subtree updateshardknott

poky: 14c5392fde..b89bb2651d:
  Alexander Kanavin (3):
        devtool: correctly handle non-standard source tree locations in upgrades
        devtool: print a warning on upgrades if PREFERRED_VERSION is set
        nettle: update 3.7.2 -> 3.7.3

  Alexandre Belloni (1):
        oeqa/runtime/cases: make date.DateTest.test_date more reliable

  Anton Blanchard (1):
        kmod: use nonarch_base_libdir for depmod.d and modprobe.d

  Armin Kuster (1):
        gnutls: Enable seccomp if FEATURE is set

  Bruce Ashfield (17):
        linux-yocto: add vfat KERNEL_FEATURE when MACHINE_FEATURES include vfat
        linux-yocto/5.10: update to v5.10.49
        linux-yocto/5.4: update to v5.4.131
        linux-yocto/5.10: update to v5.10.50
        linux-yocto/5.4: update to v5.4.132
        linux-yocto/5.10: update to v5.10.52
        linux-yocto/5.4: update to v5.4.134
        linux-yocto/5.10: update to v5.10.53
        linux-yocto/5.4: update to v5.4.135
        linux-yocto-rt/5.10: update to -rt47
        linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment
        linux-yocto/5.10: update to v5.10.55
        linux-yocto/5.4: update to v5.4.137
        linux-yocto/5.4: update to v5.4.139
        linux-yocto/5.10: update to v5.10.57
        kernel-devsrc: 5.14+ updates
        kernel-devsrc: fix 5.14+ objtool compilation

  Changqing Li (1):
        archiver.bbclass: fix do_ar_configured failure for kernel

  Chen Qi (2):
        systemd: fix CVE-2020-13529
        zstd: fix CVE_PRODUCT

  Damian Wrobel (1):
        gobject-introspection: Fix the license (add MIT)

  Dmitry Baryshkov (1):
        linux-firmware: add more Qualcomm firmware packages

  Joe Slater (2):
        util-linux: fix CVE 2021-37600
        terminal.bbclass: force bash for devshell

  Jon Mason (1):
        parselogs.py: qemuarm should be qemuarmv5

  Jose Quaresma (1):
        sstate.bbclass: fix error handling when sstate mirrors is ro

  Khairul Rohaizzat Jamaluddin (1):
        glibc: Fix CVE-2021-33574

  Khem Raj (4):
        ovmf: Fix VLA warnings with GCC 11
        stress-ng: Drop defining daddr_t
        gnutls: Point to staging area for finding seccomp libs and includes
        sdk: Enable do_populate_sdk with multilibs

  Lee Chee Yang (2):
        aspell: fix CVE-2019-25051
        qemu: fix CVE-2021-3527

  Marek Vasut (1):
        update-rc.d: update SRCREV to pull in fix for non-bash shell support

  Marta Rybczynska (1):
        lzo: add CVE_PRODUCT

  Matthias Klein (1):
        runqemu: Fix typo in error message

  Matthias Schiffer (1):
        initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true

  Michael Opdenacker (4):
        oe-setup-builddir: update YP docs and OE URLs
        cve-check: fix comments
        cve-check: update link to NVD website for CVE details
        cve-check: improve comment about CVE patch file names

  Mingli Yu (3):
        netbase: use git fetcher
        curl: fix CVE-2021-22925
        curl: fix CVES

  Nicolas Dechesne (4):
        yocto-check-layer: improve missed dependencies
        checklayer: new function get_layer_dependencies()
        checklayer: rename _find_layer_depends
        yocto-check-layer: ensure that all layer dependencies are tested too

  Oleksandr Kravchuk (1):
        bitbake.conf: change GNOME_MIRROR to new one

  Oleksandr Popovych (1):
        utils: Reduce the number of calls to the "dirname" command

  Patrick Williams (1):
        pixman: re-disable iwmmxt

  Ralph Siemsen (1):
        oeqa/manual/toaster: fix small typo

  Richard Purdie (6):
        pseudo: Add uninative configuration sanity check
        pseudo: Update to latest version including statx fix
        sstate: Drop pseudo exclusion
        sstate: Fix rebuilds when changing layer config
        license: Exclude COPYING.MIT from pseudo
        oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s

