subtree updateshardknott

poky: 14c5392fde..b89bb2651d:
  Alexander Kanavin (3):
        devtool: correctly handle non-standard source tree locations in upgrades
        devtool: print a warning on upgrades if PREFERRED_VERSION is set
        nettle: update 3.7.2 -> 3.7.3

  Alexandre Belloni (1):
        oeqa/runtime/cases: make date.DateTest.test_date more reliable

  Anton Blanchard (1):
        kmod: use nonarch_base_libdir for depmod.d and modprobe.d

  Armin Kuster (1):
        gnutls: Enable seccomp if FEATURE is set

  Bruce Ashfield (17):
        linux-yocto: add vfat KERNEL_FEATURE when MACHINE_FEATURES include vfat
        linux-yocto/5.10: update to v5.10.49
        linux-yocto/5.4: update to v5.4.131
        linux-yocto/5.10: update to v5.10.50
        linux-yocto/5.4: update to v5.4.132
        linux-yocto/5.10: update to v5.10.52
        linux-yocto/5.4: update to v5.4.134
        linux-yocto/5.10: update to v5.10.53
        linux-yocto/5.4: update to v5.4.135
        linux-yocto-rt/5.10: update to -rt47
        linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment
        linux-yocto/5.10: update to v5.10.55
        linux-yocto/5.4: update to v5.4.137
        linux-yocto/5.4: update to v5.4.139
        linux-yocto/5.10: update to v5.10.57
        kernel-devsrc: 5.14+ updates
        kernel-devsrc: fix 5.14+ objtool compilation

  Changqing Li (1):
        archiver.bbclass: fix do_ar_configured failure for kernel

  Chen Qi (2):
        systemd: fix CVE-2020-13529
        zstd: fix CVE_PRODUCT

  Damian Wrobel (1):
        gobject-introspection: Fix the license (add MIT)

  Dmitry Baryshkov (1):
        linux-firmware: add more Qualcomm firmware packages

  Joe Slater (2):
        util-linux: fix CVE 2021-37600
        terminal.bbclass: force bash for devshell

  Jon Mason (1):
        parselogs.py: qemuarm should be qemuarmv5

  Jose Quaresma (1):
        sstate.bbclass: fix error handling when sstate mirrors is ro

  Khairul Rohaizzat Jamaluddin (1):
        glibc: Fix CVE-2021-33574

  Khem Raj (4):
        ovmf: Fix VLA warnings with GCC 11
        stress-ng: Drop defining daddr_t
        gnutls: Point to staging area for finding seccomp libs and includes
        sdk: Enable do_populate_sdk with multilibs

  Lee Chee Yang (2):
        aspell: fix CVE-2019-25051
        qemu: fix CVE-2021-3527

  Marek Vasut (1):
        update-rc.d: update SRCREV to pull in fix for non-bash shell support

  Marta Rybczynska (1):
        lzo: add CVE_PRODUCT

  Matthias Klein (1):
        runqemu: Fix typo in error message

  Matthias Schiffer (1):
        initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true

  Michael Opdenacker (4):
        oe-setup-builddir: update YP docs and OE URLs
        cve-check: fix comments
        cve-check: update link to NVD website for CVE details
        cve-check: improve comment about CVE patch file names

  Mingli Yu (3):
        netbase: use git fetcher
        curl: fix CVE-2021-22925
        curl: fix CVES

  Nicolas Dechesne (4):
        yocto-check-layer: improve missed dependencies
        checklayer: new function get_layer_dependencies()
        checklayer: rename _find_layer_depends
        yocto-check-layer: ensure that all layer dependencies are tested too

  Oleksandr Kravchuk (1):
        bitbake.conf: change GNOME_MIRROR to new one

  Oleksandr Popovych (1):
        utils: Reduce the number of calls to the "dirname" command

  Patrick Williams (1):
        pixman: re-disable iwmmxt

  Ralph Siemsen (1):
        oeqa/manual/toaster: fix small typo

  Richard Purdie (6):
        pseudo: Add uninative configuration sanity check
        pseudo: Update to latest version including statx fix
        sstate: Drop pseudo exclusion
        sstate: Fix rebuilds when changing layer config
        license: Exclude COPYING.MIT from pseudo
        oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s

