[OE-core][dunfell 00/15] Patch review

[OE-core][dunfell 00/15] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2019

The following changes since commit 707036d4ec12ef1a260adcef78627b26e32e6540:

  linux-yocto/5.4: update to v5.4.105 (2021-03-24 04:30:32 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Anton D. Kachalov (1):
  run-postinsts: do not remove postinsts directory.

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.107

Catalin Enache (1):
  connman: fix CVE-2021-26675, CVE-2021-26676

Christopher Larson (2):
  buildhistory: add missing vardepsexcludes
  image,populate_sdk_base: move 'func' flag setting for sdk command vars

He Zhe (1):
  cryptodev-module: Backport a patch to fix build failure with kernel
    v5.8

Khem Raj (1):
  documentation-audit.sh: Fix typo in specifying LICENSE_FLAGS_WHITELIST

Mark Hatle (1):
  populate_sdk_ext: Avoid copying and producing .pyc files

Michael Trensch (1):
  linux-firmware: Fix packaging

Mikko Rapeli (1):
  openssl: update to 1.1.1k to fix CVE-2021-3450 and CVE-2021-3449

Mingli Yu (1):
  libtool: make sure autoheader run before autoconf

Minjae Kim (1):
  git: fix CVE-2021-21300

Naveen Saini (1):
  cryptodev-module: fix build failure with kernel v5.10

Robert P. J. Day (2):
  bitbake.conf: correct description of HOSTTOOLS_DIR
  packagegroups: delete useless "PROVIDES" lines

 meta/classes/buildhistory.bbclass             |   3 +
 meta/classes/image.bbclass                    |   2 +-
 meta/classes/populate_sdk_base.bbclass        |   7 +
 meta/classes/populate_sdk_ext.bbclass         |   4 +-
 meta/conf/bitbake.conf                        |   2 +-
 meta/lib/oe/copy_buildsystem.py               |   6 +-
 .../connman/connman/CVE-2021-26675.patch      |  62 ++++
 .../connman/connman/CVE-2021-26676-0001.patch | 231 +++++++++++++
 .../connman/connman/CVE-2021-26676-0002.patch |  33 ++
 .../connman/connman_1.37.bb                   |   3 +
 .../{openssl_1.1.1j.bb => openssl_1.1.1k.bb}  |   2 +-
 .../packagegroups/packagegroup-base.bb        |   1 -
 .../packagegroups/packagegroup-core-nfs.bb    |   1 -
 .../git/files/CVE-2021-21300.patch            | 305 ++++++++++++++++++
 meta/recipes-devtools/git/git.inc             |   4 +-
 .../libtool/libtool-2.4.6.inc                 |   1 +
 ...-sure-autoheader-run-before-autoconf.patch |  35 ++
 .../run-postinsts/run-postinsts/run-postinsts |  10 +-
 .../cryptodev/cryptodev-module_1.10.bb        |   2 +
 .../0001-Fix-build-for-Linux-5.8-rc1.patch    |  49 +++
 .../0001-Fix-build-for-Linux-5.9-rc1.patch    |  42 +++
 .../linux-firmware/linux-firmware_20210208.bb |  41 ++-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 scripts/contrib/documentation-audit.sh        |   2 +-
 26 files changed, 840 insertions(+), 44 deletions(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1j.bb => openssl_1.1.1k.bb} (98%)
 create mode 100644 meta/recipes-devtools/git/files/CVE-2021-21300.patch
 create mode 100644 meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
 create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch
 create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch

-- 
2.25.1

[OE-core][dunfell 01/15] connman: fix CVE-2021-26675, CVE-2021-26676

[Steve Sakoman]

From: Catalin Enache <catalin.enache@windriver.com>

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39
could be used by network adjacent attackers to execute code.

gdhcp in ConnMan before 1.39 could be used by network-adjacent.
attackers to leak sensitive stack information, allowing further
exploitation of bugs in gdhcp.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26675
https://nvd.nist.gov/vuln/detail/CVE-2021-26676

Upstream patches:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../connman/connman/CVE-2021-26675.patch      |  62 +++++
 .../connman/connman/CVE-2021-26676-0001.patch | 231 ++++++++++++++++++
 .../connman/connman/CVE-2021-26676-0002.patch |  33 +++
 .../connman/connman_1.37.bb                   |   3 +
 4 files changed, 329 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch b/meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch
new file mode 100644
index 0000000000..2648a832ca
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2021-26675.patch
@@ -0,0 +1,62 @@
+From e4079a20f617a4b076af503f6e4e8b0304c9f2cb Mon Sep 17 00:00:00 2001
+From: Colin Wee <cwee@tesla.com>
+Date: Thu, 28 Jan 2021 19:41:53 +0100
+Subject: [PATCH] dnsproxy: Add length checks to prevent buffer overflow
+
+Fixes: CVE-2021-26675
+
+Upstream-Status: Backport
+CVE: CVE-2021-26675
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/dnsproxy.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index a7bf87a1..4f5c897f 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -1767,6 +1767,7 @@ static char *uncompress(int16_t field_count, char *start, char *end,
+			char **uncompressed_ptr)
+ {
+	char *uptr = *uncompressed_ptr; /* position in result buffer */
++	char * const uncomp_end = uncompressed + uncomp_len - 1;
+
+	debug("count %d ptr %p end %p uptr %p", field_count, ptr, end, uptr);
+
+@@ -1787,12 +1788,15 @@ static char *uncompress(int16_t field_count, char *start, char *end,
+		 * tmp buffer.
+		 */
+
+-		ulen = strlen(name);
+-		strncpy(uptr, name, uncomp_len - (uptr - uncompressed));
+-
+		debug("pos %d ulen %d left %d name %s", pos, ulen,
+			(int)(uncomp_len - (uptr - uncompressed)), uptr);
+
++		ulen = strlen(name);
++		if ((uptr + ulen + 1) > uncomp_end) {
++			goto out;
++		}
++		strncpy(uptr, name, uncomp_len - (uptr - uncompressed));
++
+		uptr += ulen;
+		*uptr++ = '\0';
+
+@@ -1802,6 +1806,10 @@ static char *uncompress(int16_t field_count, char *start, char *end,
+		 * We copy also the fixed portion of the result (type, class,
+		 * ttl, address length and the address)
+		 */
++		if ((uptr + NS_RRFIXEDSZ) > uncomp_end) {
++			debug("uncompressed data too large for buffer");
++			goto out;
++		}
+		memcpy(uptr, ptr, NS_RRFIXEDSZ);
+
+		dns_type = uptr[0] << 8 | uptr[1];
+--
+2.17.1
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch b/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch
new file mode 100644
index 0000000000..4104e4bfc6
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0001.patch
@@ -0,0 +1,231 @@
+From 58d397ba74873384aee449690a9070bacd5676fa Mon Sep 17 00:00:00 2001
+From: Colin Wee <cwee@tesla.com>
+Date: Thu, 28 Jan 2021 19:39:14 +0100
+Subject: [PATCH] gdhcp: Avoid reading invalid data in dhcp_get_option
+
+Upstream-Status: Backport
+CVE: CVE-2021-26676
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ gdhcp/client.c | 20 +++++++++++---------
+ gdhcp/common.c | 24 +++++++++++++++++++-----
+ gdhcp/common.h |  2 +-
+ gdhcp/server.c | 12 +++++++-----
+ 4 files changed, 38 insertions(+), 20 deletions(-)
+
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index 09dfe5ec..6a5613e7 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -1629,12 +1629,12 @@ static void start_request(GDHCPClient *dhcp_client)
+							NULL);
+ }
+
+-static uint32_t get_lease(struct dhcp_packet *packet)
++static uint32_t get_lease(struct dhcp_packet *packet, uint16_t packet_len)
+ {
+	uint8_t *option;
+	uint32_t lease_seconds;
+
+-	option = dhcp_get_option(packet, DHCP_LEASE_TIME);
++	option = dhcp_get_option(packet, packet_len, DHCP_LEASE_TIME);
+	if (!option)
+		return 3600;
+
+@@ -2226,7 +2226,8 @@ static void get_dhcpv6_request(GDHCPClient *dhcp_client,
+	}
+ }
+
+-static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet)
++static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet,
++		uint16_t packet_len)
+ {
+	GDHCPOptionType type;
+	GList *list, *value_list;
