poky: subtree update:2dcd1f2a21..9d1b332292

Alejandro Hernandez Samaniego (2):
      baremetal-helloworld: Enable RISC-V 64 port
      baremetal-image: Fix post process command rootfs_update_timestamp

Alexander Kanavin (94):
      python3: add markdown/smartypants/typogrify modules
      gi-docgen: add a recipe and class
      gdk-pixbuf/pango: replace gtk-doc with gi-docgen
      vala: upgrade 0.50.4 -> 0.52.2
      xkbcomp: upgrade 1.4.4 -> 1.4.5
      stress-ng: upgrade 0.12.05 -> 0.12.06
      xserver-xorg: upgrade 1.20.10 -> 1.20.11
      xorgproto: upgrade 2020.1 -> 2021.3
      dpkg: update 1.20.7.1 -> 1.20.9
      puzzles: update to latest revision
      cmake: update 3.19.5 -> 3.20.1
      meson: update 0.57.1 -> 0.57.2
      systemd: backport a patch to avoid unnecessary rsync dependency with latest meson
      pulseaudio: unbreak build with latest meson
      libdnf: upgrade 0.58.0 -> 0.62.0
      bluez5: upgrade 5.56 -> 5.58
      libxkbcommon: update 1.0.3 -> 1.2.1
      libgudev: update 234 -> 236
      vulkan-samples: update to latest revision
      gnupg: upgrade 2.2.27 -> 2.3.1
      virglrenderer: update 0.8.2 -> 0.9.1
      webkitgtk: update 2.30.6 -> 2.32.0
      acl: upgrade 2.2.53 -> 2.3.1
      bind: upgrade 9.16.12 -> 9.16.13
      bison: upgrade 3.7.5 -> 3.7.6
      createrepo-c: upgrade 0.17.0 -> 0.17.2
      cronie: upgrade 1.5.5 -> 1.5.7
      dnf: upgrade 4.6.0 -> 4.7.0
      e2fsprogs: upgrade 1.46.1 -> 1.46.2
      gnu-efi: upgrade 3.0.12 -> 3.0.13
      systemd-boot: backport a fix to address failures with new gnu-efi
      gobject-introspection: upgrade 1.66.1 -> 1.68.0
      gtk+3: upgrade 3.24.25 -> 3.24.28
      harfbuzz: upgrade 2.7.4 -> 2.8.0
      less: upgrade 563 -> 581
      libfm: upgrade 1.3.1 -> 1.3.2
      libinput: upgrade 1.16.4 -> 1.17.1
      libwpe: upgrade 1.8.0 -> 1.10.0
      libxres: upgrade 1.2.0 -> 1.2.1
      linux-firmware: upgrade 20210208 -> 20210315
      pango: upgrade 1.48.2 -> 1.48.4
      piglit: upgrade to latest revision
      pkgconf: upgrade 1.7.3 -> 1.7.4
      python3-hypothesis: upgrade 6.2.0 -> 6.9.1
      python3-importlib-metadata: upgrade 3.4.0 -> 3.10.1
      python3-pytest: upgrade 6.2.2 -> 6.2.3
      python3-setuptools-scm: upgrade 5.0.1 -> 6.0.1
      x264: upgrade to latest revision
      ptest: add a test for orphaned ptests, and restore ones found by it
      swig: fix upstream version check
      liberation-fonts: fix upstream version check
      Revert "go: Use dl.google.com for SRC_URI"
      powertop: update 2.13 -> 2.14
      mesa: add lmsensors PACKAGECONFIG
      ffmpeg: update 4.3.2 -> 4.4
      qemu: use 4 cores in qemu guests
      avahi: disable gtk bits
      gdk-pixbuf: rewrite the cross-build support for tests
      gnome: drop upstream even condition from a few recipes
      expat: upgrade 2.2.10 -> 2.3.0
      meson.bbclass: split python routines into a separate class
      gstreamer1.0-plugins-base: backport a patch to fix meson 0.58 builds
      meson: update 0.57.2 -> 0.58.0
      qemu: backport a patch to fix meson 0.58 builds
      nativesdk-meson: correctly set cpu_family
      bitbake: fetch2/wget: when checking latest versions, consider all numerical directories
      mklibs: remove recipes and class
      local.conf: Drop support for mklibs
      u-boot: upgrade 2021.01 -> 2021.04
      gdk-pixbuf: update a patch status
      systemd: update 247.6 -> 248.3
      systemd-conf: do not version in lockstep with systemd
      gnu-config: update to latest revision
      mmc-utils: update to latest revision
      python3-smartypants: fix upstream version check
      at: upgrade 3.2.1 -> 3.2.2
      gnomebase: trim the SRC_URI directory from the back
      gsettings-desktop-schemas: upgrade 3.38.0 -> 40.0
      igt-gpu-tools: upgrade 1.25 -> 1.26
      mesa: update 21.0.3 -> 21.1.1
      vulkan-samples: update to latest revision
      libgpg-error: update 1.41 -> 1.42
      webkitgtk: update 2.32.0 -> 2.32.1
      glib-2.0: update 2.68.1 -> 2.68.2
      apt: upgrade 2.2.2 -> 2.2.3
      cmake: update 3.20.1 -> 3.20.2
      libdnf: update 0.62.0 -> 0.63.0
      harfbuzz: update 2.8.0 -> 2.8.1
      curl: update 7.76.0 -> 7.76.1
      systemtap: update 4.4 -> 4.5
      wayland: package target binaries into -tools, not into -dev
      ptest: add newly discovered missing runtime dependencies across recipes
      images: remove sato/weston ptest images
      images: add ptest images based on core-image-minimal