  Ross Burton (9):
        parted: improve ptest execution
        parted: fix ptest RRECOMMENDS
        parted: skip tests that need vfat support
        avahi: fix CVE-2021-36217, crash on pinging '.local'
        glew: fix Makefile race
        qemu: fix virtio vhost-user-gpu CVEs
        tar: ignore node-tar CVEs
        e2fsprogs: ensure small images have 256-byte inodes
        wic: don't forcibly pass -T default

  Sakib Sajal (5):
        go: fix CVE-2020-29509, CVE-2020-29511
        qemu: fix CVE-2021-3582
        qemu: fix CVE-2021-3607
        qemu: fix CVE-2021-3608
        go: upgrade 1.16.5 -> 1.16.7

  Tony Tascioglu (6):
        valgrind: skip flaky ptest fb_test_amd64
        ffmpeg: fix CVE-2020-20446
        ffmpeg: fix CVE-2020-20453
        ffmpeg: fix CVE-2020-22015
        ffmpeg: fix CVE-2020-22021
        ffmpeg: fix CVE-2020-22019 and CVE-2020-22033

  Trevor Gamblin (1):
        python3-pip: fix CVE-2021-3572

  Ulrich Ölmann (2):
        initramfs-framework: fix whitespace issue
        initramfs-framework/setup-live: fix shebang

  Vinay Kumar (2):
        glibc: Fix CVE-2021-35942
        glibc: Fix CVE-2021-38604

  hongxu (2):
        createrepo-c: fix createrepo-c failed in nativesdk
        sdk: fix relocate symlink failed

  leimaohui (1):
        archiver.bbclass: Fix patch error for recipes that inherit dos2unix.

  wangmy (1):
        gnutls: upgrade 3.7.1 -> 3.7.2

meta-openembedded: 5a4b2ab29d..5741b949a8:
  Anastasios Kavoukis (1):
        pm-qa: fix paths for shell scripts

  Armin Kuster (1):
        wireshark: update to 3.4.7

  Changqing Li (2):
        ndpi: fix CVE-2021-36082
        linuxptp: upgrade 3.1 -> 3.1.1

  Devendra Tewari (1):
        Suppress eol in functionfs setup scripts (#147)

  Gianfranco (1):
        vboxguestdrivers: upgrade 6.1.22 -> 6.1.24

  Joe Slater (1):
        php: move to version 7.4.21

  Kai Kang (1):
        libdbi-perl: fix CVE-2014-10402

  Khem Raj (2):
        fvwm: Package extra files and man pages
        fvwm: Fix build time paths in target perl/python scripts

  Li Wang (1):
        openlldp: fix segfault

  Michael Opdenacker (1):
        bigbuckbunny-1080p: fix sample video URL

  Mingli Yu (3):
        mariadb: redefine log-error item
        mariadb: Update SRC_URI
        polkit: fix CVE-2021-3560

  Paulo Neves (1):
        htop: Add ncurses-terminfo-base to RDEPENDS

  Roland Hieber (2):
        curlpp: fix override syntax
        ldns: fix override syntax

  Sakib Sajal (1):
        gd: fix CVE-2021-38115

  Tony Battersby (3):
        net-snmp: fix QA Issue after LDFLAGS change
        curlpp: fix QA Issue after LDFLAGS change
        ldns: fix QA Issue after LDFLAGS change

  Tony Tascioglu (1):
        redis: fix CVE-2021-32625

  wangmy (2):
        nghttp2: upgrade 1.43.0 -> 1.44.0
        libtalloc: upgrade 2.3.2 -> 2.3.3

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I12cf9ce6cd256bd08bd4e97856ba45ccb993ddc4

