subtree updates

meta-openembedded: f632403d18..4647e3ea37: Andreas Müller (1): udisks2: upgrade 2.9.3 -> 2.9.4 Armin Kuster (1): wireshark: update to latest stable 3.4.11 Changqing Li (1): postgresql: fix CVE-2021-23214,CVE-2021-23222 Luca Boccassi (1): lvm2: do not install systemd units/initscripts when building native SDK tools Oleksandr Kravchuk (1): fb-test: fix SRC_URI Peter Kjellerstedt (2): gattlib: Explicitly disable Python support googletest: Switch branch from master to main Ross Burton (15): imlib2: clarify license xmlrpc-c: set precise BSD license dash: set precise BSD license sg3-utils: set precise BSD license nodejs: set precise BSD license libkcapi: set precise BSD license pcsc-lite: set precise BSD license python3-cryptography: set precise BSD license python3-crypto-vectors: set precise BSD license python3-gevent: use system libraries instead of embedding python3-gevent: update license python3-lxml: set precise BSD license python3-posix-ipc: set precise BSD license python3-posix-ipc: remove spurious dependencies python3-pyzmq: set precise BSD license Sean Nyekjaer (1): msgpack-cpp: fix msgpack-cpp is a header only library Trevor Gamblin (1): python3-django: upgrade 3.2.5 -> 3.2.10 Yi Zhao (2): postfix: upgrade 3.6.2 -> 3.6.3 openipmi: upgrade 2.0.31 -> 2.0.32 wangmy (2): libfile-slurper-perl: upgrade 0.012 -> 0.013 apache2: upgrade 2.4.51 -> 2.4.52 zhengruoqin (2): openvpn: upgrade 2.5.4 -> 2.5.5 libnet-dns-perl: upgrade 1.32 -> 1.33 poky: f286eefb27..883341e9ca: Alexander Kanavin (5): systemd: update 249.3 -> 249.4 systemd: update 249.4 -> 249.5 systemd: upgrade 249.5 -> 249.6 systemd: update 249.6 -> 249.7 lib/oe/reproducible: correctly set .git location when recursively looking for git repos Alexandre Belloni (1): maintainers.inc: fix up rust-cross entry Anton Mikanovich (1): bitbake: process: Do not mix stderr with stdout Anuj Mittal (3): python3: upgrade 3.9.7 -> 3.9.9 xserver-xorg: upgrade 1.20.13 -> 1.20.14 xserver-xorg: update CVE_PRODUCT Bruce Ashfield (13): linux-yocto/5.14: update to v5.14.18 linux-yocto/5.10: update to v5.10.79 linux-yocto/5.14: update to v5.14.21 linux-yocto/5.10: update to v5.10.82 linux-yocto-rt/5.10: update to -rt56 kern-tools: bug fixes and kgit-gconfig linux-yocto/5.10: update to v5.10.84 linux-yocto/5.10: update to v5.10.85 linux-yocto/5.10: update to v5.10.87 linux-yocto/5.10: update to v5.10.89 linux-yocto/5.14: fix arm 32bit -rt warnings linux-yocto/5.10/cfg: add kcov feature fragment linux-yocto/5.10: update to v5.10.90 Chaitanya Vadrevu (1): python3-pyelftools: Depend on debugger, pprint Changqing Li (2): openssh: fix CVE-2021-41617 libsndfile1: fix CVE-2021-4156 Dhruva Gole (1): scripts/checklayer/common.py: Fixed a minor grammatical error Florian Amstutz (1): systemd: Fix systemd-journal-gateway user/groups Joshua Watt (2): classes/meson: Add optional rust definitions classes/crate-fetch: Ensure crate fetcher is available Khairul Rohaizzat Jamaluddin (1): epiphany: Update 40.3 -> 40.6 Khem Raj (1): boost: Fix build on arches with no atomics Konrad Weihmann (1): cve-check: add lockfile to task Li Wang (1): libtool: change the default AR_FLAGS from "cru" to "cr" Markus Volk (1): vulkan-loader: inherit pkgconfig Martin Jansa (1): boost: allow searching for python310 Max Krummenacher (1): ref-manual: fix patch documentation Michael Opdenacker (1): updates for recent releases Mingli Yu (4): wic: use shutil.which ncurses: fix CVE-2021-39537 bind: fix CVE-2021-25219 packagedata.py: silence a DeprecationWarning Oleksiy Obitotskyy (1): package_manager: ipk: Fix host manifest generation Pavel Zhukov (2): go: upgrade 1.16.8 -> 1.16.10 patch.py: Initialize git repo before patching Peter Kjellerstedt (1): rootfs-postcommands.bbclass: Make two comments use the new variable syntax Pgowda (3): rust-cross: Fix directory not deleted for race glibc vs. musl rust-cross: Replace TARGET_ARCH with TUNE_PKGARCH gcc: Fix CVE-2021-35465 Quentin Schulz (1): README.OE-Core.md: update URLs Richard Purdie (13): buildhistory: Fix srcrevs output glibc: Fix i586/c3 support oeqa/utils/dump: Fix typo oeqa/parselogs: Fix quoting libtool: Update patchset to match those submitted upstream gcc: Add CVE-2021-37322 to the list of CVEs to ignore oeqa/selftest/bbtests: Use YP sources mirror instead of GNU bitbake: tests/fetch: Drop gnu urls from wget connectivity test bitbake: utils: Update to use exec_module() instead of load_module() openssl: Add reproducibility fix webkitgtk: Add reproducibility fix scripts: Update to use exec_module() instead of load_module() oeqa/sstate: Fix allarch samesigs test Robert Yang (1): bitbake: lib/pyinotify.py: Remove deprecated module asyncore Ross Burton (10): gmp: fix CVE-2021-43618 vim: fix CVE-2021-3927 and CVE-2021-3928 vim: fix CVE-2021-3968 and CVE-2021-3973 recipetool: handle GitLab URLs like we do GitHub recipetool: extend curl detection when creating recipes runqemu: check the qemu PID has been set before kill()ing it oe/license: implement ast.NodeVisitor.visit_Constant license.bbclass: implement ast.NodeVisitor.visit_Constant linux-yocto: add libmpc-native to DEPENDS xserver-xorg: whitelist two CVEs Sakib Sajal (1): go: upgrade 1.16.10 -> 1.16.13 Samuli Piippo (1): rpm: remove tmp folder created during install Schmidt, Adriaan (1): wic: support rootdev identified by partition label Stefan Herbrechtsmeier (4): recipetool: Set master branch only as fallback selftest/devtool: Check branch in git fetch bitbake: fetch: npm: Quote destdir in run chmod command bitbake: fetch: npm: Use temporary file for empty user config Steve Sakoman (1): cve-extra-exclusions: add db CVEs to exclusion list Teoh Jay Shen (2): linux-yocto/5.10: update genericx86* machines to v5.10.87 linux-yocto/5.14: update genericx86* machines to v5.14.21 Thomas Perrot (1): uboot-sign: fix the concatenation when multiple U-BOOT configurations are specified Tim Orling (1): scripts/buildhistory-diff: drop use of distutils Vyacheslav Yurkov (1): rootfs-postcommands: update systemd_create_users Yongxin Liu (1): grub2: fix CVE-2021-3981 pgowda (2): gcc: Fix CVE-2021-42574 binutils: CVE-2021-42574 wangmy (3): libdrm: upgrade 2.4.107 -> 2.4.108 libdrm: upgrade 2.4.108 -> 2.4.109 linux-firmware: upgrade 20211027 -> 20211216 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I6960d05f86e29ca9b3443687be90f33c6609fa6f
author: Patrick Williams <patrick@stwcx.xyz> 2022-01-19 20:23:10 +0300
committer: Patrick Williams <patrick@stwcx.xyz> 2022-01-19 20:24:09 +0300
commit: 415294223a164a804e31e39c90043d15e9b153de (patch)
tree: 576ef1eab075f3b5859e7aecc45b343feaadf43d
parent: 89e2f5ce97de5668f541afea23027dc76b3157ac (diff)
download: openbmc-415294223a164a804e31e39c90043d15e9b153de.tar.xz
183 files changed, 9276 insertions, 534 deletions
diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb
index 982544d5ca..98005797d9 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb
+++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb
@@ -15,5 +15,5 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P
            file://0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \
            file://0007-correct-signature-of-closefrom-API.patch \
            "
-SRC_URI[sha256sum] = "507323d20d7b3f705f49cf8c07d437c6d8090bed07e15a3c0ec405edad54a7d4"
+SRC_URI[sha256sum] = "0f1241d456a0158e0c418abf62c52c2ff83f8f1dcf2fbdd4c40765b67789b1bc"
 UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz"
diff --git a/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb b/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
index ecc98dd8be..0b4244022e 100644
--- a/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb
+++ b/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
@@ -35,8 +35,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/openipmi/OpenIPMI-${PV}.tar.gz \
 
 S = "${WORKDIR}/OpenIPMI-${PV}"
 
-SRC_URI[md5sum] = "ce8eb27da016dcad7543d0128fcb3b0a"
-SRC_URI[sha256sum] = "7052f37726ff454b0dcac49f35dd030bc12c9570ca0ba5cd2d17774b8e9d9717"
+SRC_URI[md5sum] = "532404c9df7d0e8bde975b95b9e6775b"
+SRC_URI[sha256sum] = "f6d0fd4c0a74b05f80907229d0b270f54ca23294bcc11979f8b8d12766786945"
 
 inherit autotools-brokensep pkgconfig python3native perlnative update-rc.d systemd cpan-base python3targetconfig
 
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb
index 6b588a5f50..2dc3af6bf9 100644
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb
+++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb
@@ -14,7 +14,7 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
 
 UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
 
-SRC_URI[sha256sum] = "f80f3c3df1b94a8892ae547df84f152583250684a24bd022ccc98ef56fa93d97"
+SRC_URI[sha256sum] = "7500df4734173bce2e95b5039079119dacaff121650b2b6ca76d2dc68bdac1c5"
 
 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
 CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569"
diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch b/meta-openembedded/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch
index c1a528f90d..134633f668 100644
--- a/meta-openembedded/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch
+++ b/meta-openembedded/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch
@@ -12,11 +12,11 @@ Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
  cmake/modules/UseLemon.cmake | 49 +++++++++++++++++++++++++-----------
  1 file changed, 34 insertions(+), 15 deletions(-)
 
-diff --git a/cmake/modules/UseLemon.cmake b/cmake/modules/UseLemon.cmake
-index 849ffc1..ca38ab7 100644
---- a/cmake/modules/UseLemon.cmake
-+++ b/cmake/modules/UseLemon.cmake
-@@ -7,21 +7,40 @@ MACRO(ADD_LEMON_FILES _source _generated)
+Index: wireshark-3.4.11/cmake/modules/UseLemon.cmake
+===================================================================
+--- wireshark-3.4.11.orig/cmake/modules/UseLemon.cmake
++++ wireshark-3.4.11/cmake/modules/UseLemon.cmake
+@@ -7,21 +7,40 @@ MACRO(ADD_LEMON_FILES _source _generated
  
        SET(_out ${CMAKE_CURRENT_BINARY_DIR}/${_basename})
  
@@ -26,7 +26,7 @@ index 849ffc1..ca38ab7 100644
 -          # These files are generated as side-effect
 -          ${_out}.h
 -          ${_out}.out
--         COMMAND lemon
+-         COMMAND $<TARGET_FILE:lemon>
 -           -T${_lemonpardir}/lempar.c
 -           -d.
 -           ${_in}
@@ -72,6 +72,3 @@ index 849ffc1..ca38ab7 100644
  
        LIST(APPEND ${_source} ${_in})
        LIST(APPEND ${_generated} ${_out}.c)
--- 
-2.26.2.Cisco
-
diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.8.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
index faf2a3ad1f..6fee972b2c 100644
--- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.8.bb
+++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
@@ -19,7 +19,7 @@ SRC_URI += " \
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[sha256sum] = "58a7fa8dfe2010a8c8b7dcf66438c653e6493d47eb936ba48ef49d4aa4dbd725"
+SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
 
 PE = "1"
 
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb b/meta-openembedded/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb
index ecff79be45..3fe4c9404c 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb
@@ -23,6 +23,7 @@ PACKAGECONFIG[examples] = "-DGATTLIB_BUILD_EXAMPLES=ON,-DGATTLIB_BUILD_EXAMPLES=
 # Set this to force use of DBus API if Bluez version is older than 5.42
 PACKAGECONFIG[force-dbus] = "-DGATTLIB_FORCE_DBUS=TRUE,-DGATTLIB_FORCE_DBUS=FALSE"
 
+EXTRA_OECMAKE += "-DGATTLIB_PYTHON_INTERFACE=OFF"
 EXTRA_OECMAKE += "-DGATTLIB_BUILD_DOCS=OFF"
 
 inherit pkgconfig cmake
diff --git a/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb b/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb
index a66504dd83..ad68dc926d 100644
--- a/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb
+++ b/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb
@@ -1,6 +1,6 @@
 SUMMARY = "Linux Kernel Crypto API User Space Interface Library"
 HOMEPAGE = "http://www.chronox.de/libkcapi.html"
-LICENSE = "BSD | GPL-2.0"
+LICENSE = "BSD-3-Clause | GPL-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c78be93ed8d1637f2a3f4a83ff9d5f54"
 
 DEPENDS = "libtool"
diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
new file mode 100644
index 0000000000..58bf810626
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
@@ -0,0 +1,116 @@
+From 24c2b9e42edb6d2f4ef2cead3b0aa1d6196adfce Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 8 Nov 2021 11:01:43 -0500
+Subject: [PATCH 2/2] Reject extraneous data after SSL or GSS encryption
+ handshake.
+
+The server collects up to a bufferload of data whenever it reads data
+from the client socket.  When SSL or GSS encryption is requested
+during startup, any additional data received with the initial
+request message remained in the buffer, and would be treated as
+already-decrypted data once the encryption handshake completed.
+Thus, a man-in-the-middle with the ability to inject data into the 
+TCP connection could stuff some cleartext data into the start of
+a supposedly encryption-protected database session.
+
+This could be abused to send faked SQL commands to the server,
+although that would only work if the server did not demand any 
+authentication data.  (However, a server relying on SSL certificate
+authentication might well not do so.)
+
+To fix, throw a protocol-violation error if the internal buffer
+is not empty after the encryption handshake.
+
+Our thanks to Jacob Champion for reporting this problem.
+
+Security: CVE-2021-23214
+
+Upstream-Status: Backport[https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951]
+CVE: CVE-2021-23214
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ src/backend/libpq/pqcomm.c          | 11 +++++++++++
+ src/backend/postmaster/postmaster.c | 23 ++++++++++++++++++++++-
+ src/include/libpq/libpq.h           |  1 +
+ 3 files changed, 34 insertions(+), 1 deletion(-)
+
+diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
+index ee2cd86..4dd1c02 100644
+--- a/src/backend/libpq/pqcomm.c
++++ b/src/backend/libpq/pqcomm.c
+@@ -1183,6 +1183,17 @@ pq_getstring(StringInfo s)
+ 	}
+ }
+ 
++/* -------------------------------
++ *             pq_buffer_has_data              - is any buffered data available to read?
++ *
++ * This will *not* attempt to read more data.
++ * --------------------------------
++ */
++bool
++pq_buffer_has_data(void)
++{
++	return (PqRecvPointer < PqRecvLength);
++}
+ 
+ /* --------------------------------
+  *		pq_startmsgread - begin reading a message from the client.
+diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
+index 5775fc0..1fcc3f8 100644
+--- a/src/backend/postmaster/postmaster.c
++++ b/src/backend/postmaster/postmaster.c
+@@ -2049,6 +2049,17 @@ retry1:
+ 			return STATUS_ERROR;
+ #endif
+ 
++		/*
++		* At this point we should have no data already buffered.  If we do,
++		* it was received before we performed the SSL handshake, so it wasn't
++		* encrypted and indeed may have been injected by a man-in-the-middle.
++		* We report this case to the client.
++		*/
++		if (pq_buffer_has_data())
++			ereport(FATAL,
++				(errcode(ERRCODE_PROTOCOL_VIOLATION),
++				errmsg("received unencrypted data after SSL request"),
++				errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
+ 		/*
+ 		 * regular startup packet, cancel, etc packet should follow, but not
+ 		 * another SSL negotiation request, and a GSS request should only
+@@ -2080,7 +2091,17 @@ retry1:
+ 		if (GSSok == 'G' && secure_open_gssapi(port) == -1)
+ 			return STATUS_ERROR;
+ #endif
+-
++		/*
++		* At this point we should have no data already buffered.  If we do,
++		* it was received before we performed the GSS handshake, so it wasn't
++		* encrypted and indeed may have been injected by a man-in-the-middle.
++		* We report this case to the client.
++		*/
++		if (pq_buffer_has_data())
++			ereport(FATAL,
++				(errcode(ERRCODE_PROTOCOL_VIOLATION),
++				errmsg("received unencrypted data after GSSAPI encryption request"),
++				errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
+ 		/*
+ 		 * regular startup packet, cancel, etc packet should follow, but not
+ 		 * another GSS negotiation request, and an SSL request should only
+diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
+index b115247..9969692 100644
+--- a/src/include/libpq/libpq.h
++++ b/src/include/libpq/libpq.h
+@@ -73,6 +73,7 @@ extern int	pq_getbyte(void);
+ extern int	pq_peekbyte(void);
+ extern int	pq_getbyte_if_available(unsigned char *c);
+ extern int	pq_putbytes(const char *s, size_t len);
++extern bool pq_buffer_has_data(void);
+ 
+ /*
+  * prototypes for functions in be-secure.c
+-- 
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
new file mode 100644
index 0000000000..42b78539b4
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
@@ -0,0 +1,131 @@
+From 79125ead2a6a234086844bb42f06d49603fe6ca0 Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 8 Nov 2021 11:14:56 -0500
+Subject: [PATCH 1/2] libpq: reject extraneous data after SSL or GSS encryption
+ handshake.
+
+libpq collects up to a bufferload of data whenever it reads data from
+the socket.  When SSL or GSS encryption is requested during startup,
+any additional data received with the server's yes-or-no reply
+remained in the buffer, and would be treated as already-decrypted data
+once the encryption handshake completed.  Thus, a man-in-the-middle
+with the ability to inject data into the TCP connection could stuff
+some cleartext data into the start of a supposedly encryption-protected
+database session.
+
+This could probably be abused to inject faked responses to the
+client's first few queries, although other details of libpq's behavior
+make that harder than it sounds.  A different line of attack is to
+exfiltrate the client's password, or other sensitive data that might
+be sent early in the session.  That has been shown to be possible with
+a server vulnerable to CVE-2021-23214.
+
+To fix, throw a protocol-violation error if the internal buffer
+is not empty after the encryption handshake.
+
+Our thanks to Jacob Champion for reporting this problem.
+
+Security: CVE-2021-23222
+
+Upstream-Status: Backport[https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45]
+CVE: CVE-2021-23222
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ doc/src/sgml/protocol.sgml        | 28 ++++++++++++++++++++++++++++
+ src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++
+ 2 files changed, 54 insertions(+)
+
+diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
+index e26619e1b5..b692648fca 100644
+--- a/doc/src/sgml/protocol.sgml
++++ b/doc/src/sgml/protocol.sgml
+@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional -->
+     and proceed without requesting <acronym>SSL</acronym>.
+    </para>
+ 
++   <para>
++    When <acronym>SSL</acronym> encryption can be performed, the server
++    is expected to send only the single <literal>S</literal> byte and then
++    wait for the frontend to initiate an <acronym>SSL</acronym> handshake.
++    If additional bytes are available to read at this point, it likely
++    means that a man-in-the-middle is attempting to perform a
++    buffer-stuffing attack
++    (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
++    Frontends should be coded either to read exactly one byte from the
++    socket before turning the socket over to their SSL library, or to
++    treat it as a protocol violation if they find they have read additional
++    bytes.
++   </para>
++
+    <para>
+     An initial SSLRequest can also be used in a connection that is being
+     opened to send a CancelRequest message.
+@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional -->
+     encryption.
+    </para>
+ 
++   <para>
++    When <acronym>GSSAPI</acronym> encryption can be performed, the server
++    is expected to send only the single <literal>G</literal> byte and then
++    wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake.
++    If additional bytes are available to read at this point, it likely
++    means that a man-in-the-middle is attempting to perform a
++    buffer-stuffing attack
++    (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
++    Frontends should be coded either to read exactly one byte from the
++    socket before turning the socket over to their GSSAPI library, or to
++    treat it as a protocol violation if they find they have read additional
++    bytes.
++   </para>
++
+    <para>
+     An initial GSSENCRequest can also be used in a connection that is being
+     opened to send a CancelRequest message.
+diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
+index f80f4e98d8..57aee95183 100644
+--- a/src/interfaces/libpq/fe-connect.c
++++ b/src/interfaces/libpq/fe-connect.c
+@@ -3076,6 +3076,19 @@ keep_going:						/* We will come back to here until there is
+ 				pollres = pqsecure_open_client(conn);
+ 				if (pollres == PGRES_POLLING_OK)
+ 				{
++					/*
++					 * At this point we should have no data already buffered.
++					 * If we do, it was received before we performed the SSL
++					 * handshake, so it wasn't encrypted and indeed may have
++					 * been injected by a man-in-the-middle.
++					 */
++					if (conn->inCursor != conn->inEnd)
++					{
++						appendPQExpBufferStr(&conn->errorMessage,
++											 libpq_gettext("received unencrypted data after SSL response\n"));
++						goto error_return;
++					}
++
+ 					/* SSL handshake done, ready to send startup packet */
+ 					conn->status = CONNECTION_MADE;
+ 					return PGRES_POLLING_WRITING;
+@@ -3175,6 +3188,19 @@ keep_going:						/* We will come back to here until there is
+ 				pollres = pqsecure_open_gss(conn);
+ 				if (pollres == PGRES_POLLING_OK)
+ 				{
++					/*
++					 * At this point we should have no data already buffered.
++					 * If we do, it was received before we performed the GSS
++					 * handshake, so it wasn't encrypted and indeed may have
++					 * been injected by a man-in-the-middle.
++					 */
++					if (conn->inCursor != conn->inEnd)
++					{
++						appendPQExpBufferStr(&conn->errorMessage,
++											 libpq_gettext("received unencrypted data after GSSAPI encryption response\n"));
++						goto error_return;
++					}
++
+ 					/* All set for startup packet */
+ 					conn->status = CONNECTION_MADE;
+ 					return PGRES_POLLING_WRITING;
+-- 
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
index f63d23dbef..2ed0fa49bb 100644
--- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
+++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
@@ -7,6 +7,8 @@ SRC_URI += "\
    file://0001-Add-support-for-RISC-V.patch \
    file://0001-Improve-reproducibility.patch \
    file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \
+   file://CVE-2021-23214.patch \
+   file://CVE-2021-23222.patch \
 "
 
 SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb b/meta-openembedded/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb
index ef066753d7..25b199f572 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb
@@ -19,4 +19,6 @@ S = "${WORKDIR}/git"
 
 inherit cmake pkgconfig
 
+RDEPENDS:${PN}-dev = ""
+
 BBCLASSEXTEND += "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb
index 4715019798..47be000c9f 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
 HOMEPAGE = "http://nodejs.org"
-LICENSE = "MIT & BSD & Artistic-2.0"
+LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a1016f9b7979cfe6fc3466a9bba60b1e"
 
 DEPENDS = "openssl"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb b/meta-openembedded/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb
index d3aa6d2ea2..e119420d2a 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb
@@ -2,7 +2,7 @@ DESCRIPTION = "XML-RPC for C/C++ is programming libraries and related tools to h
 write an XML-RPC server or client in C or C++."
 