Andreas Müller (1):
      gstreamer1.0-plugins-good: fix build with gcc11

Andrej Valek (1):
      expat: upgrade 2.3.0 -> 2.4.1

Anuj Mittal (1):
      lsb-release: fix reproducibility failure

Armin Kuster (5):
      bitbake: hashserv/server.py: drop unused imports
      bitbake: hashserver/client.py: drop unused imports
      poky.yaml: fedora33: add missing pkgs
      systemctl: Stop tracebacks use formated error messages
      package_manager/rpm: decode systemctl failures

Bastian Krause (1):
      ccache: version bump 4.2.1 -> 4.3

Bruce Ashfield (18):
      linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
      kern-tools: Kconfiglib: add support for bare 'modules' keyword
      lttng-modules: update devupstream to v2.13-rc
      lttng-modules: update to v2.12.6
      kernel-yocto: provide debug / summary information for metadata
      linux-yocto/5.10: update to v5.10.35
      linux-yocto/5.4: update to v5.4.117
      linux-yocto/5.10: ktypes/standard: disable obsolete crypto options by default
      linux-yocto/5.10: update to v5.10.36
      linux-yocto/5.4: update to v5.4.118
      linux-yocto/5.10: update to v5.10.37
      linux-yocto/5.4: update to v5.4.119
      kernel-devsrc: adjust NM and OBJTOOL variables for target
      linux-yocto/5.10: update to v5.10.38
      linux-yocto-dev: bump to v5.13+
      linux-yocto/5.4: update to v5.4.120
      linux-yocto/5.10: update to v5.10.41
      linux-yocto/5.4: update to v5.4.123

Carlos Rafael Giani (1):
      ffmpeg: Add libopus packageconfig

Changqing Li (2):
      unfs3: correct configure option
      pkgconfig: update SRC_URI

Chen Qi (3):
      db: update CVE_PRODUCT
      rt-tests: update SRCREV
      xxhash: backport patch to fix special char problem

Daniel McGregor (3):
      lib/oe/gpg_sign.py: Fix gpg verification
      sstate: Ignore sstate signing key
      bison: Make libtextstyle and libreadline optional

Daniel Wagenknecht (1):
      kernel-dev: document KCONFIG_MODE

Douglas Royds (3):
      Revert "icecc: Don't use icecc when INHIBIT_DEFAULT_DEPS is set"
      icecc: Demote "could not get ICECC_CC" warning to note
      icecc-create-env: Silence warning: invalid ICECC_ENV_EXEC

Drew Moseley (1):
      manuals: fix a few incorrect option specifications.

Guillaume Champagne (1):
      image-live.bbclass: order do_bootimg after do_rootfs

Joshua Watt (1):
      zstd: Add patch to fix MinGW builds

Kai Kang (1):
      grub2.inc: remove '-O2' from CFLAGS

Khem Raj (17):
      swig: Upgrade to 4.0.2
      python3-markdown: Upgrade to 3.3.4
      ffmpeg: Fix build on mips
      npth: Check for pthread_create for including lpthread
      gcc: Add target gcc include search for musl config too
      gcc: Extend .gccrelocprefix section support to musl configs
      gcc: Refresh patch to fix patch fuzz
      musl: Fix __NR_fstatat syscall name for riscv
      libxfixes: Update to 6.0.0 release
      xorgproto: Upgrade to 2021.4 release
      glibc: Update to latest 2.33 branch
      systemd: Fix 248.3 on musl
      glibc: Enable memory tagging for aarch64
      gcc: Update to latest on release/gcc-11 branch
      apt: Add missing <array> header
      ovmf: Fix VLA warnings with GCC 11
      libucontext: Switch to meson build system

Martin Jansa (4):
      gcc-sanitizers: Package up static hwasan files as well
      webkitgtk: fix build without opengl in DISTRO_FEATURES
      binutils: backport DWARF-5 support for gold
      sstatesig.py: make it fatal error when sstate manifest isn't found

Michael Halstead (3):
      releases: update to include 3.2.4
      uninative: Upgrade to 3.2 (gcc11 support)
      releases: update to include 3.3.1

