionTest(FetcherTest):
         ("mtd-utils", "git://git.yoctoproject.org/mtd-utils.git", "ca39eb1d98e736109c64ff9c1aa2a6ecca222d8f", "")
             : "1.5.0",
         # version pattern "pkg_name-X.Y"
-        ("presentproto", "git://anongit.freedesktop.org/git/xorg/proto/presentproto", "24f3a56e541b0a9e6c6ee76081f441221a120ef9", "")
+        # mirror of git://anongit.freedesktop.org/git/xorg/proto/presentproto since network issues interfered with testing
+        ("presentproto", "git://git.yoctoproject.org/bbfetchtests-presentproto", "24f3a56e541b0a9e6c6ee76081f441221a120ef9", "")
             : "1.0",
         # version pattern "pkg_name-vX.Y.Z"
         ("dtc", "git://git.qemu.org/dtc.git", "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf", "")
@@ -1170,7 +1171,8 @@ class FetchLatestVersionTest(FetcherTest):
         ("mobile-broadband-provider-info", "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https", "4ed19e11c2975105b71b956440acdb25d46a347d", "")
             : "20120614",
         # packages with a valid UPSTREAM_CHECK_GITTAGREGEX
-        ("xf86-video-omap", "git://anongit.freedesktop.org/xorg/driver/xf86-video-omap", "ae0394e687f1a77e966cf72f895da91840dffb8f", "(?P<pver>(\d+\.(\d\.?)*))")
+                # mirror of git://anongit.freedesktop.org/xorg/driver/xf86-video-omap since network issues interfered with testing
+        ("xf86-video-omap", "git://git.yoctoproject.org/bbfetchtests-xf86-video-omap", "ae0394e687f1a77e966cf72f895da91840dffb8f", "(?P<pver>(\d+\.(\d\.?)*))")
             : "0.4.3",
         ("build-appliance-image", "git://git.yoctoproject.org/poky", "b37dd451a52622d5b570183a81583cc34c2ff555", "(?P<pver>(([0-9][\.|_]?)+[0-9]))")
             : "11.0.0",
@@ -1262,9 +1264,7 @@ class FetchLatestVersionTest(FetcherTest):
 
 
 class FetchCheckStatusTest(FetcherTest):
-    test_wget_uris = ["http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2",
-                      "http://www.cups.org/",
-                      "http://downloads.yoctoproject.org/releases/sato/sato-engine-0.1.tar.gz",
+    test_wget_uris = ["http://downloads.yoctoproject.org/releases/sato/sato-engine-0.1.tar.gz",
                       "http://downloads.yoctoproject.org/releases/sato/sato-engine-0.2.tar.gz",
                       "http://downloads.yoctoproject.org/releases/sato/sato-engine-0.3.tar.gz",
                       "https://yoctoproject.org/",

documentation/bsp-guide/bsp-guide.xml

@@ -137,9 +137,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual.xml

@@ -127,9 +127,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -112,9 +112,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual.xml

@@ -103,9 +103,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/overview-manual/overview-manual.xml

@@ -62,9 +62,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,17 +1,17 @@
-<!ENTITY DISTRO "3.1.2">
-<!ENTITY DISTRO_COMPRESSED "312">
+<!ENTITY DISTRO "3.1.3">
+<!ENTITY DISTRO_COMPRESSED "313">
 <!ENTITY DISTRO_NAME_NO_CAP "dunfell">
 <!ENTITY DISTRO_NAME "Dunfell">
 <!ENTITY DISTRO_NAME_NO_CAP_MINUS_ONE "zeus">
 <!ENTITY DISTRO_NAME_MINUS_ONE "Zeus">
-<!ENTITY YOCTO_DOC_VERSION "3.1.2">
+<!ENTITY YOCTO_DOC_VERSION "3.1.3">
 <!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "3.0.2">
-<!ENTITY DISTRO_REL_TAG "yocto-3.1.2">
+<!ENTITY DISTRO_REL_TAG "yocto-3.1.3">
 <!ENTITY METAINTELVERSION "12.0">
-<!ENTITY REL_MONTH_YEAR "July 2020">
+<!ENTITY REL_MONTH_YEAR "September 2020">
 <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
-<!ENTITY POKYVERSION "23.0.2">
-<!ENTITY POKYVERSION_COMPRESSED "2302">
+<!ENTITY POKYVERSION "23.0.3">
+<!ENTITY POKYVERSION_COMPRESSED "2303">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2020">
 <!ENTITY ORGNAME "The Yocto Project">

documentation/profile-manual/profile-manual.xml

@@ -112,9 +112,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-manual.xml

@@ -138,9 +138,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/sdk-manual/sdk-manual.xml

@@ -82,9 +82,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/toaster-manual/toaster-manual.xml

@@ -92,9 +92,14 @@
             </revision>
             <revision>
                 <revnumber>3.1.2</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>August 2020</date>
                 <revremark>Released with the Yocto Project 3.1.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>3.1.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 3.1.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -1,36 +1,36 @@
 # Processes bitbake-user-manual (<word>-<word>-<word> style).
 # This style is for manual three-word folders, which currently is only the BitBake User Manual.
 # We used to have the "yocto-project-qs" and "poky-ref-manual" folders but no longer do.
-# s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
 
 # Processes all other manuals (<word>-<word> style).
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # Here is the one-liner:
-# s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
 
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/sdk-manual/sdk-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/bsp-guide/bsp-guide.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/dev-manual/dev-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/overview-manual/overview-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/kernel-dev/kernel-dev.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/profile-manual/profile-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/ref-manual/ref-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/3.1.2/toaster-manual/toaster-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/sdk-manual/sdk-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/bsp-guide/bsp-guide.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/dev-manual/dev-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/overview-manual/overview-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/kernel-dev/kernel-dev.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/profile-manual/profile-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/ref-manual/ref-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.1.3/toaster-manual/toaster-manual.html#@"link" href="#@g
 
 # Process cases where just an external manual is referenced without an id anchor
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
 
 # Process a single, rouge occurrence of a linked reference to the Mega-Manual.
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.2/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.1.3/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
 

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "3.1.2"
+DISTRO_VERSION = "3.1.3"
 DISTRO_CODENAME = "dunfell"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"

meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend

@@ -7,17 +7,17 @@ KMACHINE_genericx86 ?= "common-pc"
 KMACHINE_genericx86-64 ?= "common-pc-64"
 KMACHINE_beaglebone-yocto ?= "beaglebone"
 
-SRCREV_machine_genericx86 ?= "ec485bd4afef57715eb45ba331b04b3f941e43bb"
-SRCREV_machine_genericx86-64 ?= "ec485bd4afef57715eb45ba331b04b3f941e43bb"
-SRCREV_machine_edgerouter ?= "ec485bd4afef57715eb45ba331b04b3f941e43bb"
-SRCREV_machine_beaglebone-yocto ?= "ec485bd4afef57715eb45ba331b04b3f941e43bb"
+SRCREV_machine_genericx86 ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
+SRCREV_machine_genericx86-64 ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
+SRCREV_machine_edgerouter ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
+SRCREV_machine_beaglebone-yocto ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
 
 COMPATIBLE_MACHINE_genericx86 = "genericx86"
 COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64"
 COMPATIBLE_MACHINE_edgerouter = "edgerouter"
 COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
 
-LINUX_VERSION_genericx86 = "5.4.49"
-LINUX_VERSION_genericx86-64 = "5.4.49"
-LINUX_VERSION_edgerouter = "5.4.49"
-LINUX_VERSION_beaglebone-yocto = "5.4.49"
+LINUX_VERSION_genericx86 = "5.4.58"
+LINUX_VERSION_genericx86-64 = "5.4.58"
+LINUX_VERSION_edgerouter = "5.4.58"
+LINUX_VERSION_beaglebone-yocto = "5.4.58"

meta/classes/buildhistory.bbclass

@@ -426,8 +426,8 @@ def buildhistory_list_installed(d, rootfs_type="image"):
     from oe.sdk import sdk_list_installed_packages
     from oe.utils import format_pkg_list
 
-    process_list = [('file', 'bh_installed_pkgs.txt'),\
-                    ('deps', 'bh_installed_pkgs_deps.txt')]
+    process_list = [('file', 'bh_installed_pkgs_%s.txt' % os.getpid()),\
+                    ('deps', 'bh_installed_pkgs_deps_%s.txt' % os.getpid())]
 
     if rootfs_type == "image":
         pkgs = image_list_installed_packages(d)
@@ -457,9 +457,10 @@ buildhistory_get_installed() {
 
 	# Get list of installed packages
 	pkgcache="$1/installed-packages.tmp"
-	cat ${WORKDIR}/bh_installed_pkgs.txt | sort > $pkgcache && rm ${WORKDIR}/bh_installed_pkgs.txt
+	cat ${WORKDIR}/bh_installed_pkgs_${PID}.txt | sort > $pkgcache && rm ${WORKDIR}/bh_installed_pkgs_${PID}.txt
 
 	cat $pkgcache | awk '{ print $1 }' > $1/installed-package-names.txt
+
 	if [ -s $pkgcache ] ; then
 		cat $pkgcache | awk '{ print $2 }' | xargs -n1 basename > $1/installed-packages.txt
 	else
@@ -468,8 +469,8 @@ buildhistory_get_installed() {
 
 	# Produce dependency graph
 	# First, quote each name to handle characters that cause issues for dot
-	sed 's:\([^| ]*\):"\1":g' ${WORKDIR}/bh_installed_pkgs_deps.txt > $1/depends.tmp &&
-		rm ${WORKDIR}/bh_installed_pkgs_deps.txt
+	sed 's:\([^| ]*\):"\1":g' ${WORKDIR}/bh_installed_pkgs_deps_${PID}.txt > $1/depends.tmp &&
+		rm ${WORKDIR}/bh_installed_pkgs_deps_${PID}.txt
 	# Remove lines with rpmlib(...) and config(...) dependencies, change the
 	# delimiter from pipe to "->", set the style for recommend lines and
 	# turn versioned dependencies into edge labels.

meta/classes/cmake.bbclass

@@ -70,15 +70,22 @@ CMAKE_BUILD_PARALLEL_LEVEL_task-install = "${@oe.utils.parallel_make(d, True)}"
 OECMAKE_TARGET_COMPILE ?= "all"
 OECMAKE_TARGET_INSTALL ?= "install"
 
+def map_host_os_to_system_name(host_os):
+    if host_os.startswith('mingw'):
+        return 'Windows'
+    if host_os.startswith('linux'):
+        return 'Linux'
+    return host_os
+
 # CMake expects target architectures in the format of uname(2),
 # which do not always match TARGET_ARCH, so all the necessary
 # conversions should happen here.
-def map_target_arch_to_uname_arch(target_arch):
-    if target_arch == "powerpc":
+def map_host_arch_to_uname_arch(host_arch):
+    if host_arch == "powerpc":
         return "ppc"
-    if target_arch == "powerpc64":
+    if host_arch == "powerpc64":
         return "ppc64"
-    return target_arch
+    return host_arch
 
 cmake_do_generate_toolchain_file() {
 	if [ "${BUILD_SYS}" = "${HOST_SYS}" ]; then
@@ -88,8 +95,8 @@ cmake_do_generate_toolchain_file() {
 # CMake system name must be something like "Linux".
 # This is important for cross-compiling.
 $cmake_crosscompiling
-set( CMAKE_SYSTEM_NAME `echo ${TARGET_OS} | sed -e 's/^./\u&/' -e 's/^\(Linux\).*/\1/'` )
-set( CMAKE_SYSTEM_PROCESSOR ${@map_target_arch_to_uname_arch(d.getVar('TARGET_ARCH'))} )
+set( CMAKE_SYSTEM_NAME ${@map_host_os_to_system_name(d.getVar('HOST_OS'))} )
+set( CMAKE_SYSTEM_PROCESSOR ${@map_host_arch_to_uname_arch(d.getVar('HOST_ARCH'))} )
 set( CMAKE_C_COMPILER ${OECMAKE_C_COMPILER} )
 set( CMAKE_CXX_COMPILER ${OECMAKE_CXX_COMPILER} )
 set( CMAKE_C_COMPILER_LAUNCHER ${OECMAKE_C_COMPILER_LAUNCHER} )

meta/classes/cml1.bbclass

@@ -1,3 +1,13 @@
+# returns all the elements from the src uri that are .cfg files
+def find_cfgs(d):
+    sources=src_patches(d, True)
+    sources_list=[]
+    for s in sources:
+        if s.endswith('.cfg'):
+            sources_list.append(s)
+
+    return sources_list
+
 cml1_do_configure() {
 	set -e
 	unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS

meta/classes/cve-check.bbclass

@@ -27,9 +27,13 @@ CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
+CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
+CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
+CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
+CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
 
 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +50,33 @@ CVE_CHECK_PN_WHITELIST ?= ""
 # 
 CVE_CHECK_WHITELIST ?= ""
 
+python cve_save_summary_handler () {
+    import shutil
+    import datetime
+
+    cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
+
+    cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
+    cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+    bb.utils.mkdirhier(cvelogpath)
+
+    timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+    cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
+
+    if os.path.exists(cve_tmp_file):
+        shutil.copyfile(cve_tmp_file, cve_summary_file)
+
+        if cve_summary_file and os.path.exists(cve_summary_file):
+            cvefile_link = os.path.join(cvelogpath, cve_summary_name)
+
+            if os.path.exists(os.path.realpath(cvefile_link)):
+                os.remove(cvefile_link)
+            os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+}
+
+addhandler cve_save_summary_handler
+cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
+
 python do_cve_check () {
     """
     Check recipe for patched and unpatched CVEs
@@ -331,5 +362,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
             f.write(write_string)
 
     if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+        cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+        bb.utils.mkdirhier(cvelogpath)
+
         with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
             f.write("%s" % write_string)

meta/classes/gtk-icon-cache.bbclass

@@ -1,10 +1,6 @@
 FILES_${PN} += "${datadir}/icons/hicolor"
 
