build-appliance-image: Update to warrior head revision

(From OE-Core rev: db3ce703d03b18e8a4120969d32ff7f344f34fe9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/utils.py

@@ -855,7 +855,7 @@ def copyfile(src, dest, newmtime = None, sstat = None):
             if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
                 os.unlink(dest)
             os.symlink(target, dest)
-            #os.lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
+            os.lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
             return os.lstat(dest)
         except Exception as e:
             logger.warning("copyfile: failed to create symlink %s to %s (%s)" % (dest, target, e))

documentation/bsp-guide/bsp-guide.xml

@@ -143,9 +143,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
         </revhistory>
     <copyright>
       <year>&COPYRIGHT_YEAR;</year>

documentation/dev-manual/dev-manual.xml

@@ -128,9 +128,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -113,9 +113,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual.xml

@@ -99,9 +99,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,17 +1,17 @@
-<!ENTITY DISTRO "2.7.3">
-<!ENTITY DISTRO_COMPRESSED "273">
+<!ENTITY DISTRO "2.7.4">
+<!ENTITY DISTRO_COMPRESSED "274">
 <!ENTITY DISTRO_NAME_NO_CAP "warrior">
 <!ENTITY DISTRO_NAME "Warrior">
 <!ENTITY DISTRO_NAME_NO_CAP_MINUS_ONE "thud">
 <!ENTITY DISTRO_NAME_MINUS_ONE "Thud">
-<!ENTITY YOCTO_DOC_VERSION "2.7.3">
+<!ENTITY YOCTO_DOC_VERSION "2.7.4">
 <!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.6.4">
-<!ENTITY DISTRO_REL_TAG "yocto-2.7.3">
+<!ENTITY DISTRO_REL_TAG "yocto-2.7.4">
 <!ENTITY METAINTELVERSION "11.0">
-<!ENTITY REL_MONTH_YEAR "February 2020">
+<!ENTITY REL_MONTH_YEAR "May 2020">
 <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
-<!ENTITY POKYVERSION "21.0.3">
-<!ENTITY POKYVERSION_COMPRESSED "2103">
+<!ENTITY POKYVERSION "21.0.4">
+<!ENTITY POKYVERSION_COMPRESSED "2104">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2020">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">

documentation/profile-manual/profile-manual.xml

@@ -113,9 +113,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/sdk-manual/sdk-manual.xml

@@ -78,9 +78,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/toaster-manual/toaster-manual.xml

@@ -88,9 +88,14 @@
             </revision>
             <revision>
                 <revnumber>2.7.3</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2020;</date>
                 <revremark>Released with the Yocto Project 2.7.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.7.4</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.7.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -1,36 +1,36 @@
 # Processes bitbake-user-manual (<word>-<word>-<word> style).
 # This style is for manual three-word folders, which currently is only the BitBake User Manual.
 # We used to have the "yocto-project-qs" and "poky-ref-manual" folders but no longer do.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
 
 # Processes all other manuals (<word>-<word> style).
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # Here is the one-liner:
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
 
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/sdk-manual/sdk-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/bsp-guide/bsp-guide.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/dev-manual/dev-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/overview-manual/overview-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/kernel-dev/kernel-dev.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/profile-manual/profile-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/ref-manual/ref-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.7.3/toaster-manual/toaster-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/sdk-manual/sdk-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/bsp-guide/bsp-guide.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/dev-manual/dev-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/overview-manual/overview-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/kernel-dev/kernel-dev.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/profile-manual/profile-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/ref-manual/ref-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.7.4/toaster-manual/toaster-manual.html#@"link" href="#@g
 
 # Process cases where just an external manual is referenced without an id anchor
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
 
 # Process a single, rouge occurrence of a linked reference to the Mega-Manual.
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.3/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.7.4/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
 

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.7.3"
+DISTRO_VERSION = "2.7.4"
 DISTRO_CODENAME = "warrior"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"

meta/classes/cve-check.bbclass

@@ -214,7 +214,7 @@ def check_cves(d, patched_cves):
                 (_, _, _, version_start, operator_start, version_end, operator_end) = row
                 #bb.debug(2, "Evaluating row " + str(row))
 
-                if (operator_start == '=' and pv == version_start):
+                if (operator_start == '=' and pv == version_start) or version_start == '-':
                     vulnerable = True
                 else:
                     if operator_start:

meta/conf/distro/include/yocto-uninative.inc

@@ -6,9 +6,9 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.30"
+UNINATIVE_MAXGLIBCVERSION = "2.31"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.7/"
-UNINATIVE_CHECKSUM[aarch64] ?= "e76a45886ee8a0b3904b761c17ac8ff91edf9811ee455f1832d10763ba794dfc"
-UNINATIVE_CHECKSUM[i686] ?= "810d027dfb1c7675226afbcec07808770516c969ee7378f6d8240281083f8924"
-UNINATIVE_CHECKSUM[x86_64] ?= "9498d8bba047499999a7310ac2576d0796461184965351a56f6d32c888a1f216"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/"
+UNINATIVE_CHECKSUM[aarch64] ?= "989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe"
+UNINATIVE_CHECKSUM[i686] ?= "cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990"
+UNINATIVE_CHECKSUM[x86_64] ?= "a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab"

meta/lib/oe/prservice.py

@@ -3,6 +3,10 @@
 #
 
 def prserv_make_conn(d, check = False):
+    # Otherwise this fails when called from recipes which e.g. inherit python3native (which sets _PYTHON_SYSCONFIGDATA_NAME) with:
+    # No module named '_sysconfigdata'
+    if '_PYTHON_SYSCONFIGDATA_NAME' in os.environ:
+        del os.environ['_PYTHON_SYSCONFIGDATA_NAME']
     import prserv.serv
     host_params = list([_f for _f in (d.getVar("PRSERV_HOST") or '').split(':') if _f])
     try:

meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch

@@ -0,0 +1,46 @@
+From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 3 Jan 2020 03:02:26 +0000
+Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
+ regress
+
+test?
+
+OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
+
+[Dropped the script version and copyright year change at the top]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ regress/cert-hostkey.sh | 2 +-
+ regress/cert-userkey.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
+index 3ce7779..74d5a53 100644
+--- a/regress/cert-hostkey.sh
++++ b/regress/cert-hostkey.sh
+@@ -248,7 +248,7 @@ test_one() {
+ test_one "user-certificate"	failure "-n $HOSTS"
+ test_one "empty principals"	success "-h"
+ test_one "wrong principals"	failure "-h -n foo"
+-test_one "cert not yet valid"	failure "-h -V20200101:20300101"
++test_one "cert not yet valid"	failure "-h -V20300101:20320101"
+ test_one "cert expired"		failure "-h -V19800101:19900101"
+ test_one "cert valid interval"	success "-h -V-1w:+2w"
+ test_one "cert has constraints"	failure "-h -Oforce-command=false"
+diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
+index 6849e99..de455b8 100644
+--- a/regress/cert-userkey.sh
++++ b/regress/cert-userkey.sh
+@@ -327,7 +327,7 @@ test_one() {
+ test_one "correct principal"	success "-n ${USER}"
+ test_one "host-certificate"	failure "-n ${USER} -h"
+ test_one "wrong principals"	failure "-n foo"
+-test_one "cert not yet valid"	failure "-n ${USER} -V20200101:20300101"
++test_one "cert not yet valid"	failure "-n ${USER} -V20300101:20320101"
+ test_one "cert expired"		failure "-n ${USER} -V19800101:19900101"
+ test_one "cert valid interval"	success "-n ${USER} -V-1w:+2w"
+ test_one "wrong source-address"	failure "-n ${USER} -Osource-address=10.0.0.0/8"

meta/recipes-connectivity/openssh/openssh_7.9p1.bb

@@ -28,6 +28,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://CVE-2019-6109.patch \
            file://0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch \
            file://CVE-2019-6111.patch \
+           file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
            "
 SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f"
 SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad"

meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch

@@ -1,758 +0,0 @@
-From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Wed, 4 Dec 2019 12:48:21 +0100
-Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
-
-There is an overflow bug in the x64_64 Montgomery squaring procedure used in
-exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
-suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
-result of this defect would be very difficult to perform and are not believed
-likely. Attacks against DH512 are considered just feasible. However, for an
-attack the target would have to re-use the DH512 private key, which is not
-recommended anyway. Also applications directly using the low level API
-BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
-
-CVE-2019-1551
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/10575)
-
-CVE: CVE-2019-1551
-Upstream-Status: Backport
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
- 1 file changed, 197 insertions(+), 184 deletions(-)
-
-diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
-index b1797b649f0..7534d5cd03e 100755
---- a/crypto/bn/asm/rsaz-x86_64.pl
-+++ b/crypto/bn/asm/rsaz-x86_64.pl
-@@ -116,7 +116,7 @@
- 	subq	\$128+24, %rsp
- .cfi_adjust_cfa_offset	128+24
- .Lsqr_body:
--	movq	$mod, %rbp		# common argument
-+	movq	$mod, %xmm1		# common off-load
- 	movq	($inp), %rdx
- 	movq	8($inp), %rax
- 	movq	$n0, 128(%rsp)
-@@ -134,7 +134,8 @@
- .Loop_sqr:
- 	movl	$times,128+8(%rsp)
- #first iteration
--	movq	%rdx, %rbx
-+	movq	%rdx, %rbx		# 0($inp)
-+	mov	%rax, %rbp		# 8($inp)
- 	mulq	%rdx
- 	movq	%rax, %r8
- 	movq	16($inp), %rax
-@@ -173,31 +174,29 @@
- 	mulq	%rbx
- 	addq	%rax, %r14
- 	movq	%rbx, %rax
--	movq	%rdx, %r15
--	adcq	\$0, %r15
-+	adcq	\$0, %rdx
- 
--	addq	%r8, %r8		#shlq	\$1, %r8
--	movq	%r9, %rcx
--	adcq	%r9, %r9		#shld	\$1, %r8, %r9
-+	xorq	%rcx,%rcx		# rcx:r8 = r8 << 1
-+	addq	%r8, %r8
-+	 movq	%rdx, %r15
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
--	movq	%rax, (%rsp)
--	addq	%rdx, %r8
--	adcq	\$0, %r9
-+	addq	%r8, %rdx
-+	adcq	\$0, %rcx
- 
--	movq	%r8, 8(%rsp)
--	shrq	\$63, %rcx
-+	movq	%rax, (%rsp)
-+	movq	%rdx, 8(%rsp)
- 
- #second iteration
--	movq	8($inp), %r8
- 	movq	16($inp), %rax
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r10
- 	movq	24($inp), %rax
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r11
- 	movq	32($inp), %rax
- 	adcq	\$0, %rdx
-@@ -205,7 +204,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r12
- 	movq	40($inp), %rax
- 	adcq	\$0, %rdx
-@@ -213,7 +212,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r13
- 	movq	48($inp), %rax
- 	adcq	\$0, %rdx
-@@ -221,7 +220,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r14
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -229,39 +228,39 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r15
--	movq	%r8, %rax
-+	movq	%rbp, %rax
- 	adcq	\$0, %rdx
- 	addq	%rbx, %r15
--	movq	%rdx, %r8
--	movq	%r10, %rdx
--	adcq	\$0, %r8
-+	adcq	\$0, %rdx
- 
--	add	%rdx, %rdx
--	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
--	movq	%r11, %rbx
--	adcq	%r11, %r11		#shld	\$1, %r10, %r11
-+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
-+	addq	%r9, %r9
-+	 movq	%rdx, %r8
-+	adcq	%r10, %r10
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	 movq	16($inp), %rbp
-+	adcq	\$0, %rdx
- 	addq	%rax, %r9
-+	 movq	24($inp), %rax
- 	adcq	%rdx, %r10
--	adcq	\$0, %r11
-+	adcq	\$0, %rbx
- 
- 	movq	%r9, 16(%rsp)
- 	movq	%r10, 24(%rsp)
--	shrq	\$63, %rbx
- 
- #third iteration
--	movq	16($inp), %r9
--	movq	24($inp), %rax
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r12
- 	movq	32($inp), %rax
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r13
- 	movq	40($inp), %rax
- 	adcq	\$0, %rdx
-@@ -269,7 +268,7 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r14
- 	movq	48($inp), %rax
- 	adcq	\$0, %rdx
-@@ -277,9 +276,7 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
--	 movq	%r12, %r10
--	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
-+	mulq	%rbp
- 	addq	%rax, %r15
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -287,36 +284,40 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
--	 shrq	\$63, %r10
-+	mulq	%rbp
- 	addq	%rax, %r8
--	movq	%r9, %rax
-+	movq	%rbp, %rax
- 	adcq	\$0, %rdx
- 	addq	%rcx, %r8
--	movq	%rdx, %r9
--	adcq	\$0, %r9
-+	adcq	\$0, %rdx
- 
--	movq	%r13, %rcx
--	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
-+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
-+	addq	%r11, %r11
-+	 movq	%rdx, %r9
-+	adcq	%r12, %r12
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	 movq	24($inp), %r10
-+	adcq	\$0, %rdx
- 	addq	%rax, %r11
-+	 movq	32($inp), %rax
- 	adcq	%rdx, %r12
--	adcq	\$0, %r13
-+	adcq	\$0, %rcx
- 
- 	movq	%r11, 32(%rsp)
- 	movq	%r12, 40(%rsp)
--	shrq	\$63, %rcx
- 
- #fourth iteration
--	movq	24($inp), %r10
--	movq	32($inp), %rax
-+	mov	%rax, %r11		# 32($inp)
- 	mulq	%r10
- 	addq	%rax, %r14
- 	movq	40($inp), %rax
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
-+	mov	%rax, %r12		# 40($inp)
- 	mulq	%r10
- 	addq	%rax, %r15
- 	movq	48($inp), %rax
-@@ -325,9 +326,8 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