 HOMEPAGE = "http://xmlrpc-c.sourceforge.net/"
-LICENSE = "BSD & MIT"
+LICENSE = "BSD-3-Clause & MIT"
 LIC_FILES_CHKSUM = "file://doc/COPYING;md5=aefbf81ba0750f02176b6f86752ea951"
 
 SRC_URI = "git://github.com/mirror/xmlrpc-c.git;branch=master;protocol=https \
diff --git a/meta-openembedded/meta-oe/recipes-graphics/imlib2/imlib2_git.bb b/meta-openembedded/meta-oe/recipes-graphics/imlib2/imlib2_git.bb
index 9e4daddd53..56d41cd394 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/imlib2/imlib2_git.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/imlib2/imlib2_git.bb
@@ -2,7 +2,7 @@ SUMMARY = "A graphic library for file loading, saving, rendering, and manipulati
 
 HOMEPAGE = "https://sourceforge.net/projects/enlightenment/"
 SECTION = "libs"
-LICENSE = "MIT & BSD"
+LICENSE = "Imlib2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=344895f253c32f38e182dcaf30fe8a35"
 
 DEPENDS = "freetype "
diff --git a/meta-openembedded/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb b/meta-openembedded/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb
index 8fe601a2d4..20f840411f 100644
--- a/meta-openembedded/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb
+++ b/meta-openembedded/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb
@@ -2,7 +2,7 @@ SUMMARY = "Small and fast POSIX-compliant shell"
 HOMEPAGE = "http://gondor.apana.org.au/~herbert/dash/"
 SECTION = "System Environment/Shells"
 
-LICENSE = "BSD & GPLv2+"
+LICENSE = "BSD-3-Clause & GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b5262b4a1a1bff72b48e935531976d2e"
 
 inherit autotools update-alternatives
diff --git a/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb b/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb
index 3988d54910..a729324c9b 100644
--- a/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb
+++ b/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb
@@ -17,13 +17,16 @@ do_install:append() {
     install -d ${D}${sysconfdir}/lvm
     install -m 0644 ${WORKDIR}/lvm.conf ${D}${sysconfdir}/lvm/lvm.conf
     sed -i -e 's:@libdir@:${libdir}:g' ${D}${sysconfdir}/lvm/lvm.conf
-    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-        oe_runmake 'DESTDIR=${D}' install install_systemd_units
-        sed -i -e 's:/usr/bin/true:${base_bindir}/true:g' ${D}${systemd_system_unitdir}/blk-availability.service
-    else
-        oe_runmake 'DESTDIR=${D}' install install_initscripts
-        mv ${D}${sysconfdir}/rc.d/init.d ${D}${sysconfdir}/init.d
-        rm -rf ${D}${sysconfdir}/rc.d
+    # We don't want init scripts/systemd units for native SDK utilities
+    if [ "${PN}" != "nativesdk-lvm2" ]; then
+        if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+            oe_runmake 'DESTDIR=${D}' install install_systemd_units
+            sed -i -e 's:/usr/bin/true:${base_bindir}/true:g' ${D}${systemd_system_unitdir}/blk-availability.service
+        else
+            oe_runmake 'DESTDIR=${D}' install install_initscripts
+            mv ${D}${sysconfdir}/rc.d/init.d ${D}${sysconfdir}/init.d
+            rm -rf ${D}${sysconfdir}/rc.d
+        fi
     fi
 }
 
diff --git a/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb b/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb
index 93b18ba1d5..d90dd43042 100644
--- a/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb
+++ b/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb
@@ -1,11 +1,11 @@
 SUMMARY = "PC/SC Lite smart card framework and applications"
 HOMEPAGE = "http://pcsclite.alioth.debian.org/"
-LICENSE = "BSD & GPLv3+"
-LICENSE:${PN} = "BSD"
-LICENSE:${PN}-lib = "BSD"
-LICENSE:${PN}-doc = "BSD"
-LICENSE:${PN}-dev = "BSD"
-LICENSE:${PN}-dbg = "BSD & GPLv3+"
+LICENSE = "BSD-3-Clause & GPLv3+"
+LICENSE:${PN} = "BSD-3-Clause"
+LICENSE:${PN}-lib = "BSD-3-Clause"
+LICENSE:${PN}-doc = "BSD-3-Clause"
+LICENSE:${PN}-dev = "BSD-3-Clause"
+LICENSE:${PN}-dbg = "BSD-3-Clause & GPLv3+"
 LICENSE:${PN}-spy = "GPLv3+"
 LICENSE:${PN}-spy-dev = "GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=628c01ba985ecfa21677f5ee2d5202f6"
diff --git a/meta-openembedded/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb b/meta-openembedded/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb
index 43ee19afb8..3d07c01f07 100644
--- a/meta-openembedded/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb
+++ b/meta-openembedded/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "This package contains low level utilities for devices that use th
 HOMEPAGE = "http://sg.danny.cz/sg/sg3_utils.html"
 SECTION = "console/admin"
 
-LICENSE = "GPLv2+ & BSD"
+LICENSE = "GPLv2+ & BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=f90da7fc52172599dbf082d7620f18ca"
 
 SRC_URI = "http://sg.danny.cz/sg/p/sg3_utils-${PV}.tgz \
diff --git a/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_2.9.3.bb b/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
index 30c00d43ca..ec13cfa26b 100644
--- a/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_2.9.3.bb
+++ b/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
@@ -18,7 +18,7 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 RDEPENDS:${PN} = "acl"
 
 SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https"
-SRCREV = "c430dd9a27e158693cc783e9ee91bf6e5b2a8819"
+SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81"
 S = "${WORKDIR}/git"
 
 CVE_PRODUCT = "udisks"
diff --git a/meta-openembedded/meta-oe/recipes-test/fbtest/fb-test_git.bb b/meta-openembedded/meta-oe/recipes-test/fbtest/fb-test_1.1.0.bb
index 2992135726..14ab41b144 100644
--- a/meta-openembedded/meta-oe/recipes-test/fbtest/fb-test_git.bb
+++ b/meta-openembedded/meta-oe/recipes-test/fbtest/fb-test_1.1.0.bb
@@ -1,12 +1,10 @@
 SUMMARY = "Test suite for Linux framebuffer"
 
-PV = "1.1.0"
-
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
 
 SRCREV = "063ec650960c2d79ac51f5c5f026cb05343a33e2"
-SRC_URI = "git://github.com/prpplague/fb-test-app.git;branch=master;protocol=https"
+SRC_URI = "git://github.com//ponty/fb-test-app.git;branch=master;protocol=https"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb
index 2393f9b425..ff8191eff6 100644
--- a/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb
+++ b/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb
@@ -10,7 +10,7 @@ PROVIDES += "gmock gtest"
 
 S = "${WORKDIR}/git"
 SRCREV = "e2239ee6043f73722e7aa812a459f54a28552929"
-SRC_URI = "git://github.com/google/googletest.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https"
 
 inherit cmake
 
diff --git a/meta-openembedded/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb b/meta-openembedded/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb
index 4a2cb73e86..c7e5c56b6e 100644
--- a/meta-openembedded/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb
+++ b/meta-openembedded/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb
@@ -13,8 +13,7 @@ file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf
 
 SRC_URI = "${CPAN_MIRROR}/authors/id/L/LE/LEONT/File-Slurper-${PV}.tar.gz"
 
-SRC_URI[md5sum] = "5742c63096392dfee50b8db314bcca18"
-SRC_URI[sha256sum] = "4efb2ea416b110a1bda6f8133549cc6ea3676402e3caf7529fce0313250aa578"
+SRC_URI[sha256sum] = "e2f6a4029a6a242d50054044f1fb86770b9b5cc4daeb1a967f91ffb42716a8c5"
 RDEPENDS:${PN} = " \
     perl-module-carp \
     perl-module-encode \
diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
index 7e485bece5..2c7d793a7b 100644
--- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb
+++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
@@ -3,13 +3,13 @@ HOMEPAGE = "http://www.net-dns.org/"
 SECTION = "libs"
 LICENSE = "MIT"
 
-LIC_FILES_CHKSUM = "file://README;beginline=252;endline=269;md5=27db37b42cd1a5173a53922d67072bcb"
+LIC_FILES_CHKSUM = "file://README;beginline=252;endline=269;md5=de95b6a896d5f861d724ea854d316a0b"
 
 DEPENDS += "perl"
 
 SRC_URI = "http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "b890a7b44d573f27cc713caadf1e12eaaa4478a6504d1157194df614316b5b50"
+SRC_URI[sha256sum] = "5a40e7cf524e4bd2c33cf03b82b47d5308b712083aa5ee180b0b5af54c71fbd2"
 
 UPSTREAM_CHECK_REGEX = "Net\-DNS\-(?P<pver>(\d+\.\d+))(?!_\d+).tar"
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-gevent/libev-conf.patch b/meta-openembedded/meta-python/recipes-devtools/python/python-gevent/libev-conf.patch
deleted file mode 100644
index 79c1867ba7..0000000000
--- a/meta-openembedded/meta-python/recipes-devtools/python/python-gevent/libev-conf.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 2294734ef9d5e2efb05820e9759a1635799bdea9 Mon Sep 17 00:00:00 2001
-From: Andrej Rode <andrej.rode@ettus.com>
-Date: Mon, 10 Apr 2017 19:25:18 -0700
-Subject: [PATCH] libev: make configure crosscompile compatible
-
-Signed-off-by: Andrej Rode <andrej.rode@ettus.com>
----
- deps/libev/configure | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/deps/libev/configure b/deps/libev/configure
-index 743817e..96c2366 100755
---- a/deps/libev/configure
-+++ b/deps/libev/configure
-@@ -2208,7 +2208,7 @@ fi
- ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
- ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-+ac_link='$CC -static -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
- 
- 
--- 
-2.10.2
-
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb
index 2fb48f3cf7..25ff63b5eb 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb
@@ -1,8 +1,10 @@
 SUMMARY = "Test vectors for the cryptography package."
 HOMEPAGE = "https://cryptography.io/"
 SECTION = "devel/python"
-LICENSE = "Apache-2.0 | BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4"
+LICENSE = "Apache-2.0 | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \
+                    file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \
+                    file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b"
 
 SRC_URI[sha256sum] = "4c84410257993d3de058b44b777a49e1da2ae35ebea2970a360c7e3aa0f580f2"
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb
index baec105a3e..6c70284564 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb
@@ -1,8 +1,10 @@
 SUMMARY = "Provides cryptographic recipes and primitives to python developers"
 HOMEPAGE = "https://cryptography.io/"
 SECTION = "devel/python"
-LICENSE = "Apache-2.0 | BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba"
+LICENSE = "Apache-2.0 | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \
+                    file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \
+                    file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b"
 
 LDSHARED += "-pthread"
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_3.2.5.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_3.2.10.bb
index c10212c4cd..0c5fbb8c83 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_3.2.5.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_3.2.10.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd"
+SRC_URI[sha256sum] = "074e8818b4b40acdc2369e67dcd6555d558329785408dcd25340ee98f1f1d5c4"
 
 RDEPENDS:${PN} += "\
     ${PYTHON_PN}-sqlparse \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb
index 74ae6cf69d..7bdf126dea 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb
@@ -2,32 +2,23 @@ SUMMARY = "A coroutine-based Python networking library"
 DESCRIPTION = "gevent is a coroutine-based Python networking library that uses greenlet to provide \
 a high-level synchronous API on top of the libevent event loop."
 HOMEPAGE = "http://www.gevent.org"
-LICENSE = "MIT & Python-2.0 & BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=4de99aac27b470c29c6c309e0c279b65 \
-                    file://NOTICE;md5=18108df3583462cafd457f024b9b09b5 \
-                    file://deps/libev/LICENSE;md5=d6ad416afd040c90698edcdf1cbee347 \
-                    "
-DEPENDS += "libevent"
-DEPENDS += "${PYTHON_PN}-greenlet"
+LICENSE = "MIT & Python-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=4de99aac27b470c29c6c309e0c279b65"
+DEPENDS += "${PYTHON_PN}-greenlet libev c-ares"
+
 RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \
 		  ${PYTHON_PN}-mime \
 		  ${PYTHON_PN}-pprint \
 		 "
 
-FILESEXTRAPATHS:prepend := "${THISDIR}/python-gevent:"
+SRC_URI[sha256sum] = "43e93e1a4738c922a2416baf33f0afb0a20b22d3dba886720bc037cd02a98575"
 
-SRC_URI:append = " \
-    file://libev-conf.patch;patch=1;pnum=1 \
-"
+inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "43e93e1a4738c922a2416baf33f0afb0a20b22d3dba886720bc037cd02a98575"
+# Don't embed libraries, link to the system instead
+export GEVENTSETUP_EMBED = "0"
 
-# The python-gevent has no autoreconf ability
-# and the logic for detecting a cross compile is flawed
-# so always force a cross compile
+# Delete the embedded copies of libraries so we can't accidentally link to them
 do_configure:append() {
-	sed -i -e 's/^cross_compiling=no/cross_compiling=yes/' ${S}/deps/libev/configure
-	sed -i -e 's/^cross_compiling=no/cross_compiling=yes/' ${S}/deps/c-ares/configure
+	rm -rf ${S}/deps
 }
-
-inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.6.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.6.3.bb
index 669c2eaeeb..d5594847f4 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.6.3.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.6.3.bb
@@ -4,9 +4,9 @@ libxslt libraries. It provides safe and convenient access to these \
 libraries using the ElementTree API. It extends the ElementTree API \
 significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, \
 C14N and much more."
-HOMEPAGE = "http://codespeak.net/lxml"
+HOMEPAGE = "https://lxml.de/"
 SECTION = "devel/python"
-LICENSE = "BSD & GPLv2 & MIT & PSF"
+LICENSE = "BSD-3-Clause & GPLv2 & MIT & PSF"
 LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \
                     file://doc/licenses/elementtree.txt;md5=eb34d036a6e3d56314ee49a6852ac891 \
                     file://doc/licenses/BSD.txt;md5=700a1fc17f4797d4f2d34970c8ee694b \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb
index 2377bd5258..d66ef0e3c4 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb
@@ -1,7 +1,7 @@
 DESCRIPTION = "POSIX IPC primitives (semaphores, shared memory and message queues) for Python"
 HOMEPAGE = "http://semanchuk.com/philip/posix_ipc/"
 SECTION = "devel/python"
-LICENSE = "BSD"
+LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dc089fb2f37e90799a54c19a20c9880f"
 
 PYPI_PACKAGE = "posix_ipc"
@@ -13,13 +13,3 @@ SRC_URI[md5sum] = "8c9443859492ecf3aae9182aa6b5c78c"
 SRC_URI[sha256sum] = "6cddb1ce2cf4aae383f2a0079c26c69bee257fe2720f372201ef047f8ceb8b97"
 
 inherit setuptools3 pypi
-
-# DEPENDS_default: python-pip
-
-DEPENDS += " \
-        ${PYTHON_PN}-pip \
-        "
-
-# RDEPENDS:default:
-RDEPENDS:${PN} += " \
-        "
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb
index 3c91eee16f..87605c2b3e 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb
@@ -1,6 +1,6 @@
 SUMMARY = "Pyzmq provides Zero message queue access for the Python language"
 HOMEPAGE = "http://zeromq.org/bindings:python"
-LICENSE = "BSD & LGPL-3.0"
+LICENSE = "BSD-3-Clause & LGPL-3.0"
 LIC_FILES_CHKSUM = "file://COPYING.BSD;md5=11c65680f637c3df7f58bbc8d133e96e \
                     file://COPYING.LESSER;md5=12c592fa0bcfff3fb0977b066e9cb69e"
 DEPENDS = "zeromq"
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.52.bb
index 4b36c50d55..0bf29a744e 100644
--- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.52.bb
@@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \
            "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4"
+SRC_URI[sha256sum] = "0127f7dc497e9983e9c51474bed75e45607f2f870a7675a86dc90af6d572f5c9"
 
 S = "${WORKDIR}/httpd-${PV}"
 
diff --git a/poky/README.OE-Core.md b/poky/README.OE-Core.md
index 521916cd4f..2f2127fb03 100644
--- a/poky/README.OE-Core.md
+++ b/poky/README.OE-Core.md
@@ -6,24 +6,24 @@ of OpenEmbedded. It is distro-less (can build a functional image with
 DISTRO = "nodistro") and contains only emulated machine support.
 
 For information about OpenEmbedded, see the OpenEmbedded website:
-    http://www.openembedded.org/
+    https://www.openembedded.org/
 
 The Yocto Project has extensive documentation about OE including a reference manual
 which can be found at:
-    http://yoctoproject.org/documentation
+    https://docs.yoctoproject.org/
 
 
 Contributing
 ------------
 
 Please refer to
-http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
+https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
 for guidelines on how to submit patches.
 
 Mailing list:
 
-    http://lists.openembedded.org/mailman/listinfo/openembedded-core
+    https://lists.openembedded.org/g/openembedded-core
 
 Source code:
 
-    http://git.openembedded.org/openembedded-core/
+    https://git.openembedded.org/openembedded-core/
diff --git a/poky/bitbake/lib/bb/fetch2/npm.py b/poky/bitbake/lib/bb/fetch2/npm.py
index e497c38dc7..b3a3a444ee 100644
--- a/poky/bitbake/lib/bb/fetch2/npm.py
+++ b/poky/bitbake/lib/bb/fetch2/npm.py
@@ -72,23 +72,19 @@ def npm_unpack(tarball, destdir, d):
     cmd += " --delay-directory-restore"
     cmd += " --strip-components=1"
     runfetchcmd(cmd, d, workdir=destdir)
-    runfetchcmd("chmod -R +X %s" % (destdir), d, quiet=True, workdir=destdir)
+    runfetchcmd("chmod -R +X '%s'" % (destdir), d, quiet=True, workdir=destdir)
 
 class NpmEnvironment(object):
     """
     Using a npm config file seems more reliable than using cli arguments.
     This class allows to create a controlled environment for npm commands.
     """
-    def __init__(self, d, configs=None, npmrc=None):
+    def __init__(self, d, configs=[], npmrc=None):
         self.d = d
 
-        if configs:
-            self.user_config = tempfile.NamedTemporaryFile(mode="w", buffering=1)
-            self.user_config_name = self.user_config.name
-            for key, value in configs:
-                self.user_config.write("%s=%s\n" % (key, value))
-        else:
-            self.user_config_name = "/dev/null"
+        self.user_config = tempfile.NamedTemporaryFile(mode="w", buffering=1)
+        for key, value in configs:
+            self.user_config.write("%s=%s\n" % (key, value))
 
         if npmrc:
             self.global_config_name = npmrc
@@ -109,7 +105,7 @@ class NpmEnvironment(object):
                 workdir = tmpdir
 
             def _run(cmd):
-                cmd = "NPM_CONFIG_USERCONFIG=%s " % (self.user_config_name) + cmd
+                cmd = "NPM_CONFIG_USERCONFIG=%s " % (self.user_config.name) + cmd
                 cmd = "NPM_CONFIG_GLOBALCONFIG=%s " % (self.global_config_name) + cmd
                 return runfetchcmd(cmd, d, workdir=workdir)
 
diff --git a/poky/bitbake/lib/bb/process.py b/poky/bitbake/lib/bb/process.py
index d5a1775fce..af5d804a1d 100644
--- a/poky/bitbake/lib/bb/process.py
+++ b/poky/bitbake/lib/bb/process.py
@@ -60,7 +60,7 @@ class Popen(subprocess.Popen):
         "close_fds": True,
         "preexec_fn": subprocess_setup,
         "stdout": subprocess.PIPE,
-        "stderr": subprocess.STDOUT,
+        "stderr": subprocess.PIPE,
         "stdin": subprocess.PIPE,
         "shell": False,
     }
diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py
index a85ebdf425..34f3a4f6a9 100644
--- a/poky/bitbake/lib/bb/tests/fetch.py
+++ b/poky/bitbake/lib/bb/tests/fetch.py
@@ -1378,9 +1378,6 @@ class FetchCheckStatusTest(FetcherTest):
                       "https://downloads.yoctoproject.org/releases/opkg/opkg-0.1.7.tar.gz",
                       "https://downloads.yoctoproject.org/releases/opkg/opkg-0.3.0.tar.gz",
                       "ftp://sourceware.org/pub/libffi/libffi-1.20.tar.gz",
-                      "http://ftp.gnu.org/gnu/autoconf/autoconf-2.60.tar.gz",
-                      "https://ftp.gnu.org/gnu/chess/gnuchess-5.08.tar.gz",
-                      "https://ftp.gnu.org/gnu/gmp/gmp-4.0.tar.gz",
                       # GitHub releases are hosted on Amazon S3, which doesn't support HEAD
                       "https://github.com/kergoth/tslib/releases/download/1.1/tslib-1.1.tar.xz"
                       ]
diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py
index d890ea832e..1a51589704 100644
--- a/poky/bitbake/lib/bb/utils.py
+++ b/poky/bitbake/lib/bb/utils.py
@@ -16,7 +16,8 @@ import bb.msg
 import multiprocessing
 import fcntl
 import importlib
-from importlib import machinery
+import importlib.machinery
+import importlib.util
 import itertools
 import subprocess
 import glob
@@ -1620,7 +1621,9 @@ def load_plugins(logger, plugins, pluginpath):
         logger.debug('Loading plugin %s' % name)
         spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] )
         if spec:
-            return spec.loader.load_module()
+            mod = importlib.util.module_from_spec(spec)
+            spec.loader.exec_module(mod)
+            return mod
 
     logger.debug('Loading plugins from %s...' % pluginpath)
 
diff --git a/poky/bitbake/lib/pyinotify.py b/poky/bitbake/lib/pyinotify.py
index 6ae40a2d76..8c94b3e334 100644
--- a/poky/bitbake/lib/pyinotify.py
+++ b/poky/bitbake/lib/pyinotify.py
@@ -52,7 +52,6 @@ from collections import deque
 from datetime import datetime, timedelta
 import time
 import re
-import asyncore
 import glob
 import locale
 import subprocess
@@ -1475,35 +1474,6 @@ class ThreadedNotifier(threading.Thread, Notifier):
         self.loop()
 
 
-class AsyncNotifier(asyncore.file_dispatcher, Notifier):
-    """
-    This notifier inherits from asyncore.file_dispatcher in order to be able to
-    use pyinotify along with the asyncore framework.
-
-    """
-    def __init__(self, watch_manager, default_proc_fun=None, read_freq=0,
-                 threshold=0, timeout=None, channel_map=None):
-        """
-        Initializes the async notifier. The only additional parameter is
-        'channel_map' which is the optional asyncore private map. See
-        Notifier class for the meaning of the others parameters.
-
-        """
-        Notifier.__init__(self, watch_manager, default_proc_fun, read_freq,
-                          threshold, timeout)
-        asyncore.file_dispatcher.__init__(self, self._fd, channel_map)
-
-    def handle_read(self):
-        """
-        When asyncore tells us we can read from the fd, we proceed processing
-        events. This method can be overridden for handling a notification
-        differently.
-
-        """
-        self.read_events()
-        self.process_events()
-
-
 class TornadoAsyncNotifier(Notifier):
     """
     Tornado ioloop adapter.
diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py
index eff758a7b1..ef369b7f18 100644
--- a/poky/documentation/conf.py
+++ b/poky/documentation/conf.py
@@ -16,7 +16,7 @@ import os
 import sys
 import datetime
 
-current_version = "3.4"
+current_version = "3.4.1"
 bitbake_version = "1.52"
 
 # String used in sidebar
diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml
index 392e3bd63b..11e209e307 100644
--- a/poky/documentation/poky.yaml
+++ b/poky/documentation/poky.yaml
@@ -1,12 +1,12 @@
-DISTRO : "3.4"
+DISTRO : "3.4.1"
 DISTRO_NAME_NO_CAP : "honister"
 DISTRO_NAME : "Honister"
 DISTRO_NAME_NO_CAP_MINUS_ONE : "hardknott"
 DISTRO_NAME_NO_CAP_LTS : "dunfell"
-YOCTO_DOC_VERSION : "3.4"
+YOCTO_DOC_VERSION : "3.4.1"
 YOCTO_DOC_VERSION_MINUS_ONE : "3.3.4"
-DISTRO_REL_TAG : "yocto-3.4"
-POKYVERSION : "26.0.0"
+DISTRO_REL_TAG : "yocto-3.4.1"
+POKYVERSION : "26.0.1"
 YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"
 YOCTO_DL_URL : "https://downloads.yoctoproject.org"
 YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"
diff --git a/poky/documentation/ref-manual/tasks.rst b/poky/documentation/ref-manual/tasks.rst
index 4edae33392..2438c023b4 100644
--- a/poky/documentation/ref-manual/tasks.rst
+++ b/poky/documentation/ref-manual/tasks.rst
@@ -326,21 +326,19 @@ file as a patch file::
        file://file;apply=yes \
        "
 
-Conversely, if you have a directory full of patch files and you want to
-exclude some so that the ``do_patch`` task does not apply them during
-the patch phase, you can use the "apply=no" parameter with the
+Conversely, if you have a file whose file type is ``.patch`` or ``.diff``
+and you want to exclude it so that the ``do_patch`` task does not apply
+it during the patch phase, you can use the "apply=no" parameter with the
 :term:`SRC_URI` statement::
 
    SRC_URI = " \
        git://path_to_repo/some_package \
-       file://path_to_lots_of_patch_files \
-       file://path_to_lots_of_patch_files/patch_file5;apply=no \
+       file://file1.patch \
+       file://file2.patch;apply=no \
        "
 
-In the
-previous example, assuming all the files in the directory holding the
-patch files end with either ``.patch`` or ``.diff``, every file would be
-applied as a patch by default except for the ``patch_file5`` patch.
+In the previous example ``file1.patch`` would be applied as a patch by default
+while ``file2.patch`` would not be applied.
 
 You can find out more about the patching process in the
 ":ref:`overview-manual/concepts:patching`" section in
diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst
index a6c9a47b86..16ecbf712d 100644
--- a/poky/documentation/releases.rst
+++ b/poky/documentation/releases.rst
@@ -4,6 +4,13 @@
  Supported Release Manuals
 ===========================
 
+*****************************
+Release Series 3.4 (honister)
+*****************************
+
+- :yocto_docs:`3.4 Documentation </3.4>`
+- :yocto_docs:`3.4.1 Documentation </3.4.1>`
+
 ******************************
 Release Series 3.3 (hardknott)
 ******************************
@@ -30,6 +37,7 @@ Release Series 3.1 (dunfell)
 - :yocto_docs:`3.1.9 Documentation </3.1.9>`
 - :yocto_docs:`3.1.10 Documentation </3.1.10>`
 - :yocto_docs:`3.1.11 Documentation </3.1.11>`
+- :yocto_docs:`3.1.12 Documentation </3.1.12>`
 
 ==========================
  Outdated Release Manuals
diff --git a/poky/documentation/sphinx-static/switchers.js b/poky/documentation/sphinx-static/switchers.js
index b15f5b3c1b..056a8926ba 100644
--- a/poky/documentation/sphinx-static/switchers.js
+++ b/poky/documentation/sphinx-static/switchers.js
@@ -3,10 +3,10 @@
 
   var all_versions = {
     'dev': 'dev (3.5)',
-    '3.4': '3.4',
+    '3.4.1': '3.4.1',
     '3.3.4': '3.3.4',
     '3.2.4': '3.2.4',
-    '3.1.11': '3.1.11',
+    '3.1.12': '3.1.12',
     '3.0.4': '3.0.4',
     '2.7.4': '2.7.4',
   };
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend
index a7ef143dc9..9928466b27 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend
@@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc"
 KMACHINE:genericx86-64 ?= "common-pc-64"
 KMACHINE:beaglebone-yocto ?= "beaglebone"
 
-SRCREV_machine:genericx86 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine:genericx86-64 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
+SRCREV_machine:genericx86 ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0"
+SRCREV_machine:genericx86-64 ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0"
 SRCREV_machine:edgerouter ?= "4ab94e777d8b41ee1ee4c279259e9733bc8049b1"
 SRCREV_machine:beaglebone-yocto ?= "941cc9c3849f96f7eaf109b1e35e05ba366aca56"
 
@@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64"
 COMPATIBLE_MACHINE:edgerouter = "edgerouter"
 COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
 
-LINUX_VERSION:genericx86 = "5.10.63"
-LINUX_VERSION:genericx86-64 = "5.10.63"
+LINUX_VERSION:genericx86 = "5.10.87"
+LINUX_VERSION:genericx86-64 = "5.10.87"
 LINUX_VERSION:edgerouter = "5.10.63"
 LINUX_VERSION:beaglebone-yocto = "5.10.63"
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend
index 52371ff66a..af4a7392f0 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend
@@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc"
 KMACHINE:genericx86-64 ?= "common-pc-64"
 KMACHINE:beaglebone-yocto ?= "beaglebone"
 
-SRCREV_machine:genericx86 ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
-SRCREV_machine:genericx86-64 ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
+SRCREV_machine:genericx86 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:genericx86-64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
 SRCREV_machine:edgerouter ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
 SRCREV_machine:beaglebone-yocto ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
 
@@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64"
 COMPATIBLE_MACHINE:edgerouter = "edgerouter"
 COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
 
-LINUX_VERSION:genericx86 = "5.14.6"
-LINUX_VERSION:genericx86-64 = "5.14.6"
+LINUX_VERSION:genericx86 = "5.14.21"
+LINUX_VERSION:genericx86-64 = "5.14.21"
 LINUX_VERSION:edgerouter = "5.14.6"
 LINUX_VERSION:beaglebone-yocto = "5.14.6"
diff --git a/poky/meta/classes/buildhistory.bbclass b/poky/meta/classes/buildhistory.bbclass
index 7c44fec2d1..810c4fae73 100644
--- a/poky/meta/classes/buildhistory.bbclass
+++ b/poky/meta/classes/buildhistory.bbclass
@@ -979,23 +979,19 @@ def write_latest_srcrev(d, pkghistdir):
                         value = value.replace('"', '').strip()
                         old_tag_srcrevs[key] = value
         with open(srcrevfile, 'w') as f:
-            orig_srcrev = d.getVar('SRCREV', False) or 'INVALID'
-            if orig_srcrev != 'INVALID':
-                f.write('# SRCREV = "%s"\n' % orig_srcrev)
-            if len(srcrevs) > 1:
-                for name, srcrev in sorted(srcrevs.items()):
-                    orig_srcrev = d.getVar('SRCREV_%s' % name, False)
-                    if orig_srcrev:
-                        f.write('# SRCREV_%s = "%s"\n' % (name, orig_srcrev))
-                    f.write('SRCREV_%s = "%s"\n' % (name, srcrev))
-            else:
-                f.write('SRCREV = "%s"\n' % next(iter(srcrevs.values())))
-            if len(tag_srcrevs) > 0:
-                for name, srcrev in sorted(tag_srcrevs.items()):
-                    f.write('# tag_%s = "%s"\n' % (name, srcrev))
-                    if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev:
-                        pkg = d.getVar('PN')
-                        bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev))
+            for name, srcrev in sorted(srcrevs.items()):
+                suffix = "_" + name
+                if name == "default":
+                    suffix = ""
+                orig_srcrev = d.getVar('SRCREV%s' % suffix, False)
+                if orig_srcrev:
+                    f.write('# SRCREV%s = "%s"\n' % (suffix, orig_srcrev))
+                f.write('SRCREV%s = "%s"\n' % (suffix, srcrev))
+            for name, srcrev in sorted(tag_srcrevs.items()):
+                f.write('# tag_%s = "%s"\n' % (name, srcrev))
+                if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev:
+                    pkg = d.getVar('PN')
+                    bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev))
 
     else:
         if os.path.exists(srcrevfile):
diff --git a/poky/meta/classes/crate-fetch.bbclass b/poky/meta/classes/crate-fetch.bbclass
index c0ed434a96..a7fa22b2a0 100644
--- a/poky/meta/classes/crate-fetch.bbclass
+++ b/poky/meta/classes/crate-fetch.bbclass
@@ -7,7 +7,22 @@
 # crate://<packagename>/<version>
 #
 