-DEPENDS +=" ${@['hicolor-icon-theme', '']['${BPN}' == 'hicolor-icon-theme']} \
-            ${@['gdk-pixbuf', '']['${BPN}' == 'gdk-pixbuf']} \
-            ${@['gtk+3', '']['${BPN}' == 'gtk+3']} \
-            gtk+3-native \
-"
+DEPENDS +=" ${@['hicolor-icon-theme', '']['${BPN}' == 'hicolor-icon-theme']} gtk+3-native"
 
 PACKAGE_WRITE_DEPS += "gtk+3-native gdk-pixbuf-native"
 
@@ -52,18 +48,9 @@ python populate_packages_append () {
         bb.note("adding hicolor-icon-theme dependency to %s" % pkg)
         rdepends = ' ' + d.getVar('MLPREFIX', False) + "hicolor-icon-theme"
         d.appendVar('RDEPENDS_%s' % pkg, rdepends)
-
-        #gtk_icon_cache_postinst depend on gdk-pixbuf and gtk+3
-        bb.note("adding gdk-pixbuf dependency to %s" % pkg)
-        rdepends = ' ' + d.getVar('MLPREFIX', False) + "gdk-pixbuf"
-        d.appendVar('RDEPENDS_%s' % pkg, rdepends)
-
-        bb.note("adding gtk+3 dependency to %s" % pkg)
-        rdepends = ' ' + d.getVar('MLPREFIX', False) + "gtk+3"
-        d.appendVar('RDEPENDS_%s' % pkg, rdepends)
-
+    
         bb.note("adding gtk-icon-cache postinst and postrm scripts to %s" % pkg)
-
+        
         postinst = d.getVar('pkg_postinst_%s' % pkg)
         if not postinst:
             postinst = '#!/bin/sh\n'

meta/classes/gtk-immodules-cache.bbclass

@@ -22,6 +22,7 @@ else
         gtk-query-immodules-2.0 > ${libdir}/gtk-2.0/2.10.0/immodules.cache
     fi
     if [ ! -z `which gtk-query-immodules-3.0` ]; then
+        mkdir -p ${libdir}/gtk-3.0/3.0.0
         gtk-query-immodules-3.0 > ${libdir}/gtk-3.0/3.0.0/immodules.cache
     fi
 fi

meta/classes/image.bbclass

@@ -551,14 +551,14 @@ def get_rootfs_size(d):
     if rootfs_maxsize:
         rootfs_maxsize_int = int(rootfs_maxsize)
         if base_size > rootfs_maxsize_int:
-            bb.fatal("The rootfs size %d(K) overrides IMAGE_ROOTFS_MAXSIZE: %d(K)" % \
+            bb.fatal("The rootfs size %d(K) exceeds IMAGE_ROOTFS_MAXSIZE: %d(K)" % \
                 (base_size, rootfs_maxsize_int))
 
     # Check the initramfs size against INITRAMFS_MAXSIZE (if set)
     if image_fstypes == initramfs_fstypes != ''  and initramfs_maxsize:
         initramfs_maxsize_int = int(initramfs_maxsize)
         if base_size > initramfs_maxsize_int:
-            bb.error("The initramfs size %d(K) overrides INITRAMFS_MAXSIZE: %d(K)" % \
+            bb.error("The initramfs size %d(K) exceeds INITRAMFS_MAXSIZE: %d(K)" % \
                 (base_size, initramfs_maxsize_int))
             bb.error("You can set INITRAMFS_MAXSIZE a larger value. Usually, it should")
             bb.fatal("be less than 1/2 of ram size, or you may fail to boot it.\n")
@@ -654,7 +654,7 @@ reproducible_final_image_task () {
     if [ "${BUILD_REPRODUCIBLE_BINARIES}" = "1" ]; then
         if [ "$REPRODUCIBLE_TIMESTAMP_ROOTFS" = "" ]; then
             REPRODUCIBLE_TIMESTAMP_ROOTFS=`git -C "${COREBASE}" log -1 --pretty=%ct 2>/dev/null` || true
-            if [ "${REPRODUCIBLE_TIMESTAMP_ROOTFS}" = "" ]; then
+            if [ "$REPRODUCIBLE_TIMESTAMP_ROOTFS" = "" ]; then
                 REPRODUCIBLE_TIMESTAMP_ROOTFS=`stat -c%Y ${@bb.utils.which(d.getVar("BBPATH"), "conf/bitbake.conf")}`
             fi
         fi

meta/classes/image_types_wic.bbclass

@@ -4,7 +4,8 @@ WICVARS ?= "\
            BBLAYERS IMGDEPLOYDIR DEPLOY_DIR_IMAGE FAKEROOTCMD IMAGE_BASENAME IMAGE_BOOT_FILES \
            IMAGE_LINK_NAME IMAGE_ROOTFS INITRAMFS_FSTYPES INITRD INITRD_LIVE ISODIR RECIPE_SYSROOT_NATIVE \
            ROOTFS_SIZE STAGING_DATADIR STAGING_DIR STAGING_LIBDIR TARGET_SYS \
-           KERNEL_IMAGETYPE MACHINE INITRAMFS_IMAGE INITRAMFS_IMAGE_BUNDLE INITRAMFS_LINK_NAME APPEND"
+           KERNEL_IMAGETYPE MACHINE INITRAMFS_IMAGE INITRAMFS_IMAGE_BUNDLE INITRAMFS_LINK_NAME APPEND \
+           ASSUME_PROVIDED"
 
 inherit ${@bb.utils.contains('INITRAMFS_IMAGE_BUNDLE', '1', 'kernel-artifact-names', '', d)}
 

meta/classes/insane.bbclass

@@ -437,12 +437,13 @@ def package_qa_hash_style(path, name, d, elf, messages):
     for line in phdrs.split("\n"):
         if "SYMTAB" in line:
             has_syms = True
-        if "GNU_HASH" or "DT_MIPS_XHASH" in line:
+        if "GNU_HASH" in line or "DT_MIPS_XHASH" in line:
             sane = True
         if ("[mips32]" in line or "[mips64]" in line) and d.getVar('TCLIBC') == "musl":
             sane = True
     if has_syms and not sane:
-        package_qa_add_message(messages, "ldflags", "No GNU_HASH in the ELF binary %s, didn't pass LDFLAGS?" % path)
+        path = package_qa_clean_path(path, d, name)
+        package_qa_add_message(messages, "ldflags", "File %s in package %s doesn't have GNU_HASH (didn't pass LDFLAGS?)" % (path, name))
 
 
 QAPATHTEST[buildpaths] = "package_qa_check_buildpaths"
@@ -707,12 +708,13 @@ def package_qa_walk(warnfuncs, errorfuncs, package, d):
     warnings = {}
     errors = {}
     for path in pkgfiles[package]:
-            elf = oe.qa.ELFFile(path)
-            try:
-                elf.open()
-            except (IOError, oe.qa.NotELFFileError):
-                # IOError can happen if the packaging control files disappear,
-                elf = None
+            elf = None
+            if os.path.isfile(path):
+                elf = oe.qa.ELFFile(path)
+                try:
+                    elf.open()
+                except oe.qa.NotELFFileError:
+                    elf = None
             for func in warnfuncs:
                 func(path, package, d, elf, warnings)
             for func in errorfuncs:

meta/classes/kernel-devicetree.bbclass

@@ -52,7 +52,7 @@ do_configure_append() {
 do_compile_append() {
 	for dtbf in ${KERNEL_DEVICETREE}; do
 		dtb=`normalize_dtb "$dtbf"`
-		oe_runmake $dtb
+		oe_runmake $dtb CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS}
 	done
 }
 

meta/classes/kernel-yocto.bbclass

@@ -85,6 +85,21 @@ def get_machine_branch(d, default):
 	    
     return default
 
+# returns a list of all directories that are on FILESEXTRAPATHS (and
+# hence available to the build) that contain .scc or .cfg files
+def get_dirs_with_fragments(d):
+    extrapaths = []
+    extrafiles = []
+    extrapathsvalue = (d.getVar("FILESEXTRAPATHS") or "")
+    # Remove default flag which was used for checking
+    extrapathsvalue = extrapathsvalue.replace("__default:", "")
+    extrapaths = extrapathsvalue.split(":")
+    for path in extrapaths:
+        if path + ":True" not in extrafiles:
+            extrafiles.append(path + ":" + str(os.path.exists(path)))
+
+    return " ".join(extrafiles)
+
 do_kernel_metadata() {
 	set +e
 	cd ${S}
@@ -330,6 +345,7 @@ do_kernel_checkout[dirs] = "${S}"
 addtask kernel_checkout before do_kernel_metadata after do_symlink_kernsrc
 addtask kernel_metadata after do_validate_branches do_unpack before do_patch
 do_kernel_metadata[depends] = "kern-tools-native:do_populate_sysroot"
+do_kernel_metadata[file-checksums] = " ${@get_dirs_with_fragments(d)}"
 do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot"
 
 do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot"

meta/classes/nopackages.bbclass

@@ -2,6 +2,7 @@ deltask do_package
 deltask do_package_write_rpm
 deltask do_package_write_ipk
 deltask do_package_write_deb
+deltask do_package_write_tar
 deltask do_package_qa
 deltask do_packagedata
 deltask do_package_setscene

meta/classes/package.bbclass

@@ -535,7 +535,7 @@ def copydebugsources(debugsrcdir, sources, d):
 # Package data handling routines
 #
 
-def get_package_mapping (pkg, basepkg, d):
+def get_package_mapping (pkg, basepkg, d, depversions=None):
     import oe.packagedata
 
     data = oe.packagedata.read_subpkgdata(pkg, d)
@@ -546,6 +546,14 @@ def get_package_mapping (pkg, basepkg, d):
         if bb.data.inherits_class('allarch', d) and not d.getVar('MULTILIB_VARIANTS') \
             and data[key] == basepkg:
             return pkg
+        if depversions == []:
+            # Avoid returning a mapping if the renamed package rprovides its original name
+            rprovkey = "RPROVIDES_%s" % pkg
+            if rprovkey in data:
+                if pkg in bb.utils.explode_dep_versions2(data[rprovkey]):
+                    bb.note("%s rprovides %s, not replacing the latter" % (data[key], pkg))
+                    return pkg
+        # Do map to rewritten package name
         return data[key]
 
     return pkg
@@ -566,8 +574,10 @@ def runtime_mapping_rename (varname, pkg, d):
 
     new_depends = {}
     deps = bb.utils.explode_dep_versions2(d.getVar(varname) or "")
-    for depend in deps:
-        new_depend = get_package_mapping(depend, pkg, d)
+    for depend, depversions in deps.items():
+        new_depend = get_package_mapping(depend, pkg, d, depversions)
+        if depend != new_depend:
+            bb.note("package name mapping done: %s -> %s" % (depend, new_depend))
         new_depends[new_depend] = deps[depend]
 
     d.setVar(varname, bb.utils.join_deps(new_depends, commasep=False))
@@ -950,7 +960,7 @@ python split_and_strip_files () {
 
     dvar = d.getVar('PKGD')
     pn = d.getVar('PN')
-    targetos = d.getVar('TARGET_OS')
+    hostos = d.getVar('HOST_OS')
 
     oldcwd = os.getcwd()
     os.chdir(dvar)
@@ -1105,7 +1115,7 @@ python split_and_strip_files () {
     if (d.getVar('INHIBIT_PACKAGE_DEBUG_SPLIT') != '1'):
         results = oe.utils.multiprocess_launch(splitdebuginfo, list(elffiles), d, extraargs=(dvar, debugdir, debuglibdir, debugappend, debugsrcdir, d))
 
-        if debugsrcdir and not targetos.startswith("mingw"):
+        if debugsrcdir and not hostos.startswith("mingw"):
             if (d.getVar('PACKAGE_DEBUG_STATIC_SPLIT') == '1'):
                 results = oe.utils.multiprocess_launch(splitstaticdebuginfo, staticlibs, d, extraargs=(dvar, debugstaticdir, debugstaticlibdir, debugstaticappend, debugsrcdir, d))
             else:
@@ -1544,7 +1554,7 @@ fi
         # Symlinks needed for rprovides lookup
         rprov = d.getVar('RPROVIDES_%s' % pkg) or d.getVar('RPROVIDES')
         if rprov:
-            for p in rprov.strip().split():
+            for p in bb.utils.explode_deps(rprov):
                 subdata_sym = pkgdatadir + "/runtime-rprovides/%s/%s" % (p, pkg)
                 bb.utils.mkdirhier(os.path.dirname(subdata_sym))
                 oe.path.symlink("../../runtime/%s" % pkg, subdata_sym, True)
@@ -1667,7 +1677,7 @@ python package_do_shlibs() {
     else:
         shlib_pkgs = packages.split()
 
-    targetos = d.getVar('TARGET_OS')
+    hostos = d.getVar('HOST_OS')
 
     workdir = d.getVar('WORKDIR')
 