Michael Opdenacker (8):
      manuals: reduce verbosity with "worry about" expression
      manuals: reduce verbosity related to "the following" expression
      ref-manual: simplify style
      kernel-dev manual: simplify style
      dev-manual: simplify style
      sdk-manual: simplify style and fix formating
      overview-manual: simplify style and add missings references
      manuals: simplify style

Mike Crowe (2):
      npm.bbclass: Allow nodedir to be overridden by NPM_NODEDIR
      libnotify: Make gtk+3 dependency optional

Ming Liu (4):
      kernel-fitimage.bbclass: fix a wrong conditional check
      initramfs-framework:rootfs: fix wrong indentions
      kernel-fitimage.bbclass: drop unit addresses from bootscr sections
      uboot-sign/kernel-fitimage: split generate_rsa_keys task

Nikolay Papenkov (1):
      flex: correct license information

Nisha Parrakat (1):
      squashfs-tools: package squashfs-fs.h

Peter Kjellerstedt (3):
      libcap: Configure Make variables correctly without a horrible hack
      util-linux.inc: Do not modify BPN
      native.bbclass: Do not remove "-native" in the middle of recipe names

Petr Vorel (1):
      ltp: Update to 20210524

Richard Purdie (92):
      oeqa/qemurunner: Fix binary vs str issue
      oeqa/qemurunner: Improve handling of run_serial for shutdown commands
      ptest-packagelists: Add expat-ptest to fast ptests
      puzzles: Upstream changed to main branch for development
      grub2: Add CVE whitelist entries for issues fixed in 2.06
      glibc: Document and whitelist CVE-2019-1010022-25
      qemu: Exclude CVE-2017-5957 from cve-check
      qemu: Exclude CVE-2007-0998 from cve-check
      qemu: Exclude CVE-2018-18438 from cve-check
      jquery: Exclude CVE-2007-2379 from cve-check
      logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check
      openssh: Exclude CVE-2007-2768 from cve-check
      ovmf: Improve reproducibility by enabling prefix mapping
      bind: Exclude CVE-2019-6470 from cve-check
      openssh: Exclude CVE-2008-3844 from cve-check
      unzip: Exclude CVE-2008-0888 from cve-check
      cpio: Exclude CVE-2010-4226 from cve-check
      xinetd: Exclude CVE-2013-4342 from cve-check
      ghostscript: Exclude CVE-2013-6629 from cve-check
      bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-check
      tiff: Exclude CVE-2015-7313 from cve-check
      ovmf: Disable lto to aid reproducibility
      ovmf: Fix other reproducibility issues
      rpm: Exclude CVE-2021-20271 from cve-check
      coreutils: Exclude CVE-2016-2781 from cve-check
      librsvg: Exclude CVE-2018-1000041 from cve-check
      avahi: Exclude CVE-2021-26720 from cve-check
      qemu: Set SMP to 4 cpus for arm/x86 only
      qemuboot-x86: Switch to IvyBridge and q35 instead of pc
      qemu-x86: Add commandline options to improve boot
      sstate: Handle manifest 'corruption' issue
      lttng-ust: Upgrade 2.12.1 -> 2.12.2
      qemu: Upgrade 5.2.0 -> 6.0.0
      python3-markupsafe: Upgrade 1.1.1 -> 2.0.0
      python3-jinja2: Upgrade 2.11.3 -> 3.0.0
      ofono: upgrade 1.31 -> 1.32
      libnss-mdns: upgrade 0.14.1 -> 0.15
      python3-git: upgrade 3.1.14 -> 3.1.17
      bind: upgrade 9.16.13 -> 9.16.15
      vala: upgrade 0.52.2 -> 0.52.3
      libjpeg-turbo: upgrade 2.0.6 -> 2.1.0
      btrfs-tools: upgrade 5.12 -> 5.12.1
      python3-hypothesis: upgrade 6.9.1 -> 6.12.0
      python3-numpy: upgrade 1.20.2 -> 1.20.3
      gtk+3: upgrade 3.24.28 -> 3.24.29
      sudo: upgrade 1.9.6p1 -> 1.9.7
      stress-ng: upgrade 0.12.06 -> 0.12.08
      less: upgrade 581 -> 586
      libtirpc: upgrade 1.3.1 -> 1.3.2
      libinput: upgrade 1.17.1 -> 1.17.2
      zstd: upgrade 1.4.9 -> 1.5.0
      hdparm: upgrade 9.61 -> 9.62
      libxkbcommon: upgrade 1.2.1 -> 1.3.0
      spirv-tools: upgrade 2020.7 -> 2021.1
      diffoscope: upgrade 172 -> 175
      mpg123: upgrade 1.26.5 -> 1.27.2
      sqlite3: upgrade 3.35.3 -> 3.35.5
      wayland-protocols: upgrade 1.20 -> 1.21
      shaderc: upgrade 2020.5 -> 2021.0
      wpebackend-fdo: upgrade 1.8.3 -> 1.8.4
      libxcrypt-compat: upgrade 4.4.19 -> 4.4.20
      Revert "cml1.bbclass: Return sorted list of cfg files"
      bitbake: server/process: Handle error in heartbeat funciton in OOM case
      glibc: Add 8GB VM usage cap for usermode test suite
      cve-extra-exclusions.inc: add exclusion list for intractable CVE's
      rpm: Drop CVE exclusion as database fixed to handle
      cve-extra-exclusions: Fix typos
      grub: Exclude CVE-2019-14865 from cve-check
      cve-extra-exclusions.inc: Clean up merged CPE updates
      ltp: Disable problematic tests causing autobuilder hangs
      python3-setuptools: upgrade 56.0.0 -> 56.2.0
      distro/maintainers: Fix up the ptest image entries
      oeqa/runtime/rpm: Drop log message counting test component
      linux-firmware: upgrade 20210315 -> 20210511
      libxcrypt: Upgrade 4.4.20 -> 4.4.22
      iproute2: upgrade 5.11.0 -> 5.12.0
      libx11: upgrade 1.7.0 -> 1.7.1
      python3-hypothesis: upgrade 6.12.0 -> 6.13.7
      pango: upgrade 1.48.4 -> 1.48.5
      python3-importlib-metadata: upgrade 4.0.1 -> 4.3.0
      libmodulemd: upgrade 2.12.0 -> 2.12.1
      vte: upgrade 0.64.0 -> 0.64.1
      libinput: upgrade 1.17.2 -> 1.17.3
      gi-docgen: upgrade 2021.5 -> 2021.6
      kmod: upgrade 28 -> 29
      xorgproto: upgrade 2021.4 -> 2021.4.99.1
      libpcre2: upgrade 10.36 -> 10.37
      libepoxy: upgrade 1.5.5 -> 1.5.8
      python3-jinja2: upgrade 3.0.0 -> 3.0.1
      curl: upgrade 7.76.1 -> 7.77.0
      python3-setuptools: upgrade 56.2.0 -> 57.0.0
      oeqa/qemurunner: Improve timeout handling