-+	mov	%rax, %rbp		# 48($inp)
- 	mulq	%r10
--	 movq	%r14, %r12
--	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
- 	addq	%rax, %r8
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -336,32 +336,33 @@
- 	adcq	\$0, %rbx
- 
- 	mulq	%r10
--	 shrq	\$63, %r12
- 	addq	%rax, %r9
- 	movq	%r10, %rax
- 	adcq	\$0, %rdx
- 	addq	%rbx, %r9
--	movq	%rdx, %r10
--	adcq	\$0, %r10
-+	adcq	\$0, %rdx
- 
--	movq	%r15, %rbx
--	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
-+	xorq	%rbx, %rbx		# rbx:r13:r14 = r13:r14 << 1
-+	addq	%r13, %r13
-+	 movq	%rdx, %r10
-+	adcq	%r14, %r14
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r13
-+	 movq	%r12, %rax		# 40($inp)
- 	adcq	%rdx, %r14
--	adcq	\$0, %r15
-+	adcq	\$0, %rbx
- 
- 	movq	%r13, 48(%rsp)
- 	movq	%r14, 56(%rsp)
--	shrq	\$63, %rbx
- 
- #fifth iteration
--	movq	32($inp), %r11
--	movq	40($inp), %rax
- 	mulq	%r11
- 	addq	%rax, %r8
--	movq	48($inp), %rax
-+	movq	%rbp, %rax		# 48($inp)
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
-@@ -369,97 +370,99 @@
- 	addq	%rax, %r9
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
--	 movq	%r8, %r12
--	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
- 	addq	%rcx, %r9
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
-+	mov	%rax, %r14		# 56($inp)
- 	mulq	%r11
--	 shrq	\$63, %r12
- 	addq	%rax, %r10
- 	movq	%r11, %rax
- 	adcq	\$0, %rdx
- 	addq	%rcx, %r10
--	movq	%rdx, %r11
--	adcq	\$0, %r11
-+	adcq	\$0, %rdx
- 
--	movq	%r9, %rcx
--	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
-+	xorq	%rcx, %rcx		# rcx:r8:r15 = r8:r15 << 1
-+	addq	%r15, %r15
-+	 movq	%rdx, %r11
-+	adcq	%r8, %r8
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r15
-+	 movq	%rbp, %rax		# 48($inp)
- 	adcq	%rdx, %r8
--	adcq	\$0, %r9
-+	adcq	\$0, %rcx
- 
- 	movq	%r15, 64(%rsp)
- 	movq	%r8, 72(%rsp)
--	shrq	\$63, %rcx
- 
- #sixth iteration
--	movq	40($inp), %r12
--	movq	48($inp), %rax
- 	mulq	%r12
- 	addq	%rax, %r10
--	movq	56($inp), %rax
-+	movq	%r14, %rax		# 56($inp)
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
- 	mulq	%r12
- 	addq	%rax, %r11
- 	movq	%r12, %rax
--	 movq	%r10, %r15
--	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
- 	adcq	\$0, %rdx
--	 shrq	\$63, %r15
- 	addq	%rbx, %r11
--	movq	%rdx, %r12
--	adcq	\$0, %r12
-+	adcq	\$0, %rdx
- 
--	movq	%r11, %rbx
--	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
-+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
-+	addq	%r9, %r9
-+	 movq	%rdx, %r12
-+	adcq	%r10, %r10
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r9
-+	 movq	%r14, %rax		# 56($inp)
- 	adcq	%rdx, %r10
--	adcq	\$0, %r11
-+	adcq	\$0, %rbx
- 
- 	movq	%r9, 80(%rsp)
- 	movq	%r10, 88(%rsp)
- 
- #seventh iteration
--	movq	48($inp), %r13
--	movq	56($inp), %rax
--	mulq	%r13
-+	mulq	%rbp
- 	addq	%rax, %r12
--	movq	%r13, %rax
--	movq	%rdx, %r13
--	adcq	\$0, %r13
-+	movq	%rbp, %rax
-+	adcq	\$0, %rdx
- 
--	xorq	%r14, %r14
--	shlq	\$1, %rbx
--	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
--	adcq	%r13, %r13		#shld	\$1, %r12, %r13
--	adcq	%r14, %r14		#shld	\$1, %r13, %r14
-+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
-+	addq	%r11, %r11
-+	 movq	%rdx, %r13
-+	adcq	%r12, %r12
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r11
-+	 movq	%r14, %rax		# 56($inp)
- 	adcq	%rdx, %r12
--	adcq	\$0, %r13
-+	adcq	\$0, %rcx
- 
- 	movq	%r11, 96(%rsp)
- 	movq	%r12, 104(%rsp)
- 
- #eighth iteration
--	movq	56($inp), %rax
-+	xorq	%rbx, %rbx		# rbx:r13 = r13 << 1
-+	addq	%r13, %r13
-+	adcq	\$0, %rbx
-+
- 	mulq	%rax
--	addq	%rax, %r13
-+	addq	%rcx, %rax
- 	adcq	\$0, %rdx
--
--	addq	%rdx, %r14
--
--	movq	%r13, 112(%rsp)
--	movq	%r14, 120(%rsp)
-+	addq	%r13, %rax
-+	adcq	%rbx, %rdx
- 
- 	movq	(%rsp), %r8
- 	movq	8(%rsp), %r9
-@@ -469,6 +472,10 @@
- 	movq	40(%rsp), %r13
- 	movq	48(%rsp), %r14
- 	movq	56(%rsp), %r15
-+	movq	%xmm1, %rbp
-+
-+	movq	%rax, 112(%rsp)
-+	movq	%rdx, 120(%rsp)
- 
- 	call	__rsaz_512_reduce
- 
-@@ -500,9 +507,9 @@
- .Loop_sqrx:
- 	movl	$times,128+8(%rsp)
- 	movq	$out, %xmm0		# off-load
--	movq	%rbp, %xmm1		# off-load
- #first iteration
- 	mulx	%rax, %r8, %r9
-+	mov	%rax, %rbx
- 
- 	mulx	16($inp), %rcx, %r10
- 	xor	%rbp, %rbp		# cf=0, of=0
-@@ -510,40 +517,39 @@
- 	mulx	24($inp), %rax, %r11
- 	adcx	%rcx, %r9
- 
--	mulx	32($inp), %rcx, %r12
-+	.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($inp), %rcx, %r12
- 	adcx	%rax, %r10
- 
--	mulx	40($inp), %rax, %r13
-+	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00	# mulx	40($inp), %rax, %r13
- 	adcx	%rcx, %r11
- 
--	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
-+	mulx	48($inp), %rcx, %r14
- 	adcx	%rax, %r12
- 	adcx	%rcx, %r13
- 
--	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
-+	mulx	56($inp), %rax, %r15
- 	adcx	%rax, %r14
- 	adcx	%rbp, %r15		# %rbp is 0
- 
--	mov	%r9, %rcx
--	shld	\$1, %r8, %r9
--	shl	\$1, %r8
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
--	adcx	%rdx, %r8
--	 mov	8($inp), %rdx
--	adcx	%rbp, %r9
-+	mulx	%rdx, %rax, $out
-+	 mov	%rbx, %rdx		# 8($inp)
-+	xor	%rcx, %rcx
-+	adox	%r8, %r8
-+	adcx	$out, %r8
-+	adox	%rbp, %rcx
-+	adcx	%rbp, %rcx
- 
- 	mov	%rax, (%rsp)
- 	mov	%r8, 8(%rsp)