@@ -1818,9 +1828,9 @@ python package_do_shlibs() {
                 soname = None
                 if cpath.islink(file):
                     continue
-                if targetos == "darwin" or targetos == "darwin8":
+                if hostos == "darwin" or hostos == "darwin8":
                     darwin_so(file, needed, sonames, renames, pkgver)
-                elif targetos.startswith("mingw"):
+                elif hostos.startswith("mingw"):
                     mingw_dll(file, needed, sonames, renames, pkgver)
                 elif os.access(file, os.X_OK) or lib_re.match(file):
                     linuxlist.append(file)
@@ -1842,7 +1852,7 @@ python package_do_shlibs() {
         shlibs_file = os.path.join(shlibswork_dir, pkg + ".list")
         if len(sonames):
             with open(shlibs_file, 'w') as fd:
-                for s in sonames:
+                for s in sorted(sonames):
                     if s[0] in shlib_provider and s[1] in shlib_provider[s[0]]:
                         (old_pkg, old_pkgver) = shlib_provider[s[0]][s[1]]
                         if old_pkg != pkg:

meta/classes/package_tar.bbclass

@@ -57,10 +57,8 @@ python do_package_tar () {
 
 python () {
     if d.getVar('PACKAGES') != '':
-        deps = (d.getVarFlag('do_package_write_tar', 'depends') or "").split()
-        deps.append('tar-native:do_populate_sysroot')
-        deps.append('virtual/fakeroot-native:do_populate_sysroot')
-        d.setVarFlag('do_package_write_tar', 'depends', " ".join(deps))
+        deps = ' tar-native:do_populate_sysroot virtual/fakeroot-native:do_populate_sysroot'
+        d.appendVarFlag('do_package_write_tar', 'depends', deps)
         d.setVarFlag('do_package_write_tar', 'fakeroot', "1")
 }
 

meta/classes/populate_sdk_ext.bbclass

@@ -310,8 +310,9 @@ python copy_buildsystem () {
         if os.path.exists(builddir + '/conf/auto.conf'):
             with open(builddir + '/conf/auto.conf', 'r') as f:
                 oldlines += f.readlines()
-        with open(builddir + '/conf/local.conf', 'r') as f:
-            oldlines += f.readlines()
+        if os.path.exists(builddir + '/conf/local.conf'):
+            with open(builddir + '/conf/local.conf', 'r') as f:
+                oldlines += f.readlines()
         (updated, newlines) = bb.utils.edit_metadata(oldlines, varlist, handle_var)
 
         with open(baseoutpath + '/conf/local.conf', 'w') as f:

meta/classes/testimage.bbclass

@@ -31,6 +31,7 @@ TESTIMAGE_AUTO ??= "0"
 # TEST_LOG_DIR contains a command ssh log and may contain infromation about what command is running, output and return codes and for qemu a boot log till login.
 # Booting is handled by this class, and it's not a test in itself.
 # TEST_QEMUBOOT_TIMEOUT can be used to set the maximum time in seconds the launch code will wait for the login prompt.
+# TEST_OVERALL_TIMEOUT can be used to set the maximum time in seconds the tests will be allowed to run (defaults to no limit).
 # TEST_QEMUPARAMS can be used to pass extra parameters to qemu, e.g. "-m 1024" for setting the amount of ram to 1 GB.
 # TEST_RUNQEMUPARAMS can be used to pass extra parameters to runqemu, e.g. "gl" to enable OpenGL acceleration.
 
@@ -75,6 +76,7 @@ DEFAULT_TEST_SUITES_remove_qemumips64 = "${MIPSREMOVE}"
 TEST_SUITES ?= "${DEFAULT_TEST_SUITES}"
 
 TEST_QEMUBOOT_TIMEOUT ?= "1000"
+TEST_OVERALL_TIMEOUT ?= ""
 TEST_TARGET ?= "qemu"
 TEST_QEMUPARAMS ?= ""
 TEST_RUNQEMUPARAMS ?= ""
@@ -206,6 +208,10 @@ def testimage_main(d):
         """
         os.kill(os.getpid(), signal.SIGINT)
 
+    def handle_test_timeout(timeout):
+        bb.warn("Global test timeout reached (%s seconds), stopping the tests." %(timeout))
+        os.kill(os.getpid(), signal.SIGINT)
+
     testimage_sanity(d)
 
     if (d.getVar('IMAGE_PKGTYPE') == 'rpm'
@@ -363,6 +369,11 @@ def testimage_main(d):
         # We need to check if runqemu ends unexpectedly
         # or if the worker send us a SIGTERM
         tc.target.start(params=d.getVar("TEST_QEMUPARAMS"), runqemuparams=d.getVar("TEST_RUNQEMUPARAMS"))
+        import threading
+        try:
+            threading.Timer(int(d.getVar("TEST_OVERALL_TIMEOUT")), handle_test_timeout, (int(d.getVar("TEST_OVERALL_TIMEOUT")),)).start()
+        except ValueError:
+            pass
         results = tc.runTests()
     except (KeyboardInterrupt, BlockingIOError) as err:
         if isinstance(err, KeyboardInterrupt):

meta/classes/uninative.bbclass

@@ -56,12 +56,17 @@ python uninative_event_fetchloader() {
             # Our games with path manipulation of DL_DIR mean standard PREMIRRORS don't work
             # and we can't easily put 'chksum' into the url path from a url parameter with
             # the current fetcher url handling
-            ownmirror = d.getVar('SOURCE_MIRROR_URL')
-            if ownmirror:
-                localdata.appendVar("PREMIRRORS", " ${UNINATIVE_URL}${UNINATIVE_TARBALL} ${SOURCE_MIRROR_URL}/uninative/%s/${UNINATIVE_TARBALL}" % chksum)
+            premirrors = bb.fetch2.mirror_from_string(localdata.getVar("PREMIRRORS"))
+            for line in premirrors:
+                try:
+                    (find, replace) = line
+                except ValueError:
+                    continue
+                if find.startswith("http"):
+                    localdata.appendVar("PREMIRRORS", " ${UNINATIVE_URL}${UNINATIVE_TARBALL} %s/uninative/%s/${UNINATIVE_TARBALL}" % (replace, chksum))
 
             srcuri = d.expand("${UNINATIVE_URL}${UNINATIVE_TARBALL};sha256sum=%s" % chksum)
-            bb.note("Fetching uninative binary shim from %s" % srcuri)
+            bb.note("Fetching uninative binary shim %s (will check PREMIRRORS first)" % srcuri)
 
             fetcher = bb.fetch2.Fetch([srcuri], localdata, cache=False)
             fetcher.download()

meta/conf/distro/include/yocto-uninative.inc

@@ -6,9 +6,9 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.31"
+UNINATIVE_MAXGLIBCVERSION = "2.32"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/"
-UNINATIVE_CHECKSUM[aarch64] ?= "989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe"
-UNINATIVE_CHECKSUM[i686] ?= "cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990"
-UNINATIVE_CHECKSUM[x86_64] ?= "a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.9/"
+UNINATIVE_CHECKSUM[aarch64] ?= "9f25a667aee225b1dd65c4aea73e01983e825b1cb9b56937932a1ee328b45f81"
+UNINATIVE_CHECKSUM[i686] ?= "cae5d73245d95b07cf133b780ba3f6c8d0adca3ffc4e7e7fab999961d5e24d36"
+UNINATIVE_CHECKSUM[x86_64] ?= "d07916b95c419c81541a19c8ef0ed8cbd78ae18437ff28a4c8a60ef40518e423"

meta/conf/layer.conf

@@ -71,6 +71,7 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   grub-efi->grub-bootconf \
   liberation-fonts->fontconfig \
   cantarell-fonts->fontconfig \
+  ttf-bitstream-vera->fontconfig \
   gnome-icon-theme->librsvg \
   font-alias->font-util \
   systemd-boot->systemd-bootconf \

meta/conf/machine/qemumips.conf

@@ -9,6 +9,10 @@ require conf/machine/include/qemuboot-mips.inc
 KERNEL_IMAGETYPE = "vmlinux"
 KERNEL_ALT_IMAGETYPE = "vmlinux.bin"
 
+UBOOT_MACHINE ?= "qemu_mips_defconfig"
+
 SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1"
 
 QB_SYSTEM_NAME = "qemu-system-mips"
+
+QB_CPU = "-cpu 34Kf"

meta/conf/machine/qemumips64.conf

@@ -11,6 +11,8 @@ QB_CPU = "-cpu MIPS64R2-generic"
 KERNEL_IMAGETYPE = "vmlinux"
 KERNEL_ALT_IMAGETYPE = "vmlinux.bin"
 
+UBOOT_MACHINE ?= "qemu_mips64_defconfig"
+
 SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1"
 
 QB_SYSTEM_NAME = "qemu-system-mips64"

meta/conf/multilib.conf

@@ -30,4 +30,4 @@ PKG_CONFIG_PATH[vardepvalueexclude] = ":${WORKDIR}/recipe-sysroot/${datadir}/pkg
 
 # These recipes don't need multilib variants, the ${BPN} PROVDES/RPROVDES
 # ${MLPREFIX}${BPN}
-NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf"
+NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"

meta/conf/sanity.conf

@@ -3,7 +3,7 @@
 # See sanity.bbclass
 #
 # Expert users can confirm their sanity with "touch conf/sanity.conf"
-BB_MIN_VERSION = "1.43.2"
+BB_MIN_VERSION = "1.46.0"
 
 SANITY_ABIFILE = "${TMPDIR}/abi_version"
 

meta/lib/oeqa/core/runner.py

@@ -195,6 +195,20 @@ class OETestResult(_TestResult):
                 report['log'] = log
             if duration:
                 report['duration'] = duration
+
+            alltags = []
+            # pull tags from the case class
+            if hasattr(case, "__oeqa_testtags"):
+                alltags.extend(getattr(case, "__oeqa_testtags"))
+            # pull tags from the method itself
+            test_name = case._testMethodName
+            if hasattr(case, test_name):
+                method = getattr(case, test_name)
+                if hasattr(method, "__oeqa_testtags"):
+                    alltags.extend(getattr(method, "__oeqa_testtags"))
+            if alltags:
+                report['oetags'] = alltags
+
             if dump_streams and case.id() in self.logged_output:
                 (stdout, stderr) = self.logged_output[case.id()]
                 report['stdout'] = stdout

meta/lib/oeqa/core/target/ssh.py

@@ -107,13 +107,16 @@ class OESSHTarget(OETarget):
             scpCmd = self.scp + [localSrc, remotePath]
             return self._run(scpCmd, ignore_status=False)
 
-    def copyFrom(self, remoteSrc, localDst):
+    def copyFrom(self, remoteSrc, localDst, warn_on_failure=False):
         """
             Copy file from target.
         """
         remotePath = '%s@%s:%s' % (self.user, self.ip, remoteSrc)
         scpCmd = self.scp + [remotePath, localDst]
-        return self._run(scpCmd, ignore_status=False)
+        (status, output) = self._run(scpCmd, ignore_status=warn_on_failure)
+        if warn_on_failure and status:
+            self.logger.warning("Copy returned non-zero exit status %d:\n%s" % (status, output))
+        return (status, output)
 
     def copyDirTo(self, localSrc, remoteDst):
         """

meta/lib/oeqa/manual/bsp-hw.json

@@ -123,28 +123,6 @@
             "summary": "boot_from_runlevel_5"
         }
     },
-    {
-        "test": {
-            "@alias": "bsps-hw.bsps-hw.shutdown_system",
-            "author": [
-                {
-                    "email": "alexandru.c.georgescu@intel.com",
-                    "name": "alexandru.c.georgescu@intel.com"
-                }
-            ],
-            "execution": {
-                "1": {
-                    "action": "boot system",
-                    "expected_results": ""
-                },
-                "2": {
-                    "action": "launch terminal and run \"shutdown -h now\" or \"poweroff\"",
-                    "expected_results": "System can be shutdown successfully . "
-                }
-            },
-            "summary": "shutdown_system"
-        }
-    },
     {
         "test": {
             "@alias": "bsps-hw.bsps-hw.switch_among_multi_applications_and_desktop",
@@ -261,28 +239,6 @@
             "summary": "connman_offline_mode_in_connman-gnome"
         }
     },
-    {
-        "test": {
-            "@alias": "bsps-hw.bsps-hw.X_server_can_start_up_with_runlevel_5_boot",
-            "author": [
-                {
-                    "email": "alexandru.c.georgescu@intel.com",
-                    "name": "alexandru.c.georgescu@intel.com"
-                }
-            ],
-            "execution": {
-                "1": {
-                    "action": "boot up system with default runlevel  \n\n",
-                    "expected_results": "X server can start up well and desktop display has no problem .  \n\n"
-                },
-                "2": {
-                    "action": "type runlevel at command prompt",
-                    "expected_results": "Output:N 5"
-                }
-            },
-            "summary": "X_server_can_start_up_with_runlevel_5_boot"
-        }
-    },
     {
         "test": {
             "@alias": "bsps-hw.bsps-hw.standby",

meta/lib/oeqa/runtime/cases/ltp.py

@@ -78,9 +78,10 @@ class LtpTest(LtpTestBase):
             # copy nice log from DUT
             dst = os.path.join(self.ltptest_log_dir, "%s" %  ltp_group )
             remote_src = "/opt/ltp/results/%s" % ltp_group 
-            (status, output) = self.target.copyFrom(remote_src, dst)
+            (status, output) = self.target.copyFrom(remote_src, dst, True)
             msg = 'File could not be copied. Output: %s' % output
-            self.assertEqual(status, 0, msg=msg)
+            if status:
+                self.target.logger.warning(msg)
 
             parser = LtpParser()
             results, sections  = parser.parse(dst)

meta/lib/oeqa/sdk/case.py

@@ -26,7 +26,7 @@ class OESDKTestCase(OETestCase):
                 return tarball
 
         tarball = os.path.join(workdir, archive)
-        subprocess.check_output(["wget", "-O", tarball, url])
+        subprocess.check_output(["wget", "-O", tarball, url], stderr=subprocess.STDOUT)
         return tarball
 
     def check_elf(self, path, target_os=None, target_arch=None):

meta/lib/oeqa/sdk/cases/assimp.py

@@ -30,7 +30,7 @@ class BuildAssimp(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 

meta/lib/oeqa/sdk/cases/buildcpio.py

@@ -24,7 +24,7 @@ class BuildCpioTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 

meta/lib/oeqa/sdk/cases/buildepoxy.py

@@ -28,7 +28,7 @@ class EpoxyTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 

meta/lib/oeqa/sdk/cases/buildgalculator.py

@@ -31,7 +31,7 @@ class GalculatorTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 

meta/lib/oeqa/sdk/cases/buildlzip.py

@@ -20,7 +20,7 @@ class BuildLzipTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 

meta/lib/oeqa/selftest/cases/prservice.py

@@ -63,7 +63,7 @@ class BitbakePrTests(OESelftestTestCase):
         pr_2 = self.get_pr_version(package_name)
         stamp_2 = self.get_task_stamp(package_name, track_task)
 