Richard Weinberger (1):
      Add support for erofs filesystems

Robert Joslyn (3):
      liberation-fonts: Update to 2.1.4
      epiphany: Update to 40.1
      btrfs-tools: Update to 5.12

Robert P. J. Day (8):
      sdk-manual: couple minor fixes in using.rst
      sdk-manual: various cleanups to intro.rst
      ref-manual: delete references to dead LSB compliance
      ref-manual: delete extraneous back quote
      image.bbclass: fix comment "pacackages" -> "packages"
      meta/lib/oe/rootfs.py: Fix typo "Restoreing" -> "Restoring"
      bitbake.conf: alphabetize contents of ASSUME_PROVIDED
      ref-manual: add links to some variables in glossary

Romain Naour (1):
      dejagnu: needs expect at runtime

Ross Burton (12):
      cairo: backport patch for CVE-2020-35492
      libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)
      builder: whitelist CVE-2008-4178 (a different builder)
      libarchive: disable redundant libxml2 PACKAGECONFIG
      meson: update patch status
      cups: whitelist CVE-2021-25317
      libsolv: add missing db dependency
      rpm: turn Berkeley DB hard dependency into PACKAGECONFIG
      python3: update status on upstreamed patch
      ref-manual: Ubuntu 20.04 is also LTS
      package_rpm: pass XZ_THREADS to rpm
      gcc: revert libstc++-gdb.py installation changes

Samuli Piippo (3):
      gcc-cross-canadian: add symlinks for ld.bfd and ld.gold
      libarchive: enable zstd support
      cmake-native: enabled zstd support

Stefan Ghinea (1):
      boost: fix do_fetch failure

Steve Sakoman (1):
      expat: set CVE_PRODUCT

Tony Tascioglu (3):
      libxml2: Reformat runtest.patch
      libxml2: Add bash dependency for ptests.
      libxml2: Update to 2.9.12

Trevor Gamblin (2):
      python3: upgrade 3.9.4 -> 3.9.5
      bind: upgrade 9.16.15 -> 9.16.16

Ulrich Ölmann (1):
      local.conf.sample: fix typo

Vinícius Ossanes Aquino (1):
      lttng-modules: backport patches to fix build against 5.12+ kernel