+@@ -2237,7 +2238,7 @@ static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet)
+	for (list = dhcp_client->request_list; list; list = list->next) {
+		code = (uint8_t) GPOINTER_TO_INT(list->data);
+
+-		option = dhcp_get_option(packet, code);
++		option = dhcp_get_option(packet, packet_len, code);
+		if (!option) {
+			g_hash_table_remove(dhcp_client->code_value_hash,
+						GINT_TO_POINTER((int) code));
+@@ -2297,6 +2298,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+		re = dhcp_recv_l2_packet(&packet,
+					dhcp_client->listener_sockfd,
+					&dst_addr);
++		pkt_len = (uint16_t)(unsigned int)re;
+		xid = packet.xid;
+	} else if (dhcp_client->listen_mode == L3) {
+		if (dhcp_client->type == G_DHCP_IPV6) {
+@@ -2361,7 +2363,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+			dhcp_client->status_code = status;
+		}
+	} else {
+-		message_type = dhcp_get_option(&packet, DHCP_MESSAGE_TYPE);
++		message_type = dhcp_get_option(&packet, pkt_len, DHCP_MESSAGE_TYPE);
+		if (!message_type)
+			return TRUE;
+	}
+@@ -2378,7 +2380,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+		dhcp_client->timeout = 0;
+		dhcp_client->retry_times = 0;
+
+-		option = dhcp_get_option(&packet, DHCP_SERVER_ID);
++		option = dhcp_get_option(&packet, pkt_len, DHCP_SERVER_ID);
+		dhcp_client->server_ip = get_be32(option);
+		dhcp_client->requested_ip = ntohl(packet.yiaddr);
+
+@@ -2428,9 +2430,9 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+
+			remove_timeouts(dhcp_client);
+
+-			dhcp_client->lease_seconds = get_lease(&packet);
++			dhcp_client->lease_seconds = get_lease(&packet, pkt_len);
+
+-			get_request(dhcp_client, &packet);
++			get_request(dhcp_client, &packet, pkt_len);
+
+			switch_listening_mode(dhcp_client, L_NONE);
+
+@@ -2438,7 +2440,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+			dhcp_client->assigned_ip = get_ip(packet.yiaddr);
+
+			if (dhcp_client->state == REBOOTING) {
+-				option = dhcp_get_option(&packet,
++				option = dhcp_get_option(&packet, pkt_len,
+							DHCP_SERVER_ID);
+				dhcp_client->server_ip = get_be32(option);
+			}
+diff --git a/gdhcp/common.c b/gdhcp/common.c
+index 1d667d17..c8916aa8 100644
+--- a/gdhcp/common.c
++++ b/gdhcp/common.c
+@@ -73,18 +73,21 @@ GDHCPOptionType dhcp_get_code_type(uint8_t code)
+	return OPTION_UNKNOWN;
+ }
+
+-uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code)
++uint8_t *dhcp_get_option(struct dhcp_packet *packet, uint16_t packet_len, int code)
+ {
+	int len, rem;
+-	uint8_t *optionptr;
++	uint8_t *optionptr, *options_end;
++	size_t options_len;
+	uint8_t overload = 0;
+
+	/* option bytes: [code][len][data1][data2]..[dataLEN] */
+	optionptr = packet->options;
+	rem = sizeof(packet->options);
++	options_len = packet_len - (sizeof(*packet) - sizeof(packet->options));
++	options_end = optionptr + options_len - 1;
+
+	while (1) {
+-		if (rem <= 0)
++		if ((rem <= 0) && (optionptr + OPT_CODE > options_end))
+			/* Bad packet, malformed option field */
+			return NULL;
+
+@@ -115,14 +118,25 @@ uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code)
+			break;
+		}
+
++		if (optionptr + OPT_LEN > options_end) {
++			/* bad packet, would read length field from OOB */
++			return NULL;
++		}
++
+		len = 2 + optionptr[OPT_LEN];
+
+		rem -= len;
+		if (rem < 0)
+			continue; /* complain and return NULL */
+
+-		if (optionptr[OPT_CODE] == code)
+-			return optionptr + OPT_DATA;
++		if (optionptr[OPT_CODE] == code) {
++			if (optionptr + len > options_end) {
++				/* bad packet, option length points OOB */
++				return NULL;
++			} else {
++				return optionptr + OPT_DATA;
++			}
++		}
+
+		if (optionptr[OPT_CODE] == DHCP_OPTION_OVERLOAD)
+			overload |= optionptr[OPT_DATA];
+diff --git a/gdhcp/common.h b/gdhcp/common.h
+index 9660231c..8f63fd75 100644
+--- a/gdhcp/common.h
++++ b/gdhcp/common.h
+@@ -179,7 +179,7 @@ struct in6_pktinfo {
+ };
+ #endif
+
+-uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code);
++uint8_t *dhcp_get_option(struct dhcp_packet *packet, uint16_t packet_len, int code);
+ uint8_t *dhcpv6_get_option(struct dhcpv6_packet *packet, uint16_t pkt_len,
+			int code, uint16_t *option_len, int *option_count);
+ uint8_t *dhcpv6_get_sub_option(unsigned char *option, uint16_t max_len,
+diff --git a/gdhcp/server.c b/gdhcp/server.c
+index 85405f19..52ea2a55 100644
+--- a/gdhcp/server.c
++++ b/gdhcp/server.c
+@@ -413,7 +413,7 @@ error:
+ }
+
+
+-static uint8_t check_packet_type(struct dhcp_packet *packet)
++static uint8_t check_packet_type(struct dhcp_packet *packet, uint16_t packet_len)
+ {
+	uint8_t *type;
+
+@@ -423,7 +423,7 @@ static uint8_t check_packet_type(struct dhcp_packet *packet)
+	if (packet->op != BOOTREQUEST)
+		return 0;
+
+-	type = dhcp_get_option(packet, DHCP_MESSAGE_TYPE);
++	type = dhcp_get_option(packet, packet_len, DHCP_MESSAGE_TYPE);
+
+	if (!type)
+		return 0;
+@@ -651,6 +651,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+	struct dhcp_lease *lease;
+	uint32_t requested_nip = 0;
+	uint8_t type, *server_id_option, *request_ip_option;
++	uint16_t packet_len;
+	int re;
+
+	if (condition & (G_IO_NVAL | G_IO_ERR | G_IO_HUP)) {
+@@ -661,12 +662,13 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+	re = dhcp_recv_l3_packet(&packet, dhcp_server->listener_sockfd);
+	if (re < 0)
+		return TRUE;
++	packet_len = (uint16_t)(unsigned int)re;
+
+-	type = check_packet_type(&packet);
++	type = check_packet_type(&packet, packet_len);
+	if (type == 0)
+		return TRUE;
+
+-	server_id_option = dhcp_get_option(&packet, DHCP_SERVER_ID);
++	server_id_option = dhcp_get_option(&packet, packet_len, DHCP_SERVER_ID);
+	if (server_id_option) {
+		uint32_t server_nid =
+			get_unaligned((const uint32_t *) server_id_option);
+@@ -675,7 +677,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+			return TRUE;
+	}
+
+-	request_ip_option = dhcp_get_option(&packet, DHCP_REQUESTED_IP);
++	request_ip_option = dhcp_get_option(&packet, packet_len, DHCP_REQUESTED_IP);
+	if (request_ip_option)
+		requested_nip = get_be32(request_ip_option);
+
+--
+2.17.1
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch b/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch
new file mode 100644
index 0000000000..ce909ec293
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2021-26676-0002.patch
@@ -0,0 +1,33 @@
+From a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 Mon Sep 17 00:00:00 2001
+From: Colin Wee <cwee@tesla.com>
+Date: Thu, 28 Jan 2021 19:41:09 +0100
+Subject: [PATCH] gdhcp: Avoid leaking stack data via unitiialized variable
+
+Fixes: CVE-2021-26676
+
+Upstream-Status: Backport
+CVE: CVE-2021-26676
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ gdhcp/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index 6a5613e7..c7b85e58 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -2270,7 +2270,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
+ {
+	GDHCPClient *dhcp_client = user_data;
+	struct sockaddr_in dst_addr = { 0 };
+-	struct dhcp_packet packet;
++	struct dhcp_packet packet = { 0 };
+	struct dhcpv6_packet *packet6 = NULL;
+	uint8_t *message_type = NULL, *client_id = NULL, *option,
+		*server_id = NULL;
+--
+2.17.1
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index 00852bf0d6..bdab4c4f18 100644
--- a/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -6,6 +6,9 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://0001-gweb-fix-segfault-with-musl-v1.1.21.patch \
             file://connman \
             file://no-version-scripts.patch \
+            file://CVE-2021-26675.patch \
+            file://CVE-2021-26676-0001.patch \
+            file://CVE-2021-26676-0002.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
-- 
2.25.1