-        self.assertTrue(pr_2 - pr_1 == 1, "Step between same pkg. revision is greater than 1")
+        self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
         self.assertTrue(stamp_1 != stamp_2, "Different pkg rev. but same stamp: %s" % stamp_1)
 
     def run_test_pr_export_import(self, package_name, replace_current_db=True):
@@ -89,7 +89,7 @@ class BitbakePrTests(OESelftestTestCase):
         self.increment_package_pr(package_name)
         pr_2 = self.get_pr_version(package_name)
 
-        self.assertTrue(pr_2 - pr_1 == 1, "Step between same pkg. revision is greater than 1")
+        self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
 
     def test_import_export_replace_db(self):
         self.run_test_pr_export_import('m4')

meta/lib/oeqa/selftest/cases/runtime_test.py

@@ -156,7 +156,7 @@ class TestImage(OESelftestTestCase):
         self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
         self.track_for_cleanup(self.gpg_home)
         signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
-        runCmd('gpg --batch --homedir %s --import %s' % (self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"))
+        runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
         features += 'INHERIT += "sign_package_feed"\n'
         features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
         features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')

meta/lib/oeqa/selftest/cases/signing.py

@@ -44,7 +44,9 @@ class Signing(OESelftestTestCase):
         origenv = os.environ.copy()
 
         for e in os.environ:
-            if builddir in os.environ[e]:
+            if builddir + "/" in os.environ[e]:
+                os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
+            if os.environ[e].endswith(builddir):
                 os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
 
         os.chdir(newbuilddir)

meta/lib/oeqa/selftest/cases/tinfoil.py

@@ -100,8 +100,9 @@ class TinfoilTests(OESelftestTestCase):
             eventreceived = False
             commandcomplete = False
             start = time.time()
-            # Wait for 5s in total so we'd detect spurious heartbeat events for example
-            while time.time() - start < 5:
+            # Wait for 10s in total so we'd detect spurious heartbeat events for example
+            # The test is IO load sensitive too
+            while time.time() - start < 10:
                 event = tinfoil.wait_event(1)
                 if event:
                     if isinstance(event, bb.command.CommandCompleted):

meta/lib/oeqa/selftest/context.py

@@ -82,7 +82,9 @@ class OESelftestTestContext(OETestContext):
         oe.path.copytree(selftestdir, newselftestdir)
 
         for e in os.environ:
-            if builddir + "/" in os.environ[e] or os.environ[e].endswith(builddir):
+            if builddir + "/" in os.environ[e]:
+                os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
+            if os.environ[e].endswith(builddir):
                 os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
 
         subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)

meta/lib/oeqa/utils/qemurunner.py

@@ -264,7 +264,7 @@ class QemuRunner:
                 % (self.runqemu.poll(), os.path.isfile(self.qemu_pidfile), str(qemu_pid), os.path.exists("/proc/" + str(qemu_pid))))
 
             # Dump all processes to help us to figure out what is going on...
-            ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,command '], stdout=subprocess.PIPE).communicate()[0]
+            ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,pri,ni,command '], stdout=subprocess.PIPE).communicate()[0]
             processes = ps.decode("utf-8")
             self.logger.debug("Running processes:\n%s" % processes)
             self._dump_host()

meta/lib/oeqa/utils/qemutinyrunner.py

@@ -138,7 +138,7 @@ class QemuTinyRunner(QemuRunner):
         #
         # Walk the process tree from the process specified looking for a qemu-system. Return its [pid'cmd]
         #
-        ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,command'], stdout=subprocess.PIPE).communicate()[0]
+        ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,pri,ni,command'], stdout=subprocess.PIPE).communicate()[0]
         processes = ps.decode("utf-8").split('\n')
         nfields = len(processes[0].split()) - 1
         pids = {}

meta/recipes-bsp/grub/grub2.inc

@@ -11,6 +11,8 @@ SECTION = "bootloaders"
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
+CVE_PRODUCT = "grub2"
+
 SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \
            file://autogen.sh-exclude-pc.patch \

meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb

@@ -10,13 +10,12 @@ LICENSE = "LGPL-2.1"
 LIC_FILES_CHKSUM = "file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c"
 SECTION = "libs"
 
-PV = "0.2+git${SRCPV}"
 SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https"
-SRCREV = "f4b9cde3815abe84a98079cedd515283ea08c16b"
+SRCREV = "824551ac77bab1d0f7ae34d7a7c77b155240e754"
 
 S = "${WORKDIR}/git"
 
-inherit cmake lib_package
+inherit uboot-config cmake lib_package
 
 EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release"
 
@@ -24,4 +23,8 @@ DEPENDS = "zlib"
 PROVIDES += "u-boot-fw-utils"
 RPROVIDES_${PN}-bin += "u-boot-fw-utils"
 
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+RRECOMMENDS_${PN}-bin_append_class-target = " u-boot-default-env"
+
 BBCLASSEXTEND = "native"

meta/recipes-bsp/u-boot/u-boot.inc

@@ -70,16 +70,6 @@ UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
 UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf"
 UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}"
 
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
-    sources=src_patches(d, True)
-    sources_list=[]
-    for s in sources:
-        if s.endswith('.cfg'):
-            sources_list.append(s)
-
-    return sources_list
-
 do_configure () {
     if [ -n "${UBOOT_CONFIG}" ]; then
         unset i j

meta/recipes-connectivity/bind/bind_9.11.22.bb

@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329"
+SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4

meta/recipes-connectivity/bluez5/bluez5.inc

@@ -42,8 +42,8 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
 PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
 PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
 PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
-PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
+PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell"
+PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell"
 PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \

meta/recipes-connectivity/openssl/openssl_1.1.1g.bb

@@ -204,6 +204,8 @@ CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
 
+RDEPENDS_${PN}-bin += "openssl-conf"
+
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_PRODUCT = "openssl:openssl"

meta/recipes-core/busybox/busybox.inc

@@ -133,16 +133,6 @@ do_prepare_config () {
 	fi
 }
 
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
-    sources=src_patches(d, True)
-    sources_list=[]
-    for s in sources:
-        if s.endswith('.cfg'):
-            sources_list.append(s)
-
-    return sources_list
-
 do_configure () {
 	set -x
 	do_prepare_config

meta/recipes-core/busybox/busybox/0001-hwclock-make-glibc-2.31-compatible.patch

@@ -0,0 +1,83 @@
+From 19a6baf0b79346deb383bbd2b5b825d59add7d5d Mon Sep 17 00:00:00 2001
+From: Sakib Sajal <sakib.sajal@windriver.com>
+Date: Fri, 17 Jul 2020 17:27:21 +0000
+Subject: [PATCH] hwclock: make glibc 2.31 compatible
+
+NEWS for glibc version 2.31
+===========================
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The settimeofday function can still be used to set a system-wide
+  time zone when the operating system supports it.  This is because
+  the Linux kernel reused the API, on some architectures, to describe
+  a system-wide time-zone-like offset between the software clock
+  maintained by the kernel, and the "RTC" clock that keeps time when
+  the system is shut down.
+
+  However, to reduce the odds of this offset being set by accident,
+  settimeofday can no longer be used to set the time and the offset
+  simultaneously.  If both of its two arguments are non-null, the call
+  will fail (setting errno to EINVAL).
+
+  Callers attempting to set this offset should also be prepared for
+  the call to fail and set errno to ENOSYS; this already happens on
+  the Hurd and on some Linux architectures.  The Linux kernel
+  maintainers are discussing a more principled replacement for the
+  reused API.  After a replacement becomes available, we will change
+  settimeofday to fail with ENOSYS on all platforms when its 'tzp'
+  argument is not a null pointer.
+
+  settimeofday itself is obsolescent according to POSIX.  Programs
+  that set the system time should use clock_settime and/or the adjtime
+  family of functions instead.  We may cease to make settimeofday
+  available to newly linked binaries after there is a replacement for
+  Linux's time-zone-like offset API.
+
+hwclock had two calls to settimeofday, in functions to_sys_clock and
+set_system_clock_timezone, where both the arguments to settimeofday
+were valid (non-null).
+Therefore, split the call, once for timezone and once for timeval.
+
+Fixes #12756
+
+Upstream-Status: Pending
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ util-linux/hwclock.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/util-linux/hwclock.c b/util-linux/hwclock.c
+index 29f5102..088ab3b 100644
+--- a/util-linux/hwclock.c
++++ b/util-linux/hwclock.c
+@@ -131,8 +131,10 @@ static void to_sys_clock(const char **pp_rtcname, int utc)
+ 
+ 	tv.tv_sec = read_rtc(pp_rtcname, NULL, utc);
+ 	tv.tv_usec = 0;
+-	if (settimeofday(&tv, &tz))
+-		bb_perror_msg_and_die("settimeofday");
++	if (settimeofday(NULL, &tz))
++		bb_perror_msg_and_die("settimeofday: timezone");
++	if (settimeofday(&tv, NULL))
++		bb_perror_msg_and_die("settimeofday: timeval");
+ }
+ 
+ static void from_sys_clock(const char **pp_rtcname, int utc)
+@@ -283,8 +285,10 @@ static void set_system_clock_timezone(int utc)
+ 	gettimeofday(&tv, NULL);
+ 	if (!utc)
+ 		tv.tv_sec += tz.tz_minuteswest * 60;
+-	if (settimeofday(&tv, &tz))
+-		bb_perror_msg_and_die("settimeofday");
++	if (settimeofday(NULL, &tz))
++		bb_perror_msg_and_die("settimeofday: timezone");
++	if (settimeofday(&tv, NULL))
++		bb_perror_msg_and_die("settimeofday: timeval");
+ }
+ 
+ //usage:#define hwclock_trivial_usage
+-- 
+2.27.0
+

meta/recipes-core/busybox/busybox_1.31.1.bb

@@ -49,6 +49,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-Remove-stime-function-calls.patch \
            file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
            file://busybox-CVE-2018-1000500.patch \
+           file://0001-hwclock-make-glibc-2.31-compatible.patch \
 "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 

meta/recipes-core/ell/ell_0.33.bb

@@ -14,7 +14,7 @@ DEPENDS = "dbus"
 inherit autotools pkgconfig
 
 SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "42fdb9e24ff561a101389d51445cab1ff7d55f5385dc22a05b0493088cf99e30"
+SRC_URI[sha256sum] = "d9e40e641164150394b74b719b9726fc734f24b2cde679cf5f3be6915c34eded"
 
 do_configure_prepend () {
     mkdir -p ${S}/build-aux

meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch

@@ -22,7 +22,7 @@ index 71e88c4..8ce3987 100644
 @@ -831,14 +831,14 @@ pkg.generate(libgio,
                 'schemasdir=' + join_paths('${datadir}', schemas_subdir),
                 'bindir=' + join_paths('${prefix}', get_option('bindir')),
-                'giomoduledir=' + giomodulesdir,
+                'giomoduledir=' + pkgconfig_giomodulesdir,
 -               'gio=' + join_paths('${bindir}', 'gio'),
 -               'gio_querymodules=' + join_paths('${bindir}', 'gio-querymodules'),
 -               'glib_compile_schemas=' + join_paths('${bindir}', 'glib-compile-schemas'),

meta/recipes-core/glib-2.0/glib-2.0/0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch

@@ -1,43 +0,0 @@
-From ef2be42998e3fc10299055a5a01f7c791538174c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Mon, 3 Feb 2020 15:38:28 +0200
-Subject: [PATCH] GMainContext - Fix GSource iterator if iteration can modify
- the list
-
-We first have to ref the next source and then unref the previous one.
-This might be the last reference to the previous source, and freeing the
-previous source might unref and free the next one which would then leave
-use with a dangling pointer here.
-
-Fixes https://gitlab.gnome.org/GNOME/glib/issues/2031
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/b06c48de7554607ff3fb58d6c0510cfa5088e909]
-
----
- glib/gmain.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/glib/gmain.c b/glib/gmain.c
-index af979c8..a9a287d 100644
---- a/glib/gmain.c
-+++ b/glib/gmain.c
-@@ -969,13 +969,17 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
-    * GSourceList to be removed from source_lists (if iter->source is
-    * the only source in its list, and it is destroyed), so we have to
-    * keep it reffed until after we advance iter->current_list, above.
-+   *
-+   * Also we first have to ref the next source before unreffing the
-+   * previous one as unreffing the previous source can potentially
-+   * free the next one.
-    */
-+  if (next_source && iter->may_modify)
-+    g_source_ref (next_source);
-
-   if (iter->source && iter->may_modify)
-     g_source_unref_internal (iter->source, iter->context, TRUE);
-   iter->source = next_source;
--  if (iter->source && iter->may_modify)
--    g_source_ref (iter->source);
-
-   *source = iter->source;
-   return *source != NULL;

meta/recipes-core/glib-2.0/glib-2.0/0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch

@@ -1,109 +0,0 @@
-From 611430a32a46d0dc806a829161e2dccf9c0196a8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Mon, 3 Feb 2020 15:35:51 +0200
-Subject: [PATCH] GMainContext - Fix memory leaks and memory corruption when
- freeing sources while freeing a context
-
-Instead of destroying sources directly while freeing the context, and
-potentially freeing them if this was the last reference to them, collect
-new references of all sources in a separate list before and at the same
-time invalidate their context so that they can't access it anymore. Only
-once all sources have their context invalidated, destroy them while
-still keeping a reference to them. Once all sources are destroyed we get
-rid of the additional references and free them if nothing else keeps a
-reference to them anymore.
-
-This fixes a regression introduced by 26056558be in 2012.
-
-The previous code that invalidated the context of each source and then
-destroyed it before going to the next source without keeping an
-additional reference caused memory leaks or memory corruption depending
-on the order of the sources in the sources lists.
-
-If a source was destroyed it might happen that this was the last
-reference to this source, and it would then be freed. This would cause
-the finalize function to be called, which might destroy and unref
-another source and potentially free it. This other source would then
-either
-- go through the normal free logic and change the intern linked list
-  between the sources, while other sources that are unreffed as part of
-  the main context freeing would not. As such the list would be in an
-  inconsistent state and we might dereference freed memory.
-- go through the normal destroy and free logic but because the context
-  pointer was already invalidated it would simply mark the source as
-  destroyed without actually removing it from the context. This would
-  then cause a memory leak because the reference owned by the context is
-  not freed.
-
-Fixes https://github.com/gtk-rs/glib/issues/583 while still keeping
-https://bugzilla.gnome.org/show_bug.cgi?id=661767 fixes.
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/aa20167d419c649f34fed06a9463890b41b1eba0]
-
----
- glib/gmain.c | 35 ++++++++++++++++++++++++++++++++++-
- 1 file changed, 34 insertions(+), 1 deletion(-)
-
-diff --git a/glib/gmain.c b/glib/gmain.c
-index a9a287d..10ba2f8 100644
---- a/glib/gmain.c
-+++ b/glib/gmain.c
-@@ -538,6 +538,7 @@ g_main_context_unref (GMainContext *context)
-   GSourceIter iter;
-   GSource *source;
-   GList *sl_iter;
-+  GSList *s_iter, *remaining_sources = NULL;
-   GSourceList *list;
-   guint i;
-
-@@ -557,10 +558,30 @@ g_main_context_unref (GMainContext *context)
-
-   /* g_source_iter_next() assumes the context is locked. */
-   LOCK_CONTEXT (context);
--  g_source_iter_init (&iter, context, TRUE);
-+
-+  /* First collect all remaining sources from the sources lists and store a
-+   * new reference in a separate list. Also set the context of the sources
-+   * to NULL so that they can't access a partially destroyed context anymore.
-+   *
-+   * We have to do this first so that we have a strong reference to all
-+   * sources and destroying them below does not also free them, and so that
-+   * none of the sources can access the context from their finalize/dispose
-+   * functions. */
-+  g_source_iter_init (&iter, context, FALSE);
-   while (g_source_iter_next (&iter, &source))
-     {
-       source->context = NULL;
-+      remaining_sources = g_slist_prepend (remaining_sources, g_source_ref (source));
-+    }
-+  g_source_iter_clear (&iter);
-+
-+  /* Next destroy all sources. As we still hold a reference to all of them,
-+   * this won't cause any of them to be freed yet and especially prevents any
-+   * source that unrefs another source from its finalize function to be freed.
-+   */
-+  for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
-+    {
-+      source = s_iter->data;
-       g_source_destroy_internal (source, context, TRUE);
-     }
-   UNLOCK_CONTEXT (context);
-@@ -585,6 +606,18 @@ g_main_context_unref (GMainContext *context)
-   g_cond_clear (&context->cond);
-
-   g_free (context);
-+
-+  /* And now finally get rid of our references to the sources. This will cause
-+   * them to be freed unless something else still has a reference to them. Due
-+   * to setting the context pointers in the sources to NULL above, this won't
-+   * ever access the context or the internal linked list inside the GSource.
-+   * We already removed the sources completely from the context above. */
-+  for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
-+    {
-+      source = s_iter->data;
-+      g_source_unref_internal (source, NULL, FALSE);
-+    }
-+  g_slist_free (remaining_sources);
- }
-
- /* Helper function used by mainloop/overflow test.

meta/recipes-core/glib-2.0/glib-2.0/0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch

@@ -1,36 +0,0 @@
-From 3e9d85f1b75e2b1096d9643563d7d17380752fc7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 11 Feb 2020 09:34:38 +0200
-Subject: [PATCH] GMainContext - Move mutex unlocking in destructor right
- before freeing the mutex
-
-This does not have any behaviour changes but is cleaner. The mutex is
-only unlocked now after all operations on the context are done and right
-before freeing the mutex and the context itself.
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/730a75fc8e8271c38fbd5363d1f77a00876b9ddc]
-
----
- glib/gmain.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/glib/gmain.c b/glib/gmain.c
-index 10ba2f8..b1df470 100644
---- a/glib/gmain.c
-+++ b/glib/gmain.c
-@@ -584,7 +584,6 @@ g_main_context_unref (GMainContext *context)
-       source = s_iter->data;
-       g_source_destroy_internal (source, context, TRUE);
-     }
--  UNLOCK_CONTEXT (context);
-
-   for (sl_iter = context->source_lists; sl_iter; sl_iter = sl_iter->next)
-     {
-@@ -595,6 +594,7 @@ g_main_context_unref (GMainContext *context)
-
-   g_hash_table_destroy (context->sources);
-
-+  UNLOCK_CONTEXT (context);
-   g_mutex_clear (&context->mutex);
-
-   g_ptr_array_free (context->pending_dispatches, TRUE);

meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch

@@ -31,8 +31,8 @@ index 1007abd..5380982 100644
  #endif
  #include <glib/gstdio.h>
  
-@@ -1158,7 +1160,15 @@ get_gio_module_dir (void)
- #endif
+@@ -1149,7 +1151,15 @@ get_gio_module_dir (void)
+                                      NULL);
        g_free (install_dir);
  #else
 -      module_dir = g_strdup (GIO_MODULE_DIR);

meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb

@@ -16,15 +16,12 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
            file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
            file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
-           file://0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch \
-           file://0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch \
-           file://0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"
 
-SRC_URI[md5sum] = "d52234ecba128932bed90bbc3553bfe5"
-SRC_URI[sha256sum] = "4c84030d77fa9712135dfa8036ad663925655ae95b1d19399b6200e869925bbc"
+SRC_URI[md5sum] = "46bba5410ad4e75f65e4b2cc61a1afc8"
+SRC_URI[sha256sum] = "104fa26fbefae8024ff898330c671ec23ad075c1c0bce45c325c6d5657d58b9c"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.

meta/recipes-core/glib-networking/glib-networking_2.62.4.bb

@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 SECTION = "libs"
 DEPENDS = "glib-2.0"
 
-SRC_URI[archive.md5sum] = "a758ca62bd54982a798b39c744cbf783"
-SRC_URI[archive.sha256sum] = "8ca1f86f23a76b5c7640624f7d5490705c78e81375e1741c9a1c41ce7f8f7ff7"
+SRC_URI[archive.md5sum] = "fad14a4a2cac73f0c2f9d426f1a9e5af"
+SRC_URI[archive.sha256sum] = "c18f289eec480fdce12044c0a06f77521edf9f460d16ad4213de61f2a3b294cf"
 
 PACKAGECONFIG ??= "gnutls"
 

meta/recipes-core/glibc/glibc-version.inc

@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.31/master"
 PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "109474122400ca7d60782b131dc867a5c1f2fe55"
+SRCREV_glibc ?= "6fdf971c9dbf7dac9bea552113fe4694015bbc4d"
 SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"

meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch

@@ -1,31 +0,0 @@
-From c323125744020a29f79e50dc4d024b55c482eafc Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 18 Mar 2015 00:28:41 +0000
-Subject: [PATCH] Add unused attribute
-
-Helps in avoiding gcc warning when header is is included in
-a source file which does not use both functions
-
-        * iconv/gconv_charset.h (strip):
-        Add unused attribute.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Upstream-Status: Pending
----
- iconv/gconv_charset.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/iconv/gconv_charset.h b/iconv/gconv_charset.h
-index 348acc089b..fa92465d89 100644
---- a/iconv/gconv_charset.h
-+++ b/iconv/gconv_charset.h
-@@ -21,7 +21,7 @@
- #include <locale.h>
- 
- 
--static void
-+static void __attribute__ ((unused))
- strip (char *wp, const char *s)
- {
-   int slash_count = 0;

meta/recipes-core/glibc/glibc_2.31.bb

@@ -1,7 +1,7 @@
 require glibc.inc
 require glibc-version.inc
 
-CVE_CHECK_WHITELIST += "CVE-2020-10029"
+CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
 
 DEPENDS += "gperf-native bison-native make-native"
 
@@ -28,7 +28,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
            file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
            file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
-           file://0016-Add-unused-attribute.patch \
            file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
            file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
            file://0019-Remove-bash-dependency-for-nscd-init-script.patch \

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "ff7dbd392aced161a79303f5312c2b356f3305dc"
+SRCREV ?= "5ad59495782e8dbcb2b9d18e27ca4bde131465b4"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/initrdscripts/initramfs-framework/init

@@ -88,12 +88,25 @@ fi
 
 # populate bootparam environment
 for p in `cat /proc/cmdline`; do
+	if [ -n "$quoted" ]; then
+		value="$value $p"
+		if [ "`echo $p | sed -e 's/\"$//'`" != "$p" ]; then
+			eval "bootparam_${quoted}=${value}"
+			unset quoted
+		fi
+		continue
+	fi
+
 	opt=`echo $p | cut -d'=' -f1`
 	opt=`echo $opt | sed -e 'y/.-/__/'`
 	if [ "`echo $p | cut -d'=' -f1`" = "$p" ]; then
 		eval "bootparam_${opt}=true"
 	else
 		value="`echo $p | cut -d'=' -f2-`"
+		if [ "`echo $value | sed -e 's/^\"//'`" != "$value" ]; then
+			quoted=${opt}
+			continue
+		fi
 		eval "bootparam_${opt}=\"${value}\""
 	fi
 done

meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh

@@ -9,10 +9,10 @@
 ### END INIT INFO
 
 # Get ROOT_DIR
-DIRNAME=`dirname $0`
-ROOT_DIR=`echo $DIRNAME | sed -ne 's:/etc/.*::p'`
+DIRNAME="$(dirname "$0")"
+ROOT_DIR="$(echo "$DIRNAME" | sed -ne 's:/etc/.*::p')"
 
-[ -e ${ROOT_DIR}/etc/default/rcS ] && . ${ROOT_DIR}/etc/default/rcS
+[ -e "${ROOT_DIR}/etc/default/rcS" ] && . "${ROOT_DIR}/etc/default/rcS"
 # When running populate-volatile.sh at rootfs time, disable cache.
 [ -n "$ROOT_DIR" ] && VOLATILE_ENABLE_CACHE=no
 # If rootfs is read-only, disable cache.
@@ -26,15 +26,15 @@ COREDEF="00_core"
 
 create_file() {
 	EXEC=""
-	[ -z "$2" ] && {
+	if [ -z "$2" ]; then
 		EXEC="
 		touch \"$1\";
 		"
-	} || {
+	else
 		EXEC="
 		cp \"$2\" \"$1\";
 		"
-	}
+	fi
 	EXEC="
 	${EXEC}
 	chown ${TUSER}:${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
@@ -42,19 +42,19 @@ create_file() {
 
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
 
-	[ -e "$1" ] && {
+	if [ -e "$1" ]; then
 		[ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
-	} || {
+	else
 		if [ -z "$ROOT_DIR" ]; then
-			eval $EXEC
+			eval "$EXEC"
 		else
 			# Creating some files at rootfs time may fail and should fail,
 			# but these failures should not be logged to make sure the do_rootfs
 			# process doesn't fail. This does no harm, as this script will
 			# run on target to set up the correct files and directories.
-			eval $EXEC > /dev/null 2>&1
+			eval "$EXEC" > /dev/null 2>&1
 		fi
-	}
+	fi
 }
 
 mk_dir() {
@@ -64,17 +64,17 @@ mk_dir() {
 	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
 
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
-	[ -e "$1" ] && {
+	if [ -e "$1" ]; then
 		[ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
-	} || {
+	else
 		if [ -z "$ROOT_DIR" ]; then
-			eval $EXEC
+			eval "$EXEC"
 		else
 			# For the same reason with create_file(), failures should
 			# not be logged.
-			eval $EXEC > /dev/null 2>&1
+			eval "$EXEC" > /dev/null 2>&1
 		fi
-	}
+	fi
 }
 
 link_file() {
@@ -96,11 +96,11 @@ link_file() {
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "	$EXEC" >> /etc/volatile.cache.build
 
 	if [ -z "$ROOT_DIR" ]; then
-		eval $EXEC
+		eval "$EXEC"
 	else
 		# For the same reason with create_file(), failures should
 		# not be logged.
-		eval $EXEC > /dev/null 2>&1
+		eval "$EXEC" > /dev/null 2>&1
 	fi
 }
 
@@ -117,11 +117,11 @@ check_requirements() {
 	TMP_DEFINED="${TMPROOT}/tmpdefined.$$"
 	TMP_COMBINED="${TMPROOT}/tmpcombined.$$"
 
-	sed 's@\(^:\)*:.*@\1@' ${ROOT_DIR}/etc/passwd | sort | uniq > "${TMP_DEFINED}"
-	cat ${CFGFILE} | grep -v "^#" | cut -s -d " " -f 2 > "${TMP_INTERMED}"
+	sed 's@\(^:\)*:.*@\1@' "${ROOT_DIR}/etc/passwd" | sort | uniq > "${TMP_DEFINED}"
+	grep -v "^#" "${CFGFILE}" | cut -s -d " " -f 2 > "${TMP_INTERMED}"
 	cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
-	NR_DEFINED_USERS="`cat "${TMP_DEFINED}" | wc -l`"
-	NR_COMBINED_USERS="`cat "${TMP_COMBINED}" | wc -l`"
+	NR_DEFINED_USERS="$(wc -l < "${TMP_DEFINED}")"
+	NR_COMBINED_USERS="$(wc -l < "${TMP_COMBINED}")"
 
 	[ "${NR_DEFINED_USERS}" -ne "${NR_COMBINED_USERS}" ] && {
 		echo "Undefined users:"
@@ -131,12 +131,12 @@ check_requirements() {
 	}
 
 
-	sed 's@\(^:\)*:.*@\1@' ${ROOT_DIR}/etc/group | sort | uniq > "${TMP_DEFINED}"
-	cat ${CFGFILE} | grep -v "^#" | cut -s -d " " -f 3 > "${TMP_INTERMED}"
+	sed 's@\(^:\)*:.*@\1@' "${ROOT_DIR}/etc/group" | sort | uniq > "${TMP_DEFINED}"
+	grep -v "^#" "${CFGFILE}" | cut -s -d " " -f 3 > "${TMP_INTERMED}"
 	cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
 