Yann Dirson (1):
      linux-firmware: include all relevant files in -bcm4356

hongxu (1):
      gdk-pixbuf: fix nativesdk do_configure failed

wangmy (21):
      python3-pygments: upgrade 2.8.1 -> 2.9.0
      at-spi2-core: upgrade 2.40.0 -> 2.40.1
      ell: upgrade 0.39 -> 0.40
      kexec-tools: upgrade 2.0.21 -> 2.0.22
      go: upgrade 1.16.3 -> 1.16.4
      python3-attrs: upgrade 20.3.0 -> 21.2.0
      python3-six: upgrade 1.15.0 -> 1.16.0
      vulkan-samples: update to latest revision
      vulkan-headers: upgrade 1.2.170.0 -> 1.2.176.0
      vulkan-tools: upgrade 1.2.170.0 -> 1.2.176.0
      vulkan-loader: upgrade 1.2.170.0 -> 1.2.176.0
      distcc: upgrade 3.3.5 -> 3.4
      libdrm: upgrade 2.4.105 -> 2.4.106
      libidn2: upgrade 2.3.0 -> 2.3.1
      libtasn1: upgrade 4.16.0 -> 4.17.0
      python3-libarchive-c: upgrade 2.9 -> 3.0
      python3-markupsafe: upgrade 2.0.0 -> 2.0.1
      python3-more-itertools: upgrade 8.7.0 -> 8.8.0
      python3-pytest: upgrade 6.2.3 -> 6.2.4
      logrotate: upgrade 3.18.0 -> 3.18.1
      stress-ng: upgrade 0.12.08 -> 0.12.09

zhengruoqin (10):
      busybox: upgrade 1.33.0 -> 1.33.1
      rng-tools: upgrade 6.11 -> 6.12
      rpcbind: upgrade 1.2.5 -> 1.2.6
      sysklogd: upgrade 2.2.2 -> 2.2.3
      python3-importlib-metadata: upgrade 3.10.1 -> 4.0.1
      python3-sortedcontainers: upgrade 2.3.0 -> 2.4.0
      rxvt-unicode: upgrade 9.22 -> 9.26
      libedit: upgrade 20210419-3.1 -> 20210522-3.1
      libtest-needs-perl: upgrade 0.002006 -> 0.002009
      libucontext: upgrade 0.10 -> 1.1

Change-Id: I5e5148036ac2a7918974733e5751c3392139b17e
Signed-off-by: William A. Kennington III <wak@google.com>