-python () {
-        import crate
-        bb.fetch2.methods.append( crate.Crate() )
+def import_crate(d):
+    import crate
+    if not getattr(crate, 'imported', False):
+        bb.fetch2.methods.append(crate.Crate())
+        crate.imported = True
+
+python crate_import_handler() {
+    import_crate(d)
 }
+
+addhandler crate_import_handler
+crate_import_handler[eventmask] = "bb.event.RecipePreFinalise"
+
+def crate_get_srcrev(d):
+    import_crate(d)
+    return bb.fetch2.get_srcrev(d)
+
+# Override SRCPV to make sure it imports the fetcher first
+SRCPV = "${@crate_get_srcrev(d)}"
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 70d1988a70..6c04ff9f09 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -111,6 +111,7 @@ python do_cve_check () {
 }
 
 addtask cve_check before do_build after do_fetch
+do_cve_check[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
 do_cve_check[depends] = "cve-update-db-native:do_fetch"
 do_cve_check[nostamp] = "1"
 
diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass
index 45d912741d..7a34e185c7 100644
--- a/poky/meta/classes/license.bbclass
+++ b/poky/meta/classes/license.bbclass
@@ -145,6 +145,10 @@ def find_license_files(d):
             find_license(node.s.replace("+", "").replace("*", ""))
             self.generic_visit(node)
 
+        def visit_Constant(self, node):
+            find_license(node.value.replace("+", "").replace("*", ""))
+            self.generic_visit(node)
+
     def find_license(license_type):
         try:
             bb.utils.mkdirhier(gen_lic_dest)
diff --git a/poky/meta/classes/meson.bbclass b/poky/meta/classes/meson.bbclass
index 4ba70de3dc..a7981e481f 100644
--- a/poky/meta/classes/meson.bbclass
+++ b/poky/meta/classes/meson.bbclass
@@ -36,8 +36,15 @@ MESON_CROSS_FILE = ""
 MESON_CROSS_FILE:class-target = "--cross-file ${WORKDIR}/meson.cross"
 MESON_CROSS_FILE:class-nativesdk = "--cross-file ${WORKDIR}/meson.cross"
 
+def rust_tool(d, target_var):
+    rustc = d.getVar('RUSTC')
+    if not rustc:
+        return ""
+    cmd = [rustc, "--target", d.getVar(target_var)] + d.getVar("RUSTFLAGS").split()
+    return "rust = %s" % repr(cmd)
+
 addtask write_config before do_configure
-do_write_config[vardeps] += "CC CXX LD AR NM STRIP READELF CFLAGS CXXFLAGS LDFLAGS"
+do_write_config[vardeps] += "CC CXX LD AR NM STRIP READELF CFLAGS CXXFLAGS LDFLAGS RUSTC RUSTFLAGS"
 do_write_config() {
     # This needs to be Py to split the args into single-element lists
     cat >${WORKDIR}/meson.cross <<EOF
@@ -54,6 +61,7 @@ llvm-config = 'llvm-config${LLVMVERSION}'
 cups-config = 'cups-config'
 g-ir-scanner = '${STAGING_BINDIR}/g-ir-scanner-wrapper'
 g-ir-compiler = '${STAGING_BINDIR}/g-ir-compiler-wrapper'
+${@rust_tool(d, "HOST_SYS")}
 
 [built-in options]
 c_args = ${@meson_array('CFLAGS', d)}
@@ -88,6 +96,7 @@ strip = ${@meson_array('BUILD_STRIP', d)}
 readelf = ${@meson_array('BUILD_READELF', d)}
 objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
 pkgconfig = 'pkg-config-native'
+${@rust_tool(d, "BUILD_SYS")}
 
 [built-in options]
 c_args = ${@meson_array('BUILD_CFLAGS', d)}
diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass
index 7fe9e3d8c8..74035c30b7 100644
--- a/poky/meta/classes/rootfs-postcommands.bbclass
+++ b/poky/meta/classes/rootfs-postcommands.bbclass
@@ -21,7 +21,7 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only
 # otherwise kernel or initramfs end up mounting the rootfs read/write
 # (the default) if supported by the underlying storage.
 #
-# We do this with _append because the default value might get set later with ?=
+# We do this with :append because the default value might get set later with ?=
 # and we don't want to disable such a default that by setting a value here.
 APPEND:append = '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", " ro", "", d)}'
 
@@ -52,7 +52,7 @@ inherit image-artifact-names
 # the numeric IDs of dynamically created entries remain stable.
 #
 # We want this to run as late as possible, in particular after
-# systemd_sysusers_create and set_user_group. Using _append is not
+# systemd_sysusers_create and set_user_group. Using :append is not
 # enough for that, set_user_group is added that way and would end
 # up running after us.
 SORT_PASSWD_POSTPROCESS_COMMAND ??= " sort_passwd; "
@@ -62,7 +62,7 @@ python () {
 }
 
 systemd_create_users () {
-	for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
+	for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/*.conf; do
 		[ -e $conffile ] || continue
 		grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do
 		if [ "$type" = "u" ]; then
diff --git a/poky/meta/classes/uboot-sign.bbclass b/poky/meta/classes/uboot-sign.bbclass
index fdf153248c..c39b30f43b 100644
--- a/poky/meta/classes/uboot-sign.bbclass
+++ b/poky/meta/classes/uboot-sign.bbclass
@@ -131,6 +131,20 @@ concat_dtb_helper() {
 		elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then
 			cd ${DEPLOYDIR}
 			cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE}
+
+			if [ -n "${UBOOT_CONFIG}" ]
+			then
+				for config in ${UBOOT_MACHINE}; do
+					i=$(expr $i + 1);
+					for type in ${UBOOT_CONFIG}; do
+						j=$(expr $j + 1);
+						if [ $j -eq $i ]
+						then
+							cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
+						fi
+					done
+				done
+			fi
 		else
 			bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
 		fi
@@ -205,7 +219,7 @@ install_helper() {
 	fi
 }
 
-# Install SPL dtb and u-boot nodtb to datadir, 
+# Install SPL dtb and u-boot nodtb to datadir,
 install_spl_helper() {
 	if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
 		install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE}
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
index a6f52b5de7..e02a4d1fde 100644
--- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -44,7 +44,14 @@ CVE_CHECK_WHITELIST += "CVE-2010-4756"
 # exposing this interface in an exploitable way
 CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
 
-
+# db
+# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
+# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
+CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
+CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
+CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
+CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
 
 #### CPE update pending ####
 
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 8592de5a66..b3b7711a0c 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -659,7 +659,7 @@ RECIPE_MAINTAINER:pn-ruby = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-run-postinsts = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-rust = "Randy MacLeod <Randy.MacLeod@windriver.com>"
 RECIPE_MAINTAINER:pn-rustfmt = "Randy MacLeod <Randy.MacLeod@windriver.com>"
-RECIPE_MAINTAINER:pn-rust-cross-${TARGET_ARCH} = "Randy MacLeod <Randy.MacLeod@windriver.com>"
+RECIPE_MAINTAINER:pn-rust-cross-${TUNE_PKGARCH}-${TCLIBC} = "Randy MacLeod <Randy.MacLeod@windriver.com>"
 RECIPE_MAINTAINER:pn-rust-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Randy MacLeod <Randy.MacLeod@windriver.com>"
 RECIPE_MAINTAINER:pn-rust-hello-world = "Randy MacLeod <Randy.MacLeod@windriver.com>"
 RECIPE_MAINTAINER:pn-rust-llvm = "Randy MacLeod <Randy.MacLeod@windriver.com>"
diff --git a/poky/meta/lib/oe/license.py b/poky/meta/lib/oe/license.py
index 665d32ecbb..b5d378a549 100644
--- a/poky/meta/lib/oe/license.py
+++ b/poky/meta/lib/oe/license.py
@@ -74,6 +74,9 @@ class FlattenVisitor(LicenseVisitor):
     def visit_Str(self, node):
         self.licenses.append(node.s)
 
+    def visit_Constant(self, node):
+        self.licenses.append(node.value)
+
     def visit_BinOp(self, node):
         if isinstance(node.op, ast.BitOr):
             left = FlattenVisitor(self.choose_licenses)
@@ -227,6 +230,9 @@ class ListVisitor(LicenseVisitor):
     def visit_Str(self, node):
         self.licenses.add(node.s)
 
+    def visit_Constant(self, node):
+        self.licenses.add(node.value)
+
 def list_licenses(licensestr):
     """Simply get a list of all licenses mentioned in a license string.
        Binary operators are not applied or taken into account in any way"""
diff --git a/poky/meta/lib/oe/packagedata.py b/poky/meta/lib/oe/packagedata.py
index 02c81e5a52..212f048bc6 100644
--- a/poky/meta/lib/oe/packagedata.py
+++ b/poky/meta/lib/oe/packagedata.py
@@ -19,7 +19,7 @@ def read_pkgdatafile(fn):
         import re
         with open(fn, 'r') as f:
             lines = f.readlines()
-        r = re.compile("(^.+?):\s+(.*)")
+        r = re.compile(r"(^.+?):\s+(.*)")
         for l in lines:
             m = r.match(l)
             if m:
diff --git a/poky/meta/lib/oe/patch.py b/poky/meta/lib/oe/patch.py
index fccbedb519..950fe723dc 100644
--- a/poky/meta/lib/oe/patch.py
+++ b/poky/meta/lib/oe/patch.py
@@ -4,6 +4,7 @@
 
 import oe.path
 import oe.types
+import subprocess
 
 class NotFoundError(bb.BBHandledException):
     def __init__(self, path):
@@ -25,7 +26,6 @@ class CmdError(bb.BBHandledException):
 
 def runcmd(args, dir = None):
     import pipes
-    import subprocess
 
     if dir:
         olddir = os.path.abspath(os.curdir)
@@ -56,6 +56,7 @@ def runcmd(args, dir = None):
         if dir:
             os.chdir(olddir)
 
+
 class PatchError(Exception):
     def __init__(self, msg):
         self.msg = msg
@@ -298,6 +299,19 @@ class GitApplyTree(PatchTree):
         PatchTree.__init__(self, dir, d)
         self.commituser = d.getVar('PATCH_GIT_USER_NAME')
         self.commitemail = d.getVar('PATCH_GIT_USER_EMAIL')
+        if not self._isInitialized():
+            self._initRepo()
+
+    def _isInitialized(self):
+        cmd = "git rev-parse --show-toplevel"
+        (status, output) = subprocess.getstatusoutput(cmd.split())
+        ## Make sure repo is in builddir to not break top-level git repos
+        return status == 0 and os.path.samedir(output, self.dir)
+
+    def _initRepo(self):
+        runcmd("git init".split(), self.dir)
+        runcmd("git add .".split(), self.dir)
+        runcmd("git commit -a --allow-empty -m Patching_started".split(), self.dir)
 
     @staticmethod
     def extractPatchHeader(patchfile):
diff --git a/poky/meta/lib/oe/reproducible.py b/poky/meta/lib/oe/reproducible.py
index 204b9bd734..0938e4cb39 100644
--- a/poky/meta/lib/oe/reproducible.py
+++ b/poky/meta/lib/oe/reproducible.py
@@ -41,7 +41,7 @@ def find_git_folder(d, sourcedir):
     for root, dirs, files in os.walk(workdir, topdown=True):
         dirs[:] = [d for d in dirs if d not in exclude]
         if '.git' in dirs:
-            return root
+            return os.path.join(root, ".git")
 
     bb.warn("Failed to find a git repository in WORKDIR: %s" % workdir)
     return None
diff --git a/poky/meta/lib/oe/sdk.py b/poky/meta/lib/oe/sdk.py
index 37b59afd1a..27347667e8 100644
--- a/poky/meta/lib/oe/sdk.py
+++ b/poky/meta/lib/oe/sdk.py
@@ -115,6 +115,10 @@ def sdk_list_installed_packages(d, target, rootfs_dir=None):
 
         rootfs_dir = [sdk_output, os.path.join(sdk_output, target_path)][target is True]
 
+    if target is False:
+        ipkgconf_sdk_target = d.getVar("IPKGCONF_SDK")
+        d.setVar("IPKGCONF_TARGET", ipkgconf_sdk_target)
+
     img_type = d.getVar('IMAGE_PKGTYPE')
     import importlib
     cls = importlib.import_module('oe.package_manager.' + img_type)
diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py
index 50101b7851..b81acdd18a 100644
--- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py
+++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py
@@ -303,7 +303,7 @@ class ParseLogsTest(OERuntimeTestCase):
         grepcmd = 'grep '
         grepcmd += '-Ei "'
         for error in errors:
-            grepcmd += '\<' + error + '\>' + '|'
+            grepcmd += r'\<' + error + r'\>' + '|'
         grepcmd = grepcmd[:-1]
         grepcmd += '" ' + str(log) + " | grep -Eiv \'"
 
@@ -314,13 +314,13 @@ class ParseLogsTest(OERuntimeTestCase):
             errorlist = ignore_errors['default']
 
         for ignore_error in errorlist:
-            ignore_error = ignore_error.replace('(', '\(')
-            ignore_error = ignore_error.replace(')', '\)')
+            ignore_error = ignore_error.replace('(', r'\(')
+            ignore_error = ignore_error.replace(')', r'\)')
             ignore_error = ignore_error.replace("'", '.')
-            ignore_error = ignore_error.replace('?', '\?')
-            ignore_error = ignore_error.replace('[', '\[')
-            ignore_error = ignore_error.replace(']', '\]')
-            ignore_error = ignore_error.replace('*', '\*')
+            ignore_error = ignore_error.replace('?', r'\?')
+            ignore_error = ignore_error.replace('[', r'\[')
+            ignore_error = ignore_error.replace(']', r'\]')
+            ignore_error = ignore_error.replace('*', r'\*')
             ignore_error = ignore_error.replace('0-9', '[0-9]')
             grepcmd += ignore_error + '|'
         grepcmd = grepcmd[:-1]
diff --git a/poky/meta/lib/oeqa/selftest/cases/bbtests.py b/poky/meta/lib/oeqa/selftest/cases/bbtests.py
index 6562364074..31962b92d7 100644
--- a/poky/meta/lib/oeqa/selftest/cases/bbtests.py
+++ b/poky/meta/lib/oeqa/selftest/cases/bbtests.py
@@ -163,7 +163,7 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\"
 """)
         self.track_for_cleanup(os.path.join(self.builddir, "download-selftest"))
 
-        data = 'SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"'
+        data = 'SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"'
         self.write_recipeinc('aspell', data)
         result = bitbake('-f -c fetch aspell', ignore_status=True)
         self.delete_recipeinc('aspell')
@@ -300,3 +300,18 @@ INHERIT:remove = \"report-error\"
 
         test_recipe_summary_after = get_bb_var('SUMMARY', test_recipe)
         self.assertEqual(expected_recipe_summary, test_recipe_summary_after)
+
+    def test_git_patchtool(self):
+        """ PATCHTOOL=git should work with non-git sources like tarballs
+            test recipe for the test must NOT containt git:// repository in SRC_URI
+        """
+        test_recipe = "man-db"
+        self.write_recipeinc(test_recipe, 'PATCHTOOL=\"git\"')
+        src = get_bb_var("SRC_URI",test_recipe)
+        gitscm = re.search("git://", src)
+        self.assertFalse(gitscm, "test_git_patchtool pre-condition failed: {} test recipe contains git repo!".format(test_recipe))
+        result = bitbake('man-db -c patch', ignore_status=False)
+        fatal = re.search("fatal: not a git repository (or any of the parent directories)", result.output)
+        self.assertFalse(fatal, "Failed to patch using PATCHTOOL=\"git\"")
+        self.delete_recipeinc(test_recipe)
+        bitbake('-cclean man-db')
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index d2b31af80e..a2b4d7f7d1 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -442,6 +442,7 @@ class DevtoolAddTests(DevtoolBase):
         tempdir = tempfile.mkdtemp(prefix='devtoolqa')
         self.track_for_cleanup(tempdir)
         url = 'gitsm://git.yoctoproject.org/mraa'
+        url_branch = '%s;branch=master' % url
         checkrev = 'ae127b19a50aa54255e4330ccfdd9a5d058e581d'
         testrecipe = 'mraa'
         srcdir = os.path.join(tempdir, testrecipe)
@@ -462,7 +463,7 @@ class DevtoolAddTests(DevtoolBase):
         checkvars = {}
         checkvars['S'] = '${WORKDIR}/git'
         checkvars['PV'] = '1.0+git${SRCPV}'
-        checkvars['SRC_URI'] = url
+        checkvars['SRC_URI'] = url_branch
         checkvars['SRCREV'] = '${AUTOREV}'
         self._test_recipe_contents(recipefile, checkvars, [])
         # Try with revision and version specified
@@ -481,7 +482,7 @@ class DevtoolAddTests(DevtoolBase):
         checkvars = {}
         checkvars['S'] = '${WORKDIR}/git'
         checkvars['PV'] = '1.5+git${SRCPV}'
-        checkvars['SRC_URI'] = url
+        checkvars['SRC_URI'] = url_branch
         checkvars['SRCREV'] = checkrev
         self._test_recipe_contents(recipefile, checkvars, [])
 
diff --git a/poky/meta/lib/oeqa/selftest/cases/sstatetests.py b/poky/meta/lib/oeqa/selftest/cases/sstatetests.py
index 7e0ed0dac1..4b8669e9d3 100644
--- a/poky/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/poky/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -347,7 +347,7 @@ TCLIBCAPPEND = \"\"
 MACHINE = \"qemuarm\"
 BB_SIGNATURE_HANDLER = "OEBasicHash"
 """
-        self.sstate_allarch_samesigs(configA, configB)
+        self.sstate_common_samesigs(configA, configB, allarch=True)
 
     def test_sstate_nativesdk_samesigs_multilib(self):
         """
@@ -371,9 +371,9 @@ require conf/multilib.conf
 MULTILIBS = \"\"
 BB_SIGNATURE_HANDLER = "OEBasicHash"
 """
-        self.sstate_allarch_samesigs(configA, configB)
+        self.sstate_common_samesigs(configA, configB)
 
-    def sstate_allarch_samesigs(self, configA, configB):
+    def sstate_common_samesigs(self, configA, configB, allarch=False):
 
         self.write_config(configA)
         self.track_for_cleanup(self.topdir + "/tmp-sstatesamehash")
@@ -401,6 +401,13 @@ BB_SIGNATURE_HANDLER = "OEBasicHash"
         self.maxDiff = None
         self.assertEqual(files1, files2)
 
+        if allarch:
+            allarchdir = os.path.basename(glob.glob(self.topdir + "/tmp-sstatesamehash/stamps/all-*-linux")[0])
+
+            files1 = get_files(self.topdir + "/tmp-sstatesamehash/stamps/" + allarchdir)
+            files2 = get_files(self.topdir + "/tmp-sstatesamehash2/stamps/" + allarchdir)
+            self.assertEqual(files1, files2)
+
     def test_sstate_sametune_samesigs(self):
         """
         The sstate checksums of two identical machines (using the same tune) should be the
diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py
index bb067f4846..dc8757807e 100644
--- a/poky/meta/lib/oeqa/utils/dump.py
+++ b/poky/meta/lib/oeqa/utils/dump.py
@@ -134,4 +134,4 @@ class MonitorDumper(BaseDumper):
                     output = self.runner.run_monitor(cmd_name)
                 self._write_dump(cmd_name, output)
             except Exception as e:
-                print("Failed to dump QMP CMD: %s with\nExecption: %s" % (cmd_name, e))
+                print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e))
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
new file mode 100644
index 0000000000..dae26fd8bb
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
@@ -0,0 +1,49 @@
+From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Fri, 3 Dec 2021 16:13:28 +0800
+Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
+
+The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
+configuration by grub-mkconfig) has inadvertently discarded umask for
+creating grub.cfg in the process of running grub-mkconfig. The resulting
+wrong permission (0644) would allow unprivileged users to read GRUB
+configuration file content. This presents a low confidentiality risk
+as grub.cfg may contain non-secured plain-text passwords.
+
+This patch restores the missing umask and sets the creation file mode
+to 0600 preventing unprivileged access.
+
+Fixes: CVE-2021-3981
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3981
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ util/grub-mkconfig.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c3ea7612e..62335d027 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
+     exit 1
+   else
+     # none of the children aborted with error, install the new grub.cfg
++    oldumask=$(umask)
++    umask 077
+     cat ${grub_cfg}.new > ${grub_cfg}
++    umask $oldumask
+     rm -f ${grub_cfg}.new
+   fi
+ fi
+-- 
+2.31.1
+
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index bb791347dc..a72a562c5a 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://determinism.patch \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
+           file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
 "
 
 SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch
new file mode 100644
index 0000000000..f63c333264
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch
@@ -0,0 +1,76 @@
+From 011e9418ce9bb25675de6ac8d47536efedeeb312 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Fri, 24 Sep 2021 09:35:11 +0200
+Subject: [PATCH] Disable lame-ttl cache
+
+The lame-ttl cache is implemented in ADB as per-server locked
+linked-list "indexed" with <qname,qtype>.  This list has to be walked
+every time there's a new query or new record added into the lame cache.
+Determined attacker can use this to degrade performance of the resolver.
+
+Resolver testing has shown that disabling the lame cache has little
+impact on the resolver performance and it's a minimal viable defense
+against this kind of attack.
+
+CVE: CVE-2021-25219
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/8fe18c0566c41228a568157287f5a44f96d37662]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ bin/named/config.c    | 2 +-
+ bin/named/server.c    | 7 +++++--
+ doc/arm/reference.rst | 6 +++---
+ 3 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/bin/named/config.c b/bin/named/config.c
+index fa8473db7c..b6453b814e 100644
+--- a/bin/named/config.c
++++ b/bin/named/config.c
+@@ -151,7 +151,7 @@ options {\n\
+ 	fetches-per-server 0;\n\
+ 	fetches-per-zone 0;\n\
+ 	glue-cache yes;\n\
+-	lame-ttl 600;\n"
++	lame-ttl 0;\n"
+ #ifdef HAVE_LMDB
+ 			    "	lmdb-mapsize 32M;\n"
+ #endif /* ifdef HAVE_LMDB */
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 638703e8c2..35ad6a0b7f 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -4806,8 +4806,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
+ 	result = named_config_get(maps, "lame-ttl", &obj);
+ 	INSIST(result == ISC_R_SUCCESS);
+ 	lame_ttl = cfg_obj_asduration(obj);
+-	if (lame_ttl > 1800) {
+-		lame_ttl = 1800;
++	if (lame_ttl > 0) {
++		cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
++			    "disabling lame cache despite lame-ttl > 0 as it "
++			    "may cause performance issues");
++		lame_ttl = 0;
+ 	}
+ 	dns_resolver_setlamettl(view->resolver, lame_ttl);
+ 
+diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
+index 3bc4439745..fea854f3d1 100644
+--- a/doc/arm/reference.rst
++++ b/doc/arm/reference.rst
+@@ -3358,9 +3358,9 @@ Tuning
+ ^^^^^^
+ 
+ ``lame-ttl``
+-   This sets the number of seconds to cache a lame server indication. 0
+-   disables caching. (This is **NOT** recommended.) The default is
+-   ``600`` (10 minutes) and the maximum value is ``1800`` (30 minutes).
++   This is always set to 0. More information is available in the
++   `security advisory for CVE-2021-25219
++   <https://kb.isc.org/docs/cve-2021-25219>`_.
+ 
+ ``servfail-ttl``
+    This sets the number of seconds to cache a SERVFAIL response due to DNSSEC
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch
new file mode 100644
index 0000000000..1217f7f186
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch
@@ -0,0 +1,65 @@
+From 117cf776a7add27ac6d236b4062258da0d068486 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Mon, 15 Nov 2021 16:26:52 +0800
+Subject: [PATCH] Enable lame response detection even with disabled lame cache
+
+Previously, when lame cache would be disabled by setting lame-ttl to 0,
+it would also disable lame answer detection.  In this commit, we enable
+the lame response detection even when the lame cache is disabled.  This
+enables stopping answer processing early rather than going through the
+whole answer processing flow.
+
+CVE: CVE-2021-25219
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/dns/resolver.c | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 50fadc0..9291bd4 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -10217,25 +10217,26 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) {
+  */
+ static isc_result_t
+ rctx_lameserver(respctx_t *rctx) {
+-	isc_result_t result;
++	isc_result_t result = ISC_R_SUCCESS;
+ 	fetchctx_t *fctx = rctx->fctx;
+ 	resquery_t *query = rctx->query;
+ 
+-	if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) ||
+-	    !is_lame(fctx, query->rmessage))
+-	{
++	if (ISFORWARDER(query->addrinfo) || !is_lame(fctx, query->rmessage)) {
+ 		return (ISC_R_SUCCESS);
+ 	}
+ 
+ 	inc_stats(fctx->res, dns_resstatscounter_lame);
+ 	log_lame(fctx, query->addrinfo);
+-	result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
+-				  fctx->type, rctx->now + fctx->res->lame_ttl);
+-	if (result != ISC_R_SUCCESS) {
+-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+-			      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+-			      "could not mark server as lame: %s",
+-			      isc_result_totext(result));
++	if (fctx->res->lame_ttl != 0) {
++		result = dns_adb_marklame(fctx->adb, query->addrinfo,
++					  &fctx->name, fctx->type,
++					  rctx->now + fctx->res->lame_ttl);
++		if (result != ISC_R_SUCCESS) {
++			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
++				      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
++				      "could not mark server as lame: %s",
++				      isc_result_totext(result));
++		}
+ 	}
+ 	rctx->broken_server = DNS_R_LAME;
+ 	rctx->next_server = true;
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.16.20.bb b/poky/meta/recipes-connectivity/bind/bind_9.16.20.bb
index ddf323fb9c..0ba0a46b15 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.16.20.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.16.20.bb
@@ -18,6 +18,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
            file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
+           file://CVE-2021-25219-1.patch \
+           file://CVE-2021-25219-2.patch \
            "
 
 SRC_URI[sha256sum] = "4d0d93c0d0b63080609e84625f24ff8777f8d164e78a75b1c19c334ce42d5b58"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
new file mode 100644
index 0000000000..bebde7f26d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
@@ -0,0 +1,48 @@
+From 1f0707e8e78ef290fd0f229df3fcd2236f29db89 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 28 Oct 2021 11:11:05 +0800
+Subject: [PATCH] upstream: need initgroups() before setresgid(); reported by
+ anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+CVE: CVE-2021-41617
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ misc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/misc.c b/misc.c
+index d988ce3..33eca1c 100644
+--- a/misc.c
++++ b/misc.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_PATHS_H
+ # include <paths.h>
+ #include <pwd.h>
++#include <grp.h>
+ #endif
+ #ifdef SSH_TUN_OPENBSD
+ #include <net/if.h>
+@@ -2629,6 +2630,13 @@ subprocess(const char *tag, const char *command,
+ 		}
+ 		closefrom(STDERR_FILENO + 1);
+ 
++		if (geteuid() == 0 &&
++		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
++			error("%s: initgroups(%s, %u): %s", tag,
++			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++			_exit(1);
++		}
++
+ 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+ 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+ 			    strerror(errno));
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.7p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.7p1.bb
index 07cd6b74cd..d19833e56f 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_8.7p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_8.7p1.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
+           file://CVE-2021-41617.patch \
            "
 SRC_URI[sha256sum] = "7ca34b8bb24ae9e50f33792b7091b3841d7e1b440ff57bc9fabddf01e2ed1e24"
 