1 files changed, 123 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch b/poky/meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch
new file mode 100644
index 0000000000..3c47157d1a
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch
@@ -0,0 +1,123 @@
+From 4d014e723165f28b34458edb4aa9136e0fb4c702 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Tue, 27 Oct 2020 00:17:15 +0100
+Subject: [PATCH] encoding/xml: handle leading, trailing, or double colons in
+ names
+
+Before this change, <:name> would parse as <name>, which could cause
+issues in applications that rely on the parse-encode cycle to
+round-trip. Similarly, <x name:=""> would parse as expected but then
+have the attribute dropped when serializing because its name was empty.
+Finally, <a:b:c> would parse and get serialized incorrectly. All these
+values are invalid XML, but to minimize the impact of this change, we
+parse them whole into Name.Local.
+
+This issue was reported by Juho Nurminen of Mattermost as it leads to
+round-trip mismatches. See #43168. It's not being fixed in a security
+release because round-trip stability is not a currently supported
+security property of encoding/xml, and we don't believe these fixes
+would be sufficient to reliably guarantee it in the future.
+
+Fixes CVE-2020-29509
+Fixes CVE-2020-29511
+Updates #43168
+
+Change-Id: I68321c4d867305046f664347192948a889af3c7f
+Reviewed-on: https://go-review.googlesource.com/c/go/+/277892
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Trust: Filippo Valsorda <filippo@golang.org>
+Reviewed-by: Katie Hockman <katie@golang.org>
+
+CVE: CVE-2020-29509 CVE-2020-29511
+Upstream-Status: Backport [4d014e723165f28b34458edb4aa9136e0fb4c702]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/encoding/xml/xml.go      |  5 ++--
+ src/encoding/xml/xml_test.go | 56 ++++++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+), 2 deletions(-)
+
+diff --git a/src/encoding/xml/xml.go b/src/encoding/xml/xml.go
+index 384d6ad4b8..c902f1295a 100644
+--- a/src/encoding/xml/xml.go
++++ b/src/encoding/xml/xml.go
+@@ -1156,8 +1156,9 @@ func (d *Decoder) nsname() (name Name, ok bool) {
+ 	if !ok {
+ 		return
+ 	}
+-	i := strings.Index(s, ":")
+-	if i < 0 {
++	if strings.Count(s, ":") > 1 {
++		name.Local = s
++	} else if i := strings.Index(s, ":"); i < 1 || i > len(s)-2 {
+ 		name.Local = s
+ 	} else {
+ 		name.Space = s[0:i]
+diff --git a/src/encoding/xml/xml_test.go b/src/encoding/xml/xml_test.go
+index 5a10f5309d..47d0c39167 100644
+--- a/src/encoding/xml/xml_test.go
++++ b/src/encoding/xml/xml_test.go
+@@ -1003,3 +1003,59 @@ func TestTokenUnmarshaler(t *testing.T) {
+ 	d := NewTokenDecoder(tokReader{})
+ 	d.Decode(&Failure{})
+ }
++
++func testRoundTrip(t *testing.T, input string) {
++	d := NewDecoder(strings.NewReader(input))
++	var tokens []Token
++	var buf bytes.Buffer
++	e := NewEncoder(&buf)
++	for {
++		tok, err := d.Token()
++		if err == io.EOF {
++			break
++		}
++		if err != nil {
++			t.Fatalf("invalid input: %v", err)
++		}
++		if err := e.EncodeToken(tok); err != nil {
++			t.Fatalf("failed to re-encode input: %v", err)
++		}
++		tokens = append(tokens, CopyToken(tok))
++	}
++	if err := e.Flush(); err != nil {
++		t.Fatal(err)
++	}
++
++	d = NewDecoder(&buf)
++	for {
++		tok, err := d.Token()
++		if err == io.EOF {
++			break
++		}
++		if err != nil {
++			t.Fatalf("failed to decode output: %v", err)
++		}
++		if len(tokens) == 0 {
++			t.Fatalf("unexpected token: %#v", tok)
++		}
++		a, b := tokens[0], tok
++		if !reflect.DeepEqual(a, b) {
++			t.Fatalf("token mismatch: %#v vs %#v", a, b)
++		}
++		tokens = tokens[1:]
++	}
++	if len(tokens) > 0 {
++		t.Fatalf("lost tokens: %#v", tokens)
++	}
++}
++
++func TestRoundTrip(t *testing.T) {
++	tests := map[string]string{
++		"leading colon":  `<::Test ::foo="bar"><:::Hello></:::Hello><Hello></Hello></::Test>`,
++		"trailing colon": `<foo abc:="x"></foo>`,
++		"double colon":   `<x:y:foo></x:y:foo>`,
++	}
++	for name, input := range tests {
++		t.Run(name, func(t *testing.T) { testRoundTrip(t, input) })
++	}
++}
+-- 
+2.25.1
+