9 files changed, 141 insertions, 34 deletions

diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index 4fa47d88e..f451ba6a4 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -173,25 +173,25 @@ DATETIME = "${DATE}${TIME}"
 # python-native should be here but python relies on building
 # its own in staging
 ASSUME_PROVIDED = "\
+    bash-native \
     bzip2-native \
     chrpath-native \
+    diffstat-native \
     file-native \
     findutils-native \
     gawk-native \
     git-native \
     grep-native \
-    diffstat-native \
-    patch-native \
-    libgcc-native \
     hostperl-runtime-native \
     hostpython-runtime-native \
+    libgcc-native \
+    patch-native \
+    sed-native \
     tar-native \
-    virtual/libintl-native \
-    virtual/libiconv-native \
-    virtual/crypt-native \
     texinfo-native \
-    bash-native \
-    sed-native \
+    virtual/crypt-native \
+    virtual/libiconv-native \
+    virtual/libintl-native \
     wget-native \
     "
 # gzip-native should be listed above?
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
new file mode 100644
index 000000000..cf07acce1
--- /dev/null
+++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -0,0 +1,73 @@
+# This file contains a list of CVE's where resolution has proven to be impractical
+# or there is no reasonable action the Yocto Project can take to resolve the issue.
+# It contains all the information we are aware of about an issue and analysis about
+# why we believe it can't be fixed/handled. Additional information is welcome through
+# patches to the file.
+#
+# Include this file in your local.conf or distro.conf to exclude these CVE's
+# from the cve-check results or add to the bitbake command with:
+#     -R conf/distro/include/cve-extra-exclusions.inc
+#
+# The file is not included by default since users should review this data to ensure
+# it matches their expectations and usage of the project.
+#
+# We may also include "in-flight" information about current/ongoing CVE work with
+# the aim of sharing that work and ensuring we don't duplicate it.
+#
+
+
+# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006
+# CVE is more than 20 years old with no resolution evident
+# broken links in CVE database references make resolution impractical
+CVE_CHECK_WHITELIST += "CVE-2000-0006"
+
+# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238
+# The issue here is spoofing of domain names using characters from other character sets.
+# There has been much discussion amongst the epiphany and webkit developers and
+# whilst there are improvements about how domains are handled and displayed to the user
+# there is unlikely ever to be a single fix to webkit or epiphany which addresses this
+# problem. Whitelisted as there isn't any mitigation or fix or way to progress this further
+# we can seem to take.
+CVE_CHECK_WHITELIST += "CVE-2005-0238"
+
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756
+# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server
+# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681
+# Upstream don't see it as a security issue, ftp servers shouldn't be passing
+# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar
+CVE_CHECK_WHITELIST += "CVE-2010-4756"
+
+# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509
+# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511
+# The encoding/xml package in go can potentially be used for security exploits if not used correctly
+# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
+# exposing this interface in an exploitable way
+CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
+
+
+
+#### CPE update pending ####
+
+# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803
+# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7
+# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
+#CVE_CHECK_WHITELIST += "CVE-2000-0803"
+
+
+
+#### Upstream still working on ####
+
+# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
+# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
+# however qemu maintainers are sure the patch is incorrect and should not be applied.
+
+# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293
+# Upstream bug, still open: https://github.com/westes/flex/issues/414
+# Causes memory exhaustion so potential DoS but no buffer overflow, low priority
+
+# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879
+# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
+# No response upstream as of 2021/5/12
+
+
+
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 140f7b490..fa7eb9da0 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -111,19 +111,17 @@ RECIPE_MAINTAINER_pn-core-image-minimal-mtdutils = "Richard Purdie <richard.purd
 RECIPE_MAINTAINER_pn-core-image-tiny-initramfs = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-full-cmdline = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-kernel-dev = "Richard Purdie <richard.purdie@linuxfoundation.org>"
+RECIPE_MAINTAINER_pn-core-image-ptest-all = "Richard Purdie <richard.purdie@linuxfoundation.org>"
+RECIPE_MAINTAINER_pn-core-image-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-sato = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-sato-sdk = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-testmaster-initramfs = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-testmaster = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-clutter = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-weston = "Richard Purdie <richard.purdie@linuxfoundation.org>"
-RECIPE_MAINTAINER_pn-core-image-weston-ptest-all = "Richard Purdie <richard.purdie@linuxfoundation.org>"
-RECIPE_MAINTAINER_pn-core-image-weston-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-weston-sdk = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-x11 = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-core-image-sato-dev = "Richard Purdie <richard.purdie@linuxfoundation.org>"
-RECIPE_MAINTAINER_pn-core-image-sato-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>"
-RECIPE_MAINTAINER_pn-core-image-sato-sdk-ptest = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-coreutils = "Chen Qi <Qi.Chen@windriver.com>"
 RECIPE_MAINTAINER_pn-cpio = "Denys Dmytriyenko <denis@denix.org>"
 RECIPE_MAINTAINER_pn-cracklib = "Armin Kuster <akuster808@gmail.com>"
@@ -171,6 +169,7 @@ RECIPE_MAINTAINER_pn-ell = "Zang Ruochen <zangrc.fnst@fujitsu.com>"
 RECIPE_MAINTAINER_pn-enchant2 = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER_pn-encodings = "Armin Kuster <akuster808@gmail.com>"
 RECIPE_MAINTAINER_pn-epiphany = "Alexander Kanavin <alex.kanavin@gmail.com>"
+RECIPE_MAINTAINER_pn-erofs-utils = "Richard Weinberger <richard@nod.at>"
 RECIPE_MAINTAINER_pn-ethtool = "Changhyeok Bae <changhyeok.bae@gmail.com>"
 RECIPE_MAINTAINER_pn-eudev = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER_pn-expat = "Yi Zhao <yi.zhao@windriver.com>"
@@ -205,6 +204,7 @@ RECIPE_MAINTAINER_pn-gdk-pixbuf = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER_pn-gettext = "Robert Yang <liezhi.yang@windriver.com>"
 RECIPE_MAINTAINER_pn-gettext-minimal-native = "Robert Yang <liezhi.yang@windriver.com>"
 RECIPE_MAINTAINER_pn-ghostscript = "Hongxu Jia <hongxu.jia@windriver.com>"
+RECIPE_MAINTAINER_pn-gi-docgen = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-git = "Robert Yang <liezhi.yang@windriver.com>"
 RECIPE_MAINTAINER_pn-glew = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER_pn-glib-2.0 = "Anuj Mittal <anuj.mittal@intel.com>"
@@ -507,7 +507,6 @@ RECIPE_MAINTAINER_pn-mingetty = "Yi Zhao <yi.zhao@windriver.com>"
 RECIPE_MAINTAINER_pn-mini-x-session = "Armin Kuster <akuster808@gmail.com>"
 RECIPE_MAINTAINER_pn-minicom = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER_pn-mkfontscale = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER_pn-mklibs-native = "Robert Yang <liezhi.yang@windriver.com>"
 RECIPE_MAINTAINER_pn-mmc-utils = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER_pn-mobile-broadband-provider-info = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-modutils-initscripts = "Yi Zhao <yi.zhao@windriver.com>"
@@ -608,6 +607,7 @@ RECIPE_MAINTAINER_pn-python3-jinja2 = "Richard Purdie <richard.purdie@linuxfound
 RECIPE_MAINTAINER_pn-python3-libarchive-c = "Joshua Watt <JPEWhacker@gmail.com>"
 RECIPE_MAINTAINER_pn-python3-magic = "Joshua Watt <JPEWhacker@gmail.com>"
 RECIPE_MAINTAINER_pn-python3-mako = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
+RECIPE_MAINTAINER_pn-python3-markdown = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-python3-markupsafe = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER_pn-python3-more-itertools = "Tim Orling <timothy.t.orling@linux.intel.com>"
 RECIPE_MAINTAINER_pn-python3-nose = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
@@ -630,11 +630,13 @@ RECIPE_MAINTAINER_pn-python3-scons-native = "Tim Orling <timothy.t.orling@linux.
 RECIPE_MAINTAINER_pn-python3-setuptools = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
 RECIPE_MAINTAINER_pn-python3-setuptools-scm = "Tim Orling <timothy.t.orling@linux.intel.com>"
 RECIPE_MAINTAINER_pn-python3-six = "Zang Ruochen <zangrc.fnst@fujitsu.com>"
+RECIPE_MAINTAINER_pn-python3-smartypants = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-python3-smmap = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
 RECIPE_MAINTAINER_pn-python3-sortedcontainers = "Tim Orling <timothy.t.orling@linux.intel.com>"
 RECIPE_MAINTAINER_pn-python3-subunit = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
 RECIPE_MAINTAINER_pn-python3-testtools = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
 RECIPE_MAINTAINER_pn-python3-toml = "Tim Orling <timothy.t.orling@linux.intel.com>"
+RECIPE_MAINTAINER_pn-python3-typogrify = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-python3-wcwidth = "Tim Orling <timothy.t.orling@linux.intel.com>"
 RECIPE_MAINTAINER_pn-python3-zipp = "Tim Orling <timothy.t.orling@linux.intel.com>"
 RECIPE_MAINTAINER_pn-qemu = "Richard Purdie <richard.purdie@linuxfoundation.org>"
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index e0a876dbd..aef70343f 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -14,17 +14,21 @@ PTESTS_FAST = "\
     diffutils-ptest \
     elfutils-ptest \
     ethtool-ptest \
+    expat-ptest \
     flex-ptest \
     gawk-ptest \
     gdbm-ptest \
     gdk-pixbuf-ptest \
     gettext-ptest \
+    glib-networking-ptest \
     gzip-ptest \
     json-glib-ptest \
     libconvert-asn1-perl-ptest \
     liberror-perl-ptest \
+    libnl-ptest \
     libmodule-build-perl-ptest \
     libpcre-ptest \
+    libssh2-ptest \
     libtimedate-perl-ptest \
     libtest-needs-perl-ptest \
     liburi-perl-ptest \
@@ -43,6 +47,12 @@ PTESTS_FAST = "\
     opkg-ptest \
     pango-ptest \
     parted-ptest \
+    python3-atomicwrites-ptest \
+    python3-jinja2-ptest \
+    python3-markupsafe-ptest \
+    python3-more-itertools-ptest \
+    python3-pluggy-ptest \
+    python3-wcwidth-ptest \
     qemu-ptest \
     quilt-ptest \
     sed-ptest \
@@ -51,17 +61,7 @@ PTESTS_FAST = "\
     zlib-ptest \
 "
 PTESTS_FAST_remove_mips64 = "qemu-ptest"
-
-#PTESTS_PROBLEMS = "\
-#    ruby-ptest \ # Timeout
-#    clutter-1.0-ptest \ # Doesn't build due to depends on cogl-1.0
-#    lz4-ptest \ # Needs a rewrite
-#    rt-tests-ptest \ # Needs to be checked whether it runs at all
-#    bash-ptest \ # Test outcomes are non-deterministic by design
-#    ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
-#    mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts
-#    libinput-ptest \ # Tests need an unloaded system to be reliable
-#"
+PTESTS_PROBLEMS_append_mips64 = "qemu-ptest"
 