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/reproducibility.patch b/poky/meta/recipes-connectivity/openssl/openssl/reproducibility.patch
new file mode 100644
index 0000000000..8accbc9df2
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/reproducibility.patch
@@ -0,0 +1,22 @@
+Using localtime() means the output can depend on the timezone of the build machine.
+Using gmtime() is safer. For complete reproducibility use SOURCE_DATE_EPOCH if set.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Pending [should be suitable]
+
+Index: openssl-3.0.1/apps/progs.pl
+===================================================================
+--- openssl-3.0.1.orig/apps/progs.pl
++++ openssl-3.0.1/apps/progs.pl
+@@ -21,7 +21,10 @@ die "Unrecognised option, must be -C or
+ my %commands     = ();
+ my $cmdre        = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
+ my $apps_openssl = shift @ARGV;
+-my $YEAR         = [localtime()]->[5] + 1900;
++my $YEAR         = [gmtime()]->[5] + 1900;
++if (defined($ENV{SOURCE_DATE_EPOCH}) && $ENV{SOURCE_DATE_EPOCH} !~ /\D/) {
++    $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH})]->[5] + 1900;
++}
+ 
+ # because the program apps/openssl has object files as sources, and
+ # they then have the corresponding C files as source, we need to chain
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
index b241ba78bc..17c769bb56 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://reproducible.patch \
+           file://reproducibility.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
diff --git a/poky/meta/recipes-core/glibc/glibc_2.34.bb b/poky/meta/recipes-core/glibc/glibc_2.34.bb
index 7206477278..7efc1ec1ef 100644
--- a/poky/meta/recipes-core/glibc/glibc_2.34.bb
+++ b/poky/meta/recipes-core/glibc/glibc_2.34.bb
@@ -90,7 +90,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
 
 EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
 
-EXTRA_OECONF:append:x86 = " --enable-cet"
+EXTRA_OECONF:append:x86 = " ${@bb.utils.contains_any('TUNE_FEATURES', 'i586 c3', '--disable-cet', '--enable-cet', d)}"
 EXTRA_OECONF:append:x86-64 = " --enable-cet"
 
 PACKAGECONFIG ??= "nscd memory-tagging"
diff --git a/poky/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/poky/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000000..d63bf57e8d
--- /dev/null
+++ b/poky/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+	+ correct configure version-check/warnng for g++ to allow for 10.x
+	+ re-enable "bel" in konsole-base (report by Nia Huang)
+	+ add linux-s entry (patch by Alexandre Montaron).
+	+ drop long-obsolete convert_configure.pl
+	+ add test/test_parm.c, for checking tparm changes.
+	+ improve parameter-checking for tparm, adding function _nc_tiparm() to
+	  handle the most-used case, which accepts only numeric parameters
+	  (report/testcase by "puppet-meteor").
+	+ use a more conservative estimate of the buffer-size in lib_tparm.c's
+	  save_text() and save_number(), in case the sprintf() function
+	  passes-through unexpected characters from a format specifier
+	  (report/testcase by "puppet-meteor").
+	+ add a check for end-of-string in cvtchar to handle a malformed
+	  string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c        |   11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+ 
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ 	}
+ 	break;
+     case '^':
++	len = 2;
+ 	c = UChar(*++sp);
+-	if (c == '?')
++	if (c == '?') {
+ 	    c = 127;
+-	else
++	} else if (c == '\0') {
++	    len = 1;
++	} else {
+ 	    c &= 0x1f;
+-	len = 2;
++	}
+ 	break;
+     default:
+ 	c = UChar(*sp);
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-core/ncurses/ncurses_6.2.bb b/poky/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a20..598c51b00b 100644
--- a/poky/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/poky/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
            file://0002-configure-reproducible.patch \
            file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+           file://CVE-2021-39537.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"
diff --git a/poky/meta/recipes-core/systemd/systemd-boot_249.3.bb b/poky/meta/recipes-core/systemd/systemd-boot_249.7.bb
index b3d4e31e08..b3d4e31e08 100644
--- a/poky/meta/recipes-core/systemd/systemd-boot_249.3.bb
+++ b/poky/meta/recipes-core/systemd/systemd-boot_249.7.bb
diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc
index 13b8b61af6..b77f847abd 100644
--- a/poky/meta/recipes-core/systemd/systemd.inc
+++ b/poky/meta/recipes-core/systemd/systemd.inc
@@ -14,7 +14,7 @@ LICENSE = "GPLv2 & LGPLv2.1"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "090378dcb1de5ca66900503210e85d63075fa70a"
+SRCREV = "d4406e94a32d423d8a73deb7757fb09890afe2c4"
 SRCBRANCH = "v249-stable"
 SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \
 "
diff --git a/poky/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch b/poky/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch
index 15fa0c4546..d03a1d9e76 100644
--- a/poky/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch
@@ -1,4 +1,4 @@
-From 40acdb90031cfeb7140cee5205bce24f8c91d857 Mon Sep 17 00:00:00 2001
+From 5d730902f47498a2866b46875352f6810a01d67c Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 13:41:41 +0800
 Subject: [PATCH] don't use glibc-specific qsort_r
diff --git a/poky/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch b/poky/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
index d0110a2388..eca52d0bda 100644
--- a/poky/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
@@ -1,4 +1,4 @@
-From 2a2f95b6dc16d2ea7a8e9349c6b19cc50c34777b Mon Sep 17 00:00:00 2001
+From 3b42a888685aee1776a12cff84a5fe0063378483 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 13:55:12 +0800
 Subject: [PATCH] missing_type.h: add __compare_fn_t and comparison_fn_t
diff --git a/poky/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch b/poky/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
index 1d61367da4..40ee43b155 100644
--- a/poky/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
@@ -1,4 +1,4 @@
-From b19f800e178516d4f4d344457647e4a018bd6855 Mon Sep 17 00:00:00 2001
+From 3e0df2c22bfd37bc62bf09a01ec498e40d3599de Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Sat, 22 May 2021 20:26:24 +0200
 Subject: [PATCH] add fallback parse_printf_format implementation
@@ -23,7 +23,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  create mode 100644 src/basic/parse-printf-format.h
 
 diff --git a/meson.build b/meson.build
-index 738879eb21..1aa20b8246 100644
+index 5bdfd9753d..3421da3a4d 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -656,6 +656,7 @@ endif
@@ -35,10 +35,10 @@ index 738879eb21..1aa20b8246 100644
                    'valgrind/memcheck.h',
                    'valgrind/valgrind.h',
 diff --git a/src/basic/meson.build b/src/basic/meson.build
-index 9b016ce5e8..a9ce21b02e 100644
+index 452b965db3..4e64d883dc 100644
 --- a/src/basic/meson.build
 +++ b/src/basic/meson.build
-@@ -322,6 +322,11 @@ endforeach
+@@ -321,6 +321,11 @@ endforeach
  
  basic_sources += generated_gperf_headers
  
diff --git a/poky/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch b/poky/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
index 0462d52d5e..efdd43708b 100644
--- a/poky/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,4 +1,4 @@
-From db6551741a3654d8e75aff93ea00fbff579f7b02 Mon Sep 17 00:00:00 2001
+From cef23a651ea200e30e1e6ed2a2564505e3a42d46 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:18:21 +0800
 Subject: [PATCH] src/basic/missing.h: check for missing strndupa
@@ -73,7 +73,7 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
  51 files changed, 62 insertions(+)
 
 diff --git a/meson.build b/meson.build
-index 1aa20b8246..aafee71eb4 100644
+index 3421da3a4d..ddef6fba91 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -480,6 +480,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
@@ -109,7 +109,7 @@ index 1ff6160dc8..c9efd862a2 100644
  static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) {
          _cleanup_free_ char *fs = NULL;
 diff --git a/src/basic/env-util.c b/src/basic/env-util.c
-index 81b1e3f10e..8fedcfd1cd 100644
+index 1ca445dab4..1f5a212d4e 100644
 --- a/src/basic/env-util.c
 +++ b/src/basic/env-util.c
 @@ -18,6 +18,7 @@
@@ -165,7 +165,7 @@ index f91f8f7a08..fb31596216 100644
  int mkdir_safe_internal(
                  const char *path,
 diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
-index 8c836a1b74..2eb7e5a634 100644
+index 7e57d9a226..c0e64f2aca 100644
 --- a/src/basic/mountpoint-util.c
 +++ b/src/basic/mountpoint-util.c
 @@ -11,6 +11,7 @@
@@ -273,7 +273,7 @@ index 84c3caf3a5..0fa84eaa38 100644
  BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve);
  
 diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
-index 50daef6702..1cc6d91e64 100644
+index 902e074bd2..ac15b944e6 100644
 --- a/src/core/dbus-execute.c
 +++ b/src/core/dbus-execute.c
 @@ -42,6 +42,7 @@
@@ -297,7 +297,7 @@ index ca9b399d8c..b864480a8c 100644
  int bus_property_get_triggered_unit(
                  sd_bus *bus,
 diff --git a/src/core/execute.c b/src/core/execute.c
-index 2a337b55a2..2a64675c5f 100644
+index 2f2de4d9cf..515b2fe748 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
 @@ -98,6 +98,7 @@
@@ -321,7 +321,7 @@ index a56f12f47f..6b8729ef67 100644
  #if HAVE_KMOD
  #include "module-util.h"
 diff --git a/src/core/service.c b/src/core/service.c
-index cb0a528f0d..740d305710 100644
+index 7b90822f68..4af076eeba 100644
 --- a/src/core/service.c
 +++ b/src/core/service.c
 @@ -41,6 +41,7 @@
@@ -357,7 +357,7 @@ index ae1d43756a..24de98c9f3 100644
  #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
  #define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-remote.pem"
 diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
-index c8fb726d42..858a425d12 100644
+index 3eac97510d..db6913bc7a 100644
 --- a/src/journal/journalctl.c
 +++ b/src/journal/journalctl.c
 @@ -72,6 +72,7 @@
@@ -393,7 +393,7 @@ index bfd42aea7d..daefc56e3e 100644
  static int node_vtable_get_userdata(
                  sd_bus *bus,
 diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
-index 378774fe8b..2694c177d5 100644
+index 09eb49c37f..82f1b3d1be 100644
 --- a/src/libsystemd/sd-bus/bus-socket.c
 +++ b/src/libsystemd/sd-bus/bus-socket.c
 @@ -27,6 +27,7 @@
@@ -405,7 +405,7 @@ index 378774fe8b..2694c177d5 100644
  #define SNDBUF_SIZE (8*1024*1024)
  
 diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
-index a32e2f5e20..97fd3aec82 100644
+index ab8d4e4a60..7e35fbe9e6 100644
 --- a/src/libsystemd/sd-bus/sd-bus.c
 +++ b/src/libsystemd/sd-bus/sd-bus.c
 @@ -42,6 +42,7 @@
@@ -429,7 +429,7 @@ index 13c08fe295..9aae83486e 100644
  #define MAX_SIZE (2*1024*1024)
  
 diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
-index 5728c537bc..94885b0bf6 100644
+index b3240177cb..7e3ae2d24f 100644
 --- a/src/libsystemd/sd-journal/sd-journal.c
 +++ b/src/libsystemd/sd-journal/sd-journal.c
 @@ -40,6 +40,7 @@
@@ -669,7 +669,7 @@ index 65c40de4c8..4ef9a0c6c8 100644
  _printf_(2,3)
  static void path_prepend(char **path, const char *fmt, ...) {
 diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
-index b28089be71..a7e2232299 100644
+index 9854270b27..71b5fab1e7 100644
 --- a/src/udev/udev-event.c
 +++ b/src/udev/udev-event.c
 @@ -34,6 +34,7 @@
diff --git a/poky/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch b/poky/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch
index 855607e6a8..3875753ff4 100644
--- a/poky/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch
@@ -1,4 +1,4 @@
-From d7ae3aadc70555932e03349907f8be04d03a50ee Mon Sep 17 00:00:00 2001
+From a3be3b7160856ffb8259ede9e2e0168d74bf126e Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Thu, 26 Oct 2017 22:10:42 -0700
 Subject: [PATCH] Include netinet/if_ether.h
@@ -103,7 +103,7 @@ index 5ad396a57e..1dc007fe13 100644
 -#endif /* _UAPI_LINUX_IN6_H */
 +#endif /* _LINUX_IN6_H */
 diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
-index e8c47f429a..359922c1b3 100644
+index efbf7d7df3..86906332b6 100644
 --- a/src/libsystemd-network/sd-dhcp6-client.c
 +++ b/src/libsystemd-network/sd-dhcp6-client.c
 @@ -5,7 +5,6 @@
@@ -274,12 +274,13 @@ index 2b72b618fc..d0d4cfb384 100644
  #include "sd-dhcp6-client.h"
  
 diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index 9421ce1aa6..3e37cbcc39 100644
+index 20675f2306..2884511ff3 100644
 --- a/src/network/networkd-link.c
 +++ b/src/network/networkd-link.c
-@@ -1,8 +1,8 @@
+@@ -1,9 +1,9 @@
  /* SPDX-License-Identifier: LGPL-2.1-or-later */
  
+ #include <net/if.h>
 +#include <netinet/if_ether.h>
  #include <netinet/in.h>
  #include <linux/if.h>
@@ -299,7 +300,7 @@ index 850b4f449e..6f85d41328 100644
  #include <netinet/in.h>
  #include <linux/netdevice.h>
 diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
-index 77a93beca9..3bf9ae8837 100644
+index eeba31c45d..0a2b0ed42b 100644
 --- a/src/network/networkd-route.c
 +++ b/src/network/networkd-route.c
 @@ -1,5 +1,6 @@
@@ -310,7 +311,7 @@ index 77a93beca9..3bf9ae8837 100644
  #include <linux/ipv6_route.h>
  #include <linux/nexthop.h>
 diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
-index 10c312c480..e44fbb5c35 100644
+index 13c4cedd10..6558d551ab 100644
 --- a/src/network/networkd-setlink.c
 +++ b/src/network/networkd-setlink.c
 @@ -1,8 +1,8 @@
@@ -369,7 +370,7 @@ index 8dfe23691b..e269856337 100644
  #include <netinet/ether.h>
  #include <unistd.h>
 diff --git a/src/udev/udev-builtin-net_setup_link.c b/src/udev/udev-builtin-net_setup_link.c
-index d40251331c..89566c05f5 100644
+index 5964e30bf1..52a18d7a7f 100644
 --- a/src/udev/udev-builtin-net_setup_link.c
 +++ b/src/udev/udev-builtin-net_setup_link.c
 @@ -1,5 +1,6 @@
diff --git a/poky/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/poky/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index 28846935e0..1d8c481467 100644
--- a/poky/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,4 +1,4 @@
-From e2d70a1735fc6b9d3c079814831ab0b1b2a9d1e0 Mon Sep 17 00:00:00 2001
+From fb068403b25002156435350165ea418a6338a313 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:56:21 +0800
 Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
diff --git a/poky/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
index 444e123854..c613581ef9 100644
--- a/poky/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
@@ -1,4 +1,4 @@
-From 3410d82c9d07aee3e951fc6ae0b41fc1a594e00d Mon Sep 17 00:00:00 2001
+From 7ca9887f84adba065dc2e59b3de55ace2fc72ec0 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:00:06 +0800
 Subject: [PATCH] add missing FTW_ macros for musl
@@ -10,6 +10,7 @@ This is to avoid build failures like below for musl.
 Upstream-Status: Inappropriate [musl specific]
 
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
 ---
  src/basic/missing_type.h | 20 ++++++++++++++++++++
  src/shared/mount-setup.c |  1 +
diff --git a/poky/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch b/poky/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
index 4670c232a5..0fc320420e 100644
--- a/poky/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
@@ -1,4 +1,4 @@
-From 1e3bc870ded807cff0d3771dd89a850d020df032 Mon Sep 17 00:00:00 2001
+From c7453b716ae308b89cf4b2b231a36ddd38a49752 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:03:47 +0800
 Subject: [PATCH] fix missing of __register_atfork for non-glibc builds
@@ -12,7 +12,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  1 file changed, 7 insertions(+)
 
 diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 14259ea8df..18681838ef 100644
+index 461bbfe9a5..2d06f9f60a 100644
 --- a/src/basic/process-util.c
 +++ b/src/basic/process-util.c
 @@ -18,6 +18,9 @@
diff --git a/poky/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch b/poky/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
index e6bb37a65e..ff981b8c74 100644
--- a/poky/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,4 +1,4 @@
-From eeacb75025d8f537d54c35256c5730c9aab15cde Mon Sep 17 00:00:00 2001
+From 856010e268a6aca8e5f02502457afe289bd877f1 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:12:41 +0800
 Subject: [PATCH] Use uintmax_t for handling rlim_t
@@ -87,10 +87,10 @@ index 23d108d5df..3e6fb438d7 100644
          return 1;
  }
 diff --git a/src/core/execute.c b/src/core/execute.c
-index 2a64675c5f..dca1e0e3b6 100644
+index 515b2fe748..7693f2d9a0 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
-@@ -5391,9 +5391,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+@@ -5395,9 +5395,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
          for (unsigned i = 0; i < RLIM_NLIMITS; i++)
                  if (c->rlimit[i]) {
                          fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
diff --git a/poky/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch b/poky/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
index 897e332f33..0ee871c92d 100644
--- a/poky/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
@@ -1,4 +1,4 @@
-From fa29a572faaeb6fb9ed0bc6802d17139773e1908 Mon Sep 17 00:00:00 2001
+From ad395dda5db9b1ae156be121cfc8a38960de6c55 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Wed, 28 Feb 2018 21:25:22 -0800
 Subject: [PATCH] test-sizeof.c: Disable tests for missing typedefs in musl
@@ -13,7 +13,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  1 file changed, 4 insertions(+)
 
 diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
-index 3c9dc180fa..e1a59d408c 100644
+index e36bee4e8f..4403c0aa52 100644
 --- a/src/test/test-sizeof.c
 +++ b/src/test/test-sizeof.c
 @@ -55,8 +55,10 @@ int main(void) {
diff --git a/poky/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/poky/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index 3bf706fc55..12a92b8739 100644
--- a/poky/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,4 +1,4 @@
-From 88c8922f9e4d221402d9cb2e04b9c82e89125827 Mon Sep 17 00:00:00 2001
+From 5d4c6b2f4b88b69b31f967371d2a6136c65dc3fd Mon Sep 17 00:00:00 2001
 From: Andre McCurdy <armccurdy@gmail.com>
 Date: Tue, 10 Oct 2017 14:33:30 -0700
 Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
diff --git a/poky/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/poky/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index 74008714c1..bd7a0c4e8e 100644
--- a/poky/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,4 +1,4 @@
-From e07e9b998ad61b09555bc809aa15de9d2516787a Mon Sep 17 00:00:00 2001
+From 1803ea271b93370fdcf7ec497277344f1e775429 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sun, 27 May 2018 08:36:44 -0700
 Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
diff --git a/poky/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/poky/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index c5e20cbb80..7933b9e76e 100644
--- a/poky/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,4 +1,4 @@
-From 2f048d13e100158320bda248635b3c533ac9717b Mon Sep 17 00:00:00 2001
+From 30b08f76ea7f5c324afedf97f0867b76dac9f128 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Wed, 4 Jul 2018 15:00:44 +0800
 Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
@@ -25,7 +25,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 18681838ef..0fa71ccce0 100644
+index 2d06f9f60a..f86bd0b7dc 100644
 --- a/src/basic/process-util.c
 +++ b/src/basic/process-util.c
 @@ -1606,7 +1606,7 @@ int set_oom_score_adjust(int value) {
diff --git a/poky/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/poky/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index 39804bd364..0b0d2a6431 100644
--- a/poky/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,4 +1,4 @@
-From 45148529792c0cda32fdd61610c8d5a700d541fa Mon Sep 17 00:00:00 2001
+From 873202f63f9f117c6e5a98e444cc709057042979 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Tue, 10 Jul 2018 15:40:17 +0800
 Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
diff --git a/poky/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch b/poky/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
index 365e2a36f1..e6507c5f89 100644
--- a/poky/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
@@ -1,4 +1,4 @@
-From 02a2772889d6cb08c9ca0561b52e7a9a80e50497 Mon Sep 17 00:00:00 2001
+From e7441559266074e7a33e3c11ff5cdaf5ba9c0e24 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:18:00 +0800
 Subject: [PATCH] Hide __start_BUS_ERROR_MAP and __stop_BUS_ERROR_MAP
diff --git a/poky/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch b/poky/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch
index 8a6c03f312..eeff693bc4 100644
--- a/poky/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch
@@ -1,4 +1,4 @@
-From 47c4ac80689077b1eb86cf05b4326b1ac345aedf Mon Sep 17 00:00:00 2001
+From 64f4d2eb976b9f23ce85b3655a876f7299eafd58 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:27:54 +0800
 Subject: [PATCH] missing_type.h: add __compar_d_fn_t definition
diff --git a/poky/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch b/poky/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
index e75935a280..5ca5386289 100644
--- a/poky/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,4 +1,4 @@
-From 2cb33d8896a4ad2d3b489fed51f17d5e45dfb4fc Mon Sep 17 00:00:00 2001
+From d95330f328c23c1cd6c51aeca43f081746cf2899 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:44:54 +0800
 Subject: [PATCH] avoid redefinition of prctl_mm_map structure
diff --git a/poky/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch b/poky/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch
index 629c103627..d51ac4265a 100644
--- a/poky/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch
@@ -1,4 +1,4 @@
-From 200a2a2e4f04a7b7078dd455fafbd6774240e30b Mon Sep 17 00:00:00 2001
+From 2284f2f44b1b30f10b9196e0f5c6d0a2e0c1871f Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Fri, 7 Aug 2020 15:19:27 +0000
 Subject: [PATCH] Handle missing LOCK_EX
diff --git a/poky/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch b/poky/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch
index ea6e82f466..2d272ed3e8 100644
--- a/poky/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch
@@ -1,4 +1,4 @@
-From 6445b7737a89256f35adc56701a5c47b48618ced Mon Sep 17 00:00:00 2001
+From a6a25e1ecae91f48a4f87bf0cc17eaaf0a919ffe Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Fri, 7 Aug 2020 15:20:17 +0000
 Subject: [PATCH] Fix incompatible pointer type struct sockaddr_un *
@@ -24,15 +24,15 @@ Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 04685fecba..90b12bb5bd 100644
+index 575b9da447..ff08ed23cc 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
 @@ -5354,7 +5354,7 @@ static int cant_be_in_netns(void) {
          if (fd < 0)
                  return log_error_errno(errno, "Failed to allocate udev control socket: %m");
  
--        if (connect(fd, &sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) {
-+        if (connect(fd, (struct sockaddr *)&sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) {
+-        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
++        if (connect(fd, (struct sockaddr *)&sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
  
                  if (errno == ENOENT || ERRNO_IS_DISCONNECT(errno))
                          return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
diff --git a/poky/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch b/poky/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
index 60c12b0740..3fe5aeab13 100644
--- a/poky/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
@@ -1,4 +1,4 @@
-From ae71bf2b97dc9d4760defd83463c1d305f332f22 Mon Sep 17 00:00:00 2001
+From 47472da6e8900773c26da8fd26699367447d97a6 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 16:53:06 +0800
 Subject: [PATCH] test-json.c: define M_PIl
diff --git a/poky/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch b/poky/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
index 6998bf0dd0..4df35d81d1 100644
--- a/poky/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
@@ -1,4 +1,4 @@
-From 3198690c2dbb4b457a04ef21914dc4d531540273 Mon Sep 17 00:00:00 2001
+From 0f9422780a569c79a4b28e44c79c70b4a354bd92 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Fri, 1 Mar 2019 15:22:15 +0800
 Subject: [PATCH] do not disable buffer in writing files
@@ -134,7 +134,7 @@ index 955b18bd2a..6d89c90176 100644
                  log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
  }
 diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
-index 29530bb691..3ecf6a45a2 100644
+index 981218f52f..436aaaddb4 100644
 --- a/src/binfmt/binfmt.c
 +++ b/src/binfmt/binfmt.c
 @@ -48,7 +48,7 @@ static int delete_rule(const char *rule) {
@@ -165,7 +165,7 @@ index 29530bb691..3ecf6a45a2 100644
                  STRV_FOREACH(f, files) {
                          k = apply_file(*f, true);
 diff --git a/src/core/main.c b/src/core/main.c
-index b32a19a1d8..4e1238853e 100644
+index c64c73883e..1ac185e946 100644
 --- a/src/core/main.c
 +++ b/src/core/main.c
 @@ -1402,7 +1402,7 @@ static int bump_unix_max_dgram_qlen(void) {
@@ -252,7 +252,7 @@ index cb01b25bc6..e92051268b 100644
                  log_error_errno(r, "Failed to move process: %m");
                  goto finish;
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 90b12bb5bd..6a1dafa094 100644
+index ff08ed23cc..e7c4a874a9 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
 @@ -2751,7 +2751,7 @@ static int reset_audit_loginuid(void) {
diff --git a/poky/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch b/poky/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
index 06702765ee..e001ed59e8 100644
--- a/poky/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
@@ -1,4 +1,4 @@
-From b04518c464b526f8b9adc9ce3c08b1881db47989 Mon Sep 17 00:00:00 2001
+From e4f9ef547fa342102db15188544daa18e71e9c66 Mon Sep 17 00:00:00 2001
 From: Scott Murray <scott.murray@konsulko.com>
 Date: Fri, 13 Sep 2019 19:26:27 -0400
 Subject: [PATCH] Handle __cpu_mask usage
@@ -38,7 +38,7 @@ index 3c63a58826..4c2d4347fc 100644
  typedef struct CPUSet {
          cpu_set_t *set;
 diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
-index e1a59d408c..c269ea6e8c 100644
+index 4403c0aa52..e7e4ae112d 100644
 --- a/src/test/test-sizeof.c
 +++ b/src/test/test-sizeof.c
 @@ -1,6 +1,5 @@
diff --git a/poky/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch b/poky/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
index dc63305825..e9b7c1c078 100644
--- a/poky/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
@@ -1,4 +1,4 @@
-From 0c8935128b39864b07dfee39cfa9d35d48f056aa Mon Sep 17 00:00:00 2001
+From 66a926cf906260c2fb5ea851e55efe03edd444dc Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Tue, 10 Mar 2020 11:05:20 +0000
 Subject: [PATCH] Handle missing gshadow
diff --git a/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index ff96a720c5..b7fd3cddbb 100644
--- a/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,4 +1,4 @@
-From f5d7fee9620cbcf52be8f8ba477890d28cadfbc8 Mon Sep 17 00:00:00 2001
+From 6f0dd2ba75b68036d7b4ebfe47ac5eaf44d26f06 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 12 Apr 2021 23:44:53 -0700
 Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
diff --git a/poky/meta/recipes-core/systemd/systemd_249.3.bb b/poky/meta/recipes-core/systemd/systemd_249.7.bb
index f8c85dabf0..c94a18140e 100644
--- a/poky/meta/recipes-core/systemd/systemd_249.3.bb
+++ b/poky/meta/recipes-core/systemd/systemd_249.7.bb
@@ -385,7 +385,7 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm
 SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service"
 
 USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
-                    ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gateway', '', d)} \
+                    ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \
                     ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \
                     ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
 "
@@ -397,7 +397,7 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--syste
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /sbin/nologin systemd-resolve;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /sbin/nologin systemd-timesync;', '', d)}"
 USERADD_PARAM:${PN}-extra-utils = "--system -d / -M --shell /sbin/nologin systemd-bus-proxy"
-USERADD_PARAM:${PN}-journal-gateway = "--system -d / -M --shell /sbin/nologin systemd-journal-gateway"
+USERADD_PARAM:${PN}-journal-gatewayd = "--system -d / -M --shell /sbin/nologin systemd-journal-gateway"
 USERADD_PARAM:${PN}-journal-remote = "--system -d / -M --shell /sbin/nologin systemd-journal-remote"
 USERADD_PARAM:${PN}-journal-upload = "--system -d / -M --shell /sbin/nologin systemd-journal-upload"
 