-	NR_DEFINED_GROUPS="`cat "${TMP_DEFINED}" | wc -l`"
-	NR_COMBINED_GROUPS="`cat "${TMP_COMBINED}" | wc -l`"
+	NR_DEFINED_GROUPS="$(wc -l < "${TMP_DEFINED}")"
+	NR_COMBINED_GROUPS="$(wc -l < "${TMP_COMBINED}")"
 
 	[ "${NR_DEFINED_GROUPS}" -ne "${NR_COMBINED_GROUPS}" ] && {
 		echo "Undefined groups:"
@@ -157,13 +157,13 @@ apply_cfgfile() {
 
 	[ "${VERBOSE}" != "no" ] && echo "Applying ${CFGFILE}"
 
-	[ "${SKIP_REQUIREMENTS}" == "yes" ] || check_requirements "${CFGFILE}" || {
+	[ "${SKIP_REQUIREMENTS}" = "yes" ] || check_requirements "${CFGFILE}" || {
 		echo "Skipping ${CFGFILE}"
 		return 1
 	}
 
-	cat ${CFGFILE} | sed 's/#.*//' | \
-	while read TTYPE TUSER TGROUP TMODE TNAME TLTARGET; do
+	sed 's/#.*//' "${CFGFILE}" | \
+	while read -r TTYPE TUSER TGROUP TMODE TNAME TLTARGET; do
 		test -z "${TLTARGET}" && continue
 		TNAME=${ROOT_DIR}${TNAME}
 		[ "${VERBOSE}" != "no" ] && echo "Checking for -${TNAME}-."
@@ -187,14 +187,14 @@ apply_cfgfile() {
 
 		[ -L "${TNAME}" ] && {
 			[ "${VERBOSE}" != "no" ] && echo "Found link."
-			NEWNAME=`ls -l "${TNAME}" | sed -e 's/^.*-> \(.*\)$/\1/'`
-			echo ${NEWNAME} | grep -v "^/" >/dev/null && {
-				TNAME="`echo ${TNAME} | sed -e 's@\(.*\)/.*@\1@'`/${NEWNAME}"
+			NEWNAME=$(ls -l "${TNAME}" | sed -e 's/^.*-> \(.*\)$/\1/')
+			if echo "${NEWNAME}" | grep -v "^/" >/dev/null; then
+				TNAME="$(echo "${TNAME}" | sed -e 's@\(.*\)/.*@\1@')/${NEWNAME}"
 				[ "${VERBOSE}" != "no" ] && echo "Converted relative linktarget to absolute path -${TNAME}-."
-			} || {
+			else
 				TNAME="${NEWNAME}"
 				[ "${VERBOSE}" != "no" ] && echo "Using absolute link target -${TNAME}-."
-			}
+			fi
 		}
 
 		case "${TTYPE}" in
@@ -217,7 +217,7 @@ apply_cfgfile() {
 
 clearcache=0
 exec 9</proc/cmdline
-while read line <&9
+while read -r line <&9
 do
 	case "$line" in
 		*clearcache*)  clearcache=1
@@ -228,11 +228,11 @@ do
 done
 exec 9>&-
 
-if test -e ${ROOT_DIR}/etc/volatile.cache -a "$VOLATILE_ENABLE_CACHE" = "yes" -a "x$1" != "xupdate" -a "x$clearcache" = "x0"
+if test -e "${ROOT_DIR}/etc/volatile.cache" -a "$VOLATILE_ENABLE_CACHE" = "yes" -a "x$1" != "xupdate" -a "x$clearcache" = "x0"
 then
-	sh ${ROOT_DIR}/etc/volatile.cache
+	sh "${ROOT_DIR}/etc/volatile.cache"
 else
-	rm -f ${ROOT_DIR}/etc/volatile.cache ${ROOT_DIR}/etc/volatile.cache.build
+	rm -f "${ROOT_DIR}/etc/volatile.cache" "${ROOT_DIR}/etc/volatile.cache.build"
 
 	# Apply the core file with out checking requirements. ${TMPROOT} is
 	# needed by check_requirements but is setup by this file, so it must be
@@ -246,7 +246,7 @@ else
 	TMP_FILE="${TMPROOT}/tmp_volatile.$$"
 	rm -f "$TMP_FILE"
 
-	CFGFILES="`ls -1 "${CFGDIR}" | grep -v "^${COREDEF}\$" | sort`"
+	CFGFILES="$(ls -1 "${CFGDIR}" | grep -v "^${COREDEF}\$" | sort)"
 	for file in ${CFGFILES}; do
 		cat "${CFGDIR}/${file}" >> "$TMP_FILE"
 	done
@@ -264,7 +264,7 @@ else
 	fi
 	rm "$TMP_FILE"
 
-	[ -e ${ROOT_DIR}/etc/volatile.cache.build ] && sync && mv ${ROOT_DIR}/etc/volatile.cache.build ${ROOT_DIR}/etc/volatile.cache
+	[ -e "${ROOT_DIR}/etc/volatile.cache.build" ] && sync && mv "${ROOT_DIR}/etc/volatile.cache.build" "${ROOT_DIR}/etc/volatile.cache"
 fi
 
 if [ -z "${ROOT_DIR}" ] && [ -f /etc/ld.so.cache ] && [ ! -f /var/run/ld.so.cache ]

meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch

@@ -0,0 +1,41 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+
+CVE: CVE-2020-24977
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ xmllint.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+     char *result;
+ 
++    /*
++     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++     * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++     * an out-of-bounds read.
++     */
++    memset(&buffer[sizeof(buffer)-4], 0, 4);
+     result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+     if (result) {
+ 	xmlGenericError(xmlGenericErrorContext, "%s", result);
+-- 
+2.17.1
+

meta/recipes-core/libxml/libxml2_2.9.10.bb

@@ -22,6 +22,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://fix-execution-of-ptests.patch \
            file://CVE-2020-7595.patch \
            file://CVE-2019-20388.patch \
+           file://CVE-2020-24977.patch \
            "
 
 SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"

meta/recipes-core/meta/cve-update-db-native.bb

@@ -29,6 +29,7 @@ python do_populate_cve_db() {
     Update NVD database with json data feed
     """
     import bb.utils
+    import bb.progress
     import sqlite3, urllib, urllib.parse, shutil, gzip
     from datetime import date
 
@@ -49,10 +50,7 @@ python do_populate_cve_db() {
     except OSError:
         pass
 
-    cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
-
-    if not os.path.isdir(db_dir):
-        os.mkdir(db_dir)
+    bb.utils.mkdirhier(db_dir)
 
     # Connect to database
     conn = sqlite3.connect(db_file)
@@ -60,56 +58,60 @@ python do_populate_cve_db() {
 
     initialize_db(c)
 
-    for year in range(YEAR_START, date.today().year + 1):
-        year_url = BASE_URL + str(year)
-        meta_url = year_url + ".meta"
-        json_url = year_url + ".json.gz"
+    with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
+        total_years = date.today().year + 1 - YEAR_START
+        for i, year in enumerate(range(YEAR_START, date.today().year + 1)):
+            ph.update((float(i + 1) / total_years) * 100)
+            year_url = BASE_URL + str(year)
+            meta_url = year_url + ".meta"
+            json_url = year_url + ".json.gz"
 
-        # Retrieve meta last modified date
-        try:
-            response = urllib.request.urlopen(meta_url)
-        except urllib.error.URLError as e:
-            cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
-            bb.warn("Failed to fetch CVE data (%s)" % e.reason)
-            return
-
-        if response:
-            for l in response.read().decode("utf-8").splitlines():
-                key, value = l.split(":", 1)
-                if key == "lastModifiedDate":
-                    last_modified = value
-                    break
-            else:
-                bb.warn("Cannot parse CVE metadata, update failed")
-                return
-
-        # Compare with current db last modified date
-        c.execute("select DATE from META where YEAR = ?", (year,))
-        meta = c.fetchone()
-        if not meta or meta[0] != last_modified:
-            # Clear products table entries corresponding to current year
-            c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
-
-            # Update db with current year json file
+            # Retrieve meta last modified date
             try:
-                response = urllib.request.urlopen(json_url)
-                if response:
-                    update_db(c, gzip.decompress(response.read()).decode('utf-8'))
-                c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+                response = urllib.request.urlopen(meta_url)
             except urllib.error.URLError as e:
-                cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
-                bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+                cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
+                bb.warn("Failed to fetch CVE data (%s)" % e.reason)
                 return
 
-        # Update success, set the date to cve_check file.
-        if year == date.today().year:
-            cve_f.write('CVE database update : %s\n\n' % date.today())
+            if response:
+                for l in response.read().decode("utf-8").splitlines():
+                    key, value = l.split(":", 1)
+                    if key == "lastModifiedDate":
+                        last_modified = value
+                        break
+                else:
+                    bb.warn("Cannot parse CVE metadata, update failed")
+                    return
 
-    cve_f.close()
-    conn.commit()
-    conn.close()
+            # Compare with current db last modified date
+            c.execute("select DATE from META where YEAR = ?", (year,))
+            meta = c.fetchone()
+            if not meta or meta[0] != last_modified:
+                # Clear products table entries corresponding to current year
+                c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
+
+                # Update db with current year json file
+                try:
+                    response = urllib.request.urlopen(json_url)
+                    if response:
+                        update_db(c, gzip.decompress(response.read()).decode('utf-8'))
+                    c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+                except urllib.error.URLError as e:
+                    cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
+                    bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+                    return
+
+            # Update success, set the date to cve_check file.
+            if year == date.today().year:
+                cve_f.write('CVE database update : %s\n\n' % date.today())
+
+        conn.commit()
+        conn.close()
 }
 
+do_populate_cve_db[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+
 def initialize_db(c):
     c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
 
@@ -176,15 +178,20 @@ def update_db(c, jsondata):
         if not elt['impact']:
             continue
 
+        accessVector = None
         cveId = elt['cve']['CVE_data_meta']['ID']
         cveDesc = elt['cve']['description']['description_data'][0]['value']
         date = elt['lastModifiedDate']
-        accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
-        cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-
         try:
+            accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+            cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+        except KeyError:
+            cvssv2 = 0.0
+        try:
+            accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
             cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
-        except:
+        except KeyError:
+            accessVector = accessVector or "UNKNOWN"
             cvssv3 = 0.0
 
         c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",

meta/recipes-core/systemd/systemd-serialgetty.bb

@@ -21,7 +21,7 @@ do_install() {
 		install -d ${D}${systemd_unitdir}/system/
 		install -d ${D}${sysconfdir}/systemd/system/getty.target.wants/
 		install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/
-		sed -i -e s/\@BAUDRATE\@/$default_baudrate/g ${D}${systemd_unitdir}/system/serial-getty@.service
+		sed -i -e "s/\@BAUDRATE\@/$default_baudrate/g" ${D}${systemd_unitdir}/system/serial-getty@.service
 
 		tmp="${SERIAL_CONSOLES}"
 		for entry in $tmp ; do
@@ -34,7 +34,7 @@ do_install() {
 			else
 				# install custom service file for the non-default baudrate
 				install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
-				sed -i -e s/\@BAUDRATE\@/$baudrate/g ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
+				sed -i -e "s/\@BAUDRATE\@/$baudrate/g" ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
 				# enable the service
 				ln -sf ${systemd_unitdir}/system/serial-getty$baudrate@.service \
 					${D}${sysconfdir}/systemd/system/getty.target.wants/serial-getty$baudrate@$ttydev.service

meta/recipes-core/sysvinit/sysvinit_2.96.bb

@@ -25,7 +25,6 @@ SRC_URI[md5sum] = "48cebffebf2a96ab09bec14bf9976016"
 SRC_URI[sha256sum] = "2a2e26b72aa235a23ab1c8471005f890309ce1196c83fbc9413c57b9ab62b587"
 
 S = "${WORKDIR}/sysvinit-${PV}"
-B = "${S}/src"
 
 inherit update-alternatives features_check
 DEPENDS_append = " update-rc.d-native base-passwd virtual/crypt"

meta/recipes-core/util-linux/util-linux.inc

@@ -247,12 +247,14 @@ ALTERNATIVE_LINK_NAME[logger] = "${bindir}/logger"
 ALTERNATIVE_LINK_NAME[losetup] = "${base_sbindir}/losetup"
 ALTERNATIVE_LINK_NAME[mesg] = "${bindir}/mesg"
 ALTERNATIVE_LINK_NAME[mkswap] = "${base_sbindir}/mkswap"
+ALTERNATIVE_LINK_NAME[mcookie] = "${bindir}/mcookie"
 ALTERNATIVE_LINK_NAME[more] = "${base_bindir}/more"
 ALTERNATIVE_LINK_NAME[mount] = "${base_bindir}/mount"
 ALTERNATIVE_LINK_NAME[mountpoint] = "${base_bindir}/mountpoint"
 ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
 ALTERNATIVE_LINK_NAME[nsenter] = "${bindir}/nsenter"
 ALTERNATIVE_LINK_NAME[pivot_root] = "${base_sbindir}/pivot_root"
+ALTERNATIVE_LINK_NAME[prlimit] = "${bindir}/prlimit"
 ALTERNATIVE_LINK_NAME[readprofile] = "${sbindir}/readprofile"
 ALTERNATIVE_LINK_NAME[renice] = "${bindir}/renice"
 ALTERNATIVE_LINK_NAME[rev] = "${bindir}/rev"
@@ -269,6 +271,7 @@ ALTERNATIVE_LINK_NAME[taskset] = "${bindir}/taskset"
 ALTERNATIVE_LINK_NAME[umount] = "${base_bindir}/umount"
 ALTERNATIVE_LINK_NAME[unshare] = "${bindir}/unshare"
 ALTERNATIVE_LINK_NAME[utmpdump] = "${bindir}/utmpdump"
+ALTERNATIVE_LINK_NAME[uuidgen] = "${bindir}/uuidgen"
 ALTERNATIVE_LINK_NAME[wall] = "${bindir}/wall"
 