 PTESTS_SLOW = "\
     babeltrace-ptest \
@@ -85,3 +85,32 @@ PTESTS_SLOW = "\
 "
 
 PTESTS_SLOW_remove_riscv64 = "valgrind-ptest"
+PTESTS_PROBLEMS_append_riscv64 = "valgrind-ptest"
+
+#    ruby-ptest \ # Timeout
+#    clutter-1.0-ptest \ # Doesn't build due to depends on cogl-1.0
+#    lz4-ptest \ # Needs a rewrite
+#    rt-tests-ptest \ # Needs to be checked whether it runs at all
+#    bash-ptest \ # Test outcomes are non-deterministic by design
+#    ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
+#    mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts
+#    libinput-ptest \ # Tests need an unloaded system to be reliable
+#    libpam-ptest \ # Needs pam DISTRO_FEATURE
+#    numactl-ptest \ # qemu not (yet) configured for numa; all tests are skipped
+#    libseccomp-ptest \ #  tests failed: 38; add to slow tests once addressed
+#    python3-numpy-ptest \ # requires even more RAM and (possibly) disk space; multiple failures
+
+PTESTS_PROBLEMS = "\
+    ruby-ptest \
+    clutter-1.0-ptest \
+    lz4-ptest \
+    rt-tests-ptest \
+    bash-ptest \
+    ifupdown-ptest \
+    mdadm-ptest \
+    libinput-ptest \
+    libpam-ptest \
+    libseccomp-ptest \
+    numactl-ptest \
+    python3-numpy-ptest \
+"
diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc
index a0c35eed0..c6e5ac61d 100644
--- a/poky/meta/conf/distro/include/tcmode-default.inc
+++ b/poky/meta/conf/distro/include/tcmode-default.inc
@@ -22,7 +22,7 @@ BINUVERSION ?= "2.36%"
 GDBVERSION ?= "10.%"
 GLIBCVERSION ?= "2.33"
 LINUXLIBCVERSION ?= "5.10%"
-QEMUVERSION ?= "5.2%"
+QEMUVERSION ?= "6.0%"
 GOVERSION ?= "1.16%"
 # This can not use wildcards like 8.0.% since it is also used in mesa to denote
 # llvm version being used, so always bump it with llvm recipe version bump
diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc
index 05b79d14c..740cca0ec 100644
--- a/poky/meta/conf/distro/include/yocto-uninative.inc
+++ b/poky/meta/conf/distro/include/yocto-uninative.inc
@@ -8,7 +8,7 @@
 