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.37.inc b/poky/meta/recipes-devtools/binutils/binutils-2.37.inc
index 6093558e4b..be0a0a5539 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.37.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.37.inc
@@ -36,5 +36,6 @@ SRC_URI = "\
      file://0015-sync-with-OE-libtool-changes.patch \
      file://0016-Check-for-clang-before-checking-gcc-version.patch \
      file://0017-bfd-Close-the-file-descriptor-if-there-is-no-archive.patch \
+     file://0001-CVE-2021-42574.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
new file mode 100644
index 0000000000..0622ae389e
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
@@ -0,0 +1,2001 @@
+From b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 9 Nov 2021 13:25:42 +0000
+Subject: [PATCH] Add --unicode option to control how unicode characters are
+ handled by display tools.
+
+	* nm.c: Add --unicode option to control how unicode characters are
+	handled.
+	* objdump.c: Likewise.
+	* readelf.c: Likewise.
+	* strings.c: Likewise.
+	* binutils.texi: Document the new feature.
+	* NEWS: Document the new feature.
+	* testsuite/binutils-all/unicode.exp: New file.
+	* testsuite/binutils-all/nm.hex.unicode
+	* testsuite/binutils-all/strings.escape.unicode
+	* testsuite/binutils-all/objdump.highlight.unicode
+	* testsuite/binutils-all/readelf.invalid.unicode
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5]
+
+RP: Added tweak uint -> unsigned int partial backport of
+https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=795588aec4f894206863c938bd6d716895886009
+
+Signed-off-by: pgowda <pgowda.cve@gmail.com>
+---
+ binutils/ChangeLog         |  15 +
+ binutils/NEWS              |   9 +
+ binutils/doc/binutils.texi |  78 ++++
+ binutils/nm.c              | 228 ++++++++++-
+ binutils/objdump.c         | 235 ++++++++++--
+ binutils/readelf.c         | 190 +++++++++-
+ binutils/strings.c         | 757 ++++++++++++++++++++++++++++++++++---
+ 7 files changed, 1409 insertions(+), 103 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+--- a/binutils/ChangeLog	2021-12-19 19:00:27.038540406 -0800
++++ b/binutils/ChangeLog	2021-12-19 19:28:42.733565078 -0800
+@@ -1,3 +1,18 @@
++2021-11-09  Nick Clifton  <nickc@redhat.com>
++
++	* nm.c: Add --unicode option to control how unicode characters are
++	handled.
++	* objdump.c: Likewise.
++	* readelf.c: Likewise.
++	* strings.c: Likewise.
++	* binutils.texi: Document the new feature.
++	* NEWS: Document the new feature.
++	* testsuite/binutils-all/unicode.exp: New file.
++	* testsuite/binutils-all/nm.hex.unicode
++	* testsuite/binutils-all/strings.escape.unicode
++	* testsuite/binutils-all/objdump.highlight.unicode
++	* testsuite/binutils-all/readelf.invalid.unicode
++
+ 2021-07-16  Nick Clifton  <nickc@redhat.com>
+ 
+ 	* po/sv.po: Updated Swedish translation.
+diff --git a/binutils/doc/binutils.texi b/binutils/doc/binutils.texi
+--- a/binutils/doc/binutils.texi	2021-12-19 19:00:27.042540338 -0800
++++ b/binutils/doc/binutils.texi	2021-12-19 19:27:56.526354667 -0800
+@@ -812,6 +812,7 @@ nm [@option{-A}|@option{-o}|@option{--pr
+    [@option{-s}|@option{--print-armap}]
+    [@option{-t} @var{radix}|@option{--radix=}@var{radix}]
+    [@option{-u}|@option{--undefined-only}]
++   [@option{-U} @var{method}] [@option{--unicode=}@var{method}]
+    [@option{-V}|@option{--version}]
+    [@option{-X 32_64}]
+    [@option{--defined-only}]
+@@ -1132,6 +1133,21 @@ Use @var{radix} as the radix for printin
+ @cindex undefined symbols
+ Display only undefined symbols (those external to each object file).
+ 
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]}
++Controls the display of UTF-8 encoded mulibyte characters in strings.
++The default (@option{--unicode=default}) is to give them no special
++treatment.  The @option{--unicode=locale} option displays the sequence
++in the current locale, which may or may not support them.  The options
++@option{--unicode=hex} and @option{--unicode=invalid} display them as
++hex byte sequences enclosed by either angle brackets or curly braces.
++
++The @option{--unicode=escape} option displays them as escape sequences
++(@var{\uxxxx}) and the @option{--unicode=highlight} option displays
++them as escape sequences highlighted in red (if supported by the
++output device).  The colouring is intended to draw attention to the
++presence of unicode sequences where they might not be expected.
++
+ @item -V
+ @itemx --version
+ Show the version number of @command{nm} and exit.
+@@ -2247,6 +2263,7 @@ objdump [@option{-a}|@option{--archive-h
+         [@option{--prefix-strip=}@var{level}]
+         [@option{--insn-width=}@var{width}]
+         [@option{--visualize-jumps[=color|=extended-color|=off]}
++        [@option{-U} @var{method}] [@option{--unicode=}@var{method}]
+         [@option{-V}|@option{--version}]
+         [@option{-H}|@option{--help}]
+         @var{objfile}@dots{}
+@@ -2921,6 +2938,21 @@ When displaying symbols include those wh
+ special in some way and which would not normally be of interest to the
+ user.
+ 
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]}
++Controls the display of UTF-8 encoded mulibyte characters in strings.
++The default (@option{--unicode=default}) is to give them no special
++treatment.  The @option{--unicode=locale} option displays the sequence
++in the current locale, which may or may not support them.  The options
++@option{--unicode=hex} and @option{--unicode=invalid} display them as
++hex byte sequences enclosed by either angle brackets or curly braces.
++
++The @option{--unicode=escape} option displays them as escape sequences
++(@var{\uxxxx}) and the @option{--unicode=highlight} option displays
++them as escape sequences highlighted in red (if supported by the
++output device).  The colouring is intended to draw attention to the
++presence of unicode sequences where they might not be expected.
++
+ @item -V
+ @itemx --version
+ Print the version number of @command{objdump} and exit.
+@@ -3197,6 +3229,7 @@ strings [@option{-afovV}] [@option{-}@va
+         [@option{-n} @var{min-len}] [@option{--bytes=}@var{min-len}]
+         [@option{-t} @var{radix}] [@option{--radix=}@var{radix}]
+         [@option{-e} @var{encoding}] [@option{--encoding=}@var{encoding}]
++        [@option{-U} @var{method}] [@option{--unicode=}@var{method}]
+         [@option{-}] [@option{--all}] [@option{--print-file-name}]
+         [@option{-T} @var{bfdname}] [@option{--target=}@var{bfdname}]
+         [@option{-w}] [@option{--include-all-whitespace}]
+@@ -3288,6 +3321,28 @@ single-8-bit-byte characters, @samp{b} =
+ littleendian.  Useful for finding wide character strings. (@samp{l}
+ and @samp{b} apply to, for example, Unicode UTF-16/UCS-2 encodings).
+ 
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]}
++Controls the display of UTF-8 encoded mulibyte characters in strings.
++The default (@option{--unicode=default}) is to give them no special
++treatment, and instead rely upon the setting of the
++@option{--encoding} option.  The other values for this option
++automatically enable @option{--encoding=S}.
++
++The @option{--unicode=invalid} option treats them as non-graphic
++characters and hence not part of a valid string.  All the remaining
++options treat them as valid string characters.
++
++The @option{--unicode=locale} option displays them in the current
++locale, which may or may not support UTF-8 encoding.  The
++@option{--unicode=hex} option displays them as hex byte sequences
++enclosed between @var{<>} characters.  The @option{--unicode=escape}
++option displays them as escape sequences (@var{\uxxxx}) and the
++@option{--unicode=highlight} option displays them as escape sequences
++highlighted in red (if supported by the output device).  The colouring
++is intended to draw attention to the presence of unicode sequences
++where they might not be expected.
++
+ @item -T @var{bfdname}
+ @itemx --target=@var{bfdname}
+ @cindex object code format
+@@ -4796,6 +4851,7 @@ readelf [@option{-a}|@option{--all}]
+         [@option{--demangle@var{=style}}|@option{--no-demangle}]
+         [@option{--quiet}]
+         [@option{--recurse-limit}|@option{--no-recurse-limit}]
++        [@option{-U} @var{method}|@option{--unicode=}@var{method}]
+         [@option{-n}|@option{--notes}]
+         [@option{-r}|@option{--relocs}]
+         [@option{-u}|@option{--unwind}]
+@@ -4962,6 +5018,28 @@ necessary in order to demangle truly com
+ that if the recursion limit is disabled then stack exhaustion is
+ possible and any bug reports about such an event will be rejected.
+ 
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=[default|invalid|locale|escape|hex|highlight]
++Controls the display of non-ASCII characters in identifier names.
++The default (@option{--unicode=locale} or @option{--unicode=default}) is
++to treat them as multibyte characters and display them in the current
++locale.  All other versions of this option treat the bytes as UTF-8
++encoded values and attempt to interpret them.  If they cannot be
++interpreted or if the @option{--unicode=invalid} option is used then
++they are displayed as a sequence of hex bytes, encloses in curly
++parethesis characters.
++
++Using the @option{--unicode=escape} option will display the characters
++as as unicode escape sequences (@var{\uxxxx}).  Using the
++@option{--unicode=hex} will display the characters as hex byte
++sequences enclosed between angle brackets.
++
++Using the @option{--unicode=highlight} will display the characters as 
++unicode escape sequences but it will also highlighted them in red,
++assuming that colouring is supported by the output device.  The
++colouring is intended to draw attention to the presence of unicode
++sequences when they might not be expected.
++
+ @item -e
+ @itemx --headers
+ Display all the headers in the file.  Equivalent to @option{-h -l -S}.
+diff --git a/binutils/NEWS b/binutils/NEWS
+--- a/binutils/NEWS	2021-12-19 19:00:27.038540406 -0800
++++ b/binutils/NEWS	2021-12-19 19:30:04.764162972 -0800
+@@ -1,5 +1,14 @@
+ -*- text -*-
+ 
++* Tools which display symbols or strings (readelf, strings, nm, objdump)
++  have a new command line option which controls how unicode characters are
++  handled.  By default they are treated as normal for the tool.  Using
++  --unicode=locale will display them according to the current locale.
++  Using --unicode=hex will display them as hex byte values, whilst
++  --unicode=escape will display them as escape sequences.  In addition
++  using --unicode=highlight will display them as unicode escape sequences
++  highlighted in red (if supported by the output device).
++
+ Changes in 2.37:
+ 
+ * The readelf tool has a new command line option which can be used to specify
+diff --git a/binutils/nm.c b/binutils/nm.c
+--- a/binutils/nm.c	2021-12-19 19:00:27.046540270 -0800
++++ b/binutils/nm.c	2021-12-19 19:36:34.797491555 -0800
+@@ -38,6 +38,11 @@
+ #include "bucomm.h"
+ #include "plugin-api.h"
+ #include "plugin.h"
++#include "safe-ctype.h"
++
++#ifndef streq
++#define streq(a,b) (strcmp ((a),(b)) == 0)
++#endif
+ 
+ /* When sorting by size, we use this structure to hold the size and a
+    pointer to the minisymbol.  */
+@@ -216,6 +221,18 @@ static const char *plugin_target = NULL;
+ static bfd *lineno_cache_bfd;
+ static bfd *lineno_cache_rel_bfd;
+ 
++typedef enum unicode_display_type
++{
++  unicode_default = 0,
++  unicode_locale,
++  unicode_escape,
++  unicode_hex,
++  unicode_highlight,
++  unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
++
+ enum long_option_values
+ {
+   OPTION_TARGET = 200,
+@@ -260,6 +277,7 @@ static struct option long_options[] =
+   {"target", required_argument, 0, OPTION_TARGET},
+   {"defined-only", no_argument, &defined_only, 1},
+   {"undefined-only", no_argument, &undefined_only, 1},
++  {"unicode", required_argument, NULL, 'U'},
+   {"version", no_argument, &show_version, 1},
+   {"with-symbol-versions", no_argument, &with_symbol_versions, 1},
+   {"without-symbol-versions", no_argument, &with_symbol_versions, 0},
+@@ -313,6 +331,8 @@ usage (FILE *stream, int status)
+   -t, --radix=RADIX      Use RADIX for printing symbol values\n\
+       --target=BFDNAME   Specify the target object format as BFDNAME\n\
+   -u, --undefined-only   Display only undefined symbols\n\
++  -U {d|s|i|x|e|h}       Specify how to treat UTF-8 encoded unicode characters\n\
++      --unicode={default|show|invalid|hex|escape|highlight}\n\
+       --with-symbol-versions  Display version strings after symbol names\n\
+   -X 32_64               (ignored)\n\
+   @FILE                  Read options from FILE\n\
+@@ -432,6 +452,187 @@ get_coff_symbol_type (const struct inter
+   return bufp;
+ }
+ 
++/* Convert a potential UTF-8 encoded sequence in IN into characters in OUT.
++   The conversion format is controlled by the unicode_display variable.
++   Returns the number of characters added to OUT.
++   Returns the number of bytes consumed from IN in CONSUMED.
++   Always consumes at least one byte and displays at least one character.  */
++   
++static unsigned int
++display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
++{
++  char *        orig_out = out;
++  unsigned int  nchars = 0;
++  unsigned int j;
++
++  if (unicode_display == unicode_default)
++    goto invalid;
++
++  if (in[0] < 0xc0)
++    goto invalid;
++
++  if ((in[1] & 0xc0) != 0x80)
++    goto invalid;
++
++  if ((in[0] & 0x20) == 0)
++    {
++      nchars = 2;
++      goto valid;
++    }
++
++  if ((in[2] & 0xc0) != 0x80)
++    goto invalid;
++
++  if ((in[0] & 0x10) == 0)
++    {
++      nchars = 3;
++      goto valid;
++    }
++
++  if ((in[3] & 0xc0) != 0x80)
++    goto invalid;
++
++  nchars = 4;
++
++ valid:
++  switch (unicode_display)
++    {
++    case unicode_locale:
++      /* Copy the bytes into the output buffer as is.  */
++      memcpy (out, in, nchars);
++      out += nchars;
++      break;
++
++    case unicode_invalid:
++    case unicode_hex:
++      out += sprintf (out, "%c", unicode_display == unicode_hex ? '<' : '{');
++      out += sprintf (out, "0x");
++      for (j = 0; j < nchars; j++)
++	out += sprintf (out, "%02x", in [j]);
++      out += sprintf (out, "%c", unicode_display == unicode_hex ? '>' : '}');
++      break;
++      
++    case unicode_highlight:
++      if (isatty (1))
++	out += sprintf (out, "\x1B[31;47m"); /* Red.  */
++      /* Fall through.  */
++    case unicode_escape:
++      switch (nchars)
++	{
++	case 2:
++	  out += sprintf (out, "\\u%02x%02x",
++		  ((in[0] & 0x1c) >> 2), 
++		  ((in[0] & 0x03) << 6) | (in[1] & 0x3f));
++	  break;
++
++	case 3:
++	  out += sprintf (out, "\\u%02x%02x",
++		  ((in[0] & 0x0f) << 4) | ((in[1] & 0x3c) >> 2),
++		  ((in[1] & 0x03) << 6) | ((in[2] & 0x3f)));
++	  break;
++
++	case 4:
++	  out += sprintf (out, "\\u%02x%02x%02x",
++		  ((in[0] & 0x07) << 6) | ((in[1] & 0x3c) >> 2),
++		  ((in[1] & 0x03) << 6) | ((in[2] & 0x3c) >> 2),
++		  ((in[2] & 0x03) << 6) | ((in[3] & 0x3f)));
++	  break;
++	default:
++	  /* URG.  */
++	  break;
++	}
++
++      if (unicode_display == unicode_highlight && isatty (1))
++	out += sprintf (out, "\033[0m"); /* Default colour.  */
++      break;
++
++    default:
++      /* URG */
++      break;
++    }
++
++  * consumed = nchars;
++  return out - orig_out;
++
++ invalid:
++  /* Not a valid UTF-8 sequence.  */
++  *out = *in;
++  * consumed = 1;
++  return 1;
++}
++
++/* Convert any UTF-8 encoded characters in NAME into the form specified by
++   unicode_display.  Also converts control characters.  Returns a static
++   buffer if conversion was necessary.
++   Code stolen from objdump.c:sanitize_string().  */
++
++static const char *
++convert_utf8 (const char * in)
++{
++  static char *  buffer = NULL;
++  static size_t  buffer_len = 0;
++  const char *   original = in;
++  char *         out;
++
++  /* Paranoia.  */
++  if (in == NULL)
++    return "";
++
++  /* See if any conversion is necessary.
++     In the majority of cases it will not be needed.  */
++  do
++    {
++      unsigned char c = *in++;
++
++      if (c == 0)
++	return original;
++
++      if (ISCNTRL (c))
++	break;
++
++      if (unicode_display != unicode_default && c >= 0xc0)
++	break;
++    }
++  while (1);
++
++  /* Copy the input, translating as needed.  */
++  in = original;
++  if (buffer_len < (strlen (in) * 9))
++    {
++      free ((void *) buffer);
++      buffer_len = strlen (in) * 9;
++      buffer = xmalloc (buffer_len + 1);
++    }
++
++  out = buffer;
++  do
++    {
++      unsigned char c = *in++;
++
++      if (c == 0)
++	break;
++
++      if (ISCNTRL (c))
++	{
++	  *out++ = '^';
++	  *out++ = c + 0x40;
++	}
++      else if (unicode_display != unicode_default && c >= 0xc0)
++	{
++	  unsigned int num_consumed;
++
++	  out += display_utf8 ((const unsigned char *)(in - 1), out, & num_consumed);
++	  in += num_consumed - 1;
++	}
++      else
++	*out++ = c;
++    }
++  while (1);
++
++  *out = 0;
++  return buffer;
++}
++
+ /* Print symbol name NAME, read from ABFD, with printf format FORM,
+    demangling it if requested.  */
+ 
+@@ -444,6 +645,7 @@ print_symname (const char *form, struct
+ 
+   if (name == NULL)
+     name = info->sinfo->name;
++
+   if (!with_symbol_versions
+       && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+     {
+@@ -451,6 +653,7 @@ print_symname (const char *form, struct
+       if (atver)
+ 	*atver = 0;
+     }
++
+   if (do_demangle && *name)
+     {
+       alloc = bfd_demangle (abfd, name, demangle_flags);
+@@ -458,6 +661,11 @@ print_symname (const char *form, struct
+ 	name = alloc;
+     }
+ 
++  if (unicode_display != unicode_default)
++    {
++      name = convert_utf8 (name);
++    }
++
+   if (info != NULL && info->elfinfo && with_symbol_versions)
+     {
+       const char *version_string;
+@@ -1807,7 +2015,7 @@ main (int argc, char **argv)
+     fatal (_("fatal error: libbfd ABI mismatch"));
+   set_default_bfd_target ();
+ 
+-  while ((c = getopt_long (argc, argv, "aABCDef:gHhjJlnopPrSst:uvVvX:",
++  while ((c = getopt_long (argc, argv, "aABCDef:gHhjJlnopPrSst:uU:vVvX:",
+ 			   long_options, (int *) 0)) != EOF)
+     {
+       switch (c)
+@@ -1900,6 +2108,24 @@ main (int argc, char **argv)
+ 	case 'u':
+ 	  undefined_only = 1;
+ 	  break;
++
++	case 'U':
++	  if (streq (optarg, "default") || streq (optarg, "d"))
++	    unicode_display = unicode_default;
++	  else if (streq (optarg, "locale") || streq (optarg, "l"))
++	    unicode_display = unicode_locale;
++	  else if (streq (optarg, "escape") || streq (optarg, "e"))
++	    unicode_display = unicode_escape;
++	  else if (streq (optarg, "invalid") || streq (optarg, "i"))
++	    unicode_display = unicode_invalid;
++	  else if (streq (optarg, "hex") || streq (optarg, "x"))
++	    unicode_display = unicode_hex;
++	  else if (streq (optarg, "highlight") || streq (optarg, "h"))
++	    unicode_display = unicode_highlight;
++	  else
++	    fatal (_("invalid argument to -U/--unicode: %s"), optarg);
++	  break;
++
+ 	case 'V':
+ 	  show_version = 1;
+ 	  break;
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+--- a/binutils/objdump.c	2021-12-19 19:00:27.046540270 -0800
++++ b/binutils/objdump.c	2021-12-19 19:43:09.438736729 -0800
+@@ -204,6 +204,18 @@ static const struct objdump_private_desc
+ 
+ /* The list of detected jumps inside a function.  */
+ static struct jump_info *detected_jumps = NULL;
++
++typedef enum unicode_display_type
++{
++  unicode_default = 0,
++  unicode_locale,
++  unicode_escape,
++  unicode_hex,
++  unicode_highlight,
++  unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
+ 
+ static void usage (FILE *, int) ATTRIBUTE_NORETURN;
+ static void
+@@ -330,6 +342,9 @@ usage (FILE *stream, int status)
+       fprintf (stream, _("\
+   -w, --wide                     Format output for more than 80 columns\n"));
+       fprintf (stream, _("\
++  -U[d|l|i|x|e|h]                Controls the display of UTF-8 unicode characters\n\
++  --unicode=[default|locale|invalid|hex|escape|highlight]\n"));
++      fprintf (stream, _("\
+   -z, --disassemble-zeroes       Do not skip blocks of zeroes when disassembling\n"));
+       fprintf (stream, _("\
+       --start-address=ADDR       Only process data whose address is >= ADDR\n"));
+@@ -420,17 +435,23 @@ static struct option long_options[]=
+ {
+   {"adjust-vma", required_argument, NULL, OPTION_ADJUST_VMA},
+   {"all-headers", no_argument, NULL, 'x'},
+-  {"private-headers", no_argument, NULL, 'p'},
+-  {"private", required_argument, NULL, 'P'},
+   {"architecture", required_argument, NULL, 'm'},
+   {"archive-headers", no_argument, NULL, 'a'},
++#ifdef ENABLE_LIBCTF
++  {"ctf", required_argument, NULL, OPTION_CTF},
++  {"ctf-parent", required_argument, NULL, OPTION_CTF_PARENT},
++#endif
+   {"debugging", no_argument, NULL, 'g'},
+   {"debugging-tags", no_argument, NULL, 'e'},