  Ross Burton (9):
        parted: improve ptest execution
        parted: fix ptest RRECOMMENDS
        parted: skip tests that need vfat support
        avahi: fix CVE-2021-36217, crash on pinging '.local'
        glew: fix Makefile race
        qemu: fix virtio vhost-user-gpu CVEs
        tar: ignore node-tar CVEs
        e2fsprogs: ensure small images have 256-byte inodes
        wic: don't forcibly pass -T default

  Sakib Sajal (5):
        go: fix CVE-2020-29509, CVE-2020-29511
        qemu: fix CVE-2021-3582
        qemu: fix CVE-2021-3607
        qemu: fix CVE-2021-3608
        go: upgrade 1.16.5 -> 1.16.7

  Tony Tascioglu (6):
        valgrind: skip flaky ptest fb_test_amd64
        ffmpeg: fix CVE-2020-20446
        ffmpeg: fix CVE-2020-20453
        ffmpeg: fix CVE-2020-22015
        ffmpeg: fix CVE-2020-22021
        ffmpeg: fix CVE-2020-22019 and CVE-2020-22033

  Trevor Gamblin (1):
        python3-pip: fix CVE-2021-3572

  Ulrich Ölmann (2):
        initramfs-framework: fix whitespace issue
        initramfs-framework/setup-live: fix shebang

  Vinay Kumar (2):
        glibc: Fix CVE-2021-35942
        glibc: Fix CVE-2021-38604

  hongxu (2):
        createrepo-c: fix createrepo-c failed in nativesdk
        sdk: fix relocate symlink failed

  leimaohui (1):
        archiver.bbclass: Fix patch error for recipes that inherit dos2unix.

  wangmy (1):
        gnutls: upgrade 3.7.1 -> 3.7.2

meta-openembedded: 5a4b2ab29d..5741b949a8:
  Anastasios Kavoukis (1):
        pm-qa: fix paths for shell scripts

  Armin Kuster (1):
        wireshark: update to 3.4.7

  Changqing Li (2):
        ndpi: fix CVE-2021-36082
        linuxptp: upgrade 3.1 -> 3.1.1

  Devendra Tewari (1):
        Suppress eol in functionfs setup scripts (#147)

  Gianfranco (1):
        vboxguestdrivers: upgrade 6.1.22 -> 6.1.24

  Joe Slater (1):
        php: move to version 7.4.21

  Kai Kang (1):
        libdbi-perl: fix CVE-2014-10402

  Khem Raj (2):
        fvwm: Package extra files and man pages
        fvwm: Fix build time paths in target perl/python scripts

  Li Wang (1):
        openlldp: fix segfault

  Michael Opdenacker (1):
        bigbuckbunny-1080p: fix sample video URL

  Mingli Yu (3):
        mariadb: redefine log-error item
        mariadb: Update SRC_URI
        polkit: fix CVE-2021-3560

  Paulo Neves (1):
        htop: Add ncurses-terminfo-base to RDEPENDS

  Roland Hieber (2):
        curlpp: fix override syntax
        ldns: fix override syntax

  Sakib Sajal (1):
        gd: fix CVE-2021-38115

  Tony Battersby (3):
        net-snmp: fix QA Issue after LDFLAGS change
        curlpp: fix QA Issue after LDFLAGS change
        ldns: fix QA Issue after LDFLAGS change

  Tony Tascioglu (1):
        redis: fix CVE-2021-32625

  wangmy (2):
        nghttp2: upgrade 1.43.0 -> 1.44.0
        libtalloc: upgrade 2.3.2 -> 2.3.3

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I12cf9ce6cd256bd08bd4e97856ba45ccb993ddc4

8 files changed, 28 insertions, 16 deletions

diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass
index a3962306b1..dd31dc0cd8 100644
--- a/poky/meta/classes/archiver.bbclass
+++ b/poky/meta/classes/archiver.bbclass
@@ -281,7 +281,10 @@ python do_ar_configured() {
         # ${STAGING_DATADIR}/aclocal/libtool.m4, so we can't re-run the
         # do_configure, we archive the already configured ${S} to
         # instead of.
-        elif pn != 'libtool-native':
+        # The kernel class functions require it to be on work-shared, we
+        # don't unpack, patch, configure again, just archive the already
+        # configured ${S}
+        elif not (pn == 'libtool-native' or is_work_shared(d)):
             def runTask(task):
                 prefuncs = d.getVarFlag(task, 'prefuncs') or ''
                 for func in prefuncs.split():
@@ -483,6 +486,9 @@ python do_unpack_and_patch() {
         src_orig = '%s.orig' % src
         oe.path.copytree(src, src_orig)
 
+    if bb.data.inherits_class('dos2unix', d):
+        bb.build.exec_func('do_convert_crlf_to_lf', d)
+
     # Make sure gcc and kernel sources are patched only once
     if not (d.getVar('SRC_URI') == "" or is_work_shared(d)):
         bb.build.exec_func('do_patch', d)
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 112ee3379d..4fa1a64f85 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -20,7 +20,7 @@
 # the only method to check against CVEs. Running this tool
 # doesn't guarantee your packages are free of CVEs.
 