[OE-core][dunfell 02/15] git: fix CVE-2021-21300

[Steve Sakoman]

From: Minjae Kim <flowergom@gmail.com>

checkout: fix bug that makes checkout follow symlinks in leading path

Upstream-Status: Acepted [https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592]
CVE: CVE-2021-21300
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../git/files/CVE-2021-21300.patch            | 305 ++++++++++++++++++
 meta/recipes-devtools/git/git.inc             |   4 +-
 2 files changed, 308 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/git/files/CVE-2021-21300.patch

diff --git a/meta/recipes-devtools/git/files/CVE-2021-21300.patch b/meta/recipes-devtools/git/files/CVE-2021-21300.patch
new file mode 100644
index 0000000000..9206f711cf
--- /dev/null
+++ b/meta/recipes-devtools/git/files/CVE-2021-21300.patch
@@ -0,0 +1,305 @@
+From 0e9cef2414f0df3fa5b9b56ff9072aa122bef29c Mon Sep 17 00:00:00 2001
+From: Minjae Kim <flowrgom@gmail.com>
+Date: Sat, 27 Mar 2021 15:18:46 +0900
+Subject: [PATCH] checkout: fix bug that makes checkout follow symlinks in
+ leading path
+
+Before checking out a file, we have to confirm that all of its leading
+components are real existing directories. And to reduce the number of
+lstat() calls in this process, we cache the last leading path known to
+contain only directories. However, when a path collision occurs (e.g.
+when checking out case-sensitive files in case-insensitive file
+systems), a cached path might have its file type changed on disk,
+leaving the cache on an invalid state. Normally, this doesn't bring
+any bad consequences as we usually check out files in index order, and
+therefore, by the time the cached path becomes outdated, we no longer
+need it anyway (because all files in that directory would have already
+been written).
+
+But, there are some users of the checkout machinery that do not always
+follow the index order. In particular: checkout-index writes the paths
+in the same order that they appear on the CLI (or stdin); and the
+delayed checkout feature -- used when a long-running filter process
+replies with "status=delayed" -- postpones the checkout of some entries,
+thus modifying the checkout order.
+
+When we have to check out an out-of-order entry and the lstat() cache is
+invalid (due to a previous path collision), checkout_entry() may end up
+using the invalid data and thrusting that the leading components are
+real directories when, in reality, they are not. In the best case
+scenario, where the directory was replaced by a regular file, the user
+will get an error: "fatal: unable to create file 'foo/bar': Not a
+directory". But if the directory was replaced by a symlink, checkout
+could actually end up following the symlink and writing the file at a
+wrong place, even outside the repository. Since delayed checkout is
+affected by this bug, it could be used by an attacker to write
+arbitrary files during the clone of a maliciously crafted repository.
+
+Some candidate solutions considered were to disable the lstat() cache
+during unordered checkouts or sort the entries before passing them to
+the checkout machinery. But both ideas include some performance penalty
+and they don't future-proof the code against new unordered use cases.
+
+Instead, we now manually reset the lstat cache whenever we successfully
+remove a directory. Note: We are not even checking whether the directory
+was the same as the lstat cache points to because we might face a
+scenario where the paths refer to the same location but differ due to
+case folding, precomposed UTF-8 issues, or the presence of `..`
+components in the path. Two regression tests, with case-collisions and
+utf8-collisions, are also added for both checkout-index and delayed
+checkout.
+
+Note: to make the previously mentioned clone attack unfeasible, it would
+be sufficient to reset the lstat cache only after the remove_subtree()
+call inside checkout_entry(). This is the place where we would remove a
+directory whose path collides with the path of another entry that we are
+currently trying to check out (possibly a symlink). However, in the
+interest of a thorough fix that does not leave Git open to
+similar-but-not-identical attack vectors, we decided to intercept
+all `rmdir()` calls in one fell swoop.
+
+This addresses CVE-2021-21300.
+
+Co-authored-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br>
+
+Upstream-Status: Acepted [https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592]
+CVE: CVE-2021-21300
+Signed-off-by: Minjae Kim <flowergom@gmail.com>
+---
+ cache.h                         |  1 +
+ compat/mingw.c                  |  2 ++
+ git-compat-util.h               |  5 +++++
+ symlinks.c                      | 25 +++++++++++++++++++++
+ t/t0021-conversion.sh           | 39 ++++++++++++++++++++++++++++++++
+ t/t0021/rot13-filter.pl         | 21 ++++++++++++++---
+ t/t2006-checkout-index-basic.sh | 40 +++++++++++++++++++++++++++++++++
+ 7 files changed, 130 insertions(+), 3 deletions(-)
+
+diff --git a/cache.h b/cache.h
+index 04cabaa..dda373f 100644
+--- a/cache.h
++++ b/cache.h
+@@ -1675,6 +1675,7 @@ int has_symlink_leading_path(const char *name, int len);
+ int threaded_has_symlink_leading_path(struct cache_def *, const char *, int);
+ int check_leading_path(const char *name, int len);
+ int has_dirs_only_path(const char *name, int len, int prefix_len);
++extern void invalidate_lstat_cache(void);
+ void schedule_dir_for_removal(const char *name, int len);
+ void remove_scheduled_dirs(void);
+ 
+diff --git a/compat/mingw.c b/compat/mingw.c
+index bd24d91..cea9c72 100644
+--- a/compat/mingw.c
++++ b/compat/mingw.c
+@@ -340,6 +340,8 @@ int mingw_rmdir(const char *pathname)
+ 	       ask_yes_no_if_possible("Deletion of directory '%s' failed. "
+ 			"Should I try again?", pathname))
+ 	       ret = _wrmdir(wpathname);
++	if (!ret)
++		invalidate_lstat_cache();
+ 	return ret;
+ }
+ 
+diff --git a/git-compat-util.h b/git-compat-util.h
+index d0dd9c0..a1ecfd3 100644
+--- a/git-compat-util.h
++++ b/git-compat-util.h
+@@ -365,6 +365,11 @@ static inline int noop_core_config(const char *var, const char *value, void *cb)
+ #define platform_core_config noop_core_config
+ #endif
+ 
++int lstat_cache_aware_rmdir(const char *path);
++#if !defined(__MINGW32__) && !defined(_MSC_VER)
++#define rmdir lstat_cache_aware_rmdir
++#endif
++
+ #ifndef has_dos_drive_prefix
+ static inline int git_has_dos_drive_prefix(const char *path)
+ {
+diff --git a/symlinks.c b/symlinks.c
+index 69d458a..ae3c665 100644
+--- a/symlinks.c
++++ b/symlinks.c
+@@ -267,6 +267,13 @@ int has_dirs_only_path(const char *name, int len, int prefix_len)
+  */
+ static int threaded_has_dirs_only_path(struct cache_def *cache, const char *name, int len, int prefix_len)
+ {
++	/*
++	 * Note: this function is used by the checkout machinery, which also
++	 * takes care to properly reset the cache when it performs an operation
++	 * that would leave the cache outdated. If this function starts caching
++	 * anything else besides FL_DIR, remember to also invalidate the cache
++	 * when creating or deleting paths that might be in the cache.
++	 */
+ 	return lstat_cache(cache, name, len,
+ 			   FL_DIR|FL_FULLPATH, prefix_len) &
+ 		FL_DIR;
+@@ -321,3 +328,21 @@ void remove_scheduled_dirs(void)
+ {
+ 	do_remove_scheduled_dirs(0);
+ }
++
++
++void invalidate_lstat_cache(void)
++{
++	reset_lstat_cache(&default_cache);
++}
++
++#undef rmdir
++int lstat_cache_aware_rmdir(const char *path)
++{
++	/* Any change in this function must be made also in `mingw_rmdir()` */
++	int ret = rmdir(path);
++
++	if (!ret)
++		invalidate_lstat_cache();
++
++	return ret;
++}
+diff --git a/t/t0021-conversion.sh b/t/t0021-conversion.sh
+index c954c70..6a1d5f6 100755
+--- a/t/t0021-conversion.sh
++++ b/t/t0021-conversion.sh
+@@ -820,4 +820,43 @@ test_expect_success PERL 'invalid file in delayed checkout' '
+ 	grep "error: external filter .* signaled that .unfiltered. is now available although it has not been delayed earlier" git-stderr.log
+ '
+ 
++for mode in 'case' 'utf-8'
++do
++	case "$mode" in
++	case)	dir='A' symlink='a' mode_prereq='CASE_INSENSITIVE_FS' ;;
++	utf-8)
++		dir=$(printf "\141\314\210") symlink=$(printf "\303\244")
++		mode_prereq='UTF8_NFD_TO_NFC' ;;
++	esac
++
++	test_expect_success PERL,SYMLINKS,$mode_prereq \
++	"delayed checkout with $mode-collision don't write to the wrong place" '
++		test_config_global filter.delay.process \
++			"\"$TEST_ROOT/rot13-filter.pl\" --always-delay delayed.log clean smudge delay" &&
++		test_config_global filter.delay.required true &&
++		git init $mode-collision &&
++		(
++			cd $mode-collision &&
++			mkdir target-dir &&
++			empty_oid=$(printf "" | git hash-object -w --stdin) &&
++			symlink_oid=$(printf "%s" "$PWD/target-dir" | git hash-object -w --stdin) &&
++			attr_oid=$(echo "$dir/z filter=delay" | git hash-object -w --stdin) &&
++			cat >objs <<-EOF &&
++			100644 blob $empty_oid	$dir/x
++			100644 blob $empty_oid	$dir/y
++			100644 blob $empty_oid	$dir/z
++			120000 blob $symlink_oid	$symlink
++			100644 blob $attr_oid	.gitattributes
++			EOF
++			git update-index --index-info <objs &&
++			git commit -m "test commit"
++		) &&
++		git clone $mode-collision $mode-collision-cloned &&
++		# Make sure z was really delayed
++		grep "IN: smudge $dir/z .* \\[DELAYED\\]" $mode-collision-cloned/delayed.log &&
++		# Should not create $dir/z at $symlink/z
++		test_path_is_missing $mode-collision/target-dir/z
++	'
++done
++
+ test_done
+diff --git a/t/t0021/rot13-filter.pl b/t/t0021/rot13-filter.pl
+index 4701072..007f2d7 100644
+--- a/t/t0021/rot13-filter.pl
++++ b/t/t0021/rot13-filter.pl
+@@ -2,9 +2,15 @@
+ # Example implementation for the Git filter protocol version 2
+ # See Documentation/gitattributes.txt, section "Filter Protocol"
+ #
+-# The first argument defines a debug log file that the script write to.
+-# All remaining arguments define a list of supported protocol
+-# capabilities ("clean", "smudge", etc).
++# Usage: rot13-filter.pl [--always-delay] <log path> <capabilities>
++#
++# Log path defines a debug log file that the script writes to. The
++# subsequent arguments define a list of supported protocol capabilities
++# ("clean", "smudge", etc).
++#
++# When --always-delay is given all pathnames with the "can-delay" flag
++# that don't appear on the list bellow are delayed with a count of 1
++# (see more below).
+ #
+ # This implementation supports special test cases:
+ # (1) If data with the pathname "clean-write-fail.r" is processed with
+@@ -53,6 +59,13 @@ sub gitperllib {
+ use Git::Packet;
+ 
+ my $MAX_PACKET_CONTENT_SIZE = 65516;
++
++my $always_delay = 0;
++if ( $ARGV[0] eq '--always-delay' ) {
++	$always_delay = 1;
++	shift @ARGV;
++}
++
+ my $log_file                = shift @ARGV;
+ my @capabilities            = @ARGV;
+ 
+@@ -134,6 +147,8 @@ sub rot13 {
+ 			if ( $buffer eq "can-delay=1" ) {
+ 				if ( exists $DELAY{$pathname} and $DELAY{$pathname}{"requested"} == 0 ) {
+ 					$DELAY{$pathname}{"requested"} = 1;
++				} elsif ( !exists $DELAY{$pathname} and $always_delay ) {
++					$DELAY{$pathname} = { "requested" => 1, "count" => 1 };
+ 				}
+ 			} else {
+ 				die "Unknown message '$buffer'";
+diff --git a/t/t2006-checkout-index-basic.sh b/t/t2006-checkout-index-basic.sh
+index 57cbdfe..f223a02 100755
+--- a/t/t2006-checkout-index-basic.sh
++++ b/t/t2006-checkout-index-basic.sh
+@@ -21,4 +21,44 @@ test_expect_success 'checkout-index -h in broken repository' '
+ 	test_i18ngrep "[Uu]sage" broken/usage
+ '
+ 
++for mode in 'case' 'utf-8'
++do
++	case "$mode" in
++	case)	dir='A' symlink='a' mode_prereq='CASE_INSENSITIVE_FS' ;;
++	utf-8)
++		dir=$(printf "\141\314\210") symlink=$(printf "\303\244")
++		mode_prereq='UTF8_NFD_TO_NFC' ;;
++	esac
++
++	test_expect_success SYMLINKS,$mode_prereq \
++	"checkout-index with $mode-collision don't write to the wrong place" '
++		git init $mode-collision &&
++		(
++			cd $mode-collision &&
++			mkdir target-dir &&
++			empty_obj_hex=$(git hash-object -w --stdin </dev/null) &&
++			symlink_hex=$(printf "%s" "$PWD/target-dir" | git hash-object -w --stdin) &&
++			cat >objs <<-EOF &&
++			100644 blob ${empty_obj_hex}	${dir}/x
++			100644 blob ${empty_obj_hex}	${dir}/y
++			100644 blob ${empty_obj_hex}	${dir}/z
++			120000 blob ${symlink_hex}	${symlink}
++			EOF
++			git update-index --index-info <objs &&
++			# Note: the order is important here to exercise the
++			# case where the file at ${dir} has its type changed by
++			# the time Git tries to check out ${dir}/z.
++			#
++			# Also, we use core.precomposeUnicode=false because we
++			# want Git to treat the UTF-8 paths transparently on
++			# Mac OS, matching what is in the index.
++			#
++			git -c core.precomposeUnicode=false checkout-index -f \
++				${dir}/x ${dir}/y ${symlink} ${dir}/z &&
++			# Should not create ${dir}/z at ${symlink}/z
++			test_path_is_missing target-dir/z
++		)
++	'
++done
++
+ test_done
+-- 
+2.17.1
+
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc
index ae463061d8..738a429875 100644
--- a/meta/recipes-devtools/git/git.inc
+++ b/meta/recipes-devtools/git/git.inc
@@ -8,7 +8,9 @@ DEPENDS = "openssl curl zlib expat"
 PROVIDES_append_class-native = " git-replacement-native"
 
 SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
-           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages"
+           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
+	   file://CVE-2021-21300.patch \
+"
 
 S = "${WORKDIR}/git-${PV}"
 
-- 
2.25.1

[OE-core][dunfell 03/15] openssl: update to 1.1.1k to fix CVE-2021-3450 and CVE-2021-3449

[Steve Sakoman]

From: Mikko Rapeli <mikko.rapeli@bmw.de>

Only security issues fixed in this release according to
https://www.openssl.org/news/cl111.txt

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/{openssl_1.1.1j.bb => openssl_1.1.1k.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1j.bb => openssl_1.1.1k.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1k.bb
index f054d2fdba..5f281197c9 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb
@@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf"
+SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5"
 
 inherit lib_package multilib_header multilib_script ptest
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
-- 
2.25.1