 UNINATIVE_MAXGLIBCVERSION = "2.33"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.1/"
-UNINATIVE_CHECKSUM[aarch64] ?= "7fa12b9fe7a95934cc09beb0e8a25ff97179ef3105116015d32548eadd27b024"
-UNINATIVE_CHECKSUM[i686] ?= "bbfcdd48336800b5af97e294918c6586a0a8fa903f127f813b0bd5110de8c55c"
-UNINATIVE_CHECKSUM[x86_64] ?= "5d0611df544edff6428cef7d871257a91aa6ba1bd92f5365a2df8deb54b6b31e"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.2/"
+UNINATIVE_CHECKSUM[aarch64] ?= "4f0872cdca2775b637a8a99815ca5c8dd42146abe903a24a50ee0448358c764b"
+UNINATIVE_CHECKSUM[i686] ?= "e2eeab92e67263db37d9bb6d4c58579abd1f47ff4cded3171bde572fece124b2"
+UNINATIVE_CHECKSUM[x86_64] ?= "3ee8c7d55e2d4c7ae3887cddb97219f97b94efddfeee2e24923c0cb0e8ce84c6"
diff --git a/poky/meta/conf/machine/include/qemuboot-x86.inc b/poky/meta/conf/machine/include/qemuboot-x86.inc
index 2a4760c71..a2dcdc6d5 100644
--- a/poky/meta/conf/machine/include/qemuboot-x86.inc
+++ b/poky/meta/conf/machine/include/qemuboot-x86.inc
@@ -1,13 +1,14 @@
 # For runqemu
 IMAGE_CLASSES += "qemuboot"
-QB_CPU_x86 = "-cpu core2duo"
-QB_CPU_KVM_x86 = "-cpu core2duo"
+QB_SMP = "-smp 4"
+QB_CPU_x86 = "-cpu IvyBridge -machine q35"
+QB_CPU_KVM_x86 = "-cpu IvyBridge -machine q35"
 
-QB_CPU_x86-64 = "-cpu core2duo"
-QB_CPU_KVM_x86-64 = "-cpu core2duo"
+QB_CPU_x86-64 = "-cpu IvyBridge -machine q35"
+QB_CPU_KVM_x86-64 = "-cpu IvyBridge -machine q35"
 
 QB_AUDIO_DRV = "alsa"
 QB_AUDIO_OPT = "-soundhw ac97,es1370"
-QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1"
+QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1 tsc=reliable no_timer_check rcupdate.rcu_expedited=1"
 QB_OPT_APPEND = "-usb -device usb-tablet"
 
diff --git a/poky/meta/conf/machine/qemuarm.conf b/poky/meta/conf/machine/qemuarm.conf
index e5ec4cc06..34fcde698 100644
--- a/poky/meta/conf/machine/qemuarm.conf
+++ b/poky/meta/conf/machine/qemuarm.conf
@@ -16,6 +16,7 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
 QB_SYSTEM_NAME = "qemu-system-arm"
 QB_MACHINE = "-machine virt,highmem=off"
 QB_CPU = "-cpu cortex-a15"
+QB_SMP = "-smp 4"
 # Standard Serial console
 QB_KERNEL_CMDLINE_APPEND = "vmalloc=256"
 # For graphics to work we need to define the VGA device as well as the necessary USB devices
diff --git a/poky/meta/conf/machine/qemuarm64.conf b/poky/meta/conf/machine/qemuarm64.conf
index 51f7ecdcf..150a0744e 100644
--- a/poky/meta/conf/machine/qemuarm64.conf
+++ b/poky/meta/conf/machine/qemuarm64.conf
@@ -16,6 +16,7 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
 QB_SYSTEM_NAME = "qemu-system-aarch64"
 QB_MACHINE = "-machine virt"
 QB_CPU = "-cpu cortex-a57"
+QB_SMP = "-smp 4"
 QB_CPU_KVM = "-cpu host -machine gic-version=3"
 # For graphics to work we need to define the VGA device as well as the necessary USB devices
 QB_GRAPHICS = "-device VGA,edid=on"