+   {"demangle", optional_argument, NULL, 'C'},
+   {"disassemble", optional_argument, NULL, 'd'},
+   {"disassemble-all", no_argument, NULL, 'D'},
+-  {"disassembler-options", required_argument, NULL, 'M'},
+   {"disassemble-zeroes", no_argument, NULL, 'z'},
++  {"disassembler-options", required_argument, NULL, 'M'},
++  {"dwarf", optional_argument, NULL, OPTION_DWARF},
++  {"dwarf-check", no_argument, 0, OPTION_DWARF_CHECK},
++  {"dwarf-depth", required_argument, 0, OPTION_DWARF_DEPTH},
++  {"dwarf-start", required_argument, 0, OPTION_DWARF_START},
+   {"dynamic-reloc", no_argument, NULL, 'R'},
+   {"dynamic-syms", no_argument, NULL, 'T'},
+   {"endian", required_argument, NULL, OPTION_ENDIAN},
+@@ -440,16 +461,23 @@ static struct option long_options[]=
+   {"full-contents", no_argument, NULL, 's'},
+   {"headers", no_argument, NULL, 'h'},
+   {"help", no_argument, NULL, 'H'},
++  {"include", required_argument, NULL, 'I'},
+   {"info", no_argument, NULL, 'i'},
++  {"inlines", no_argument, 0, OPTION_INLINES},
++  {"insn-width", required_argument, NULL, OPTION_INSN_WIDTH},
+   {"line-numbers", no_argument, NULL, 'l'},
+-  {"no-show-raw-insn", no_argument, &show_raw_insn, -1},
+   {"no-addresses", no_argument, &no_addresses, 1},
+-  {"process-links", no_argument, &process_links, true},
++  {"no-recurse-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
++  {"no-recursion-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
++  {"no-show-raw-insn", no_argument, &show_raw_insn, -1},
++  {"prefix", required_argument, NULL, OPTION_PREFIX},
+   {"prefix-addresses", no_argument, &prefix_addresses, 1},
++  {"prefix-strip", required_argument, NULL, OPTION_PREFIX_STRIP},
++  {"private", required_argument, NULL, 'P'},
++  {"private-headers", no_argument, NULL, 'p'},
++  {"process-links", no_argument, &process_links, true},
+   {"recurse-limit", no_argument, NULL, OPTION_RECURSE_LIMIT},
+   {"recursion-limit", no_argument, NULL, OPTION_RECURSE_LIMIT},
+-  {"no-recurse-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
+-  {"no-recursion-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
+   {"reloc", no_argument, NULL, 'r'},
+   {"section", required_argument, NULL, 'j'},
+   {"section-headers", no_argument, NULL, 'h'},
+@@ -457,28 +485,16 @@ static struct option long_options[]=
+   {"source", no_argument, NULL, 'S'},
+   {"source-comment", optional_argument, NULL, OPTION_SOURCE_COMMENT},
+   {"special-syms", no_argument, &dump_special_syms, 1},
+-  {"include", required_argument, NULL, 'I'},
+-  {"dwarf", optional_argument, NULL, OPTION_DWARF},
+-#ifdef ENABLE_LIBCTF
+-  {"ctf", required_argument, NULL, OPTION_CTF},
+-  {"ctf-parent", required_argument, NULL, OPTION_CTF_PARENT},
+-#endif
+   {"stabs", no_argument, NULL, 'G'},
+   {"start-address", required_argument, NULL, OPTION_START_ADDRESS},
+   {"stop-address", required_argument, NULL, OPTION_STOP_ADDRESS},
+   {"syms", no_argument, NULL, 't'},
+   {"target", required_argument, NULL, 'b'},
++  {"unicode", required_argument, NULL, 'U'},
+   {"version", no_argument, NULL, 'V'},
+-  {"wide", no_argument, NULL, 'w'},
+-  {"prefix", required_argument, NULL, OPTION_PREFIX},
+-  {"prefix-strip", required_argument, NULL, OPTION_PREFIX_STRIP},
+-  {"insn-width", required_argument, NULL, OPTION_INSN_WIDTH},
+-  {"dwarf-depth", required_argument, 0, OPTION_DWARF_DEPTH},
+-  {"dwarf-start", required_argument, 0, OPTION_DWARF_START},
+-  {"dwarf-check", no_argument, 0, OPTION_DWARF_CHECK},
+-  {"inlines", no_argument, 0, OPTION_INLINES},
+   {"visualize-jumps", optional_argument, 0, OPTION_VISUALIZE_JUMPS},
+-  {0, no_argument, 0, 0}
++  {"wide", no_argument, NULL, 'w'},
++  {NULL, no_argument, NULL, 0}
+ };
+ 
+ static void
+@@ -488,9 +504,121 @@ nonfatal (const char *msg)
+   exit_status = 1;
+ }
+ 
++/* Convert a potential UTF-8 encoded sequence in IN into characters in OUT.
++   The conversion format is controlled by the unicode_display variable.
++   Returns the number of characters added to OUT.
++   Returns the number of bytes consumed from IN in CONSUMED.
++   Always consumes at least one byte and displays at least one character.  */
++   
++static unsigned int
++display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
++{
++  char *        orig_out = out;
++  unsigned int  nchars = 0;
++  unsigned int j;
++
++  if (unicode_display == unicode_default)
++    goto invalid;
++
++  if (in[0] < 0xc0)
++    goto invalid;
++
++  if ((in[1] & 0xc0) != 0x80)
++    goto invalid;
++
++  if ((in[0] & 0x20) == 0)
++    {
++      nchars = 2;
++      goto valid;
++    }
++
++  if ((in[2] & 0xc0) != 0x80)
++    goto invalid;
++
++  if ((in[0] & 0x10) == 0)
++    {
++      nchars = 3;
++      goto valid;
++    }
++
++  if ((in[3] & 0xc0) != 0x80)
++    goto invalid;
++
++  nchars = 4;
++
++ valid:
++  switch (unicode_display)
++    {
++    case unicode_locale:
++      /* Copy the bytes into the output buffer as is.  */
++      memcpy (out, in, nchars);
++      out += nchars;
++      break;
++
++    case unicode_invalid:
++    case unicode_hex:
++      out += sprintf (out, "%c", unicode_display == unicode_hex ? '<' : '{');
++      out += sprintf (out, "0x");
++      for (j = 0; j < nchars; j++)
++	out += sprintf (out, "%02x", in [j]);
++      out += sprintf (out, "%c", unicode_display == unicode_hex ? '>' : '}');
++      break;
++      
++    case unicode_highlight:
++      if (isatty (1))
++	out += sprintf (out, "\x1B[31;47m"); /* Red.  */
++      /* Fall through.  */
++    case unicode_escape:
++      switch (nchars)
++	{
++	case 2:
++	  out += sprintf (out, "\\u%02x%02x",
++		  ((in[0] & 0x1c) >> 2), 
++		  ((in[0] & 0x03) << 6) | (in[1] & 0x3f));
++	  break;
++
++	case 3:
++	  out += sprintf (out, "\\u%02x%02x",
++		  ((in[0] & 0x0f) << 4) | ((in[1] & 0x3c) >> 2),
++		  ((in[1] & 0x03) << 6) | ((in[2] & 0x3f)));
++	  break;
++
++	case 4:
++	  out += sprintf (out, "\\u%02x%02x%02x",
++		  ((in[0] & 0x07) << 6) | ((in[1] & 0x3c) >> 2),
++		  ((in[1] & 0x03) << 6) | ((in[2] & 0x3c) >> 2),
++		  ((in[2] & 0x03) << 6) | ((in[3] & 0x3f)));
++	  break;
++	default:
++	  /* URG.  */
++	  break;
++	}
++
++      if (unicode_display == unicode_highlight && isatty (1))
++	out += sprintf (out, "\033[0m"); /* Default colour.  */
++      break;
++
++    default:
++      /* URG */
++      break;
++    }
++
++  * consumed = nchars;
++  return out - orig_out;
++
++ invalid:
++  /* Not a valid UTF-8 sequence.  */
++  *out = *in;
++  * consumed = 1;
++  return 1;
++}
++
+ /* Returns a version of IN with any control characters
+    replaced by escape sequences.  Uses a static buffer
+-   if necessary.  */
++   if necessary.
++
++   If unicode display is enabled, then also handles the
++   conversion of unicode characters.  */
+ 
+ static const char *
+ sanitize_string (const char * in)
+@@ -508,40 +636,50 @@ sanitize_string (const char * in)
+      of cases it will not be needed.  */
+   do
+     {
+-      char c = *in++;
++      unsigned char c = *in++;
+ 
+       if (c == 0)
+ 	return original;
+ 
+       if (ISCNTRL (c))
+ 	break;
++
++      if (unicode_display != unicode_default && c >= 0xc0)
++	break;
+     }
+   while (1);
+ 
+   /* Copy the input, translating as needed.  */
+   in = original;
+-  if (buffer_len < (strlen (in) * 2))
++  if (buffer_len < (strlen (in) * 9))
+     {
+       free ((void *) buffer);
+-      buffer_len = strlen (in) * 2;
++      buffer_len = strlen (in) * 9;
+       buffer = xmalloc (buffer_len + 1);
+     }
+ 
+   out = buffer;
+   do
+     {
+-      char c = *in++;
++      unsigned char c = *in++;
+ 
+       if (c == 0)
+ 	break;
+ 
+-      if (!ISCNTRL (c))
+-	*out++ = c;
+-      else
++      if (ISCNTRL (c))
+ 	{
+ 	  *out++ = '^';
+ 	  *out++ = c + 0x40;
+ 	}
++      else if (unicode_display != unicode_default && c >= 0xc0)
++	{
++	  unsigned int num_consumed;
++
++	  out += display_utf8 ((const unsigned char *)(in - 1), out, & num_consumed);
++	  in += num_consumed - 1;
++	}
++      else
++	*out++ = c;
+     }
+   while (1);
+ 
+@@ -4529,6 +4667,24 @@ dump_symbols (bfd *abfd ATTRIBUTE_UNUSED
+ 		  free (alloc);
+ 		}
+ 	    }
++	  else if (unicode_display != unicode_default
++		   && name != NULL && *name != '\0')
++	    {
++	      const char * sanitized_name;
++
++	      /* If we want to sanitize the name, we do it here, and
++		 temporarily clobber it while calling bfd_print_symbol.
++		 FIXME: This is a gross hack.  */
++	      sanitized_name = sanitize_string (name);
++	      if (sanitized_name != name)
++		(*current)->name = sanitized_name;
++	      else
++		sanitized_name = NULL;
++	      bfd_print_symbol (cur_bfd, stdout, *current,
++				bfd_print_symbol_all);
++	      if (sanitized_name != NULL)
++		(*current)->name = name;
++	    }
+ 	  else
+ 	    bfd_print_symbol (cur_bfd, stdout, *current,
+ 			      bfd_print_symbol_all);
+@@ -5212,7 +5368,7 @@ main (int argc, char **argv)
+   set_default_bfd_target ();
+ 
+   while ((c = getopt_long (argc, argv,
+-			   "pP:ib:m:M:VvCdDlfFaHhrRtTxsSI:j:wE:zgeGW::",
++			   "CDE:FGHI:LM:P:RSTU:VW::ab:defghij:lm:prstvwxz",
+ 			   long_options, (int *) 0))
+ 	 != EOF)
+     {
+@@ -5495,6 +5651,23 @@ main (int argc, char **argv)
+ 	  seenflag = true;
+ 	  break;
+ 
++	case 'U':
++	  if (streq (optarg, "default") || streq (optarg, "d"))
++	    unicode_display = unicode_default;
++	  else if (streq (optarg, "locale") || streq (optarg, "l"))
++	    unicode_display = unicode_locale;
++	  else if (streq (optarg, "escape") || streq (optarg, "e"))
++	    unicode_display = unicode_escape;
++	  else if (streq (optarg, "invalid") || streq (optarg, "i"))
++	    unicode_display = unicode_invalid;
++	  else if (streq (optarg, "hex") || streq (optarg, "x"))
++	    unicode_display = unicode_hex;
++	  else if (streq (optarg, "highlight") || streq (optarg, "h"))
++	    unicode_display = unicode_highlight;
++	  else
++	    fatal (_("invalid argument to -U/--unicode: %s"), optarg);
++	  break;
++
+ 	case 'H':
+ 	  usage (stdout, 0);
+ 	  /* No need to set seenflag or to break - usage() does not return.  */
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+--- a/binutils/readelf.c	2021-12-19 19:00:27.058540065 -0800
++++ b/binutils/readelf.c	2021-12-19 19:27:56.538354462 -0800
+@@ -328,6 +328,19 @@ typedef enum print_mode
+ }
+ print_mode;
+ 
++typedef enum unicode_display_type
++{
++  unicode_default = 0,
++  unicode_locale,
++  unicode_escape,
++  unicode_hex,
++  unicode_highlight,
++  unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
++
++  
+ /* Versioned symbol info.  */
+ enum versioned_symbol_info
+ {
+@@ -632,11 +645,18 @@ print_symbol (signed int width, const ch
+       if (c == 0)
+ 	break;
+ 
+-      /* Do not print control characters directly as they can affect terminal
+-	 settings.  Such characters usually appear in the names generated
+-	 by the assembler for local labels.  */
+-      if (ISCNTRL (c))
++      if (ISPRINT (c))
++	{
++	  putchar (c);
++	  width_remaining --;
++	  num_printed ++;
++	}
++      else if (ISCNTRL (c))
+ 	{
++	  /* Do not print control characters directly as they can affect terminal
++	     settings.  Such characters usually appear in the names generated
++	     by the assembler for local labels.  */
++
+ 	  if (width_remaining < 2)
+ 	    break;
+ 
+@@ -644,11 +664,137 @@ print_symbol (signed int width, const ch
+ 	  width_remaining -= 2;
+ 	  num_printed += 2;
+ 	}
+-      else if (ISPRINT (c))
++      else if (c == 0x7f)
+ 	{
+-	  putchar (c);
+-	  width_remaining --;
+-	  num_printed ++;
++	  if (width_remaining < 5)
++	    break;
++	  printf ("<DEL>");
++	  width_remaining -= 5;
++	  num_printed += 5;
++	}
++      else if (unicode_display != unicode_locale
++	       && unicode_display != unicode_default)
++	{
++	  /* Display unicode characters as something else.  */
++	  unsigned char bytes[4];
++	  bool          is_utf8;
++	  unsigned int          nbytes;
++
++	  bytes[0] = c;
++
++	  if (bytes[0] < 0xc0)
++	    {
++	      nbytes = 1;
++	      is_utf8 = false;
++	    }
++	  else
++	    {
++	      bytes[1] = *symbol++;
++
++	      if ((bytes[1] & 0xc0) != 0x80)
++		{
++		  is_utf8 = false;
++		  /* Do not consume this character.  It may only
++		     be the first byte in the sequence that was
++		     corrupt.  */
++		  --symbol;
++		  nbytes = 1;
++		}
++	      else if ((bytes[0] & 0x20) == 0)
++		{
++		  is_utf8 = true;
++		  nbytes = 2;
++		}
++	      else
++		{
++		  bytes[2] = *symbol++;
++
++		  if ((bytes[2] & 0xc0) != 0x80)
++		    {
++		      is_utf8 = false;
++		      symbol -= 2;
++		      nbytes = 1;
++		    }
++		  else if ((bytes[0] & 0x10) == 0)
++		    {
++		      is_utf8 = true;
++		      nbytes = 3;
++		    }
++		  else
++		    {
++		      bytes[3] = *symbol++;
++
++		      nbytes = 4;
++
++		      if ((bytes[3] & 0xc0) != 0x80)
++			{
++			  is_utf8 = false;
++			  symbol -= 3;
++			  nbytes = 1;
++			}
++		      else
++			is_utf8 = true;
++		    }
++		}
++	    }
++
++	  if (unicode_display == unicode_invalid)
++	    is_utf8 = false;
++
++	  if (unicode_display == unicode_hex || ! is_utf8)
++	    {
++	      unsigned int i;
++
++	      if (width_remaining < (nbytes * 2) + 2)
++		break;
++	  
++	      putchar (is_utf8 ? '<' : '{');
++	      printf ("0x");
++	      for (i = 0; i < nbytes; i++)
++		printf ("%02x", bytes[i]);
++	      putchar (is_utf8 ? '>' : '}');
++	    }
++	  else
++	    {
++	      if (unicode_display == unicode_highlight && isatty (1))
++		printf ("\x1B[31;47m"); /* Red.  */
++	      
++	      switch (nbytes)
++		{
++		case 2:
++		  if (width_remaining < 6)
++		    break;
++		  printf ("\\u%02x%02x",
++			  (bytes[0] & 0x1c) >> 2, 
++			  ((bytes[0] & 0x03) << 6) | (bytes[1] & 0x3f));
++		  break;
++		case 3:
++		  if (width_remaining < 6)
++		    break;
++		  printf ("\\u%02x%02x",
++			  ((bytes[0] & 0x0f) << 4) | ((bytes[1] & 0x3c) >> 2),
++			  ((bytes[1] & 0x03) << 6) | (bytes[2] & 0x3f));
++		  break;
++		case 4:
++		  if (width_remaining < 8)
++		    break;
++		  printf ("\\u%02x%02x%02x",
++			  ((bytes[0] & 0x07) << 6) | ((bytes[1] & 0x3c) >> 2),
++			  ((bytes[1] & 0x03) << 6) | ((bytes[2] & 0x3c) >> 2),
++			  ((bytes[2] & 0x03) << 6) | (bytes[3] & 0x3f));
++		  
++		  break;
++		default:
++		  /* URG.  */
++		  break;
++		}
++
++	      if (unicode_display == unicode_highlight && isatty (1))
++		printf ("\033[0m"); /* Default colour.  */
++	    }
++	  
++	  if (bytes[nbytes - 1] == 0)
++	    break;
+ 	}
+       else
+ 	{
+@@ -4668,6 +4814,7 @@ static struct option options[] =
+   {"syms",	       no_argument, 0, 's'},
+   {"silent-truncation",no_argument, 0, 'T'},
+   {"section-details",  no_argument, 0, 't'},
++  {"unicode",          required_argument, NULL, 'U'},
+   {"unwind",	       no_argument, 0, 'u'},
+   {"version-info",     no_argument, 0, 'V'},
+   {"version",	       no_argument, 0, 'v'},
+@@ -4744,6 +4891,12 @@ usage (FILE * stream)
+   fprintf (stream, _("\
+      --no-recurse-limit  Disable a demangling recursion limit\n"));
+   fprintf (stream, _("\
++     -U[dlexhi] --unicode=[default|locale|escape|hex|highlight|invalid]\n\
++                         Display unicode characters as determined by the current locale\n\
++                          (default), escape sequences, \"<hex sequences>\", highlighted\n\
++                          escape sequences, or treat them as invalid and display as\n\
++                          \"{hex sequences}\"\n"));
++  fprintf (stream, _("\
+   -n --notes             Display the core notes (if present)\n"));
+   fprintf (stream, _("\
+   -r --relocs            Display the relocations (if present)\n"));
+@@ -4928,7 +5081,7 @@ parse_args (struct dump_data *dumpdata,
+     usage (stderr);
+ 
+   while ((c = getopt_long
+-	  (argc, argv, "ACDHILNPR:STVWacdeghi:lnp:rstuvw::x:z", options, NULL)) != EOF)
++	  (argc, argv, "ACDHILNPR:STU:VWacdeghi:lnp:rstuvw::x:z", options, NULL)) != EOF)
+     {
+       switch (c)
+ 	{
+@@ -5130,6 +5283,25 @@ parse_args (struct dump_data *dumpdata,
+ 	  /* Ignored for backward compatibility.  */
+ 	  break;
+ 
++	case 'U':
++	  if (optarg == NULL)
++	    error (_("Missing arg to -U/--unicode")); /* Can this happen ?  */
++	  else if (streq (optarg, "default") || streq (optarg, "d"))
++	    unicode_display = unicode_default;
++	  else if (streq (optarg, "locale") || streq (optarg, "l"))
++	    unicode_display = unicode_locale;
++	  else if (streq (optarg, "escape") || streq (optarg, "e"))
++	    unicode_display = unicode_escape;
++	  else if (streq (optarg, "invalid") || streq (optarg, "i"))
++	    unicode_display = unicode_invalid;
++	  else if (streq (optarg, "hex") || streq (optarg, "x"))
++	    unicode_display = unicode_hex;
++	  else if (streq (optarg, "highlight") || streq (optarg, "h"))
++	    unicode_display = unicode_highlight;
++	  else
++	    error (_("invalid argument to -U/--unicode: %s"), optarg);
++	  break;
++
+ 	case OPTION_SYM_BASE:
+ 	  sym_base = 0;
+ 	  if (optarg != NULL)
+diff --git a/binutils/strings.c b/binutils/strings.c
+--- a/binutils/strings.c	2021-12-19 19:00:27.058540065 -0800
++++ b/binutils/strings.c	2021-12-19 19:48:26.205313218 -0800
+@@ -55,6 +55,19 @@
+    -T {bfdname}
+ 		Specify a non-default object file format.
+ 
++  --unicode={default|locale|invalid|hex|escape|highlight}
++  -u {d|l|i|x|e|h}
++                Determine how to handle UTF-8 unicode characters.  The default
++		is no special treatment.  All other versions of this option
++		only apply if the encoding is valid and enabling the option
++		implies --encoding=S.
++		The 'locale' option displays the characters according to the
++		current locale.  The 'invalid' option treats them as
++		non-string characters.  The 'hex' option displays them as hex
++		byte sequences.  The 'escape' option displays them as escape
++		sequences and the 'highlight' option displays them as
++		coloured escape sequences.
++
+   --output-separator=sep_string
+   -s sep_string	String used to separate parsed strings in output.
+ 		Default is newline.
+@@ -76,6 +89,22 @@
+ #include "safe-ctype.h"
+ #include "bucomm.h"
+ 
++#ifndef streq
++#define streq(a,b) (strcmp ((a),(b)) == 0)
++#endif
++
++typedef enum unicode_display_type
++{
++  unicode_default = 0,
++  unicode_locale,
++  unicode_escape,
++  unicode_hex,
++  unicode_highlight,
++  unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
++
+ #define STRING_ISGRAPHIC(c) \
+       (   (c) >= 0 \
+        && (c) <= 255 \
+@@ -94,7 +123,7 @@ extern int errno;
+ static int address_radix;
+ 
+ /* Minimum length of sequence of graphic chars to trigger output.  */
+-static int string_min;
++static unsigned int string_min;
+ 
+ /* Whether or not we include all whitespace as a graphic char.   */
+ static bool include_all_whitespace;
+@@ -121,21 +150,22 @@ static char *output_separator;
+ static struct option long_options[] =
+ {
+   {"all", no_argument, NULL, 'a'},
++  {"bytes", required_argument, NULL, 'n'},
+   {"data", no_argument, NULL, 'd'},
++  {"encoding", required_argument, NULL, 'e'},
++  {"help", no_argument, NULL, 'h'},
++  {"include-all-whitespace", no_argument, NULL, 'w'},
++  {"output-separator", required_argument, NULL, 's'},
+   {"print-file-name", no_argument, NULL, 'f'},
+-  {"bytes", required_argument, NULL, 'n'},
+   {"radix", required_argument, NULL, 't'},
+-  {"include-all-whitespace", no_argument, NULL, 'w'},
+-  {"encoding", required_argument, NULL, 'e'},
+   {"target", required_argument, NULL, 'T'},
+-  {"output-separator", required_argument, NULL, 's'},
+-  {"help", no_argument, NULL, 'h'},
++  {"unicode", required_argument, NULL, 'U'},
+   {"version", no_argument, NULL, 'v'},
+   {NULL, 0, NULL, 0}
+ };
+ 
+ static bool strings_file (char *);
+-static void print_strings (const char *, FILE *, file_ptr, int, int, char *);
++static void print_strings (const char *, FILE *, file_ptr, int, char *);
+ static void usage (FILE *, int) ATTRIBUTE_NORETURN;
+ 
+ int main (int, char **);
+@@ -171,7 +201,7 @@ main (int argc, char **argv)
+   encoding = 's';
+   output_separator = NULL;
+ 
+-  while ((optc = getopt_long (argc, argv, "adfhHn:wot:e:T:s:Vv0123456789",
++  while ((optc = getopt_long (argc, argv, "adfhHn:wot:e:T:s:U:Vv0123456789",
+ 			      long_options, (int *) 0)) != EOF)
+     {
+       switch (optc)
+@@ -244,6 +274,23 @@ main (int argc, char **argv)
+ 	  output_separator = optarg;
+           break;
+ 
++	case 'U':
++	  if (streq (optarg, "default") || streq (optarg, "d"))
++	    unicode_display = unicode_default;
++	  else if (streq (optarg, "locale") || streq (optarg, "l"))
++	    unicode_display = unicode_locale;
++	  else if (streq (optarg, "escape") || streq (optarg, "e"))
++	    unicode_display = unicode_escape;
++	  else if (streq (optarg, "invalid") || streq (optarg, "i"))
++	    unicode_display = unicode_invalid;
++	  else if (streq (optarg, "hex") || streq (optarg, "x"))
++	    unicode_display = unicode_hex;