[OE-core][dunfell 04/15] linux-yocto/5.4: update to v5.4.107

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    a65e78863443 Linux 5.4.107
    5161cc4350de net: dsa: b53: Support setting learning on port
    ebeefdc3d8ee net: dsa: tag_mtk: fix 802.1ad VLAN egress
    6c3d86e6ffde crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
    ae69c97bb76e crypto: aesni - Use TEST %reg,%reg instead of CMP $0,%reg
    eeb0899e0073 crypto: x86 - Regularize glue function prototypes
    187ae0463653 fuse: fix live lock in fuse_iget()
    28e53acd3065 drm/i915/gvt: Fix vfio_edid issue for BXT/APL
    5a7c72ffb412 drm/i915/gvt: Fix port number for BDW on EDID region setup
    4ab29329668d drm/i915/gvt: Fix virtual display setup for BXT/APL
    e46f72e1f27c drm/i915/gvt: Fix mmio handler break on BXT/APL.
    8cd68991b836 drm/i915/gvt: Set SNOOP for PAT3 on BXT/APL to workaround GPU BB hang
    50f83ffc58ab btrfs: scrub: Don't check free space before marking a block group RO
    591ea83fd2ce bpf, selftests: Fix up some test_verifier cases for unprivileged
    4e4c85404a23 bpf: Add sanity check for upper ptr_limit
    524471df8fa9 bpf: Simplify alu_limit masking for pointer arithmetic
    2da0540739e4 bpf: Fix off-by-one for area size in creating mask to left
    ea8fb45eaac1 bpf: Prohibit alu ops for pointer types not defining ptr_limit
    010c5bee66bd KVM: arm64: nvhe: Save the SPE context early
    0437de26e28d Linux 5.4.106
    b802b6ef28d6 xen/events: avoid handling the same event on two cpus at the same time
    92aefc62f483 xen/events: don't unmask an event channel when an eoi is pending
    43d0b82bb45c xen/events: reset affinity of 2-level event when tearing it down
    38563c1ff081 KVM: arm64: Reject VM creation when the default IPA size is unsupported
    da2e37b55d4c KVM: arm64: Ensure I-cache isolation between vcpus of a same VM
    4e2156c0d37b nvme: release namespace head reference on error
    eb565f052b3e nvme: unlink head after removing last namespace
    4535fb9ec5fd KVM: arm64: Fix exclusive limit for IPA size
    e28b19ca2aeb x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
    c0e0ab60d0b1 binfmt_misc: fix possible deadlock in bm_register_write
    106fea9ad246 powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
    907f7f2cf0ff sched/membarrier: fix missing local execution of ipi_sync_rq_state()
    2306580a95b7 zram: fix return value on writeback_store
    29e28a134a49 include/linux/sched/mm.h: use rcu_dereference in in_vfork()
    99f1960cae4f stop_machine: mark helpers __always_inline
    aaf92d0538d2 hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event()
    88c79851b82d arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
    73aa6f93e1e9 configfs: fix a use-after-free in __configfs_open_file
    babd55002dd4 block: rsxx: fix error return code of rsxx_pci_probe()
    41deefab452a NFSv4.2: fix return value of _nfs4_get_security_label()
    86954a52d829 NFS: Don't gratuitously clear the inode cache when lookup failed
    d29f9aa6a8b2 NFS: Don't revalidate the directory permissions on a lookup failure
    d5a69ed75931 SUNRPC: Set memalloc_nofs_save() for sync tasks
    9c9ea7ac18b2 arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
    19bb2a20710d sh_eth: fix TRSCER mask for R7S72100
    c3c1defad2dd staging: comedi: pcl818: Fix endian problem for AI command data
    c5916897a6e1 staging: comedi: pcl711: Fix endian problem for AI command data
    7d8ec7bef320 staging: comedi: me4000: Fix endian problem for AI command data
    e70294943c89 staging: comedi: dmm32at: Fix endian problem for AI command data
    47a2af64eea3 staging: comedi: das800: Fix endian problem for AI command data
    0f2522ec71b6 staging: comedi: das6402: Fix endian problem for AI command data
    e91490b9edb9 staging: comedi: adv_pci1710: Fix endian problem for AI command data
    4d6505edee5a staging: comedi: addi_apci_1500: Fix endian problem for command sample
    f258c1c26f64 staging: comedi: addi_apci_1032: Fix endian problem for COS sample
    e644fc4ab7bb staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
    8f586a59829b staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
    9fe42273b2c6 staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
    ab42f28d5f34 staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
    1a866057e970 staging: rtl8712: unterminated string leads to read overflow
    da5abe369b03 staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
    a311b6a7f099 staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
    e4b52c7cbaaf misc: fastrpc: restrict user apps from sending kernel RPC messages
    9009b59dfd5f misc/pvpanic: Export module FDT device table
    0a58a400a93b usbip: fix vudc usbip_sockfd_store races leading to gpf
    8a50dda5243e usbip: fix vhci_hcd attach_store() races leading to gpf
    8698133003cf usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
    7b76c7a91bf6 usbip: fix vudc to check for stream socket
    2e24c093e264 usbip: fix vhci_hcd to check for stream socket
    da1be8e07852 usbip: fix stub_dev to check for stream socket
    ec7fb77a37af USB: serial: cp210x: add some more GE USB IDs
    b05ac5bcf623 USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
    0b7034401f0c USB: serial: ch341: add new Product ID
    5287c3d62e91 USB: serial: io_edgeport: fix memory leak in edge_startup
    c1b20c6fac05 xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state
    3573dea8c17a usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
    57ab089c09d5 xhci: Improve detection of device initiated wake signal.
    f4f02f9feb4e usb: xhci: do not perform Soft Retry for some xHCI hosts
    45bc1c34b54e usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
    c9e346234698 USB: usblp: fix a hang in poll() if disconnected
    cc495be17466 usb: dwc3: qcom: Honor wakeup enabled/disabled state
    f030e3c67791 usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement
    014e4b616313 usb: gadget: f_uac1: stop playback on function disable
    117aadfc0616 usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
    ec7b0ac66539 USB: gadget: u_ether: Fix a configfs return code
    0ae3101f5cf0 Goodix Fingerprint device is not a modem
    b0ea155fa4f7 mmc: cqhci: Fix random crash when remove mmc module/card
    61fadd5f1e4e mmc: core: Fix partition switch time for eMMC
    1cb73c82622c software node: Fix node registration
    3bc266631a9e s390/dasd: fix hanging IO request during DASD driver unbind
    87adc240df30 s390/dasd: fix hanging DASD driver unbind
    12002aa2e7af arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
    47a5d1b63f21 Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
    ac85e7d4abb1 ALSA: usb-audio: Apply the control quirk to Plantronics headsets
    b1fe755e51df ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
    2b7615c97b0e ALSA: hda: Avoid spurious unsol event handling during S3/S4
    bb060148e29f ALSA: hda: Flush pending unsolicited events before suspend
    09cb42025a46 ALSA: hda: Drop the BATCH workaround for AMD controllers
    e1a92ad57b2c ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support
    ff2152beb22c ALSA: hda/hdmi: Cancel pending works before suspend
    dd6d483104bf ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk
    300fba2b4e11 scsi: target: core: Prevent underflow for service actions
    de2cdbcb4f38 scsi: target: core: Add cmd length set before cmd complete
    050e1900d617 scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
    acf0e7b15f87 sysctl.c: fix underflow value setting risk in vm_table
    508d56e2c5c3 s390/smp: __smp_rescan_cpus() - move cpumask away from stack
    54fc6a56f72a i40e: Fix memory leak in i40e_probe
    f95403013744 PCI: Fix pci_register_io_range() memory leak
    e9be5518af2c kbuild: clamp SUBLEVEL to 255
    e622e01d44e4 PCI: mediatek: Add missing of_node_put() to fix reference leak
    d54c77959ece PCI: xgene-msi: Fix race in installing chained irq handler
    395f24b37fe8 Input: applespi - don't wait for responses to commands indefinitely.
    ad93777a59c7 sparc64: Use arch_validate_flags() to validate ADI flag
    dec0ab3bc3a2 sparc32: Limit memblock allocation to low memory
    f8788ee8544c iommu/amd: Fix performance counter initialization
    d92afe30a665 powerpc/64: Fix stack trace not displaying final frame
    61654b5d079d HID: logitech-dj: add support for the new lightspeed connection iteration
    49e38713faaf powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
    a54c278fcf8b powerpc: improve handling of unrecoverable system reset
    7765b5c2c192 spi: stm32: make spurious and overrun interrupts visible
    507b9bce2113 powerpc/pci: Add ppc_md.discover_phbs()
    26d60799d99b Platform: OLPC: Fix probe error handling
    ccad3c70fcd0 mmc: mediatek: fix race condition between msdc_request_timeout and irq
    edf05afc9be3 mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
    c44d966e9020 udf: fix silent AED tagLocation corruption
    5f04f970d579 i2c: rcar: optimize cacheline to minimize HW race condition
    1e1aace4a395 i2c: rcar: faster irq code to minimize HW race condition
    2e24fd30c6f0 net: phy: fix save wrong speed and duplex problem if autoneg is on
    aea71e92b9a0 net: enetc: initialize RFS/RSS memories for unused ports too
    d1f308174a60 net: hns3: fix error mask definition of flow director
    cb36bf447a0c media: rc: compile rc-cec.c into rc-core
    4c0c31572b67 media: v4l: vsp1: Fix bru null pointer access
    f56a82844c1f media: v4l: vsp1: Fix uif null pointer access
    8cdc0900fc80 media: usbtv: Fix deadlock on suspend
    56b9b2c25905 sh_eth: fix TRSCER mask for R7S9210
    bdec0dd95cc8 qxl: Fix uninitialised struct field head.surface_id
    d5fc9c5d64ca s390/crypto: return -EFAULT if copy_to_user() fails
    72ba965bf10d s390/cio: return -EFAULT if copy_to_user() fails
    d2100ef32a8c drm: meson_drv add shutdown function
    72c541cc4552 drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff
    0d574fc463c7 drm/shmem-helper: Check for purged buffers in fault handler
    3b08ea3a548f drm/compat: Clear bounce structures
    cabbd263c8e8 bnxt_en: reliably allocate IRQ table on reset to avoid crash
    dfa176f374ba s390/cio: return -EFAULT if copy_to_user() fails again
    05d11eb7bd9d net: hns3: fix bug when calculating the TCAM table info
    8bbc59bb0556 net: hns3: fix query vlan mask value error for flow director
    4d0273ab0a79 perf traceevent: Ensure read cmdlines are null terminated.
    ef663d149f8e selftests: forwarding: Fix race condition in mirror installation
    fcce3cb62c09 net: stmmac: fix watchdog timeout during suspend/resume stress test
    d31ae9ec5a03 net: stmmac: stop each tx channel independently
    86ea605518d7 ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
    e8b6c1d7ced2 net: qrtr: fix error return code of qrtr_sendmsg()
    d28e783c2003 net: davicom: Fix regulator not turned off on driver removal
    05517de4188b net: davicom: Fix regulator not turned off on failed probe
    11a589205119 net: lapbether: Remove netif_start_queue / netif_stop_queue
    b4800e7a1c9f cipso,calipso: resolve a number of problems with the DOI refcounts
    6d599697e9a8 netdevsim: init u64 stats for 32bit hardware
    8e365b61bda7 net: usb: qmi_wwan: allow qmimux add/del with master up
    392f34cce2b0 net: sched: avoid duplicates in classes dump
    3e66c16388f5 nexthop: Do not flush blackhole nexthops when loopback goes down
    7f101d035deb net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
    0fbbcf797e9c net/mlx4_en: update moderation when config reset
    78cbd0a4749d net: enetc: don't overwrite the RSS indirection table when initializing
    6547ec428619 Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
    55e6ede3b935 cifs: return proper error code in statfs(2)
    a1ff418d3eda mount: fix mounting of detached mounts onto targets that reside on shared mounts
    59a057a89155 powerpc/603: Fix protection of user pages mapped with PROT_NONE
    da9f2219f66c mt76: dma: do not report truncated frames to mac80211
    95b0a3b09094 ibmvnic: always store valid MAC address
    3e8ab75f3301 samples, bpf: Add missing munmap in xdpsock
    c2c3a85ab01f selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier
    57b9f13e8aaa selftests/bpf: No need to drop the packet when there is no geneve opt
    82e85c0e7f34 netfilter: x_tables: gpf inside xt_find_revision()
    f66b8e738140 netfilter: nf_nat: undo erroneous tcp edemux lookup
    3bf899438c12 tcp: add sanity tests to TCP_QUEUE_SEQ
    b7049b6156ce can: tcan4x5x: tcan4x5x_init(): fix initialization - clear MRAM before entering Normal Mode
    a7e187a87e8e can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
    e0eccdfc5c0e can: flexcan: enable RX FIFO after FRZ/HALT valid
    ca483b872d20 can: flexcan: assert FRZ bit in flexcan_chip_freeze()
    6676e510d1a9 can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
    718769eb1bbe sh_eth: fix TRSCER mask for SH771x
    8baa52f26b3e net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
    ca278267d6cd net: check if protocol extracted by virtio_net_hdr_set_proto is correct
    f2d78bbbca42 net: Fix gro aggregation for udp encaps with zero csum
    9be769161192 ath9k: fix transmitting to stations in dynamic SMPS mode
    5555ee33b6cc ethernet: alx: fix order of calls on resume
    dcb95790821b powerpc/pseries: Don't enforce MSI affinity with kdump
    fd1824bf963a uapi: nfnetlink_cthelper.h: fix userspace compilation error