- 
- #second iteration
--	mulx	16($inp), %rax, %rbx
-+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00	# mulx	16($inp), %rax, %rbx
- 	adox	%rax, %r10
- 	adcx	%rbx, %r11
- 
--	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
-+	mulx	24($inp), $out, %r8
- 	adox	$out, %r11
-+	.byte	0x66
- 	adcx	%r8, %r12
- 
- 	mulx	32($inp), %rax, %rbx
-@@ -561,24 +567,25 @@
- 	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
- 	adox	$out, %r15
- 	adcx	%rbp, %r8
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r8
-+	 .byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00		# mov	16($inp), %rdx
- 
--	mov	%r11, %rbx
--	shld	\$1, %r10, %r11
--	shld	\$1, %rcx, %r10
--
--	xor	%ebp,%ebp
--	mulx	%rdx, %rax, %rcx
--	 mov	16($inp), %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r9, %r9
-+	adcx	%rbp, $out
-+	adox	%r10, %r10
- 	adcx	%rax, %r9
--	adcx	%rcx, %r10
--	adcx	%rbp, %r11
-+	adox	%rbp, %rbx
-+	adcx	$out, %r10
-+	adcx	%rbp, %rbx
- 
- 	mov	%r9, 16(%rsp)
- 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
- 
- #third iteration
--	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
-+	mulx	24($inp), $out, %r9
- 	adox	$out, %r12
- 	adcx	%r9, %r13
- 
-@@ -586,7 +593,7 @@
- 	adox	%rax, %r13
- 	adcx	%rcx, %r14
- 
--	mulx	40($inp), $out, %r9
-+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r9
- 	adox	$out, %r14
- 	adcx	%r9, %r15
- 
-@@ -594,27 +601,28 @@
- 	adox	%rax, %r15
- 	adcx	%rcx, %r8
- 
--	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
-+	mulx	56($inp), $out, %r9
- 	adox	$out, %r8
- 	adcx	%rbp, %r9
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r9
-+	 mov	24($inp), %rdx
- 
--	mov	%r13, %rcx
--	shld	\$1, %r12, %r13
--	shld	\$1, %rbx, %r12
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rcx, %rcx
-+	adcx	%rbx, %rax
-+	adox	%r11, %r11
-+	adcx	%rbp, $out
-+	adox	%r12, %r12
- 	adcx	%rax, %r11
--	adcx	%rdx, %r12
--	 mov	24($inp), %rdx
--	adcx	%rbp, %r13
-+	adox	%rbp, %rcx
-+	adcx	$out, %r12
-+	adcx	%rbp, %rcx
- 
- 	mov	%r11, 32(%rsp)
--	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
-+	mov	%r12, 40(%rsp)
- 
- #fourth iteration
--	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
-+	mulx	32($inp), %rax, %rbx
- 	adox	%rax, %r14
- 	adcx	%rbx, %r15
- 
-@@ -629,25 +637,25 @@
- 	mulx	56($inp), $out, %r10
- 	adox	$out, %r9
- 	adcx	%rbp, %r10
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r10
-+	 mov	32($inp), %rdx
- 
--	.byte	0x66
--	mov	%r15, %rbx
--	shld	\$1, %r14, %r15
--	shld	\$1, %rcx, %r14
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r13, %r13
-+	adcx	%rbp, $out
-+	adox	%r14, %r14
- 	adcx	%rax, %r13
--	adcx	%rdx, %r14
--	 mov	32($inp), %rdx
--	adcx	%rbp, %r15
-+	adox	%rbp, %rbx
-+	adcx	$out, %r14
-+	adcx	%rbp, %rbx
- 
- 	mov	%r13, 48(%rsp)
- 	mov	%r14, 56(%rsp)
- 
- #fifth iteration
--	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
-+	mulx	40($inp), $out, %r11
- 	adox	$out, %r8
- 	adcx	%r11, %r9
- 
-@@ -658,18 +666,19 @@
- 	mulx	56($inp), $out, %r11
- 	adox	$out, %r10
- 	adcx	%rbp, %r11
-+	 mulx	%rdx, %rax, $out
-+	 mov	40($inp), %rdx
- 	adox	%rbp, %r11
- 
--	mov	%r9, %rcx
--	shld	\$1, %r8, %r9
--	shld	\$1, %rbx, %r8
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rcx, %rcx
-+	adcx	%rbx, %rax
-+	adox	%r15, %r15
-+	adcx	%rbp, $out
-+	adox	%r8, %r8
- 	adcx	%rax, %r15
--	adcx	%rdx, %r8
--	 mov	40($inp), %rdx
--	adcx	%rbp, %r9
-+	adox	%rbp, %rcx
-+	adcx	$out, %r8
-+	adcx	%rbp, %rcx
- 
- 	mov	%r15, 64(%rsp)
- 	mov	%r8, 72(%rsp)
-@@ -682,18 +691,19 @@
- 	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
- 	adox	$out, %r11
- 	adcx	%rbp, %r12
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r12
-+	 mov	48($inp), %rdx
- 
--	mov	%r11, %rbx
--	shld	\$1, %r10, %r11
--	shld	\$1, %rcx, %r10
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r9, %r9
-+	adcx	%rbp, $out
-+	adox	%r10, %r10
- 	adcx	%rax, %r9
--	adcx	%rdx, %r10
--	 mov	48($inp), %rdx
--	adcx	%rbp, %r11
-+	adcx	$out, %r10
-+	adox	%rbp, %rbx
-+	adcx	%rbp, %rbx
- 
- 	mov	%r9, 80(%rsp)
- 	mov	%r10, 88(%rsp)
-@@ -703,31 +713,31 @@
- 	adox	%rax, %r12
- 	adox	%rbp, %r13
- 
--	xor	%r14, %r14
--	shld	\$1, %r13, %r14
--	shld	\$1, %r12, %r13
--	shld	\$1, %rbx, %r12
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
--	adcx	%rax, %r11
--	adcx	%rdx, %r12
-+	mulx	%rdx, %rax, $out
-+	xor	%rcx, %rcx
- 	 mov	56($inp), %rdx
--	adcx	%rbp, %r13
-+	adcx	%rbx, %rax
-+	adox	%r11, %r11
-+	adcx	%rbp, $out
-+	adox	%r12, %r12
-+	adcx	%rax, %r11
-+	adox	%rbp, %rcx
-+	adcx	$out, %r12
-+	adcx	%rbp, %rcx
- 
- 	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
- 	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
- 
- #eighth iteration
- 	mulx	%rdx, %rax, %rdx
--	adox	%rax, %r13
--	adox	%rbp, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r13, %r13
-+	adcx	%rbp, %rdx
-+	adox	%rbp, %rbx
-+	adcx	%r13, %rax
-+	adcx	%rdx, %rbx
- 
--	.byte	0x66
--	add	%rdx, %r14
--
--	movq	%r13, 112(%rsp)
--	movq	%r14, 120(%rsp)
- 	movq	%xmm0, $out
- 	movq	%xmm1, %rbp
- 
-@@ -741,6 +751,9 @@
- 	movq	48(%rsp), %r14
- 	movq	56(%rsp), %r15
- 
-+	movq	%rax, 112(%rsp)
-+	movq	%rbx, 120(%rsp)
-+
- 	call	__rsaz_512_reducex
- 
- 	addq	64(%rsp), %r8