++	  else if (streq (optarg, "highlight") || streq (optarg, "h"))
++	    unicode_display = unicode_highlight;
++	  else
++	    fatal (_("invalid argument to -U/--unicode: %s"), optarg);
++	  break;
++
+ 	case 'V':
+ 	case 'v':
+ 	  print_version ("strings");
+@@ -258,6 +305,9 @@ main (int argc, char **argv)
+ 	}
+     }
+ 
++  if (unicode_display != unicode_default)
++    encoding = 'S';
++
+   if (numeric_opt != 0)
+     {
+       string_min = (int) strtoul (argv[numeric_opt - 1] + 1, &s, 0);
+@@ -293,14 +343,14 @@ main (int argc, char **argv)
+     {
+       datasection_only = false;
+       SET_BINARY (fileno (stdin));
+-      print_strings ("{standard input}", stdin, 0, 0, 0, (char *) NULL);
++      print_strings ("{standard input}", stdin, 0, 0, (char *) NULL);
+       files_given = true;
+     }
+   else
+     {
+       for (; optind < argc; ++optind)
+ 	{
+-	  if (strcmp (argv[optind], "-") == 0)
++	  if (streq (argv[optind], "-"))
+ 	    datasection_only = false;
+ 	  else
+ 	    {
+@@ -342,7 +392,7 @@ strings_a_section (bfd *abfd, asection *
+     }
+ 
+   *got_a_section = true;
+-  print_strings (filename, NULL, sect->filepos, 0, sectsize, (char *) mem);
++  print_strings (filename, NULL, sect->filepos, sectsize, (char *) mem);
+   free (mem);
+ }
+ 
+@@ -427,7 +477,7 @@ strings_file (char *file)
+ 	  return false;
+ 	}
+ 
+-      print_strings (file, stream, (file_ptr) 0, 0, 0, (char *) 0);
++      print_strings (file, stream, (file_ptr) 0, 0, (char *) NULL);
+ 
+       if (fclose (stream) == EOF)
+ 	{
+@@ -551,6 +601,626 @@ unget_part_char (long c, file_ptr *addre
+ 	}
+     }
+ }
++
++static void
++print_filename_and_address (const char * filename, file_ptr address)
++{
++  if (print_filenames)
++    printf ("%s: ", filename);
++
++  if (! print_addresses)
++    return;
++
++  switch (address_radix)
++    {
++    case 8:
++      if (sizeof (address) > sizeof (long))
++	{
++#ifndef __MSVCRT__
++	  printf ("%7llo ", (unsigned long long) address);
++#else
++	  printf ("%7I64o ", (unsigned long long) address);
++#endif
++	}
++      else
++	printf ("%7lo ", (unsigned long) address);
++      break;
++
++    case 10:
++      if (sizeof (address) > sizeof (long))
++	{
++#ifndef __MSVCRT__
++	  printf ("%7llu ", (unsigned long long) address);
++#else
++	  printf ("%7I64d ", (unsigned long long) address);
++#endif
++	}
++      else
++	printf ("%7ld ", (long) address);
++      break;
++
++    case 16:
++      if (sizeof (address) > sizeof (long))
++	{
++#ifndef __MSVCRT__
++	  printf ("%7llx ", (unsigned long long) address);
++#else
++	  printf ("%7I64x ", (unsigned long long) address);
++#endif
++	}
++      else
++	printf ("%7lx ", (unsigned long) address);
++      break;
++    }
++}
++
++/* Return non-zero if the bytes starting at BUFFER form a valid UTF-8 encoding.
++   If the encoding is valid then returns the number of bytes it uses.  */
++
++static unsigned int
++is_valid_utf8 (const unsigned char * buffer, unsigned long buflen)
++{
++  if (buffer[0] < 0xc0)
++    return 0;
++
++  if (buflen < 2)
++    return 0;
++
++  if ((buffer[1] & 0xc0) != 0x80)
++    return 0;
++
++  if ((buffer[0] & 0x20) == 0)
++    return 2;
++
++  if (buflen < 3)
++    return 0;
++
++  if ((buffer[2] & 0xc0) != 0x80)
++    return 0;
++
++  if ((buffer[0] & 0x10) == 0)
++    return 3;
++
++  if (buflen < 4)
++    return 0;
++
++  if ((buffer[3] & 0xc0) != 0x80)
++    return 0;
++
++  return 4;
++}
++
++/* Display a UTF-8 encoded character in BUFFER according to the setting
++   of unicode_display.  The character is known to be valid.
++   Returns the number of bytes consumed.  */
++
++static unsigned int
++display_utf8_char (const unsigned char * buffer)
++{
++  unsigned int j;
++  unsigned int utf8_len;
++
++  switch (buffer[0] & 0x30)
++    {
++    case 0x00:
++    case 0x10:
++      utf8_len = 2;
++      break;
++    case 0x20:
++      utf8_len = 3;
++      break;
++    default:
++      utf8_len = 4;
++    }
++
++  switch (unicode_display)
++    {
++    default:
++      fprintf (stderr, "ICE: unexpected unicode display type\n");
++      break;
++
++    case unicode_escape:
++    case unicode_highlight:
++      if (unicode_display == unicode_highlight && isatty (1))
++	printf ("\x1B[31;47m"); /* Red.  */
++
++      switch (utf8_len)
++	{
++	case 2:
++	  printf ("\\u%02x%02x",
++		  ((buffer[0] & 0x1c) >> 2),
++		  ((buffer[0] & 0x03) << 6) | (buffer[1] & 0x3f));
++	  break;
++
++	case 3:
++	  printf ("\\u%02x%02x",
++		  ((buffer[0] & 0x0f) << 4) | ((buffer[1] & 0x3c) >> 2),
++		  ((buffer[1] & 0x03) << 6) | ((buffer[2] & 0x3f)));
++	  break;
++
++	case 4:
++	  printf ("\\u%02x%02x%02x",
++		  ((buffer[0] & 0x07) << 6) | ((buffer[1] & 0x3c) >> 2),
++		  ((buffer[1] & 0x03) << 6) | ((buffer[2] & 0x3c) >> 2),
++		  ((buffer[2] & 0x03) << 6) | ((buffer[3] & 0x3f)));
++	  break;
++	default:
++	  /* URG.  */
++	  break;
++	}
++
++      if (unicode_display == unicode_highlight && isatty (1))
++	printf ("\033[0m"); /* Default colour.  */
++      break;
++
++    case unicode_hex:
++      putchar ('<');
++      printf ("0x");
++      for (j = 0; j < utf8_len; j++)
++	printf ("%02x", buffer [j]);
++      putchar ('>');
++      break;
++
++    case unicode_locale:
++      printf ("%.1s", buffer);
++      break;
++    }
++
++  return utf8_len;
++}
++
++/* Display strings in BUFFER.  Treat any UTF-8 encoded characters encountered
++   according to the setting of the unicode_display variable.  The buffer
++   contains BUFLEN bytes.
++
++   Display the characters as if they started at ADDRESS and are contained in
++   FILENAME.  */
++
++static void
++print_unicode_buffer (const char *            filename,
++		      file_ptr                address,
++		      const unsigned char *   buffer,
++		      unsigned long           buflen)
++{
++  /* Paranoia checks...  */
++  if (filename == NULL
++      || buffer == NULL
++      || unicode_display == unicode_default
++      || encoding != 'S'
++      || encoding_bytes != 1)
++    {
++      fprintf (stderr, "ICE: bad arguments to print_unicode_buffer\n");
++      return;
++    }
++
++  if (buflen == 0)
++    return;
++
++  /* We must only display strings that are at least string_min *characters*
++     long.  So we scan the buffer in two stages.  First we locate the start
++     of a potential string.  Then we walk along it until we have found
++     string_min characters.  Then we go back to the start point and start
++     displaying characters according to the unicode_display setting.  */
++
++  unsigned long start_point = 0;
++  unsigned long i = 0;
++  unsigned int char_len = 1;
++  unsigned int num_found = 0;
++
++  for (i = 0; i < buflen; i += char_len)
++    {
++      int c = buffer[i];
++
++      char_len = 1;
++
++      /* Find the first potential character of a string.  */
++      if (! STRING_ISGRAPHIC (c))
++	{
++	  num_found = 0;
++	  continue;
++	}
++
++      if (c > 126)
++	{
++	  if (c < 0xc0)
++	    {
++	      num_found = 0;
++	      continue;
++	    }
++
++	  if ((char_len = is_valid_utf8 (buffer + i, buflen - i)) == 0)
++	    {
++	      char_len = 1;
++	      num_found = 0;
++	      continue;
++	    }
++
++	  if (unicode_display == unicode_invalid)
++	    {
++	      /* We have found a valid UTF-8 character, but we treat it as non-graphic.  */
++	      num_found = 0;
++	      continue;
++	    }
++	}
++
++      if (num_found == 0)
++	/* We have found a potential starting point for a string.  */
++	start_point = i;
++
++      ++ num_found;
++
++      if (num_found >= string_min)
++	break;
++    }
++
++  if (num_found < string_min)
++    return;
++
++  print_filename_and_address (filename, address + start_point);
++
++  /* We have found string_min characters.  Display them and any
++     more that follow.  */
++  for (i = start_point; i < buflen; i += char_len)
++    {
++      int c = buffer[i];
++
++      char_len = 1;
++
++      if (! STRING_ISGRAPHIC (c))
++	break;
++      else if (c < 127)
++	putchar (c);
++      else if (! is_valid_utf8 (buffer + i, buflen - i))
++	break;
++      else if (unicode_display == unicode_invalid)
++	break;
++      else
++	char_len = display_utf8_char (buffer + i);
++    }
++
++  if (output_separator)
++    fputs (output_separator, stdout);
++  else
++    putchar ('\n');
++
++  /* FIXME: Using tail recursion here is lazy programming...  */
++  print_unicode_buffer (filename, address + i, buffer + i, buflen - i);
++}
++
++static int
++get_unicode_byte (FILE *          stream,
++		  unsigned char * putback,
++		  unsigned int *  num_putback,
++		  unsigned int *  num_read)
++{
++  if (* num_putback > 0)
++    {
++      * num_putback = * num_putback - 1;
++      return putback [* num_putback];
++    }
++
++  * num_read = * num_read + 1;
++
++#if defined(HAVE_GETC_UNLOCKED) && HAVE_DECL_GETC_UNLOCKED
++  return getc_unlocked (stream);
++#else
++  return getc (stream);
++#endif
++}
++
++/* Helper function for print_unicode_stream.  */
++
++static void
++print_unicode_stream_body (const char *     filename,
++			   file_ptr         address,
++			   FILE *           stream,
++			   unsigned char *  putback_buf,
++			   unsigned int     num_putback,
++			   unsigned char *  print_buf)
++{
++  /* It would be nice if we could just read the stream into a buffer
++     and then process if with print_unicode_buffer.  But the input
++     might be huge or it might time-locked (eg stdin).  So instead
++     we go one byte at a time...  */
++
++  file_ptr start_point = 0;
++  unsigned int num_read = 0;
++  unsigned int num_chars = 0;
++  unsigned int num_print = 0;
++  int c = 0;
++
++  /* Find a series of string_min characters.  Put them into print_buf.  */
++  do
++    {
++      if (num_chars >= string_min)
++	break;
++
++      c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++      if (c == EOF)
++	break;
++
++      if (! STRING_ISGRAPHIC (c))
++	{
++	  num_chars = num_print = 0;
++	  continue;
++	}
++
++      if (num_chars == 0)
++	start_point = num_read - 1;
++
++      if (c < 127)
++	{
++	  print_buf[num_print] = c;
++	  num_chars ++;
++	  num_print ++;
++	  continue;
++	}
++
++      if (c < 0xc0)
++	{
++	  num_chars = num_print = 0;
++	  continue;
++	}
++
++      /* We *might* have a UTF-8 sequence.  Time to start peeking.  */
++      char utf8[4];
++
++      utf8[0] = c;
++      c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++      if (c == EOF)
++	break;
++      utf8[1] = c;
++
++      if ((utf8[1] & 0xc0) != 0x80)
++	{
++	  /* Invalid UTF-8.  */
++	  putback_buf[num_putback++] = utf8[1];
++	  num_chars = num_print = 0;
++	  continue;
++	}
++      else if ((utf8[0] & 0x20) == 0)
++	{
++	  /* A valid 2-byte UTF-8 encoding.  */
++	  if (unicode_display == unicode_invalid)
++	    {
++	      putback_buf[num_putback++] = utf8[1];
++	      num_chars = num_print = 0;
++	    }
++	  else
++	    {
++	      print_buf[num_print ++] = utf8[0];
++	      print_buf[num_print ++] = utf8[1];
++	      num_chars ++;
++	    }
++	  continue;
++	}
++
++      c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++      if (c == EOF)
++	break;
++      utf8[2] = c;
++
++      if ((utf8[2] & 0xc0) != 0x80)
++	{
++	  /* Invalid UTF-8.  */
++	  putback_buf[num_putback++] = utf8[2];
++	  putback_buf[num_putback++] = utf8[1];
++	  num_chars = num_print = 0;
++	  continue;
++	}
++      else if ((utf8[0] & 0x10) == 0)
++	{
++	  /* A valid 3-byte UTF-8 encoding.  */
++	  if (unicode_display == unicode_invalid)
++	    {
++	      putback_buf[num_putback++] = utf8[2];
++	      putback_buf[num_putback++] = utf8[1];
++	      num_chars = num_print = 0;
++	    }
++	  else
++	    {
++	      print_buf[num_print ++] = utf8[0];
++	      print_buf[num_print ++] = utf8[1];
++	      print_buf[num_print ++] = utf8[2];
++	      num_chars ++;
++	    }
++	  continue;
++	}
++
++      c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++      if (c == EOF)
++	break;
++      utf8[3] = c;
++
++      if ((utf8[3] & 0xc0) != 0x80)
++	{
++	  /* Invalid UTF-8.  */
++	  putback_buf[num_putback++] = utf8[3];
++	  putback_buf[num_putback++] = utf8[2];
++	  putback_buf[num_putback++] = utf8[1];
++	  num_chars = num_print = 0;
++	}
++      /* We have a valid 4-byte UTF-8 encoding.  */
++      else if (unicode_display == unicode_invalid)
++	{
++	  putback_buf[num_putback++] = utf8[3];
++	  putback_buf[num_putback++] = utf8[1];
++	  putback_buf[num_putback++] = utf8[2];
++	  num_chars = num_print = 0;
++	}
++      else
++	{
++	  print_buf[num_print ++] = utf8[0];
++	  print_buf[num_print ++] = utf8[1];
++	  print_buf[num_print ++] = utf8[2];
++	  print_buf[num_print ++] = utf8[3];
++	  num_chars ++;
++	}
++    }
++  while (1);
++
++  if (num_chars >= string_min)
++    {
++      /* We know that we have string_min valid characters in print_buf,
++	 and there may be more to come in the stream.  Start displaying
++	 them.  */
++
++      print_filename_and_address (filename, address + start_point);
++
++      unsigned int i;
++      for (i = 0; i < num_print;)
++	{
++	  if (print_buf[i] < 127)
++	    putchar (print_buf[i++]);
++	  else
++	    i += display_utf8_char (print_buf + i);
++	}
++
++      /* OK so now we have to start read unchecked bytes.  */
++
++      /* Find a series of string_min characters.  Put them into print_buf.  */
++      do
++	{
++	  c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++	  if (c == EOF)
++	    break;
++
++	  if (! STRING_ISGRAPHIC (c))
++	    break;
++
++	  if (c < 127)
++	    {
++	      putchar (c);
++	      continue;
++	    }
++
++	  if (c < 0xc0)
++	    break;
++
++	  /* We *might* have a UTF-8 sequence.  Time to start peeking.  */
++	  unsigned char utf8[4];
++
++	  utf8[0] = c;
++	  c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++	  if (c == EOF)
++	    break;
++	  utf8[1] = c;
++
++	  if ((utf8[1] & 0xc0) != 0x80)
++	    {
++	      /* Invalid UTF-8.  */
++	      putback_buf[num_putback++] = utf8[1];
++	      break;
++	    }
++	  else if ((utf8[0] & 0x20) == 0)
++	    {
++	      /* Valid 2-byte UTF-8.  */
++	      if (unicode_display == unicode_invalid)
++		{
++		  putback_buf[num_putback++] = utf8[1];
++		  break;
++		}
++	      else
++		{
++		  (void) display_utf8_char (utf8);
++		  continue;
++		}
++	    }
++
++	  c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++	  if (c == EOF)
++	    break;
++	  utf8[2] = c;
++
++	  if ((utf8[2] & 0xc0) != 0x80)
++	    {
++	      /* Invalid UTF-8.  */
++	      putback_buf[num_putback++] = utf8[2];
++	      putback_buf[num_putback++] = utf8[1];
++	      break;
++	    }
++	  else if ((utf8[0] & 0x10) == 0)
++	    {
++	      /* Valid 3-byte UTF-8.  */
++	      if (unicode_display == unicode_invalid)
++		{
++		  putback_buf[num_putback++] = utf8[2];
++		  putback_buf[num_putback++] = utf8[1];
++		  break;
++		}
++	      else
++		{
++		  (void) display_utf8_char (utf8);
++		  continue;
++		}
++	    }
++
++	  c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++	  if (c == EOF)
++	    break;
++	  utf8[3] = c;
++
++	  if ((utf8[3] & 0xc0) != 0x80)
++	    {
++	      /* Invalid UTF-8.  */
++	      putback_buf[num_putback++] = utf8[3];
++	      putback_buf[num_putback++] = utf8[2];
++	      putback_buf[num_putback++] = utf8[1];
++	      break;
++	    }
++	  else if (unicode_display == unicode_invalid)
++	    {
++	      putback_buf[num_putback++] = utf8[3];
++	      putback_buf[num_putback++] = utf8[2];
++	      putback_buf[num_putback++] = utf8[1];
++	      break;
++	    }
++	  else
++	    /* A valid 4-byte UTF-8 encoding.  */
++	    (void) display_utf8_char (utf8);
++	}
++      while (1);
++
++      if (output_separator)
++	fputs (output_separator, stdout);
++      else
++	putchar ('\n');
++    }
++
++  if (c != EOF)
++    /* FIXME: Using tail recursion here is lazy, but it works.  */
++    print_unicode_stream_body (filename, address + num_read, stream, putback_buf, num_putback, print_buf);
++}
++
++/* Display strings read in from STREAM.  Treat any UTF-8 encoded characters
++   encountered according to the setting of the unicode_display variable.
++   The stream is positioned at ADDRESS and is attached to FILENAME.  */
++
++static void
++print_unicode_stream (const char * filename,
++		      file_ptr     address,
++		      FILE *       stream)
++{
++  /* Paranoia checks...  */
++  if (filename == NULL
++      || stream == NULL
++      || unicode_display == unicode_default
++      || encoding != 'S'
++      || encoding_bytes != 1)
++    {
++      fprintf (stderr, "ICE: bad arguments to print_unicode_stream\n");
++      return;
++    }
++
++  /* Allocate space for string_min 4-byte utf-8 characters.  */
++  unsigned char * print_buf = xmalloc ((4 * string_min) + 1);
++  /* We should never have to put back more than 4 bytes.  */
++  unsigned char putback_buf[5];
++  unsigned int num_putback = 0;
++
++  print_unicode_stream_body (filename, address, stream, putback_buf, num_putback, print_buf);
++  free (print_buf);
++}
+ 
+ /* Find the strings in file FILENAME, read from STREAM.
+    Assume that STREAM is positioned so that the next byte read
+@@ -566,20 +1236,29 @@ unget_part_char (long c, file_ptr *addre
+ 
+ static void
+ print_strings (const char *filename, FILE *stream, file_ptr address,
+-	       int stop_point, int magiccount, char *magic)
++	       int magiccount, char *magic)
+ {
++  if (unicode_display != unicode_default)
++    {
++      if (magic != NULL)
++	print_unicode_buffer (filename, address,
++			      (const unsigned char *) magic, magiccount);
++
++      if (stream != NULL)
++	print_unicode_stream (filename, address, stream);
++      return;
++    }
++
+   char *buf = (char *) xmalloc (sizeof (char) * (string_min + 1));
+ 
+   while (1)
+     {
+       file_ptr start;
+-      int i;
++      unsigned int i;
+       long c;
+ 
+       /* See if the next `string_min' chars are all graphic chars.  */
+     tryline:
+-      if (stop_point && address >= stop_point)
+-	break;
+       start = address;
+       for (i = 0; i < string_min; i++)
+ 	{
+@@ -601,51 +1280,7 @@ print_strings (const char *filename, FIL
+ 
+       /* We found a run of `string_min' graphic characters.  Print up
+ 	 to the next non-graphic character.  */
+-
+-      if (print_filenames)
+-	printf ("%s: ", filename);
+-      if (print_addresses)
+-	switch (address_radix)
+-	  {
+-	  case 8:
+-	    if (sizeof (start) > sizeof (long))
+-	      {
+-#ifndef __MSVCRT__
+-		printf ("%7llo ", (unsigned long long) start);
+-#else
+-		printf ("%7I64o ", (unsigned long long) start);
+-#endif
+-	      }
+-	    else
+-	      printf ("%7lo ", (unsigned long) start);
+-	    break;
+-
+-	  case 10:
+-	    if (sizeof (start) > sizeof (long))
+-	      {
+-#ifndef __MSVCRT__
+-		printf ("%7llu ", (unsigned long long) start);
+-#else
+-		printf ("%7I64d ", (unsigned long long) start);
+-#endif
+-	      }
+-	    else
+-	      printf ("%7ld ", (long) start);
+-	    break;
+-
+-	  case 16:
+-	    if (sizeof (start) > sizeof (long))
+-	      {
+-#ifndef __MSVCRT__
+-		printf ("%7llx ", (unsigned long long) start);
+-#else
+-		printf ("%7I64x ", (unsigned long long) start);
+-#endif
+-	      }
+-	    else
+-	      printf ("%7lx ", (unsigned long) start);
+-	    break;
+-	  }
++      print_filename_and_address (filename, start);
+ 
+       buf[i] = '\0';
+       fputs (buf, stdout);
+@@ -697,6 +1332,8 @@ usage (FILE *stream, int status)
+   -T --target=<BFDNAME>     Specify the binary file format\n\
+   -e --encoding={s,S,b,l,B,L} Select character size and endianness:\n\
+                             s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit\n\
++  --unicode={default|show|invalid|hex|escape|highlight}\n\
++  -u {d|s|i|x|e|h}          Specify how to treat UTF-8 encoded unicode characters\n\
+   -s --output-separator=<string> String used to separate strings in output.\n\
+   @<file>                   Read options from <file>\n\
+   -h --help                 Display this information\n\
diff --git a/poky/meta/recipes-devtools/gcc/gcc-11.2.inc b/poky/meta/recipes-devtools/gcc/gcc-11.2.inc
index 9fd30f52a8..886ef3c35b 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-11.2.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-11.2.inc
@@ -68,6 +68,14 @@ SRC_URI = "\
            file://0036-mingw32-Enable-operation_not_supported.patch \
            file://0037-libatomic-Do-not-enforce-march-on-aarch64.patch \
            file://0041-apply-debug-prefix-maps-before-checksumming-DIEs.patch \
+           file://0001-CVE-2021-35465.patch \
+           file://0002-CVE-2021-35465.patch \
+           file://0003-CVE-2021-35465.patch \
+           file://0004-CVE-2021-35465.patch \
+           file://0001-CVE-2021-42574.patch \
+           file://0002-CVE-2021-42574.patch \
+           file://0003-CVE-2021-42574.patch \
+           file://0004-CVE-2021-42574.patch \
 "
 SRC_URI[sha256sum] = "d08edc536b54c372a1010ff6619dd274c0f1603aa49212ba20f7aa2cda36fa8b"
 