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59ab12f804dda59ecf8954df6ef8024646bcbde7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 02dd3f40ff..20ffcd043d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "08b34e26f97c0549961710c3b14258910979aff4"
-SRCREV_meta ?= "f67ab86441a7ebe38b5a25126d6eebc2ef6fee99"
+SRCREV_machine ?= "65bbe689d98a007848008be2c8edeb5fa8066829"
+SRCREV_meta ?= "19738ca97b999a3b150e2d34232bb44b6537348f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.105"
+LINUX_VERSION ?= "5.4.107"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 2bdaac0f50..2b6e35a69c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.105"
+LINUX_VERSION ?= "5.4.107"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "889b072e7b492ce96a80384f9d3e5412ff8ff839"
-SRCREV_machine ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_meta ?= "f67ab86441a7ebe38b5a25126d6eebc2ef6fee99"
+SRCREV_machine_qemuarm ?= "ac3cbab1d6692d4a032dfffe0a604f39a634d18a"
+SRCREV_machine ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_meta ?= "19738ca97b999a3b150e2d34232bb44b6537348f"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index e5e8065b15..64f5b45649 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "65543d1e3cd5140ac0384179e46d881b728b4013"
-SRCREV_machine_qemuarm64 ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_machine_qemumips ?= "182eacc3bb0ee860380decb664e05e6ec94fe003"
-SRCREV_machine_qemuppc ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_machine_qemuriscv64 ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_machine_qemux86 ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_machine_qemux86-64 ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_machine_qemumips64 ?= "bc21e93c3154523e0f490fed699feb79ab60536b"
-SRCREV_machine ?= "96c96e27c3e9f2cdfb957ade03f10070286fff72"
-SRCREV_meta ?= "f67ab86441a7ebe38b5a25126d6eebc2ef6fee99"
+SRCREV_machine_qemuarm ?= "ea4097dbff5a148265018e1a998e02b5a05e3d27"
+SRCREV_machine_qemuarm64 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_machine_qemumips ?= "230ca33504faef6f40c5d3b24901aaacb901c9a6"
+SRCREV_machine_qemuppc ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_machine_qemuriscv64 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_machine_qemux86 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_machine_qemux86-64 ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_machine_qemumips64 ?= "84e071a893ef9cea8a8ffbcd233b47a2bc9056b5"
+SRCREV_machine ?= "cf76c5c0dc0edd51ae4a75a1f8701a2675e87c72"
+SRCREV_meta ?= "19738ca97b999a3b150e2d34232bb44b6537348f"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.105"
+LINUX_VERSION ?= "5.4.107"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 05/15] linux-firmware: Fix packaging

[Steve Sakoman]

From: Michael Trensch <mtrensch@hilscher.com>

Upstream directory layout has changed after update in commit 3c2f8b750ab9c53773fb5a9a1a874e475740b4ee, resulting in some package to pull in linux-firmware base package.
This may cause an image size increase of approximately 700MB.

See log.do_packaging:
DEBUG: linux-firmware-bcm43340 contains dangling link /lib/firmware/cypress/cyfmac43340-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm43362 contains dangling link /lib/firmware/cypress/cyfmac43362-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm4339 contains dangling link /lib/firmware/cypress/cyfmac4339-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm43430 contains dangling link /lib/firmware/cypress/cyfmac43430-sdio.clm_blob
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm43430 contains dangling link /lib/firmware/cypress/cyfmac43430-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm43455 contains dangling link /lib/firmware/cypress/cyfmac43455-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm43455 contains dangling link /lib/firmware/cypress/cyfmac43455-sdio.clm_blob
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm4354 contains dangling link /lib/firmware/cypress/cyfmac4354-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm4356 contains dangling link /lib/firmware/cypress/cyfmac4356-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm4356-pcie contains dangling link /lib/firmware/cypress/cyfmac4356-pcie.clm_blob
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm4356-pcie contains dangling link /lib/firmware/cypress/cyfmac4356-pcie.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm43570 contains dangling link /lib/firmware/cypress/cyfmac43570-pcie.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-bcm4373 contains dangling link /lib/firmware/cypress/cyfmac4373-sdio.bin
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0099-0001_2x10.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0099-0001_2x25.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0081-0001_4x10.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0097-0001_8x10.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0099-0001_1x10_1x25.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0097-0001_2x40.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0096-0001_2x10.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0097-0001_4x10_1x40.nffw
DEBUG: target found in linux-firmware
DEBUG: linux-firmware-netronome contains dangling link /lib/firmware/netronome/nic/nic_AMDA0081-0001_1x40.nffw
DEBUG: target found in linux-firmware

Signed-off-by: Michael Trensch <mtrensch@hilscher.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd273c611b03bd5972da8bf4accaba247f7c9c62)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20210208.bb | 41 +++++++++++++++----
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb
index 1881a8e065..78856cbf66 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20210208.bb
@@ -496,6 +496,13 @@ FILES_${PN}-netronome = " \
   ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \
   ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \
   ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/bpf \
+  ${nonarch_base_libdir}/firmware/netronome/flower \
+  ${nonarch_base_libdir}/firmware/netronome/nic \
+  ${nonarch_base_libdir}/firmware/netronome/nic-sriov \
 "
 
 RDEPENDS_${PN}-netronome += "${PN}-netronome-license"
@@ -622,7 +629,9 @@ FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bi
 FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*"
 FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
 FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
-FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin"
+FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \
+"
 FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin"
 FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin"
 FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin"
@@ -631,12 +640,18 @@ FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
   ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
 "
 FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*"
-FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.*"
+FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \
+"
 FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
 FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
-FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin"
+FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.bin \
+"
 FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin"
-FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin"
+FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \
+"
 FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin"
 FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \
   ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
@@ -707,13 +722,21 @@ LICENSE_${PN}-cypress-license = "Firmware-cypress"
 FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
 
 FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
-FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.*"
-FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.*"
-FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.*"
-FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin"
-FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.*"
+FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*"
+FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*"
+FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*"
+FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \
+"
+FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \
+"
 FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
   ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \
 "
 
 LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress"
-- 
2.25.1

[OE-core][dunfell 06/15] cryptodev-module: Backport a patch to fix build failure with kernel v5.8

[Steve Sakoman]

From: He Zhe <zhe.he@windriver.com>

Fix the following build failure with linux-yocto-dev

zc.c:61:17: error: 'struct mm_struct' has no member named 'mmap_sem';
did you mean 'mmap_base'?
   61 |  down_read(&mm->mmap_sem);
      |                 ^~~~~~~~
      |                 mmap_base
zc.c:77:15: error: 'struct mm_struct' has no member named 'mmap_sem';
did you mean 'mmap_base'?
   77 |  up_read(&mm->mmap_sem);
      |               ^~~~~~~~
      |               mmap_base

(From OE-Core rev: fe668065ad7ec83aadfa36fe6ba1ced3db2e3cad)

Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../cryptodev/cryptodev-module_1.10.bb        |  1 +
 .../0001-Fix-build-for-Linux-5.8-rc1.patch    | 49 +++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch

diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
index 552eb6abaa..6474599c45 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
@@ -9,6 +9,7 @@ DEPENDS += "cryptodev-linux"
 
 SRC_URI += " \
 file://0001-Disable-installing-header-file-provided-by-another-p.patch \
+file://0001-Fix-build-for-Linux-5.8-rc1.patch \
 "
 
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch b/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch
new file mode 100644
index 0000000000..02c721a4f3
--- /dev/null
+++ b/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.8-rc1.patch
@@ -0,0 +1,49 @@
+From 9e765068582aae3696520346a7500322ca6cc2de Mon Sep 17 00:00:00 2001
+From: Joan Bruguera <joanbrugueram@gmail.com>
+Date: Sat, 13 Jun 2020 19:46:44 +0200
+Subject: [PATCH] Fix build for Linux 5.8-rc1
+
+See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9740ca4e95b43b91a4a848694a20d01ba6818f7b
+          https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da1c55f1b272f4bd54671d459b39ea7b54944ef9
+          https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d8ed45c5dcd455fc5848d47f86883a1b872ac0d0
+
+Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
+
+Upstream-Status: Backport [9e765068582aae3696520346a7500322ca6cc2de]
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ zc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/zc.c b/zc.c
+index ae464ff..2c286bb 100644
+--- a/zc.c
++++ b/zc.c
+@@ -58,7 +58,11 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
+ 		return 0;
+ 	}
+ 
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0))
+ 	down_read(&mm->mmap_sem);
++#else
++	mmap_read_lock(mm);
++#endif
+ #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 6, 0))
+ 	ret = get_user_pages(task, mm,
+ 			(unsigned long)addr, pgcount, write, 0, pg, NULL);
+@@ -74,7 +78,11 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
+ 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
+ 			pg, NULL, NULL);
+ #endif
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0))
+ 	up_read(&mm->mmap_sem);
++#else
++	mmap_read_unlock(mm);
++#endif
+ 	if (ret != pgcount)
+ 		return -EINVAL;
+ 
+-- 
+2.17.1
+
-- 
2.25.1

[OE-core][dunfell 07/15] cryptodev-module: fix build failure with kernel v5.10

[Steve Sakoman]

From: Naveen Saini <naveen.kumar.saini@intel.com>

zc.c:77:8: error: too many arguments to function 'get_user_pages_remote'
|    77 |  ret = get_user_pages_remote(task, mm,
|       |        ^~~~~~~~~~~~~~~~~~~~~

Backported patch to fix it.

Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../cryptodev/cryptodev-module_1.10.bb        |  1 +
 .../0001-Fix-build-for-Linux-5.9-rc1.patch    | 42 +++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch

diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
index 6474599c45..e4f7d1e372 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
@@ -10,6 +10,7 @@ DEPENDS += "cryptodev-linux"
 SRC_URI += " \
 file://0001-Disable-installing-header-file-provided-by-another-p.patch \
 file://0001-Fix-build-for-Linux-5.8-rc1.patch \
+file://0001-Fix-build-for-Linux-5.9-rc1.patch \
 "
 
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch b/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch
new file mode 100644
index 0000000000..cf1c04df9e
--- /dev/null
+++ b/meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-Linux-5.9-rc1.patch
@@ -0,0 +1,42 @@
+From 2f5e08aebf9229599aae7f25db752f74221cd71d Mon Sep 17 00:00:00 2001
+From: Joan Bruguera <joanbrugueram@gmail.com>
+Date: Fri, 14 Aug 2020 00:13:38 +0200
+Subject: [PATCH] Fix build for Linux 5.9-rc1
+
+See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64019a2e467a288a16b65ab55ddcbf58c1b00187
+          https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bce617edecada007aee8610fbe2c14d10b8de2f6
+          https://lore.kernel.org/lkml/CAHk-=wj_V2Tps2QrMn20_W0OJF9xqNh52XSGA42s-ZJ8Y+GyKw@mail.gmail.com/
+
+Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
+
+Upstream-Status: Backport [https://github.com/cryptodev-linux/cryptodev-linux/commit/2f5e08aebf9229599aae7f25db752f74221cd71d]
+
+Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
+
+---
+ zc.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/zc.c b/zc.c
+index a560db5..fdf7da1 100644
+--- a/zc.c
++++ b/zc.c
+@@ -76,10 +76,14 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
+ 	ret = get_user_pages_remote(task, mm,
+ 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
+ 			pg, NULL);
+-#else
++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0))
+ 	ret = get_user_pages_remote(task, mm,
+ 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
+ 			pg, NULL, NULL);
++#else
++	ret = get_user_pages_remote(mm,
++			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
++			pg, NULL, NULL);
+ #endif
+ #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0))
+ 	up_read(&mm->mmap_sem);
+-- 
+2.17.1
+
-- 
2.25.1

[OE-core][dunfell 08/15] run-postinsts: do not remove postinsts directory.

[Steve Sakoman]

From: "Anton D. Kachalov" <gmouse@google.com>

When running on the systems having read-only rootfs backed by overlayfs,
removing the whole directory lead to create a special char device file
on the upperdir to reflect directory's removal. Once it is required to
upgrade the whole read-only image that might contain new postinsts scripts,
it will be impossible to run such scripts with a "deletion mark" file
on the overlayfs -- the whole directory will be marked as deleted regardless
new files in it.

Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a27b62b225ffeecec47c249a0b86cc54d775add)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../run-postinsts/run-postinsts/run-postinsts          | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts
index f84a7e18c8..95dccb9cae 100755
--- a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts
+++ b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts
@@ -72,12 +72,12 @@ exec_postinst_scriptlets() {
 		else
 			echo "ERROR: postinst $i failed."
 			[ "$POSTINST_LOGGING" = "1" ] && eval echo "ERROR: postinst $i failed." $append_log
-			remove_pi_dir=0
+			remove_rcsd_link=0
 		fi
 	done
 }
 
-remove_pi_dir=1
+remove_rcsd_link=1
 if $pm_installed; then
 	case $pm in
 		"ipk")
@@ -92,9 +92,7 @@ else
 	exec_postinst_scriptlets
 fi
 
-# since all postinstalls executed successfully, remove the postinstalls directory
-# and the rcS.d link
-if [ $remove_pi_dir = 1 ]; then
-	rm -rf $pi_dir
+# since all postinstalls executed successfully, remove the rcS.d link
+if [ $remove_rcsd_link = 1 ]; then
 	remove_rcsd_link
 fi
-- 
2.25.1

[OE-core][dunfell 09/15] documentation-audit.sh: Fix typo in specifying LICENSE_FLAGS_WHITELIST

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 410a45639d84a3d69a65133593da32062196dd59)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/contrib/documentation-audit.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/contrib/documentation-audit.sh b/scripts/contrib/documentation-audit.sh
index 1191f57a8e..f436f9bae0 100755
--- a/scripts/contrib/documentation-audit.sh
+++ b/scripts/contrib/documentation-audit.sh
@@ -27,7 +27,7 @@ fi
 
 echo "REMINDER: you need to build for MACHINE=qemux86 or you won't get useful results"
 echo "REMINDER: you need to set LICENSE_FLAGS_WHITELIST appropriately in local.conf or "
-echo " you'll get false positives.  For example, LICENSE_FLAGS_WHITELIST = \"Commercial\""
+echo " you'll get false positives.  For example, LICENSE_FLAGS_WHITELIST = \"commercial\""
 
 for pkg in `bitbake -s | awk '{ print \$1 }'`; do
 	if [[ "$pkg" == "Loading" || "$pkg" == "Loaded" ||
-- 
2.25.1

[OE-core][dunfell 10/15] bitbake.conf: correct description of HOSTTOOLS_DIR

[Steve Sakoman]

From: "Robert P. J. Day" <rpjday@crashcourse.ca>

HOSTTOOLS_DIR contains symlinks to host tools, not copies

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fb7692da7faa49b370680decbbaceaeb85b6889d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 697956eb49..76942d923b 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -480,7 +480,7 @@ export PATH
 # Build utility info.
 ##################################################################
 
-# Directory where host tools are copied
+# Directory with symlinks to host tools used by build
 HOSTTOOLS_DIR = "${TMPDIR}/hosttools"
 
 # Tools needed to run builds with OE-Core
-- 
2.25.1

[OE-core][dunfell 11/15] libtool: make sure autoheader run before autoconf

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

autoheader will update ../libtool-2.4.6/libltdl/config-h.in which
autoconf needs, so there comes a race sometimes as below:
 | configure.ac:45: error: required file 'config-h.in' not found
 | touch '../libtool-2.4.6/libltdl/config-h.in'

So make sure autoheader run before autoconf to avoid this race.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8451cbef5906b67756582fdfc44eb01ed3512fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtool/libtool-2.4.6.inc                 |  1 +
 ...-sure-autoheader-run-before-autoconf.patch | 35 +++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch

diff --git a/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
index 8e17b56d46..19a03d4733 100644
--- a/meta/recipes-devtools/libtool/libtool-2.4.6.inc
+++ b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
            file://unwind-opt-parsing.patch \
            file://0001-libtool-Fix-support-for-NIOS2-processor.patch \
            file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \
+           file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
           "
 
 SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e"
diff --git a/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch b/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
new file mode 100644
index 0000000000..2e9908725e
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
@@ -0,0 +1,35 @@
+From dfbbbd359e43e0a55fbea06f2647279ad8761cb9 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Wed, 24 Mar 2021 03:04:13 +0000
+Subject: [PATCH] Makefile.am: make sure autoheader run before autoconf
+
+autoheader will update ../libtool-2.4.6/libltdl/config-h.in which
+autoconf needs, so there comes a race sometimes as below:
+ | configure.ac:45: error: required file 'config-h.in' not found
+ | touch '../libtool-2.4.6/libltdl/config-h.in'
+
+So make sure autoheader run before autoconf to avoid this race.
+
+Upstream-Status: Submitted [libtool-patches@gnu.org maillist]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 4142c90..fe1a9fc 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -365,7 +365,7 @@ lt_configure_deps = $(lt_aclocal_m4) $(lt_aclocal_m4_deps)
+ $(lt_aclocal_m4): $(lt_aclocal_m4_deps)
+ 	$(AM_V_GEN)cd '$(srcdir)/$(ltdl_dir)' && $(ACLOCAL) -I ../m4
+ 
+-$(lt_configure): $(lt_configure_deps)
++$(lt_configure): $(lt_configure_deps) $(lt_config_h_in)
+ 	$(AM_V_GEN)cd '$(srcdir)/$(ltdl_dir)' && $(AUTOCONF)
+ 
+ $(lt_config_h_in): $(lt_configure_deps)
+-- 
+2.29.2
+
-- 
2.25.1

[OE-core][dunfell 12/15] populate_sdk_ext: Avoid copying and producing .pyc files

[Steve Sakoman]

From: Mark Hatle <mark.hatle@kernel.crashing.org>

Since pyc cache files are really system specific, no real reason to copy or
generate them during the eSDK build process.  Also generating them has the
possibility of re-using inodes that pseudo may have been tracking, leading
a build failure.

Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce8eba263647ae63a722122e28f26af46ae083a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/populate_sdk_ext.bbclass | 4 +++-
 meta/lib/oe/copy_buildsystem.py       | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index d63abf4f30..aa00d5397c 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -247,7 +247,9 @@ python copy_buildsystem () {
 
     # Create a layer for new recipes / appends
     bbpath = d.getVar('BBPATH')
-    bb.process.run(['devtool', '--bbpath', bbpath, '--basepath', baseoutpath, 'create-workspace', '--create-only', os.path.join(baseoutpath, 'workspace')])
+    env = os.environ.copy()
+    env['PYTHONDONTWRITEBYTECODE'] = '1'
+    bb.process.run(['devtool', '--bbpath', bbpath, '--basepath', baseoutpath, 'create-workspace', '--create-only', os.path.join(baseoutpath, 'workspace')], env=env)
 
     # Create bblayers.conf
     bb.utils.mkdirhier(baseoutpath + '/conf')
diff --git a/meta/lib/oe/copy_buildsystem.py b/meta/lib/oe/copy_buildsystem.py
index 31a84f5b06..d97bf9d1b9 100644
--- a/meta/lib/oe/copy_buildsystem.py
+++ b/meta/lib/oe/copy_buildsystem.py
@@ -20,7 +20,7 @@ def _smart_copy(src, dest):
     mode = os.stat(src).st_mode
     if stat.S_ISDIR(mode):
         bb.utils.mkdirhier(dest)
-        cmd = "tar --exclude='.git' --xattrs --xattrs-include='*' -chf - -C %s -p . \
+        cmd = "tar --exclude='.git' --exclude='__pycache__' --xattrs --xattrs-include='*' -chf - -C %s -p . \
         | tar --xattrs --xattrs-include='*' -xf - -C %s" % (src, dest)
         subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
     else:
@@ -259,7 +259,7 @@ def create_locked_sstate_cache(lockedsigs, input_sstate_cache, output_sstate_cac
     bb.note('Generating sstate-cache...')
 