 ALTERNATIVE_${PN}-doc = "\

meta/recipes-devtools/autoconf/autoconf.inc

@@ -5,9 +5,8 @@ file that lists the operating system features that the package can use, in the f
 LICENSE = "GPLv3"
 HOMEPAGE = "http://www.gnu.org/software/autoconf/"
 SECTION = "devel"
-DEPENDS += "m4-native"
-DEPENDS_class-native = "m4-native gnu-config-native"
-DEPENDS_class-nativesdk = "nativesdk-m4 nativesdk-gnu-config"
+DEPENDS = "m4-native gnu-config-native"
+
 RDEPENDS_${PN} = "m4 gnu-config \
 		  perl \
 		  perl-module-bytes \

meta/recipes-devtools/cmake/cmake.inc

@@ -26,3 +26,7 @@ SRC_URI[md5sum] = "d86ccaf3d2462b6b5947919abe5b9f15"
 SRC_URI[sha256sum] = "5f760b50b8ecc9c0c37135fae5fbf00a2fef617059aa9d61c1bb91653e5a8bfc"
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
+
+# This is specific to the npm package that installs cmake, so isn't
+# relevant to OpenEmbedded
+CVE_CHECK_WHITELIST += "CVE-2016-10642"

meta/recipes-devtools/gcc/gcc-9.3.inc

@@ -23,6 +23,8 @@ LIC_FILES_CHKSUM = "\
     file://COPYING.RUNTIME;md5=fe60d87048567d4fe8c8a0ed2448bcc8 \
 "
 
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
 BASEURI ?= "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.xz"
 #RELEASE ?= "5a5ca2d"
 #BASEURI ?= "https://repo.or.cz/official-gcc.git/snapshot/${RELEASE}.tar.gz;downloadfilename=gcc-${RELEASE}.tar.gz"

meta/recipes-devtools/go/go-1.14.inc

@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.14"
-GO_MINOR = ".1"
+GO_MINOR = ".7"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -18,5 +18,4 @@ SRC_URI += "\
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
+SRC_URI[main.sha256sum] = "064392433563660c73186991c0a315787688e7c38a561e26647686f89b6c30e3"

meta/recipes-devtools/json-c/json-c_0.13.1.bb

@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 
 SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
            file://add-disable-werror-option-to-configure.patch \
+           file://CVE-2020-12762.patch \
            "
 SRC_URI[md5sum] = "04969ad59cc37bddd83741a08b98f350"
 SRC_URI[sha256sum] = "b87e608d4d3f7bfdd36ef78d56d53c74e66ab278d318b71e6002a369d36f4873"

meta/recipes-devtools/perl/files/CVE-2020-12723.patch

@@ -0,0 +1,302 @@
+From da9ec461e22915ccabb06785bf39ec34577ada12 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Sat, 11 Apr 2020 14:10:24 +0100
+Subject: [PATCH] study_chunk: avoid mutating regexp program within GOSUB
+
+gh16947 and gh17743: studying GOSUB may restudy in an inner call
+(via a mix of recursion and enframing) something that an outer call
+is in the middle of looking at.  Let the outer frame deal with it.
+
+(CVE-2020-12723)
+
+(cherry picked from commit c4033e740bd18d9fbe3456a9db2ec2053cdc5271)
+
+Upstream-Status: Backport [https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a]
+CVE: CVE-2020-12723
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ embed.fnc  |  2 +-
+ embed.h    |  2 +-
+ proto.h    |  2 +-
+ regcomp.c  | 54 +++++++++++++++++++++++++++++++++++-------------------
+ t/re/pat.t | 26 +++++++++++++++++++++++++-
+ 5 files changed, 63 insertions(+), 23 deletions(-)
+
+diff --git a/embed.fnc b/embed.fnc
+index f45c127..eff4a50 100644
+--- a/embed.fnc
++++ b/embed.fnc
+@@ -2480,7 +2480,7 @@ Es	|SSize_t|study_chunk	|NN RExC_state_t *pRExC_state \
+ 				|NULLOK struct scan_data_t *data \
+                                 |I32 stopparen|U32 recursed_depth \
+ 				|NULLOK regnode_ssc *and_withp \
+-				|U32 flags|U32 depth
++				|U32 flags|U32 depth|bool was_mutate_ok
+ Es	|void	|rck_elide_nothing|NN regnode *node
+ EsR	|SV *	|get_ANYOFM_contents|NN const regnode * n
+ EsRn	|U32	|add_data	|NN RExC_state_t* const pRExC_state \
+diff --git a/embed.h b/embed.h
+index 356a8b9..5346ec5 100644
+--- a/embed.h
++++ b/embed.h
+@@ -1239,7 +1239,7 @@
+ #define ssc_is_cp_posixl_init	S_ssc_is_cp_posixl_init
+ #define ssc_or(a,b,c)		S_ssc_or(aTHX_ a,b,c)
+ #define ssc_union(a,b,c)	S_ssc_union(aTHX_ a,b,c)
+-#define study_chunk(a,b,c,d,e,f,g,h,i,j,k)	S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k)
++#define study_chunk(a,b,c,d,e,f,g,h,i,j,k,l)	S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k,l)
+ #  endif
+ #  if defined(PERL_IN_REGCOMP_C) || defined (PERL_IN_DUMP_C)
+ #define _invlist_dump(a,b,c,d)	Perl__invlist_dump(aTHX_ a,b,c,d)
+diff --git a/proto.h b/proto.h
+index 91530b1..1bda01f 100644
+--- a/proto.h
++++ b/proto.h
+@@ -5655,7 +5655,7 @@ PERL_STATIC_INLINE void	S_ssc_union(pTHX_ regnode_ssc *ssc, SV* const invlist, c
+ #define PERL_ARGS_ASSERT_SSC_UNION	\
+ 	assert(ssc); assert(invlist)
+ #endif
+-STATIC SSize_t	S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth);
++STATIC SSize_t	S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth, bool was_mutate_ok);
+ #define PERL_ARGS_ASSERT_STUDY_CHUNK	\
+ 	assert(pRExC_state); assert(scanp); assert(minlenp); assert(deltap); assert(last)
+ #endif
+diff --git a/regcomp.c b/regcomp.c
+index 5a9adee..8d7df1f 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -106,6 +106,7 @@ typedef struct scan_frame {
+     regnode *next_regnode;      /* next node to process when last is reached */
+     U32 prev_recursed_depth;
+     I32 stopparen;              /* what stopparen do we use */
++    bool in_gosub;              /* this or an outer frame is for GOSUB */
+ 
+     struct scan_frame *this_prev_frame; /* this previous frame */
+     struct scan_frame *prev_frame;      /* previous frame */
+@@ -4466,7 +4467,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ 			I32 stopparen,
+                         U32 recursed_depth,
+ 			regnode_ssc *and_withp,
+-			U32 flags, U32 depth)
++			U32 flags, U32 depth, bool was_mutate_ok)
+ 			/* scanp: Start here (read-write). */
+ 			/* deltap: Write maxlen-minlen here. */
+ 			/* last: Stop before this one. */
+@@ -4545,6 +4546,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                                    node length to get a real minimum (because
+                                    the folded version may be shorter) */
+ 	bool unfolded_multi_char = FALSE;
++        /* avoid mutating ops if we are anywhere within the recursed or
++         * enframed handling for a GOSUB: the outermost level will handle it.
++         */
++        bool mutate_ok = was_mutate_ok && !(frame && frame->in_gosub);
+ 	/* Peephole optimizer: */
+         DEBUG_STUDYDATA("Peep", data, depth, is_inf);
+         DEBUG_PEEP("Peep", scan, depth, flags);
+@@ -4555,7 +4560,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+          * parsing code, as each (?:..) is handled by a different invocation of
+          * reg() -- Yves
+          */
+-        JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
++        if (mutate_ok)
++            JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
+ 
+         /* Follow the next-chain of the current node and optimize
+            away all the NOTHINGs from it.
+@@ -4587,7 +4593,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+             /* DEFINEP study_chunk() recursion */
+             (void)study_chunk(pRExC_state, &scan, &minlen,
+                               &deltanext, next, &data_fake, stopparen,
+-                              recursed_depth, NULL, f, depth+1);
++                              recursed_depth, NULL, f, depth+1, mutate_ok);
+ 
+             scan = next;
+         } else
+@@ -4655,7 +4661,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                     /* recurse study_chunk() for each BRANCH in an alternation */
+ 		    minnext = study_chunk(pRExC_state, &scan, minlenp,
+                                       &deltanext, next, &data_fake, stopparen,
+-                                      recursed_depth, NULL, f, depth+1);
++                                      recursed_depth, NULL, f, depth+1,
++                                      mutate_ok);
+ 
+ 		    if (min1 > minnext)
+ 			min1 = minnext;
+@@ -4722,9 +4729,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ 		    }
+ 		}
+ 
+-                if (PERL_ENABLE_TRIE_OPTIMISATION &&
+-                        OP( startbranch ) == BRANCH )
+-                {
++                if (PERL_ENABLE_TRIE_OPTIMISATION
++                    && OP(startbranch) == BRANCH
++                    && mutate_ok
++                ) {
+ 		/* demq.
+ 
+                    Assuming this was/is a branch we are dealing with: 'scan'
+@@ -5179,6 +5187,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                 newframe->stopparen = stopparen;
+                 newframe->prev_recursed_depth = recursed_depth;
+                 newframe->this_prev_frame= frame;
++                newframe->in_gosub = (
++                    (frame && frame->in_gosub) || OP(scan) == GOSUB
++                );
+ 
+                 DEBUG_STUDYDATA("frame-new", data, depth, is_inf);
+                 DEBUG_PEEP("fnew", scan, depth, flags);
+@@ -5336,7 +5347,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ 
+                 /* This temporary node can now be turned into EXACTFU, and
+                  * must, as regexec.c doesn't handle it */
+-                if (OP(next) == EXACTFU_S_EDGE) {
++                if (OP(next) == EXACTFU_S_EDGE && mutate_ok) {
+                     OP(next) = EXACTFU;
+                 }
+ 
+@@ -5344,8 +5355,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                     &&   isALPHA_A(* STRING(next))
+                     && (         OP(next) == EXACTFAA
+                         || (     OP(next) == EXACTFU
+-                            && ! HAS_NONLATIN1_SIMPLE_FOLD_CLOSURE(* STRING(next)))))
+-                {
++                            && ! HAS_NONLATIN1_SIMPLE_FOLD_CLOSURE(* STRING(next))))
++                    &&   mutate_ok
++                ) {
+                     /* These differ in just one bit */
+                     U8 mask = ~ ('A' ^ 'a');
+ 
+@@ -5432,7 +5444,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                                   (mincount == 0
+                                    ? (f & ~SCF_DO_SUBSTR)
+                                    : f)
+-                                  ,depth+1);
++                                  , depth+1, mutate_ok);
+ 
+ 		if (flags & SCF_DO_STCLASS)
+ 		    data->start_class = oclass;
+@@ -5498,7 +5510,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ 		if (  OP(oscan) == CURLYX && data
+ 		      && data->flags & SF_IN_PAR
+ 		      && !(data->flags & SF_HAS_EVAL)
+-		      && !deltanext && minnext == 1 ) {
++		      && !deltanext && minnext == 1
++                      && mutate_ok
++                ) {
+ 		    /* Try to optimize to CURLYN.  */
+ 		    regnode *nxt = NEXTOPER(oscan) + EXTRA_STEP_2ARGS;
+ 		    regnode * const nxt1 = nxt;
+@@ -5548,10 +5562,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ 		      && !(data->flags & SF_HAS_EVAL)
+ 		      && !deltanext	/* atom is fixed width */
+ 		      && minnext != 0	/* CURLYM can't handle zero width */
+-
+                          /* Nor characters whose fold at run-time may be
+                           * multi-character */
+                       && ! (RExC_seen & REG_UNFOLDED_MULTI_SEEN)
++                      && mutate_ok
+ 		) {
+ 		    /* XXXX How to optimize if data == 0? */
+ 		    /* Optimize to a simpler form.  */
+@@ -5604,7 +5618,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                         /* recurse study_chunk() on optimised CURLYX => CURLYM */
+ 			study_chunk(pRExC_state, &nxt1, minlenp, &deltanext, nxt,
+                                     NULL, stopparen, recursed_depth, NULL, 0,
+-                                    depth+1);
++                                    depth+1, mutate_ok);
+ 		    }
+ 		    else
+ 			oscan->flags = 0;
+@@ -6009,7 +6023,8 @@ Perl_re_printf( aTHX_  "LHS=%" UVuf " RHS=%" UVuf "\n",
+                 /* recurse study_chunk() for lookahead body */
+                 minnext = study_chunk(pRExC_state, &nscan, minlenp, &deltanext,
+                                       last, &data_fake, stopparen,
+-                                      recursed_depth, NULL, f, depth+1);
++                                      recursed_depth, NULL, f, depth+1,
++                                      mutate_ok);
+                 if (scan->flags) {
+                     if (   deltanext < 0
+                         || deltanext > (I32) U8_MAX
+@@ -6114,7 +6129,7 @@ Perl_re_printf( aTHX_  "LHS=%" UVuf " RHS=%" UVuf "\n",
+                 *minnextp = study_chunk(pRExC_state, &nscan, minnextp,
+                                         &deltanext, last, &data_fake,
+                                         stopparen, recursed_depth, NULL,
+-                                        f, depth+1);
++                                        f, depth+1, mutate_ok);
+                 if (scan->flags) {
+                     assert(0);  /* This code has never been tested since this
+                                    is normally not compiled */
+@@ -6282,7 +6297,8 @@ Perl_re_printf( aTHX_  "LHS=%" UVuf " RHS=%" UVuf "\n",
+                         /* optimise study_chunk() for TRIE */
+                         minnext = study_chunk(pRExC_state, &scan, minlenp,
+                             &deltanext, (regnode *)nextbranch, &data_fake,
+-                            stopparen, recursed_depth, NULL, f, depth+1);
++                            stopparen, recursed_depth, NULL, f, depth+1,
++                            mutate_ok);
+                     }
+                     if (nextbranch && PL_regkind[OP(nextbranch)]==BRANCH)
+                         nextbranch= regnext((regnode*)nextbranch);
+@@ -8075,7 +8091,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+             &data, -1, 0, NULL,
+             SCF_DO_SUBSTR | SCF_WHILEM_VISITED_POS | stclass_flag
+                           | (restudied ? SCF_TRIE_DOING_RESTUDY : 0),
+-            0);
++            0, TRUE);
+ 
+ 
+         CHECK_RESTUDY_GOTO_butfirst(LEAVE_with_name("study_chunk"));
+@@ -8204,7 +8220,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+             SCF_DO_STCLASS_AND|SCF_WHILEM_VISITED_POS|(restudied
+                                                       ? SCF_TRIE_DOING_RESTUDY
+                                                       : 0),
+-            0);
++            0, TRUE);
+ 
+         CHECK_RESTUDY_GOTO_butfirst(NOOP);
+ 
+diff --git a/t/re/pat.t b/t/re/pat.t
+index 6a868f4..2869b58 100644
+--- a/t/re/pat.t
++++ b/t/re/pat.t
+@@ -25,7 +25,7 @@ BEGIN {
+ skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader;
+ skip_all_without_unicode_tables();
+ 
+-plan tests => 864;  # Update this when adding/deleting tests.
++plan tests => 873;  # Update this when adding/deleting tests.
+ 
+ run_tests() unless caller;
+ 
+@@ -2115,6 +2115,30 @@ x{0c!}\;\;îçÿ /0f/!F/;îçÿù\Q
xÿÿÿÿù`x{0c!}
;ù\Q
+         like(runperl(prog => "$s", stderr => 1), qr/Unmatched \(/);
+    }
+ 
++    # gh16947: test regexp corruption (GOSUB)
++    {
++        fresh_perl_is(q{
++            'xy' =~ /x(?0)|x(?|y|y)/ && print 'ok'
++        }, 'ok', {}, 'gh16947: test regexp corruption (GOSUB)');
++    }
++    # gh16947: test fix doesn't break SUSPEND
++    {
++        fresh_perl_is(q{ 'sx' =~ m{ss++}i; print 'ok' },
++                'ok', {}, "gh16947: test fix doesn't break SUSPEND");
++    }
++
++    # gh17743: more regexp corruption via GOSUB
++    {
++        fresh_perl_is(q{
++            "0" =~ /((0(?0)|000(?|0000|0000)(?0))|)/; print "ok"
++        }, 'ok', {}, 'gh17743: test regexp corruption (1)');
++
++        fresh_perl_is(q{
++            "000000000000" =~ /(0(())(0((?0)())|000(?|\x{ef}\x{bf}\x{bd}|\x{ef}\x{bf}\x{bd}))|)/;
++            print "ok"
++        }, 'ok', {}, 'gh17743: test regexp corruption (2)');
++    }
++
+ } # End of sub run_tests
+ 
+ 1;