-# The product name that the CVE database uses.  Defaults to BPN, but may need to
+# The product name that the CVE database uses defaults to BPN, but may need to
 # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
 CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
@@ -56,11 +56,11 @@ CVE_CHECK_WHITELIST ?= ""
 # Layers to be excluded
 CVE_CHECK_LAYER_EXCLUDELIST ??= ""
 
-# Layers to be included 
+# Layers to be included
 CVE_CHECK_LAYER_INCLUDELIST ??= ""
 
 
-# set to "alphabetical" for version using single alphabetical character as increament release
+# set to "alphabetical" for version using single alphabetical character as increment release
 CVE_VERSION_SUFFIX ??= ""
 
 python cve_save_summary_handler () {
@@ -166,9 +166,12 @@ def get_patches_cves(d):
     pn = d.getVar("PN")
     cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
 
-    # Matches last CVE-1234-211432 in the file name, also if written
-    # with small letters. Not supporting multiple CVE id's in a single
-    # file name.
+    # Matches the last "CVE-YYYY-ID" in the file name, also if written
+    # in lowercase. Possible to have multiple CVE IDs in a single
+    # file name, but only the last one will be detected from the file name.
+    # However, patch files contents addressing multiple CVE IDs are supported
+    # (cve_match regular expression)
+
     cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
 
     patched_cves = set()
@@ -230,7 +233,7 @@ def check_cves(d, patched_cves):
         return ([], [], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
 
-    # If the recipe has been whitlisted we return empty lists
+    # If the recipe has been whitelisted we return empty lists
     if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
         bb.note("Recipe has been whitelisted, skipping check")
         return ([], [], [])
@@ -355,7 +358,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
     if include_layers and layer not in include_layers:
         return
 
-    nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
+    nvd_link = "https://nvd.nist.gov/vuln/detail/"
     write_string = ""
     unpatched_cves = []
     bb.utils.mkdirhier(os.path.dirname(cve_file))
diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass
index f7978e266b..0d0faa28d7 100644
--- a/poky/meta/classes/license.bbclass
+++ b/poky/meta/classes/license.bbclass
@@ -31,7 +31,7 @@ python do_populate_lic() {
             f.write("%s: %s\n" % (key, info[key]))
 }
 
-PSEUDO_IGNORE_PATHS .= ",${@','.join(((d.getVar('COMMON_LICENSE_DIR') or '') + ' ' + (d.getVar('LICENSE_PATH') or '')).split())}"
+PSEUDO_IGNORE_PATHS .= ",${@','.join(((d.getVar('COMMON_LICENSE_DIR') or '') + ' ' + (d.getVar('LICENSE_PATH') or '') + ' ' + d.getVar('COREBASE') + '/meta/COPYING').split())}"
 # it would be better to copy them in do_install_append, but find_license_filesa is python
 python perform_packagecopy_prepend () {
     enabled = oe.data.typed_value('LICENSE_CREATE_PACKAGE', d)
diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass
index 9f726e4537..2ef75c0d16 100644
--- a/poky/meta/classes/multilib.bbclass
+++ b/poky/meta/classes/multilib.bbclass
@@ -105,7 +105,6 @@ python __anonymous () {
         d.setVar("LINGUAS_INSTALL", "")
         # FIXME, we need to map this to something, not delete it!
         d.setVar("PACKAGE_INSTALL_ATTEMPTONLY", "")
-        bb.build.deltask('do_populate_sdk', d)
         bb.build.deltask('do_populate_sdk_ext', d)
         return
 }
diff --git a/poky/meta/classes/populate_sdk_base.bbclass b/poky/meta/classes/populate_sdk_base.bbclass
index 33ba3fc3c1..f8072a9d37 100644
--- a/poky/meta/classes/populate_sdk_base.bbclass
+++ b/poky/meta/classes/populate_sdk_base.bbclass
@@ -66,7 +66,7 @@ python () {
 
 SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}"
 SDK_DEPENDS = "virtual/fakeroot-native ${SDK_ARCHIVE_DEPENDS} cross-localedef-native nativesdk-qemuwrapper-cross ${@' '.join(["%s-qemuwrapper-cross" % m for m in d.getVar("MULTILIB_VARIANTS").split()])} qemuwrapper-cross"
-PATH_prepend = "${STAGING_DIR_HOST}${SDKPATHNATIVE}${bindir}/crossscripts:${@":".join(all_multilib_tune_values(d, 'STAGING_BINDIR_CROSS').split())}:"
+PATH_prepend = "${WORKDIR}/recipe-sysroot/${SDKPATHNATIVE}${bindir}/crossscripts:${@":".join(all_multilib_tune_values(d, 'STAGING_BINDIR_CROSS').split())}:"
 SDK_DEPENDS += "nativesdk-glibc-locale"
 
 # We want the MULTIARCH_TARGET_SYS to point to the TUNE_PKGARCH, not PACKAGE_ARCH as it
diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass
index 2b5d94dd1f..4bf087b4e8 100644
--- a/poky/meta/classes/sstate.bbclass
+++ b/poky/meta/classes/sstate.bbclass
@@ -123,8 +123,6 @@ SSTATE_HASHEQUIV_REPORT_TASKDATA[doc] = "Report additional useful data to the \
 python () {
     if bb.data.inherits_class('native', d):
         d.setVar('SSTATE_PKGARCH', d.getVar('BUILD_ARCH', False))
-        if d.getVar("PN") == "pseudo-native":
-            d.appendVar('SSTATE_PKGARCH', '_${ORIGNATIVELSBSTRING}')
     elif bb.data.inherits_class('crosssdk', d):
         d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS}"))
     elif bb.data.inherits_class('cross', d):
@@ -707,6 +705,7 @@ def sstate_package(ss, d):
             pass
         except OSError as e:
             # Handle read-only file systems gracefully
+            import errno
             if e.errno != errno.EROFS:
                 raise e
 
@@ -1020,6 +1019,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True,
         bb.parse.siggen.checkhashes(sq_data, missed, found, d)
 
     return found
+setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT"
 
 BB_SETSCENE_DEPVALID = "setscene_depvalid"
 
@@ -1153,6 +1153,7 @@ python sstate_eventhandler() {
                 pass
             except OSError as e:
                 # Handle read-only file systems gracefully
+                import errno
                 if e.errno != errno.EROFS:
                     raise e
 
diff --git a/poky/meta/classes/terminal.bbclass b/poky/meta/classes/terminal.bbclass
index 6059ae95e0..a564ee7494 100644
--- a/poky/meta/classes/terminal.bbclass
+++ b/poky/meta/classes/terminal.bbclass
@@ -26,6 +26,9 @@ def emit_terminal_func(command, envdata, d):
     bb.utils.mkdirhier(os.path.dirname(runfile))
 
     with open(runfile, 'w') as script:
+        # Override the shell shell_trap_code specifies.
+        # If our shell is bash, we might well face silent death.
+        script.write("#!/bin/bash\n")
         script.write(bb.build.shell_trap_code())
         bb.data.emit_func(cmd_func, script, envdata)
         script.write(cmd_func)
@@ -37,7 +40,7 @@ def emit_terminal_func(command, envdata, d):
 def oe_terminal(command, title, d):
     import oe.data
     import oe.terminal
-
+    
     envdata = bb.data.init()
 
     for v in os.environ:
diff --git a/poky/meta/classes/utils.bbclass b/poky/meta/classes/utils.bbclass
index 120bcc64a6..072ea1f63c 100644
--- a/poky/meta/classes/utils.bbclass
+++ b/poky/meta/classes/utils.bbclass
@@ -214,7 +214,7 @@ create_cmdline_wrapper () {
 #!/bin/bash
 realpath=\`readlink -fn \$0\`
 realdir=\`dirname \$realpath\`
-exec -a \`dirname \$realpath\`/$cmdname \`dirname \$realpath\`/$cmdname.real $cmdoptions "\$@"
+exec -a \$realdir/$cmdname \$realdir/$cmdname.real $cmdoptions "\$@"
 END
 	chmod +x $cmd
 }