     nativelsbstring = d.getVar('NATIVELSBSTRING')
-    bb.process.run("gen-lockedsig-cache %s %s %s %s %s" % (lockedsigs, input_sstate_cache, output_sstate_cache, nativelsbstring, filterfile or ''))
+    bb.process.run("PYTHONDONTWRITEBYTECODE=1 gen-lockedsig-cache %s %s %s %s %s" % (lockedsigs, input_sstate_cache, output_sstate_cache, nativelsbstring, filterfile or ''))
     if fixedlsbstring and nativelsbstring != fixedlsbstring:
         nativedir = output_sstate_cache + '/' + nativelsbstring
         if os.path.isdir(nativedir):
@@ -286,7 +286,7 @@ def check_sstate_task_list(d, targets, filteroutfile, cmdprefix='', cwd=None, lo
         logparam = '-l %s' % logfile
     else:
         logparam = ''
-    cmd = "%sBB_SETSCENE_ENFORCE=1 PSEUDO_DISABLED=1 oe-check-sstate %s -s -o %s %s" % (cmdprefix, targets, filteroutfile, logparam)
+    cmd = "%sPYTHONDONTWRITEBYTECODE=1 BB_SETSCENE_ENFORCE=1 PSEUDO_DISABLED=1 oe-check-sstate %s -s -o %s %s" % (cmdprefix, targets, filteroutfile, logparam)
     env = dict(d.getVar('BB_ORIGENV', False))
     env.pop('BUILDDIR', '')
     env.pop('BBPATH', '')
-- 
2.25.1

[OE-core][dunfell 13/15] packagegroups: delete useless "PROVIDES" lines

[Steve Sakoman]

From: "Robert P. J. Day" <rpjday@crashcourse.ca>

There is apparently no functional value to "PROVIDES" lines anymore in
packagegroup recipe files, so remove the lonely couple of examples
left.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6f2c9602bc5fc6794b852ec20f40ea62a55ada1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/packagegroups/packagegroup-base.bb     | 1 -
 meta/recipes-core/packagegroups/packagegroup-core-nfs.bb | 1 -
 2 files changed, 2 deletions(-)

diff --git a/meta/recipes-core/packagegroups/packagegroup-base.bb b/meta/recipes-core/packagegroups/packagegroup-base.bb
index 1f802da09b..c32664917f 100644
--- a/meta/recipes-core/packagegroups/packagegroup-base.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-base.bb
@@ -8,7 +8,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 
 inherit packagegroup
 
-PROVIDES = "${PACKAGES}"
 PACKAGES = ' \
             packagegroup-base \
             packagegroup-base-extended \
diff --git a/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb b/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
index b345e314ad..20fe6fc092 100644
--- a/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
@@ -7,7 +7,6 @@ PR = "r2"
 
 inherit packagegroup
 
-PROVIDES = "${PACKAGES}"
 PACKAGES = "${PN}-server ${PN}-client"
 
 SUMMARY_${PN}-client = "NFS client"
-- 
2.25.1

Re: [OE-core][dunfell 13/15] packagegroups: delete useless "PROVIDES" lines

[Andre McCurdy]

On Thu, Apr 1, 2021 at 8:29 AM Steve Sakoman <steve@sakoman.com> wrote:
>
> From: "Robert P. J. Day" <rpjday@crashcourse.ca>
>
> There is apparently no functional value to "PROVIDES" lines anymore in
> packagegroup recipe files, so remove the lonely couple of examples
> left.

Seems questionable for backporting to a stable release. The bogus
PROVIDES lines have been there for more than a decade without causing
any issues (ie removing them isn't fixing a bug).

> Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 6f2c9602bc5fc6794b852ec20f40ea62a55ada1e)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  meta/recipes-core/packagegroups/packagegroup-base.bb     | 1 -
>  meta/recipes-core/packagegroups/packagegroup-core-nfs.bb | 1 -
>  2 files changed, 2 deletions(-)
>
> diff --git a/meta/recipes-core/packagegroups/packagegroup-base.bb b/meta/recipes-core/packagegroups/packagegroup-base.bb
> index 1f802da09b..c32664917f 100644
> --- a/meta/recipes-core/packagegroups/packagegroup-base.bb
> +++ b/meta/recipes-core/packagegroups/packagegroup-base.bb
> @@ -8,7 +8,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
>
>  inherit packagegroup
>
> -PROVIDES = "${PACKAGES}"
>  PACKAGES = ' \
>              packagegroup-base \
>              packagegroup-base-extended \
> diff --git a/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb b/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
> index b345e314ad..20fe6fc092 100644
> --- a/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
> +++ b/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
> @@ -7,7 +7,6 @@ PR = "r2"
>
>  inherit packagegroup
>
> -PROVIDES = "${PACKAGES}"
>  PACKAGES = "${PN}-server ${PN}-client"
>
>  SUMMARY_${PN}-client = "NFS client"
> --
> 2.25.1
>
>
> 
>

Re: [OE-core][dunfell 13/15] packagegroups: delete useless "PROVIDES" lines

[Steve Sakoman]

On Thu, Apr 1, 2021 at 10:07 AM Andre McCurdy <armccurdy@gmail.com> wrote:
>
> On Thu, Apr 1, 2021 at 8:29 AM Steve Sakoman <steve@sakoman.com> wrote:
> >
> > From: "Robert P. J. Day" <rpjday@crashcourse.ca>
> >
> > There is apparently no functional value to "PROVIDES" lines anymore in
> > packagegroup recipe files, so remove the lonely couple of examples
> > left.
>
> Seems questionable for backporting to a stable release. The bogus
> PROVIDES lines have been there for more than a decade without causing
> any issues (ie removing them isn't fixing a bug).

My rationale for including this was that users often take our recipes
as templates for their own, so best we model good behavior :-)

But I don't feel strongly about it so I'll drop from my pull request.
That's what this review period is for, so thanks for taking a
thoughtful look at the patches!

Steve

> > Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit 6f2c9602bc5fc6794b852ec20f40ea62a55ada1e)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> >  meta/recipes-core/packagegroups/packagegroup-base.bb     | 1 -
> >  meta/recipes-core/packagegroups/packagegroup-core-nfs.bb | 1 -
> >  2 files changed, 2 deletions(-)
> >
> > diff --git a/meta/recipes-core/packagegroups/packagegroup-base.bb b/meta/recipes-core/packagegroups/packagegroup-base.bb
> > index 1f802da09b..c32664917f 100644
> > --- a/meta/recipes-core/packagegroups/packagegroup-base.bb
> > +++ b/meta/recipes-core/packagegroups/packagegroup-base.bb
> > @@ -8,7 +8,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
> >
> >  inherit packagegroup
> >
> > -PROVIDES = "${PACKAGES}"
> >  PACKAGES = ' \
> >              packagegroup-base \
> >              packagegroup-base-extended \
> > diff --git a/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb b/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
> > index b345e314ad..20fe6fc092 100644
> > --- a/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
> > +++ b/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
> > @@ -7,7 +7,6 @@ PR = "r2"
> >
> >  inherit packagegroup
> >
> > -PROVIDES = "${PACKAGES}"
> >  PACKAGES = "${PN}-server ${PN}-client"
> >
> >  SUMMARY_${PN}-client = "NFS client"
> > --
> > 2.25.1
> >
> >
> > 
> >

Re: [OE-core][dunfell 13/15] packagegroups: delete useless "PROVIDES" lines

[Robert P. J. Day]

On Thu, 1 Apr 2021, Andre McCurdy wrote:

> On Thu, Apr 1, 2021 at 8:29 AM Steve Sakoman <steve@sakoman.com> wrote:
> >
> > From: "Robert P. J. Day" <rpjday@crashcourse.ca>
> >
> > There is apparently no functional value to "PROVIDES" lines
> > anymore in packagegroup recipe files, so remove the lonely couple
> > of examples left.
>
> Seems questionable for backporting to a stable release. The bogus
> PROVIDES lines have been there for more than a decade without
> causing any issues (ie removing them isn't fixing a bug).

  i agree that this is probably not worth backporting, but i'm a
minimalist in the sense of, if something has no value, it should be
removed in the *current* code base. backport? nah, i'm not *that*
pedantic.

rday

[OE-core][dunfell 14/15] buildhistory: add missing vardepsexcludes

[Steve Sakoman]

From: Christopher Larson <kergoth@gmail.com>

For POPULATE_SDK_POST_TARGET_COMMAND, POPULATE_SDK_POST_HOST_COMMAND, and SDK_POSTPROCESS_COMMAND, the appropriate entries were added to vardepvalueexclude, but we want them in vardepsexclude as well.

Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 554b17e0bbe5190e4b03121f2ed06f4845012a71)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/buildhistory.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass
index 8a1359acbe..44a66df962 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -671,13 +671,16 @@ IMAGE_POSTPROCESS_COMMAND[vardepsexclude] += "buildhistory_get_imageinfo"
 POPULATE_SDK_POST_TARGET_COMMAND_append = " buildhistory_list_installed_sdk_target;"
 POPULATE_SDK_POST_TARGET_COMMAND_append = " buildhistory_get_sdk_installed_target;"
 POPULATE_SDK_POST_TARGET_COMMAND[vardepvalueexclude] .= "| buildhistory_list_installed_sdk_target;| buildhistory_get_sdk_installed_target;"
+POPULATE_SDK_POST_TARGET_COMMAND[vardepsexclude] += "buildhistory_list_installed_sdk_target buildhistory_get_sdk_installed_target"
 
 POPULATE_SDK_POST_HOST_COMMAND_append = " buildhistory_list_installed_sdk_host;"
 POPULATE_SDK_POST_HOST_COMMAND_append = " buildhistory_get_sdk_installed_host;"
 POPULATE_SDK_POST_HOST_COMMAND[vardepvalueexclude] .= "| buildhistory_list_installed_sdk_host;| buildhistory_get_sdk_installed_host;"
+POPULATE_SDK_POST_HOST_COMMAND[vardepsexclude] += "buildhistory_list_installed_sdk_host buildhistory_get_sdk_installed_host"
 
 SDK_POSTPROCESS_COMMAND_append = " buildhistory_get_sdkinfo ; buildhistory_get_extra_sdkinfo; "
 SDK_POSTPROCESS_COMMAND[vardepvalueexclude] .= "| buildhistory_get_sdkinfo ; buildhistory_get_extra_sdkinfo; "
+SDK_POSTPROCESS_COMMAND[vardepsexclude] += "buildhistory_get_sdkinfo buildhistory_get_extra_sdkinfo"
 
 python buildhistory_write_sigs() {
     if not "task" in (d.getVar('BUILDHISTORY_FEATURES') or "").split():
-- 
2.25.1

[OE-core][dunfell 15/15] image,populate_sdk_base: move 'func' flag setting for sdk command vars

[Steve Sakoman]

From: Christopher Larson <kergoth@gmail.com>

Setting the 'func' flag on the commands variables ensures that they are parsed
as shell, and therefore that the referenced commands contents are included in
checksums. Doing this only in image.bbclass means that this is missing in
recipes that are not images, but which inherit populate_sdk or populate_sdk_base
directly, so move it to the latter.