meta/recipes-connectivity/openssl/openssl/reproducible.patch

@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g. 
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than 
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+ 
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+                           @{$config{perlargv}}), "\n";
+         print "\nPerl information:\n\n";
+         print '    ',$config{perl_cmd},"\n";
+-        print '    ',$config{perl_version},' for ',$config{perl_archname},"\n";
++        print '    ',$config{perl_version},"\n";
+     }
+     if ($dump || $options) {
+         my $longest = 0;

meta/recipes-connectivity/openssl/openssl10_1.0.2u.bb

@@ -53,13 +53,15 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
-SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
+SRC_URI[md5sum] = "cdc2638f789ecc2db2c91488265686c1"
+SRC_URI[sha256sum] = "ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16"
 
 S = "${WORKDIR}/openssl-${PV}"
 
 UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
 
+CVE_PRODUCT = "openssl:openssl"
+
 inherit pkgconfig siteinfo multilib_header ptest manpages
 
 PACKAGECONFIG ?= "cryptodev-linux"

meta/recipes-connectivity/openssl/openssl_1.1.1g.bb

@@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-skip-test_symbol_presence.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
-           file://CVE-2019-1551.patch \
+           file://reproducible.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
-SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
+SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
 
 inherit lib_package multilib_header ptest
 
@@ -32,7 +31,7 @@ PACKAGECONFIG ?= ""
 PACKAGECONFIG_class-native = ""
 PACKAGECONFIG_class-nativesdk = ""
 
-PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
 
 B = "${WORKDIR}/build"
 do_configure[cleandirs] = "${B}"

meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch

@@ -0,0 +1,47 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname).  This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
+
+CVE: CVE-2020-8597
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f5..1b93db0 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+-- 
+2.17.1
+

meta/recipes-connectivity/ppp/ppp_2.4.7.bb

@@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
            file://0001-ppp-Remove-unneeded-include.patch \
            file://ppp-2.4.7-DES-openssl.patch \
+           file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
 "
 
 SRC_URI_append_libc-musl = "\

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "83e9841bb832c0e68b3b34e64166234ad09155b9"
+SRCREV ?= "ba1fb60b3980c86794f8a4c23e3a984f9e3590e1"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=warrior \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch

@@ -0,0 +1,37 @@
+From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a]
+CVE: CVE-2019-20388
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+     vctxt->nberrors = 0;
+     vctxt->depth = -1;
+     vctxt->skipDepth = -1;
+-    vctxt->xsiAssemble = 0;
+     vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+     vctxt->createIDCNodeTables = 1;
+-- 
+2.24.1
+

meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch

@@ -0,0 +1,36 @@
+From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Thu, 12 Dec 2019 17:30:55 +0800
+Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
+
+When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
+return NULL which cause a infinite loop in xmlStringLenDecodeEntities
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076]
+CVE: CVE-2020-7595
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> 
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index d1c31963..a34bb6cd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+     else
+         c = 0;
+     while ((c != 0) && (c != end) && /* non input consuming loop */
+-	   (c != end2) && (c != end3)) {
++           (c != end2) && (c != end3) &&
++           (ctxt->instate != XML_PARSER_EOF)) {
+ 
+ 	if (c == 0) break;
+         if ((c == '&') && (str[1] == '#')) {
+-- 
+2.24.1
+

meta/recipes-core/libxml/libxml2_2.9.8.bb

@@ -24,6 +24,8 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://fix-CVE-2018-14404.patch \
            file://0001-Fix-infinite-loop-in-LZMA-decompression.patch \
            file://fix-CVE-2019-19956.patch \
+           file://CVE-2020-7595.patch \
+           file://CVE-2019-20388.patch \
            "
 
 SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d"

meta/recipes-core/meta/cve-update-db-native.bb

@@ -122,7 +122,7 @@ def parse_node_and_insert(c, node, cveId):
             product = cpe23[4]
             version = cpe23[5]
 
-            if version != '*':
+            if version != '*' and version != '-':
                 # Version is defined, this is a '=' match
                 yield [cveId, vendor, product, version, '=', '', '']
             else:

meta/recipes-core/ncurses/ncurses_6.1+20181013.bb

@@ -9,3 +9,5 @@ SRCREV = "7a97a7f937762ba342d5b2fd7cd090885a809835"
 S = "${WORKDIR}/git"
 EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)"
+
+CVE_VERSION = "6.1.${@d.getVar("PV").split('+')[1]}"

meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch

@@ -0,0 +1,35 @@
+From 3e9828454dcdaa6cd19ee7ea3e3db30567f22c9f Mon Sep 17 00:00:00 2001
+From: ven <2988994+hexiaowen@users.noreply.github.com>
+Date: Wed, 22 May 2019 14:24:28 +0800
+Subject: =?UTF-8?q?bus=5Fopen=20leak=20sd=5Fevent=5Fsource=20when=20udevad?=
+ =?UTF-8?q?m=20trigger=E3=80=82?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On my host, when executing the udevadm trigger, I only receive the change event, which causes memleak
+
+CVE: CVE-2019-20386
+Upstream-Status: Backport
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+---
+ src/login/logind-button.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-button.c b/src/login/logind-button.c
+index daffbf0668..1624a31cc3 100644
+--- a/src/login/logind-button.c
++++ b/src/login/logind-button.c
+@@ -341,7 +341,8 @@ int button_open(Button *b) {
+         }
+ 
+         (void) button_set_mask(b);
+-
++        
++        b->io_event_source = sd_event_source_unref(b->io_event_source);
+         r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b);
+         if (r < 0) {
+                 log_error_errno(r, "Failed to add button event: %m");
+-- 
+2.20.1
+

meta/recipes-core/systemd/systemd_241.bb

@@ -24,6 +24,7 @@ SRC_URI += "file://touchscreen.rules \
            file://0005-rules-watch-metadata-changes-in-ide-devices.patch \
            file://0001-meson-declare-version.h-as-dep-for-various-targets-t.patch \
            file://0001-meson-declare-version.h-as-dependency-for-systemd.patch \
+           file://0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch \
            "
 
 # patches needed by musl

meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch

@@ -0,0 +1,49 @@
+From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:45:06 -0500
+Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
+
+If directory has been deleted in pass1[bcd] processing, then we
+shouldn't try to rehash the directory in pass 3a when we try to
+rehash/reoptimize directories.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ e2fsck/pass1b.c | 4 ++++
+ e2fsck/rehash.c | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
+index 5693b9cf..bca701ca 100644
+--- a/e2fsck/pass1b.c
++++ b/e2fsck/pass1b.c
+@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
+ 		fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
+ 	if (ctx->inode_bad_map)
+ 		ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
++	if (ctx->inode_reg_map)
++		ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
++	ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
++	ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
+ 	ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
+ 	quota_data_sub(ctx->qctx, &dp->inode, ino,
+ 		       pb.dup_blocks * fs->blocksize);
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 3dd1e941..2c908be0 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
+ 			if (!ext2fs_u32_list_iterate(iter, &ino))
+ 				break;
+ 		}
++		if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
++			continue;
+ 
+ 		pctx.dir = ino;
+ 		if (first) {
+-- 
+2.24.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch

@@ -0,0 +1,57 @@
+From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:37:34 -0500
+Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
+ rehashing
+
+In e2fsck pass 3a, when we are rehashing directories, at least in
+theory, all of the directories should have had corruptions with
+respect to directory entry structure fixed.  However, it's possible
+(for example, if the user declined a fix) that we can reach this stage
+of processing with a corrupted directory entries.
+
+So check for that case and don't try to process a corrupted directory
+block so we don't run into trouble in mutate_name() if there is a
+zero-length file name.
+
+Addresses: TALOS-2019-0973
+Addresses: CVE-2019-5188
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+CVE: CVE-2019-5188
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
+---
+ e2fsck/rehash.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index a5fc1be1..3dd1e941 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
+ 		dir_offset += rec_len;
+ 		if (dirent->inode == 0)
+ 			continue;
++		if ((name_len) == 0) {
++			fd->err = EXT2_ET_DIR_CORRUPTED;
++			return BLOCK_ABORT;
++		}
+ 		if (!fd->compress && (name_len == 1) &&
+ 		    (dirent->name[0] == '.'))
+ 			continue;
+@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
+ 			continue;
+ 		}
+ 		new_len = ext2fs_dirent_name_len(ent->dir);
++		if (new_len == 0) {
++			 /* should never happen */
++			ext2fs_unmark_valid(fs);
++			continue;
++		}
+ 		memcpy(new_name, ent->dir->name, new_len);
+ 		mutate_name(new_name, &new_len);
+ 		for (j=0; j < fd->num_array; j++) {
+-- 
+2.24.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch

@@ -0,0 +1,76 @@
+From: Wang Shilong <wshilong@ddn.com>
+Date: Mon, 30 Dec 2019 19:52:39 -0500
+Subject: e2fsck: fix use after free in calculate_tree()
+
+The problem is alloc_blocks() will call get_next_block() which might
+reallocate outdir->buf, and memory address could be changed after
+this.  To fix this, pointers that point into outdir->buf, such as
+int_limit and root need to be recaulated based on the new starting
+address of outdir->buf.
+
+[ Changed to correctly recalculate int_limit, and to optimize how we
+  reallocate outdir->buf.  -TYT ]
+
+Addresses-Debian-Bug: 948517
+Signed-off-by: Wang Shilong <wshilong@ddn.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01)
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01]
+---
+ e2fsck/rehash.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 0a5888a9..2574e151 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir,
+ 	errcode_t	retval;
+ 
+ 	if (outdir->num >= outdir->max) {
+-		retval = alloc_size_dir(fs, outdir, outdir->max + 50);
++		int increment = outdir->max / 10;
++
++		if (increment < 50)
++			increment = 50;
++		retval = alloc_size_dir(fs, outdir, outdir->max + increment);
+ 		if (retval)
+ 			return retval;
+ 	}
+@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs,
+ 	if (retval)
+ 		return retval;
+ 
++	/* outdir->buf might be reallocated */
++	*prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset);
++
+ 	*next_ent = set_int_node(fs, block_start);
+ 	*limit = (struct ext2_dx_countlimit *)(*next_ent);
+ 	if (next_offset)
+@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ 					return retval;
+ 			}
+ 			if (c3 == 0) {
++				int delta1 = (char *)int_limit - outdir->buf;
++				int delta2 = (char *)root - outdir->buf;
++
+ 				retval = alloc_blocks(fs, &limit, &int_ent,
+ 						      &dx_ent, &int_offset,
+ 						      NULL, outdir, i, &c2,
+@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ 				if (retval)
+ 					return retval;
+ 
++				/* outdir->buf might be reallocated */
++				int_limit = (struct ext2_dx_countlimit *)
++					(outdir->buf + delta1);
++				root = (struct ext2_dx_entry *)
++					(outdir->buf + delta2);
+ 			}
+ 			dx_ent->block = ext2fs_cpu_to_le32(i);
+ 			if (c3 != limit->limit)
+-- 
+2.24.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb

@@ -7,6 +7,9 @@ SRC_URI += "file://remove.ldconfig.call.patch \
             file://mkdir_p.patch \
             file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
             file://0001-create_inode-fix-copying-large-files.patch \
+            file://CVE-2019-5188.patch \
+            file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
+            file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
             "
 
 SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \

meta/recipes-devtools/git/git_2.20.1.bb

@@ -1,11 +0,0 @@
-require git.inc
-
-EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
-                 ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
-                 "
-EXTRA_OEMAKE += "NO_GETTEXT=1"
-
-SRC_URI[tarball.md5sum] = "7a7769e5c957364ed0aed89e6e67c254"
-SRC_URI[tarball.sha256sum] = "edc3bc1495b69179ba4e272e97eff93334a20decb1d8db6ec3c19c16417738fd"
-SRC_URI[manpages.md5sum] = "78c6e54a61a167dab5e8ae07036293ab"
-SRC_URI[manpages.sha256sum] = "e9c123463abd05e142defe44a8060ce6e9853dfd8c83b2542e38b7deac4e6d4c"

meta/recipes-devtools/git/git_2.20.4.bb

@@ -0,0 +1,11 @@
+require git.inc
+
+EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
+                 ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
+                 "
+EXTRA_OEMAKE += "NO_GETTEXT=1"
+
+SRC_URI[tarball.md5sum] = "6f524e37186a79848a716e2a91330868"
+SRC_URI[tarball.sha256sum] = "92719084d7648b69038ea617a3bc45ec74f60ed7eef753ae2ad84b6f0b268e9a"
+SRC_URI[manpages.md5sum] = "dceabcda244042a06ed4cabd754627a5"
+SRC_URI[manpages.sha256sum] = "72fdd1799756b1240921d10eb5c67de9a651b44d429ba7293929c9d5344ad3e0"

meta/recipes-devtools/python/python.inc

@@ -5,13 +5,13 @@ SECTION = "devel/python"
 # bump this on every change in contrib/python/generate-manifest-2.7.py
 INC_PR = "r1"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            "
 
-SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd"
-SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41"
+SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a"
+SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43"
 
 # python recipe is actually python 2.x
 # also, exclude pre-releases for both python 2.x and 3.x

meta/recipes-devtools/python/python3_3.7.7.bb

@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.python.org"
 LICENSE = "PSFv2"
 SECTION = "devel/python"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://run-ptest \
@@ -38,8 +38,8 @@ SRC_URI_append_class-nativesdk = " \
            file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
            "
 
-SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c"
-SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f"
+SRC_URI[md5sum] = "172c650156f7bea68ce31b2fd01fa766"
+SRC_URI[sha256sum] = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"

meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch

@@ -0,0 +1,42 @@
+From 59402e3a61d14eb7ce8c2019ea1a87ad4bd28605 Mon Sep 17 00:00:00 2001
+From: Anuj Mittal <anuj.mittal@intel.com>
+Date: Thu, 14 Nov 2019 10:13:53 +0800
+Subject: [PATCH] dont setup compiler flags -m32/-m64
+
+We don't want these to be setup by boost as we pass our own flags.
+
+Upstream-Status: Inappropriate [OE-specific]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ tools/build/src/tools/gcc.jam | 14 --------------
+ 1 file changed, 14 deletions(-)
+
+diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam
+index c7e3cf3..24486e0 100644
+--- a/tools/build/src/tools/gcc.jam
++++ b/tools/build/src/tools/gcc.jam
+@@ -430,20 +430,6 @@ local rule compile-link-flags ( * )
+ }
+ 
+ {
+-    # Handle address-model
+-    compile-link-flags <target-os>aix/<address-model>32 : -maix32 ;
+-    compile-link-flags <target-os>aix/<address-model>64 : -maix64 ;
+-
+-    compile-link-flags <target-os>hpux/<address-model>32 : -milp32 ;
+-    compile-link-flags <target-os>hpux/<address-model>64 : -mlp64 ;
+-
+-    local generic-os = [ set.difference $(all-os) : aix hpux ] ;
+-    local arch = power sparc x86 ;
+-    compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>32 : -m32 ;
+-    compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>64 : -m64 ;
+-}
+-
+-{
+     # Handle threading
+     local rule threading-flags ( * )
+     {
+-- 
+2.7.4
+

meta/recipes-support/boost/boost_1.69.0.bb

@@ -6,4 +6,5 @@ SRC_URI += "file://arm-intrinsics.patch \
            file://boost-math-disable-pch-for-gcc.patch \
            file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
            file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
+           file://0001-dont-setup-compiler-flags-m32-m64.patch \
            "

meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch

@@ -1,4 +1,4 @@
-From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001
+From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Thu, 20 Dec 2018 17:37:48 -0800
 Subject: [PATCH] Woverride-init is not needed with gcc 9
@@ -17,15 +17,18 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/dirmngr/dns.h b/dirmngr/dns.h
-index 30d0b45..98fe412 100644
+index 024d6dcc8..c6e141e16 100644
 --- a/dirmngr/dns.h
 +++ b/dirmngr/dns.h
-@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void);
+@@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void);
+ #define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"")
+ #define DNS_PRAGMA_POP _Pragma("clang diagnostic pop")
  
- #define dns_quietinit(...) \
- 	DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP
 -#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4
 +#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9)
  #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push")
  #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"")
  #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop")
+-- 
+2.17.1
+

meta/recipes-support/gnupg/gnupg_2.2.17.bb

@@ -19,9 +19,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
 SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
                                 file://relocate.patch"
 
-
-SRC_URI[md5sum] = "563b959d0c3856e34526e9ca51c80d7b"
-SRC_URI[sha256sum] = "76c787a955f9e6e0ead47c9be700bfb9d454f955a7b7c7e697aa719bac7b11d8"
+SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c"
+SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514"
 
 EXTRA_OECONF = "--disable-ldap \
 		--disable-ccid-driver \

meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb

@@ -15,6 +15,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
 SRC_URI[md5sum] = "cac755dc6c6acd6e0c70007f547548f5"
 SRC_URI[sha256sum] = "75ddc194a5b1d6f25033bb9d355f04bfe5c03e0e1c71ed0774104457b3a786c6"
 
+CVE_PRODUCT = "libsoup"
+
 S = "${WORKDIR}/libsoup-${PV}"
 
 inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc

meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch

@@ -0,0 +1,40 @@
+From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 15 Oct 2019 13:22:52 +0800
+Subject: [PATCH] Fix CVE-2019-16168
+
+CVE: CVE-2019-16168
+
+Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ sqlite3.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 61bfdeb..b3e6ae2 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -105933,7 +105933,9 @@ static void decodeIntArray(
+       if( sqlite3_strglob("unordered*", z)==0 ){
+         pIndex->bUnordered = 1;
+       }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+-        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
++        int sz = sqlite3Atoi(z+3);
++        if( sz<2 ) sz = 2;
++        pIndex->szIdxRow = sqlite3LogEst(sz);
+       }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+         pIndex->noSkipScan = 1;
+       }
+@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex(
+     ** it to pNew->rRun, which is currently set to the cost of the index
+     ** seek only. Then, if this is a non-covering index, add the cost of
+     ** visiting the rows in the main table.  */
++    assert( pSrc->pTab->szTabRow>0 );
+     rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+     pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+     if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+-- 
+2.17.1
+

meta/recipes-support/sqlite/sqlite3_3.27.2.bb

@@ -7,6 +7,7 @@ SRC_URI = "\
   http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
   file://CVE-2019-9936.patch \
   file://CVE-2019-9937.patch \
+  file://0001-Fix-CVE-2019-16168.patch \
   "
 
 SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0"