meta/recipes-devtools/perl/perl_5.30.1.bb

@@ -27,6 +27,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
            file://CVE-2020-10543.patch \
            file://CVE-2020-10878_1.patch \
            file://CVE-2020-10878_2.patch \
+           file://CVE-2020-12723.patch \
            "
 SRC_URI_append_class-native = " \
            file://perl-configpm-switch.patch \

meta/recipes-devtools/qemu/qemu.inc

@@ -44,6 +44,9 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
 	   file://CVE-2020-13659.patch \
 	   file://CVE-2020-13800.patch \
 	   file://CVE-2020-13362.patch \
+	   file://CVE-2020-15863.patch \
+	   file://CVE-2020-14364.patch \
+	   file://CVE-2020-14415.patch \
 	   "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 

meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch

@@ -0,0 +1,93 @@
+From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 25 Aug 2020 07:36:36 +0200
+Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364)
+
+Store calculated setup_len in a local variable, verify it, and only
+write it to the struct (USBDevice->setup_len) in case it passed the
+sanity checks.
+
+This prevents other code (do_token_{in,out} functions specifically)
+from working with invalid USBDevice->setup_len values and overrunning
+the USBDevice->setup_buf[] buffer.
+
+Fixes: CVE-2020-14364
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Tested-by: Gonglei <arei.gonglei@huawei.com>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 20200825053636.29648-1-kraxel@redhat.com
+
+Upstream-Status: Backport
+[https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb]
+CVE: CVE-2020-14364
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ hw/usb/core.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/hw/usb/core.c b/hw/usb/core.c
+index 5abd128..5234dcc 100644
+--- a/hw/usb/core.c
++++ b/hw/usb/core.c
+@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream)
+ static void do_token_setup(USBDevice *s, USBPacket *p)
+ {
+     int request, value, index;
++    unsigned int setup_len;
+ 
+     if (p->iov.size != 8) {
+         p->status = USB_RET_STALL;
+@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p)
+     usb_packet_copy(p, s->setup_buf, p->iov.size);
+     s->setup_index = 0;
+     p->actual_length = 0;
+-    s->setup_len   = (s->setup_buf[7] << 8) | s->setup_buf[6];
+-    if (s->setup_len > sizeof(s->data_buf)) {
++    setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
++    if (setup_len > sizeof(s->data_buf)) {
+         fprintf(stderr,
+                 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
+-                s->setup_len, sizeof(s->data_buf));
++                setup_len, sizeof(s->data_buf));
+         p->status = USB_RET_STALL;
+         return;
+     }
++    s->setup_len = setup_len;
+ 
+     request = (s->setup_buf[0] << 8) | s->setup_buf[1];
+     value   = (s->setup_buf[3] << 8) | s->setup_buf[2];
+@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p)
+ static void do_parameter(USBDevice *s, USBPacket *p)
+ {
+     int i, request, value, index;
++    unsigned int setup_len;
+ 
+     for (i = 0; i < 8; i++) {
+         s->setup_buf[i] = p->parameter >> (i*8);
+     }
+ 
+     s->setup_state = SETUP_STATE_PARAM;
+-    s->setup_len   = (s->setup_buf[7] << 8) | s->setup_buf[6];
+     s->setup_index = 0;
+ 
+     request = (s->setup_buf[0] << 8) | s->setup_buf[1];
+     value   = (s->setup_buf[3] << 8) | s->setup_buf[2];
+     index   = (s->setup_buf[5] << 8) | s->setup_buf[4];
+ 
+-    if (s->setup_len > sizeof(s->data_buf)) {
++    setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
++    if (setup_len > sizeof(s->data_buf)) {
+         fprintf(stderr,
+                 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
+-                s->setup_len, sizeof(s->data_buf));
++                setup_len, sizeof(s->data_buf));
+         p->status = USB_RET_STALL;
+         return;
+     }
++    s->setup_len = setup_len;
+ 
+     if (p->pid == USB_TOKEN_OUT) {
+         usb_packet_copy(p, s->data_buf, s->setup_len);
+-- 
+1.8.3.1
+

meta/recipes-devtools/qemu/qemu/CVE-2020-14415.patch

@@ -0,0 +1,37 @@
+From 7a4ede0047a8613b0e3b72c9d351038f013dd357 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 20 Jan 2020 11:18:04 +0100
+Subject: [PATCH] audio/oss: fix buffer pos calculation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Fixes: 3ba4066d085f ("ossaudio: port to the new audio backend api")
+Reported-by: ziming zhang <ezrakiez@gmail.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-Id: <20200120101804.29578-1-kraxel@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357]
+CVE: CVE-2020-14415
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ audio/ossaudio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/audio/ossaudio.c b/audio/ossaudio.c
+index c43faee..9456491 100644
+--- a/audio/ossaudio.c
++++ b/audio/ossaudio.c
+@@ -420,7 +420,7 @@ static size_t oss_write(HWVoiceOut *hw, void *buf, size_t len)
+             size_t to_copy = MIN(len, hw->size_emul - hw->pos_emul);
+             memcpy(hw->buf_emul + hw->pos_emul, buf, to_copy);
+ 
+-            hw->pos_emul = (hw->pos_emul + to_copy) % hw->pos_emul;
++            hw->pos_emul = (hw->pos_emul + to_copy) % hw->size_emul;
+             buf += to_copy;
+             len -= to_copy;
+         }
+-- 
+1.8.3.1
+

meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch

@@ -0,0 +1,63 @@
+From 5519724a13664b43e225ca05351c60b4468e4555 Mon Sep 17 00:00:00 2001
+From: Mauro Matteo Cascella <mcascell@redhat.com>
+Date: Fri, 10 Jul 2020 11:19:41 +0200
+Subject: [PATCH] hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
+
+A buffer overflow issue was reported by Mr. Ziming Zhang, CC'd here. It
+occurs while sending an Ethernet frame due to missing break statements
+and improper checking of the buffer size.
+
+Reported-by: Ziming Zhang <ezrakiez@gmail.com>
+Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555]
+CVE: CVE-2020-15863
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ hw/net/xgmac.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
+index 574dd47..5bf1b61 100644
+--- a/hw/net/xgmac.c
++++ b/hw/net/xgmac.c
+@@ -220,21 +220,31 @@ static void xgmac_enet_send(XgmacState *s)
+         }
+         len = (bd.buffer1_size & 0xfff) + (bd.buffer2_size & 0xfff);
+ 
++        /*
++         * FIXME: these cases of malformed tx descriptors (bad sizes)
++         * should probably be reported back to the guest somehow
++         * rather than simply silently stopping processing, but we
++         * don't know what the hardware does in this situation.
++         * This will only happen for buggy guests anyway.
++         */
+         if ((bd.buffer1_size & 0xfff) > 2048) {
+             DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
+                         "xgmac buffer 1 len on send > 2048 (0x%x)\n",
+                          __func__, bd.buffer1_size & 0xfff);
++            break;
+         }
+         if ((bd.buffer2_size & 0xfff) != 0) {
+             DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
+                         "xgmac buffer 2 len on send != 0 (0x%x)\n",
+                         __func__, bd.buffer2_size & 0xfff);
++            break;
+         }
+-        if (len >= sizeof(frame)) {
++        if (frame_size + len >= sizeof(frame)) {
+             DEBUGF_BRK("qemu:%s: buffer overflow %d read into %zu "
+-                        "buffer\n" , __func__, len, sizeof(frame));
++                        "buffer\n" , __func__, frame_size + len, sizeof(frame));
+             DEBUGF_BRK("qemu:%s: buffer1.size=%d; buffer2.size=%d\n",
+                         __func__, bd.buffer1_size, bd.buffer2_size);
++            break;
+         }
+ 
+         cpu_physical_memory_read(bd.buffer1_addr, ptr, len);
+-- 
+1.8.3.1
+

meta/recipes-devtools/rpm/rpm_4.14.2.1.bb

@@ -70,7 +70,7 @@ EXTRA_OECONF_append_libc-musl = " --disable-nls"
 # Disable dbus for native, so that rpm doesn't attempt to inhibit shutdown via session dbus even when plugins support is enabled.
 # Also disable plugins by default for native.
 EXTRA_OECONF_append_class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins"
-EXTRA_OECONF_append_class-nativesdk = " --sysconfdir=/etc --localstatedir=/var --disable-plugins"
+EXTRA_OECONF_append_class-nativesdk = " --sysconfdir=/etc --disable-plugins"
 
 BBCLASSEXTEND = "native nativesdk"
 

meta/recipes-devtools/ruby/ruby_2.7.1.bb

@@ -8,8 +8,8 @@ SRC_URI += " \
            file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \
            "
 
-SRC_URI[md5sum] = "bf4a54e8231176e109a42c546b4725a9"
-SRC_URI[sha256sum] = "8c99aa93b5e2f1bc8437d1bbbefd27b13e7694025331f77245d0c068ef1f8cbe"
+SRC_URI[md5sum] = "debb9c325bf65021214451660f46e909"
+SRC_URI[sha256sum] = "d418483bdd0000576c1370571121a6eb24582116db0b7bb2005e90e250eae418"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"

meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch

@@ -1,7 +1,7 @@
-From a954bf29a5f906b3151dffbecb5856e02e1565da Mon Sep 17 00:00:00 2001
+From 2adaa7366064a8f18af864eda74e52877a89620c Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Mon, 18 Jan 2016 01:00:30 -0500
-Subject: [PATCH 03/10] configure.ac: do not check local png source
+Subject: [PATCH] configure.ac: do not check local png source
 
 In oe-core, it did not need to compile local libpng
 source in ghostscript, so do not check local png
@@ -11,28 +11,21 @@ libpng library.
 Upstream-Status: Inappropriate [OE-Core specific]
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
 ---
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index 9341930..80a60b1 100644
+index 698abd3..e65ac8b 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1114,11 +1114,11 @@ AC_SUBST(ZLIBDIR)
- AC_SUBST(FT_SYS_ZLIB)
- 
- dnl png for the png output device; it also requires zlib
--LIBPNGDIR=src
-+LIBPNGDIR=$srcdir/libpng
- PNGDEVS=''
- PNGDEVS_ALL='png48 png16m pnggray pngmono pngmonod png256 png16 pngalpha'
- AC_MSG_CHECKING([for local png library source])
--if test -f $srcdir/libpng/pngread.c; then
-+if false; then
-         AC_MSG_RESULT([yes])
-         SHARE_LIBPNG=0
-         LIBPNGDIR=$srcdir/libpng
--- 
-1.8.3.1
-
+@@ -1241,7 +1241,7 @@ else
+   PNGDEVS=''
+   PNGDEVS_ALL='png48 png16m pnggray pngmono pngmonod png256 png16 pngalpha'
+   AC_MSG_CHECKING([for local png library source])
+-  if test -f $srcdir/libpng/pngread.c; then
++  if false; then
+           AC_MSG_RESULT([yes])
+           SHARE_LIBPNG=0
+           LIBPNGDIR=$srcdir/libpng