[YOCTO #13998]

Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edc28907ce19a7298059dd388933c58a9c6c28b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/image.bbclass             | 2 +-
 meta/classes/populate_sdk_base.bbclass | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 42d2886505..79c487ea18 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -115,7 +115,7 @@ def rootfs_command_variables(d):
             'IMAGE_PREPROCESS_COMMAND','RPM_PREPROCESS_COMMANDS','RPM_POSTPROCESS_COMMANDS','DEB_PREPROCESS_COMMANDS','DEB_POSTPROCESS_COMMANDS']
 
 python () {
-    variables = rootfs_command_variables(d) + sdk_command_variables(d)
+    variables = rootfs_command_variables(d)
     for var in variables:
         if d.getVar(var, False):
             d.setVarFlag(var, 'func', '1')
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass
index 6954237596..ca56d803cb 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -324,6 +324,13 @@ def sdk_variables(d):
 
 do_populate_sdk[vardeps] += "${@sdk_variables(d)}"
 
+python () {
+    variables = sdk_command_variables(d)
+    for var in variables:
+        if d.getVar(var, False):
+            d.setVarFlag(var, 'func', '1')
+}
+
 do_populate_sdk[file-checksums] += "${TOOLCHAIN_SHAR_REL_TMPL}:True \
                                     ${TOOLCHAIN_SHAR_EXT_TMPL}:True"
 
-- 
2.25.1

[OE-core][dunfell 00/15] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Tuesday, November 14

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6174

The following changes since commit 0dbf3a15321b8033ff8ed86c6aa261fdb9c3d5bb:

  build-appliance-image: Update to dunfell head revision (2023-10-27 04:22:17 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ashish Sharma (1):
  zlib: Backport fix for CVE-2023-45853

Hitendra Prajapati (1):
  tiff: Security fix for CVE-2023-40745

Lee Chee Yang (1):
  kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269

Mikko Rapeli (1):
  lz4: use CFLAGS from bitbake

Naveen Saini (2):
  assimp: Explicitly use nobranch=1 in SRC_URI
  resolvconf: Fix fetch error

Peter Marko (1):
  glibc: ignore CVE-2023-4527

Ross Burton (3):
  cve-check: sort the package list in the JSON report
  cve-check: slightly more verbose warning when adding the same package
    twice
  cve-check: don't warn if a patch is remote

Soumya Sambu (1):
  libwebp: Fix CVE-2023-4863

Steve Sakoman (2):
  Revert "qemu: Backport fix for CVE-2023-0330"
  lz4: specify gnu17 in CFLAGS to fix reproducibility issues

Vijay Anusuri (2):
  tiff: CVE patch correction for CVE-2023-3576
  xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380

 meta/classes/cve-check.bbclass                |   2 +
 meta/lib/oe/cve_check.py                      |  13 +-
 .../resolvconf/resolvconf_1.82.bb             |   2 +-
 meta/recipes-core/glibc/glibc_2.31.bb         |   7 +
 .../zlib/zlib/CVE-2023-45853.patch            |  40 ++++++
 meta/recipes-core/zlib/zlib_1.2.11.bb         |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +-
 ...-2023-0330_1.patch => CVE-2023-0330.patch} |   0
 .../qemu/qemu/CVE-2023-0330_2.patch           | 135 ------------------
 meta/recipes-graphics/vulkan/assimp_5.0.1.bb  |   2 +-
 .../xserver-xorg/CVE-2023-5367.patch          |  84 +++++++++++
 .../xserver-xorg/CVE-2023-5380.patch          | 102 +++++++++++++
 .../xorg-xserver/xserver-xorg_1.20.14.bb      |   2 +
 .../kexec/kexec-tools_2.0.20.bb               |   3 +
 ...-2023-3618-1.patch => CVE-2023-3576.patch} |   3 +-
 ...-2023-3618-2.patch => CVE-2023-3618.patch} |   0
 .../libtiff/files/CVE-2023-40745.patch        |  34 +++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   5 +-
 ...23-5129.patch => CVE-2023-4863-0001.patch} |  27 ++--
 .../webp/files/CVE-2023-4863-0002.patch       |  53 +++++++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |   3 +-
 meta/recipes-support/lz4/lz4_1.9.2.bb         |   3 +-
 22 files changed, 358 insertions(+), 166 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => CVE-2023-0330.patch} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} (93%)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} (100%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (95%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

-- 
2.34.1

[OE-core][dunfell 00/15] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by end
of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2677

The following changes since commit 8e7c8e43260682efafabc50c757b9c2daff98f13:

  connman: add CVE_PRODUCT (2021-09-24 04:27:46 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Minjae Kim (1):
  vim: fix CVE-2021-3778

Ranjitsinh Rathod (1):
  systemd: Add fix for systemd-networkd crash during free

Richard Purdie (7):
  mtd-utils: upgrade 2.1.1 -> 2.1.2
  pybootchart: Avoid divide by zero
  oeqa/qemurunner: Use oe._exit(), not sys.exit()
  libc_package/buildstats: Fix python regex quoting warnings
  oeqa/selftest/gotoolchain: Fix temp file cleanup
  oeqa/buildproject: Ensure temp directories are cleaned up
  glew: Stop polluting /tmp during builds

Robert P. J. Day (1):
  common-licenses: add "Unlicense" license file

Stefano Babic (1):
  mtd-utils: upgrade 2.1.2 -> 2.1.3

Tom Pollard (2):
  bzip2: Update soname for libbz2 1.0.8
  libsamplerate0: Set correct soname for 0.1.9

William A. Kennington III (1):
  rm_work.bbclass: Fix for files starting with -

sana kazi (1):
  openssh: Fix CVE-2021-28041

 meta/classes/libc-package.bbclass             |   2 +-
 meta/classes/rm_work.bbclass                  |   8 +-
 meta/files/common-licenses/Unlicense          |  24 ++
 meta/lib/buildstats.py                        |   4 +-
 meta/lib/oeqa/selftest/cases/gotoolchain.py   |   6 +
 meta/lib/oeqa/utils/buildproject.py           |   3 +
 meta/lib/oeqa/utils/qemurunner.py             |   2 +-
 meta/lib/oeqa/utils/targetbuild.py            |   4 +-
 .../openssh/openssh/CVE-2021-28041.patch      |  20 ++
 .../openssh/openssh_8.2p1.bb                  |   1 +
 ...-info-for-ordered-set-new-and-introd.patch |  78 +++++
 ...dered_set_clear-free-with-destructor.patch |  35 +++
 ...etwork-add-skeleton-of-request-queue.patch | 285 ++++++++++++++++++
 ...quests-when-link-enters-linger-state.patch |  50 +++
 ...ork-fix-Link-reference-counter-issue.patch | 278 +++++++++++++++++
 ...nk_drop-and-link_detach_from_manager.patch |  67 ++++
 meta/recipes-core/systemd/systemd_244.5.bb    |   6 +
 ...-utils-Fix-return-value-of-ubiformat.patch |  62 ----
 meta/recipes-devtools/mtd/mtd-utils_git.bb    |   9 +-
 meta/recipes-extended/bzip2/bzip2/Makefile.am |   2 +-
 .../glew/glew/notempdir.patch                 |  19 ++
 meta/recipes-graphics/glew/glew_2.2.0.bb      |   1 +
 .../libsamplerate0/shared_version_info.patch  |  13 +
 .../libsamplerate/libsamplerate0_0.1.9.bb     |   1 +
 .../vim/files/CVE-2021-3778.patch             |  49 +++
 meta/recipes-support/vim/vim.inc              |   1 +
 scripts/pybootchartgui/pybootchartgui/draw.py |   5 +-
 27 files changed, 956 insertions(+), 79 deletions(-)
 create mode 100644 meta/files/common-licenses/Unlicense
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch
 create mode 100644 meta/recipes-core/systemd/systemd/basic-pass-allocation-info-for-ordered-set-new-and-introd.patch
 create mode 100644 meta/recipes-core/systemd/systemd/introduce-ordered_set_clear-free-with-destructor.patch
 create mode 100644 meta/recipes-core/systemd/systemd/network-add-skeleton-of-request-queue.patch
 create mode 100644 meta/recipes-core/systemd/systemd/network-also-drop-requests-when-link-enters-linger-state.patch
 create mode 100644 meta/recipes-core/systemd/systemd/network-fix-Link-reference-counter-issue.patch
 create mode 100644 meta/recipes-core/systemd/systemd/network-merge-link_drop-and-link_detach_from_manager.patch
 delete mode 100644 meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch
 create mode 100644 meta/recipes-graphics/glew/glew/notempdir.patch
 create mode 100644 meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2021-3778.patch

-- 
2.25.1

[OE-core][dunfell 00/15] Patch review

[Steve Sakoman]

Please review these changes for dunfell and have comments back
by end of day Wednesday.

Passed a-full build on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1157

The following changes since commit cabaf5654db5db12b6576ef0ebae9bc7b422a8ca:

  iso-codes: switch upstream branch master -> main (2020-07-07 07:07:06 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (2):
  gobject-introspection: add a patch to fix a build race
  icu: make filtered data generation optional, serial and off by default

Andrey Zhizhikin (1):
  kernel/yocto: fix search for defconfig from src_uri

Bjarne Michelsen (1):
  devtool: default to empty string, if LIC_FILES_CHKSUM is not available

Bruce Ashfield (2):
  kernel/yocto: ensure that defconfigs are processed first
  linux-yocto/5.4: update to v5.4.50

Christian Eggers (1):
  libnl: Extend for native/nativesdk

Hannu Lounento (1):
  openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf

Joshua Watt (2):
  classes/archiver: run do_unpack_and_patch after do_preconfigure
  classes/archive: do_configure should not depend on do_ar_patched

Konrad Weihmann (1):
  systemd: remove kernel-install from base pkg

Rasmus Villemoes (1):
  coreutils: don't split stdbuf to own package with single-binary

Timon Ulrich (2):
  kernel.bbclass: add lz4 dependency and fix the call to lz4
  kernel.bbclass: make dependency on lzop-native conditional

Vacek, Patrick (1):
  oeqa/core/loader: fix regex to include numbers

 meta/classes/archiver.bbclass                 |  4 +--
 meta/classes/kernel-yocto.bbclass             | 34 ++++++++++++-------
 meta/classes/kernel.bbclass                   |  6 ++--
 meta/lib/oeqa/core/loader.py                  |  2 +-
 .../openssl/openssl_1.1.1g.bb                 |  4 ++-
 meta/recipes-core/coreutils/coreutils_8.31.bb | 15 ++++++--
 meta/recipes-core/systemd/systemd_244.3.bb    |  1 -
 ...ency-for-g-ir-compiler-for-building-.patch | 33 ++++++++++++++++++
 .../gobject-introspection_1.62.0.bb           |  1 +
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++--
 .../linux/linux-yocto-tiny_5.4.bb             |  8 ++---
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 ++++++------
 meta/recipes-support/icu/icu.inc              |  4 ++-
 meta/recipes-support/icu/icu_66.1.bb          |  6 +++-
 meta/recipes-support/libnl/libnl_3.5.0.bb     |  2 ++
 scripts/lib/devtool/upgrade.py                |  4 +--
 16 files changed, 109 insertions(+), 43 deletions(-)
 create mode 100644 meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-gir-add-a-dependency-for-g-ir-compiler-for-building-.patch

-- 
2.17.1