@@ -117,3 +125,6 @@ EXTRA_OECONF_PATHS = "\
     --with-sysroot=/not/exist \
     --with-build-sysroot=${STAGING_DIR_TARGET} \
 "
+
+# Is a binutils 2.26 issue, not gcc
+CVE_CHECK_WHITELIST += "CVE-2021-37322"
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch b/poky/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
new file mode 100644
index 0000000000..6b1d4e3fce
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
@@ -0,0 +1,138 @@
+From 3929bca9ca95de9d35e82ae8828b188029e3eb70 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 11 Jun 2021 16:02:05 +0100
+Subject: [PATCH] arm: Add command-line option for enabling CVE-2021-35465
+ mitigation [PR102035]
+
+Add a new option, -mfix-cmse-cve-2021-35465 and document it.  Enable it
+automatically for cortex-m33, cortex-m35p and cortex-m55.
+
+gcc:
+	PR target/102035
+	* config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option.
+	* doc/invoke.texi (Arm Options): Document it.
+	* config/arm/arm-cpus.in (quirk_vlldm): New feature bit.
+	(ALL_QUIRKS): Add quirk_vlldm.
+	(cortex-m33): Add quirk_vlldm.
+	(cortex-m35p, cortex-m55): Likewise.
+	* config/arm/arm.c (arm_option_override): Enable fix_vlldm if
+	targetting an affected CPU and not explicitly controlled on
+	the command line.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/config/arm/arm-cpus.in | 9 +++++++--
+ gcc/config/arm/arm.c       | 9 +++++++++
+ gcc/config/arm/arm.opt     | 4 ++++
+ gcc/doc/invoke.texi        | 9 +++++++++
+ 4 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
+--- a/gcc/config/arm/arm.c	2021-11-15 02:13:11.100579812 -0800
++++ b/gcc/config/arm/arm.c	2021-11-15 02:17:36.988237692 -0800
+@@ -3610,6 +3610,15 @@ arm_option_override (void)
+ 	fix_cm3_ldrd = 0;
+     }
+ 
++  /* Enable fix_vlldm by default if required.  */
++  if (fix_vlldm == 2)
++    {
++      if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm))
++	fix_vlldm = 1;
++      else
++	fix_vlldm = 0;
++    }
++
+   /* Hot/Cold partitioning is not currently supported, since we can't
+      handle literal pool placement in that case.  */
+   if (flag_reorder_blocks_and_partition)
+diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
+--- a/gcc/config/arm/arm-cpus.in	2021-11-15 02:13:11.104579747 -0800
++++ b/gcc/config/arm/arm-cpus.in	2021-11-15 02:17:36.984237757 -0800
+@@ -186,6 +186,9 @@ define feature quirk_armv6kz
+ # Cortex-M3 LDRD quirk.
+ define feature quirk_cm3_ldrd
+ 
++# v8-m/v8.1-m VLLDM errata.
++define feature quirk_vlldm
++
+ # Don't use .cpu assembly directive
+ define feature quirk_no_asmcpu
+ 
+@@ -322,7 +325,7 @@ define implied vfp_base MVE MVE_FP ALL_F
+ # architectures.
+ # xscale isn't really a 'quirk', but it isn't an architecture either and we
+ # need to ignore it for matching purposes.
+-define fgroup ALL_QUIRKS   quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu
++define fgroup ALL_QUIRKS   quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu
+ 
+ define fgroup IGNORE_FOR_MULTILIB cdecp0 cdecp1 cdecp2 cdecp3 cdecp4 cdecp5 cdecp6 cdecp7
+ 
+@@ -1570,6 +1573,7 @@ begin cpu cortex-m33
+  architecture armv8-m.main+dsp+fp
+  option nofp remove ALL_FP
+  option nodsp remove armv7em
++ isa quirk_vlldm
+  costs v7m
+ end cpu cortex-m33
+ 
+@@ -1579,6 +1583,7 @@ begin cpu cortex-m35p
+  architecture armv8-m.main+dsp+fp
+  option nofp remove ALL_FP
+  option nodsp remove armv7em
++ isa quirk_vlldm
+  costs v7m
+ end cpu cortex-m35p
+ 
+@@ -1590,7 +1595,7 @@ begin cpu cortex-m55
+  option nomve remove mve mve_float
+  option nofp remove ALL_FP mve_float
+  option nodsp remove MVE mve_float
+- isa quirk_no_asmcpu
++ isa quirk_no_asmcpu quirk_vlldm
+  costs v7m
+  vendor 41
+ end cpu cortex-m55
+diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
+--- a/gcc/config/arm/arm.opt	2021-11-15 02:13:11.104579747 -0800
++++ b/gcc/config/arm/arm.opt	2021-11-15 02:17:36.988237692 -0800
+@@ -268,6 +268,10 @@ Target Var(fix_cm3_ldrd) Init(2)
+ Avoid overlapping destination and address registers on LDRD instructions
+ that may trigger Cortex-M3 errata.
+ 
++mfix-cmse-cve-2021-35465
++Target Var(fix_vlldm) Init(2)
++Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465).
++
+ munaligned-access
+ Target Var(unaligned_access) Init(2) Save
+ Enable unaligned word and halfword accesses to packed data.
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi	2021-11-15 02:13:11.112579616 -0800
++++ b/gcc/doc/invoke.texi	2021-11-15 02:17:36.996237562 -0800
+@@ -804,6 +804,7 @@ Objective-C and Objective-C++ Dialects}.
+ -mverbose-cost-dump @gol
+ -mpure-code @gol
+ -mcmse @gol
++-mfix-cmse-cve-2021-35465 @gol
+ -mfdpic}
+ 
+ @emph{AVR Options}
+@@ -20487,6 +20488,14 @@ Generate secure code as per the "ARMv8-M
+ Development Tools Engineering Specification", which can be found on
+ @url{https://developer.arm.com/documentation/ecm0359818/latest/}.
+ 
++@item -mfix-cmse-cve-2021-35465
++@opindex mfix-cmse-cve-2021-35465
++Mitigate against a potential security issue with the @code{VLLDM} instruction
++in some M-profile devices when using CMSE (CVE-2021-365465).  This option is
++enabled by default when the option @option{-mcpu=} is used with
++@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}.  The option
++@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation.
++
+ @item -mfdpic
+ @itemx -mno-fdpic
+ @opindex mfdpic
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch b/poky/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch
new file mode 100644
index 0000000000..4d680ccc8f
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch
@@ -0,0 +1,2282 @@
+From bd5e882cf6e0def3dd1bc106075d59a303fe0d1e Mon Sep 17 00:00:00 2001
+From: David Malcolm <dmalcolm@redhat.com>
+Date: Mon, 18 Oct 2021 18:55:31 -0400
+Subject: [PATCH] diagnostics: escape non-ASCII source bytes for certain
+ diagnostics
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This patch adds support to GCC's diagnostic subsystem for escaping certain
+bytes and Unicode characters when quoting source code.
+
+Specifically, this patch adds a new flag rich_location::m_escape_on_output
+which is a hint from a diagnostic that non-ASCII bytes in the pertinent
+lines of the user's source code should be escaped when printed.
+
+The patch sets this for the following diagnostics:
+- when complaining about stray bytes in the program (when these
+are non-printable)
+- when complaining about "null character(s) ignored");
+- for -Wnormalized= (and generate source ranges for such warnings)
+
+The escaping is controlled by a new option:
+  -fdiagnostics-escape-format=[unicode|bytes]
+
+For example, consider a diagnostic involing a source line containing the
+string "before" followed by the Unicode character U+03C0 ("GREEK SMALL
+LETTER PI", with UTF-8 encoding 0xCF 0x80) followed by the byte 0xBF
+(a stray UTF-8 trailing byte), followed by the string "after", where the
+diagnostic highlights the U+03C0 character.
+
+By default, this line will be printed verbatim to the user when
+reporting a diagnostic at it, as:
+
+ beforeÏXafter
+       ^
+
+(using X for the stray byte to avoid putting invalid UTF-8 in this
+commit message)
+
+If the diagnostic sets the "escape" flag, it will be printed as:
+
+ before<U+03C0><BF>after
+       ^~~~~~~~
+
+with -fdiagnostics-escape-format=unicode (the default), or as:
+
+  before<CF><80><BF>after
+        ^~~~~~~~
+
+if the user supplies -fdiagnostics-escape-format=bytes.
+
+This only affects how the source is printed; it does not affect
+how column numbers that are printed (as per -fdiagnostics-column-unit=
+and -fdiagnostics-column-origin=).
+
+gcc/c-family/ChangeLog:
+	* c-lex.c (c_lex_with_flags): When complaining about non-printable
+	CPP_OTHER tokens, set the "escape on output" flag.
+
+gcc/ChangeLog:
+	* common.opt (fdiagnostics-escape-format=): New.
+	(diagnostics_escape_format): New enum.
+	(DIAGNOSTICS_ESCAPE_FORMAT_UNICODE): New enum value.
+	(DIAGNOSTICS_ESCAPE_FORMAT_BYTES): Likewise.
+	* diagnostic-format-json.cc (json_end_diagnostic): Add
+	"escape-source" attribute.
+	* diagnostic-show-locus.c
+	(exploc_with_display_col::exploc_with_display_col): Replace
+	"tabstop" param with a cpp_char_column_policy and add an "aspect"
+	param.  Use these to compute m_display_col accordingly.
+	(struct char_display_policy): New struct.
+	(layout::m_policy): New field.
+	(layout::m_escape_on_output): New field.
+	(def_policy): New function.
+	(make_range): Update for changes to exploc_with_display_col ctor.
+	(default_print_decoded_ch): New.
+	(width_per_escaped_byte): New.
+	(escape_as_bytes_width): New.
+	(escape_as_bytes_print): New.
+	(escape_as_unicode_width): New.
+	(escape_as_unicode_print): New.
+	(make_policy): New.
+	(layout::layout): Initialize new fields.  Update m_exploc ctor
+	call for above change to ctor.
+	(layout::maybe_add_location_range): Update for changes to
+	exploc_with_display_col ctor.
+	(layout::calculate_x_offset_display): Update for change to
+	cpp_display_width.
+	(layout::print_source_line): Pass policy
+	to cpp_display_width_computation. Capture cpp_decoded_char when
+	calling process_next_codepoint.  Move printing of source code to
+	m_policy.m_print_cb.
+	(line_label::line_label): Pass in policy rather than context.
+	(layout::print_any_labels): Update for change to line_label ctor.
+	(get_affected_range): Pass in policy rather than context, updating
+	calls to location_compute_display_column accordingly.
+	(get_printed_columns): Likewise, also for cpp_display_width.
+	(correction::correction): Pass in policy rather than tabstop.
+	(correction::compute_display_cols): Pass m_policy rather than
+	m_tabstop to cpp_display_width.
+	(correction::m_tabstop): Replace with...
+	(correction::m_policy): ...this.
+	(line_corrections::line_corrections): Pass in policy rather than
+	context.
+	(line_corrections::m_context): Replace with...
+	(line_corrections::m_policy): ...this.
+	(line_corrections::add_hint): Update to use m_policy rather than
+	m_context.
+	(line_corrections::add_hint): Likewise.
+	(layout::print_trailing_fixits): Likewise.
+	(selftest::test_display_widths): New.
+	(selftest::test_layout_x_offset_display_utf8): Update to use
+	policy rather than tabstop.
+	(selftest::test_one_liner_labels_utf8): Add test of escaping
+	source lines.
+	(selftest::test_diagnostic_show_locus_one_liner_utf8): Update to
+	use policy rather than tabstop.
+	(selftest::test_overlapped_fixit_printing): Likewise.
+	(selftest::test_overlapped_fixit_printing_utf8): Likewise.
+	(selftest::test_overlapped_fixit_printing_2): Likewise.
+	(selftest::test_tab_expansion): Likewise.
+	(selftest::test_escaping_bytes_1): New.
+	(selftest::test_escaping_bytes_2): New.
+	(selftest::diagnostic_show_locus_c_tests): Call the new tests.
+	* diagnostic.c (diagnostic_initialize): Initialize
+	context->escape_format.
+	(convert_column_unit): Update to use default character width policy.
+	(selftest::test_diagnostic_get_location_text): Likewise.
+	* diagnostic.h (enum diagnostics_escape_format): New enum.
+	(diagnostic_context::escape_format): New field.
+	* doc/invoke.texi (-fdiagnostics-escape-format=): New option.
+	(-fdiagnostics-format=): Add "escape-source" attribute to examples
+	of JSON output, and document it.
+	* input.c (location_compute_display_column): Pass in "policy"
+	rather than "tabstop", passing to
+	cpp_byte_column_to_display_column.
+	(selftest::test_cpp_utf8): Update to use cpp_char_column_policy.
+	* input.h (class cpp_char_column_policy): New forward decl.
+	(location_compute_display_column): Pass in "policy" rather than
+	"tabstop".
+	* opts.c (common_handle_option): Handle
+	OPT_fdiagnostics_escape_format_.
+	* selftest.c (temp_source_file::temp_source_file): New ctor
+	overload taking a size_t.
+	* selftest.h (temp_source_file::temp_source_file): Likewise.
+
+gcc/testsuite/ChangeLog:
+	* c-c++-common/diagnostic-format-json-1.c: Add regexp to consume
+	"escape-source" attribute.
+	* c-c++-common/diagnostic-format-json-2.c: Likewise.
+	* c-c++-common/diagnostic-format-json-3.c: Likewise.
+	* c-c++-common/diagnostic-format-json-4.c: Likewise, twice.
+	* c-c++-common/diagnostic-format-json-5.c: Likewise.
+	* gcc.dg/cpp/warn-normalized-4-bytes.c: New test.
+	* gcc.dg/cpp/warn-normalized-4-unicode.c: New test.
+	* gcc.dg/encoding-issues-bytes.c: New test.
+	* gcc.dg/encoding-issues-unicode.c: New test.
+	* gfortran.dg/diagnostic-format-json-1.F90: Add regexp to consume
+	"escape-source" attribute.
+	* gfortran.dg/diagnostic-format-json-2.F90: Likewise.
+	* gfortran.dg/diagnostic-format-json-3.F90: Likewise.
+
+libcpp/ChangeLog:
+	* charset.c (convert_escape): Use encoding_rich_location when
+	complaining about nonprintable unknown escape sequences.
+	(cpp_display_width_computation::::cpp_display_width_computation):
+	Pass in policy rather than tabstop.
+	(cpp_display_width_computation::process_next_codepoint): Add "out"
+	param and populate *out if non-NULL.
+	(cpp_display_width_computation::advance_display_cols): Pass NULL
+	to process_next_codepoint.
+	(cpp_byte_column_to_display_column): Pass in policy rather than
+	tabstop.  Pass NULL to process_next_codepoint.
+	(cpp_display_column_to_byte_column): Pass in policy rather than
+	tabstop.
+	* errors.c (cpp_diagnostic_get_current_location): New function,
+	splitting out the logic from...
+	(cpp_diagnostic): ...here.
+	(cpp_warning_at): New function.
+	(cpp_pedwarning_at): New function.
+	* include/cpplib.h (cpp_warning_at): New decl for rich_location.
+	(cpp_pedwarning_at): Likewise.
+	(struct cpp_decoded_char): New.
+	(struct cpp_char_column_policy): New.
+	(cpp_display_width_computation::cpp_display_width_computation):
+	Replace "tabstop" param with "policy".
+	(cpp_display_width_computation::process_next_codepoint): Add "out"
+	param.
+	(cpp_display_width_computation::m_tabstop): Replace with...
+	(cpp_display_width_computation::m_policy): ...this.
+	(cpp_byte_column_to_display_column): Replace "tabstop" param with
+	"policy".
+	(cpp_display_width): Likewise.
+	(cpp_display_column_to_byte_column): Likewise.
+	* include/line-map.h (rich_location::escape_on_output_p): New.
+	(rich_location::set_escape_on_output): New.
+	(rich_location::m_escape_on_output): New.
+	* internal.h (cpp_diagnostic_get_current_location): New decl.
+	(class encoding_rich_location): New.
+	* lex.c (skip_whitespace): Use encoding_rich_location when
+	complaining about null characters.
+	(warn_about_normalization): Generate a source range when
+	complaining about improperly normalized tokens, rather than just a
+	point, and use encoding_rich_location so that the source code
+	is escaped on printing.
+	* line-map.c (rich_location::rich_location): Initialize
+	m_escape_on_output.
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=bd5e882cf6e0def3dd1bc106075d59a303fe0d1e]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/c-family/c-lex.c                          |   6 +-
+ gcc/common.opt                                |  13 +
+ gcc/diagnostic-format-json.cc                 |   3 +
+ gcc/diagnostic-show-locus.c                   | 580 +++++++++++++++---
+ gcc/diagnostic.c                              |  10 +-
+ gcc/diagnostic.h                              |  18 +
+ gcc/doc/invoke.texi                           |  43 +-
+ gcc/input.c                                   |  62 +-
+ gcc/input.h                                   |   7 +-
+ gcc/opts.c                                    |   4 +
+ gcc/selftest.c                                |  15 +
+ gcc/selftest.h                                |   2 +
+ .../c-c++-common/diagnostic-format-json-1.c   |   1 +
+ .../c-c++-common/diagnostic-format-json-2.c   |   1 +
+ .../c-c++-common/diagnostic-format-json-3.c   |   1 +
+ .../c-c++-common/diagnostic-format-json-4.c   |   2 +
+ .../c-c++-common/diagnostic-format-json-5.c   |   1 +
+ .../gcc.dg/cpp/warn-normalized-4-bytes.c      |  21 +
+ .../gcc.dg/cpp/warn-normalized-4-unicode.c    |  19 +
+ gcc/testsuite/gcc.dg/encoding-issues-bytes.c  | Bin 0 -> 595 bytes
+ .../gcc.dg/encoding-issues-unicode.c          | Bin 0 -> 613 bytes
+ .../gfortran.dg/diagnostic-format-json-1.F90  |   1 +
+ .../gfortran.dg/diagnostic-format-json-2.F90  |   1 +
+ .../gfortran.dg/diagnostic-format-json-3.F90  |   1 +
+ libcpp/charset.c                              |  63 +-
+ libcpp/errors.c                               |  82 ++-
+ libcpp/include/cpplib.h                       |  76 ++-
+ libcpp/include/line-map.h                     |  13 +
+ libcpp/internal.h                             |  23 +
+ libcpp/lex.c                                  |  38 +-
+ libcpp/line-map.c                             |   3 +-
+ 31 files changed, 942 insertions(+), 168 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c
+ create mode 100644 gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c
+ create mode 100644 gcc/testsuite/gcc.dg/encoding-issues-bytes.c
+ create mode 100644 gcc/testsuite/gcc.dg/encoding-issues-unicode.c
+
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+--- a/gcc/c-family/c-lex.c	2021-07-27 23:55:06.980283060 -0700
++++ b/gcc/c-family/c-lex.c	2021-12-14 01:16:01.541943272 -0800
+@@ -603,7 +603,11 @@ c_lex_with_flags (tree *value, location_
+ 	else if (ISGRAPH (c))
+ 	  error_at (*loc, "stray %qc in program", (int) c);
+ 	else
+-	  error_at (*loc, "stray %<\\%o%> in program", (int) c);
++	  {
++	    rich_location rich_loc (line_table, *loc);
++	    rich_loc.set_escape_on_output (true);
++	    error_at (&rich_loc, "stray %<\\%o%> in program", (int) c);
++	  }
+       }
+       goto retry;
+ 
+diff --git a/gcc/common.opt b/gcc/common.opt
+--- a/gcc/common.opt	2021-12-13 22:08:44.939137107 -0800
++++ b/gcc/common.opt	2021-12-14 01:16:01.541943272 -0800
+@@ -1348,6 +1348,10 @@ fdiagnostics-format=
+ Common Joined RejectNegative Enum(diagnostics_output_format)
+ -fdiagnostics-format=[text|json]	Select output format.
+ 
++fdiagnostics-escape-format=
++Common Joined RejectNegative Enum(diagnostics_escape_format)
++-fdiagnostics-escape-format=[unicode|bytes]	Select how to escape non-printable-ASCII bytes in the source for diagnostics that suggest it.
++
+ ; Required for these enum values.
+ SourceInclude
+ diagnostic.h
+@@ -1362,6 +1366,15 @@ EnumValue
+ Enum(diagnostics_column_unit) String(byte) Value(DIAGNOSTICS_COLUMN_UNIT_BYTE)
+ 
+ Enum
++Name(diagnostics_escape_format) Type(int)
++
++EnumValue
++Enum(diagnostics_escape_format) String(unicode) Value(DIAGNOSTICS_ESCAPE_FORMAT_UNICODE)
++
++EnumValue
++Enum(diagnostics_escape_format) String(bytes) Value(DIAGNOSTICS_ESCAPE_FORMAT_BYTES)
++
++Enum
+ Name(diagnostics_output_format) Type(int)
+ 
+ EnumValue
+diff --git a/gcc/diagnostic.c b/gcc/diagnostic.c
+--- a/gcc/diagnostic.c	2021-07-27 23:55:07.232286576 -0700
++++ b/gcc/diagnostic.c	2021-12-14 01:16:01.545943202 -0800
+@@ -230,6 +230,7 @@ diagnostic_initialize (diagnostic_contex
+   context->column_unit = DIAGNOSTICS_COLUMN_UNIT_DISPLAY;
+   context->column_origin = 1;
+   context->tabstop = 8;
++  context->escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
+   context->edit_context_ptr = NULL;
+   context->diagnostic_group_nesting_depth = 0;
+   context->diagnostic_group_emission_count = 0;
+@@ -382,7 +383,10 @@ convert_column_unit (enum diagnostics_co
+       gcc_unreachable ();
+ 
+     case DIAGNOSTICS_COLUMN_UNIT_DISPLAY:
+-      return location_compute_display_column (s, tabstop);
++      {
++	cpp_char_column_policy policy (tabstop, cpp_wcwidth);
++	return location_compute_display_column (s, policy);
++      }
+ 
+     case DIAGNOSTICS_COLUMN_UNIT_BYTE:
+       return s.column;
+@@ -2275,8 +2279,8 @@ test_diagnostic_get_location_text ()
+     const char *const content = "smile \xf0\x9f\x98\x82\n";
+     const int line_bytes = strlen (content) - 1;
+     const int def_tabstop = 8;
+-    const int display_width = cpp_display_width (content, line_bytes,
+-						 def_tabstop);
++    const cpp_char_column_policy policy (def_tabstop, cpp_wcwidth);
++    const int display_width = cpp_display_width (content, line_bytes, policy);
+     ASSERT_EQ (line_bytes - 2, display_width);
+     temp_source_file tmp (SELFTEST_LOCATION, ".c", content);
+     const char *const fname = tmp.get_filename ();
+diff --git a/gcc/diagnostic-format-json.cc b/gcc/diagnostic-format-json.cc
+--- a/gcc/diagnostic-format-json.cc	2021-07-27 23:55:07.232286576 -0700
++++ b/gcc/diagnostic-format-json.cc	2021-12-14 01:16:01.541943272 -0800
+@@ -264,6 +264,9 @@ json_end_diagnostic (diagnostic_context
+       json::value *path_value = context->make_json_for_path (context, path);
+       diag_obj->set ("path", path_value);
+     }
++
++  diag_obj->set ("escape-source",
++		 new json::literal (richloc->escape_on_output_p ()));
+ }
+ 
+ /* No-op implementation of "begin_group_cb" for JSON output.  */
+diff --git a/gcc/diagnostic.h b/gcc/diagnostic.h
+--- a/gcc/diagnostic.h	2021-07-27 23:55:07.236286632 -0700
++++ b/gcc/diagnostic.h	2021-12-14 01:16:01.545943202 -0800
+@@ -38,6 +38,20 @@ enum diagnostics_column_unit
+   DIAGNOSTICS_COLUMN_UNIT_BYTE
+ };
+ 
++/* An enum for controlling how to print non-ASCII characters/bytes when
++   a diagnostic suggests escaping the source code on output.  */
++
++enum diagnostics_escape_format
++{
++  /* Escape non-ASCII Unicode characters in the form <U+XXXX> and
++     non-UTF-8 bytes in the form <XX>.  */
++  DIAGNOSTICS_ESCAPE_FORMAT_UNICODE,
++
++  /* Escape non-ASCII bytes in the form <XX> (thus showing the underlying
++     encoding of non-ASCII Unicode characters).  */
++  DIAGNOSTICS_ESCAPE_FORMAT_BYTES
++};
++
+ /* Enum for overriding the standard output format.  */
+ 
+ enum diagnostics_output_format
+@@ -320,6 +334,10 @@ struct diagnostic_context
+   /* The size of the tabstop for tab expansion.  */
+   int tabstop;
+ 
++  /* How should non-ASCII/non-printable bytes be escaped when
++     a diagnostic suggests escaping the source code on output.  */
++  enum diagnostics_escape_format escape_format;
++
+   /* If non-NULL, an edit_context to which fix-it hints should be
+      applied, for generating patches.  */
+   edit_context *edit_context_ptr;
+diff --git a/gcc/diagnostic-show-locus.c b/gcc/diagnostic-show-locus.c
+--- a/gcc/diagnostic-show-locus.c	2021-07-27 23:55:07.232286576 -0700
++++ b/gcc/diagnostic-show-locus.c	2021-12-14 01:16:01.545943202 -0800
+@@ -175,10 +175,26 @@ enum column_unit {
+ class exploc_with_display_col : public expanded_location
+ {
+  public:
+-  exploc_with_display_col (const expanded_location &exploc, int tabstop)
+-    : expanded_location (exploc),
+-      m_display_col (location_compute_display_column (exploc, tabstop))
+-  {}
++  exploc_with_display_col (const expanded_location &exploc,
++			   const cpp_char_column_policy &policy,
++			   enum location_aspect aspect)
++  : expanded_location (exploc),
++    m_display_col (location_compute_display_column (exploc, policy))
++  {
++    if (exploc.column > 0)
++      {
++	/* m_display_col is now the final column of the byte.
++	   If escaping has happened, we may want the first column instead.  */
++	if (aspect != LOCATION_ASPECT_FINISH)
++	  {
++	    expanded_location prev_exploc (exploc);
++	    prev_exploc.column--;
++	    int prev_display_col
++	      = (location_compute_display_column (prev_exploc, policy));
++	    m_display_col = prev_display_col + 1;
++	  }
++      }
++  }
+ 
+   int m_display_col;
+ };
+@@ -313,6 +329,31 @@ test_line_span ()
+ 
+ #endif /* #if CHECKING_P */
+ 
++/* A bundle of information containing how to print unicode
++   characters and bytes when quoting source code.
++
++   Provides a unified place to support escaping some subset
++   of characters to some format.
++
++   Extends char_column_policy; printing is split out to avoid
++   libcpp having to know about pretty_printer.  */
++
++struct char_display_policy : public cpp_char_column_policy
++{
++ public:
++  char_display_policy (int tabstop,
++		       int (*width_cb) (cppchar_t c),
++		       void (*print_cb) (pretty_printer *pp,
++					 const cpp_decoded_char &cp))
++  : cpp_char_column_policy (tabstop, width_cb),
++    m_print_cb (print_cb)
++  {
++  }
++
++  void (*m_print_cb) (pretty_printer *pp,
++		      const cpp_decoded_char &cp);
++};
++
+ /* A class to control the overall layout when printing a diagnostic.
+ 
+    The layout is determined within the constructor.
+@@ -345,6 +386,8 @@ class layout
+ 
+   void print_line (linenum_type row);
+ 
++  void on_bad_codepoint (const char *ptr, cppchar_t ch, size_t ch_sz);
++
+  private:
+   bool will_show_line_p (linenum_type row) const;
+   void print_leading_fixits (linenum_type row);
+@@ -386,6 +429,7 @@ class layout
+  private:
+   diagnostic_context *m_context;
+   pretty_printer *m_pp;
++  char_display_policy m_policy;
+   location_t m_primary_loc;
+   exploc_with_display_col m_exploc;
+   colorizer m_colorizer;
+@@ -398,6 +442,7 @@ class layout
+   auto_vec <line_span> m_line_spans;
+   int m_linenum_width;
+   int m_x_offset_display;
++  bool m_escape_on_output;
+ };
+ 
+ /* Implementation of "class colorizer".  */
+@@ -646,6 +691,11 @@ layout_range::intersects_line_p (linenum
+ /* Default for when we don't care what the tab expansion is set to.  */
+ static const int def_tabstop = 8;
+ 
++static cpp_char_column_policy def_policy ()
++{
++  return cpp_char_column_policy (8, cpp_wcwidth);
++}
++
+ /* Create some expanded locations for testing layout_range.  The filename
+    member of the explocs is set to the empty string.  This member will only be
+    inspected by the calls to location_compute_display_column() made from the
+@@ -662,10 +712,13 @@ make_range (int start_line, int start_co
+     = {"", start_line, start_col, NULL, false};
+   const expanded_location finish_exploc
+     = {"", end_line, end_col, NULL, false};
+-  return layout_range (exploc_with_display_col (start_exploc, def_tabstop),
+-		       exploc_with_display_col (finish_exploc, def_tabstop),
++  return layout_range (exploc_with_display_col (start_exploc, def_policy (),
++						LOCATION_ASPECT_START),
++		       exploc_with_display_col (finish_exploc, def_policy (),
++						LOCATION_ASPECT_FINISH),
+ 		       SHOW_RANGE_WITHOUT_CARET,
+-		       exploc_with_display_col (start_exploc, def_tabstop),
++		       exploc_with_display_col (start_exploc, def_policy (),
++						LOCATION_ASPECT_CARET),
+ 		       0, NULL);
+ }
+ 
+@@ -959,6 +1012,164 @@ fixit_cmp (const void *p_a, const void *
+   return hint_a->get_start_loc () - hint_b->get_start_loc ();
+ }
+ 
++/* Callbacks for use when not escaping the source.  */
++
++/* The default callback for char_column_policy::m_width_cb is cpp_wcwidth.  */
++
++/* Callback for char_display_policy::m_print_cb for printing source chars
++   when not escaping the source.  */
++
++static void
++default_print_decoded_ch (pretty_printer *pp,
++			  const cpp_decoded_char &decoded_ch)
++{
++  for (const char *ptr = decoded_ch.m_start_byte;
++       ptr != decoded_ch.m_next_byte; ptr++)
++    {
++      if (*ptr == '\0' || *ptr == '\r')
++	{
++	  pp_space (pp);
++	  continue;
++	}
++
++      pp_character (pp, *ptr);
++    }
++}
++
++/* Callbacks for use with DIAGNOSTICS_ESCAPE_FORMAT_BYTES.  */
++
++static const int width_per_escaped_byte = 4;
++
++/* Callback for char_column_policy::m_width_cb for determining the
++   display width when escaping with DIAGNOSTICS_ESCAPE_FORMAT_BYTES.  */
++
++static int
++escape_as_bytes_width (cppchar_t ch)
++{
++  if (ch < 0x80 && ISPRINT (ch))
++    return cpp_wcwidth (ch);
++  else
++    {
++      if (ch <=   0x7F) return 1 * width_per_escaped_byte;
++      if (ch <=  0x7FF) return 2 * width_per_escaped_byte;
++      if (ch <= 0xFFFF) return 3 * width_per_escaped_byte;
++      return 4 * width_per_escaped_byte;
++    }
++}
++
++/* Callback for char_display_policy::m_print_cb for printing source chars
++   when escaping with DIAGNOSTICS_ESCAPE_FORMAT_BYTES.  */
++
++static void
++escape_as_bytes_print (pretty_printer *pp,
++		       const cpp_decoded_char &decoded_ch)
++{
++  if (!decoded_ch.m_valid_ch)
++    {
++      for (const char *iter = decoded_ch.m_start_byte;
++	   iter != decoded_ch.m_next_byte; ++iter)
++	{
++	  char buf[16];
++	  sprintf (buf, "<%02x>", (unsigned char)*iter);
++	  pp_string (pp, buf);
++	}
++      return;
++    }
++
++  cppchar_t ch = decoded_ch.m_ch;
++  if (ch < 0x80 && ISPRINT (ch))
++    pp_character (pp, ch);
++  else
++    {
++      for (const char *iter = decoded_ch.m_start_byte;
++	   iter < decoded_ch.m_next_byte; ++iter)
++	{
++	  char buf[16];
++	  sprintf (buf, "<%02x>", (unsigned char)*iter);
++	  pp_string (pp, buf);
++	}
++    }
++}
++
++/* Callbacks for use with DIAGNOSTICS_ESCAPE_FORMAT_UNICODE.  */
++
++/* Callback for char_column_policy::m_width_cb for determining the
++   display width when escaping with DIAGNOSTICS_ESCAPE_FORMAT_UNICODE.  */
++
++static int
++escape_as_unicode_width (cppchar_t ch)
++{
++  if (ch < 0x80 && ISPRINT (ch))
++    return cpp_wcwidth (ch);
++  else
++    {
++      // Width of "<U+%04x>"
++      if (ch > 0xfffff)
++	return 10;
++      else if (ch > 0xffff)
++	return 9;
++      else
++	return 8;
++    }
++}
++
++/* Callback for char_display_policy::m_print_cb for printing source chars
++   when escaping with DIAGNOSTICS_ESCAPE_FORMAT_UNICODE.  */
++
++static void
++escape_as_unicode_print (pretty_printer *pp,
++			 const cpp_decoded_char &decoded_ch)
++{
++  if (!decoded_ch.m_valid_ch)
++    {
++      escape_as_bytes_print (pp, decoded_ch);
++      return;
++    }
++
++  cppchar_t ch = decoded_ch.m_ch;
++  if (ch < 0x80 && ISPRINT (ch))
++    pp_character (pp, ch);
++  else
++    {
++      char buf[16];
++      sprintf (buf, "<U+%04X>", ch);
++      pp_string (pp, buf);
++    }
++}
++
++/* Populate a char_display_policy based on DC and RICHLOC.  */
++
++static char_display_policy
++make_policy (const diagnostic_context &dc,
++	     const rich_location &richloc)
++{
++  /* The default is to not escape non-ASCII bytes.  */
++  char_display_policy result
++    (dc.tabstop, cpp_wcwidth, default_print_decoded_ch);
++
++  /* If the diagnostic suggests escaping non-ASCII bytes, then
++     use policy from user-supplied options.  */
++  if (richloc.escape_on_output_p ())
++    {
++      result.m_undecoded_byte_width = width_per_escaped_byte;
++      switch (dc.escape_format)
++	{
++	default:
++	  gcc_unreachable ();
++	case DIAGNOSTICS_ESCAPE_FORMAT_UNICODE:
++	  result.m_width_cb = escape_as_unicode_width;
++	  result.m_print_cb = escape_as_unicode_print;
++	  break;
++	case DIAGNOSTICS_ESCAPE_FORMAT_BYTES:
++	  result.m_width_cb = escape_as_bytes_width;
++	  result.m_print_cb = escape_as_bytes_print;
++	  break;
++	}
++    }
++
++  return result;
++}
++
+ /* Implementation of class layout.  */
+ 
+ /* Constructor for class layout.
+@@ -975,8 +1186,10 @@ layout::layout (diagnostic_context * con
+ 		diagnostic_t diagnostic_kind)
+ : m_context (context),
+   m_pp (context->printer),
++  m_policy (make_policy (*context, *richloc)),
+   m_primary_loc (richloc->get_range (0)->m_loc),
+-  m_exploc (richloc->get_expanded_location (0), context->tabstop),
++  m_exploc (richloc->get_expanded_location (0), m_policy,
++	    LOCATION_ASPECT_CARET),
+   m_colorizer (context, diagnostic_kind),
+   m_colorize_source_p (context->colorize_source_p),
+   m_show_labels_p (context->show_labels_p),
+@@ -986,7 +1199,8 @@ layout::layout (diagnostic_context * con
+   m_fixit_hints (richloc->get_num_fixit_hints ()),
+   m_line_spans (1 + richloc->get_num_locations ()),
+   m_linenum_width (0),
+-  m_x_offset_display (0)
++  m_x_offset_display (0),
++  m_escape_on_output (richloc->escape_on_output_p ())
+ {
+   for (unsigned int idx = 0; idx < richloc->get_num_locations (); idx++)
+     {
+@@ -1072,10 +1286,13 @@ layout::maybe_add_location_range (const
+ 
+   /* Everything is now known to be in the correct source file,
+      but it may require further sanitization.  */
+-  layout_range ri (exploc_with_display_col (start, m_context->tabstop),
+-		   exploc_with_display_col (finish, m_context->tabstop),
++  layout_range ri (exploc_with_display_col (start, m_policy,
++					    LOCATION_ASPECT_START),
++		   exploc_with_display_col (finish, m_policy,
++					    LOCATION_ASPECT_FINISH),
+ 		   loc_range->m_range_display_kind,
+-		   exploc_with_display_col (caret, m_context->tabstop),
++		   exploc_with_display_col (caret, m_policy,
++					    LOCATION_ASPECT_CARET),
+ 		   original_idx, loc_range->m_label);
+ 
+   /* If we have a range that finishes before it starts (perhaps
+@@ -1409,7 +1626,7 @@ layout::calculate_x_offset_display ()
+     = get_line_bytes_without_trailing_whitespace (line.get_buffer (),
+ 						  line.length ());
+   int eol_display_column
+-    = cpp_display_width (line.get_buffer (), line_bytes, m_context->tabstop);
++    = cpp_display_width (line.get_buffer (), line_bytes, m_policy);
+   if (caret_display_column > eol_display_column
+       || !caret_display_column)
+     {
+@@ -1488,7 +1705,7 @@ layout::print_source_line (linenum_type
+   /* This object helps to keep track of which display column we are at, which is
+      necessary for computing the line bounds in display units, for doing
+      tab expansion, and for implementing m_x_offset_display.  */
+-  cpp_display_width_computation dw (line, line_bytes, m_context->tabstop);
++  cpp_display_width_computation dw (line, line_bytes, m_policy);
+ 
+   /* Skip the first m_x_offset_display display columns.  In case the leading
+      portion that will be skipped ends with a character with wcwidth > 1, then
+@@ -1536,7 +1753,8 @@ layout::print_source_line (linenum_type
+ 	 tabs and replacing some control bytes with spaces as necessary.  */
+       const char *c = dw.next_byte ();
+       const int start_disp_col = dw.display_cols_processed () + 1;
+-      const int this_display_width = dw.process_next_codepoint ();
++      cpp_decoded_char cp;
++      const int this_display_width = dw.process_next_codepoint (&cp);
+       if (*c == '\t')
+ 	{
+ 	  /* The returned display width is the number of spaces into which the
+@@ -1545,15 +1763,6 @@ layout::print_source_line (linenum_type
+ 	    pp_space (m_pp);
+ 	  continue;
+ 	}
+-      if (*c == '\0' || *c == '\r')
+-	{
+-	  /* cpp_wcwidth() promises to return 1 for all control bytes, and we
+-	     want to output these as a single space too, so this case is
+-	     actually the same as the '\t' case.  */
+-	  gcc_assert (this_display_width == 1);
+-	  pp_space (m_pp);
+-	  continue;
+-	}
+ 
+       /* We have a (possibly multibyte) character to output; update the line
+ 	 bounds if it is not whitespace.  */
+@@ -1565,7 +1774,8 @@ layout::print_source_line (linenum_type
+ 	}
+ 
+       /* Output the character.  */
+-      while (c != dw.next_byte ()) pp_character (m_pp, *c++);
++      m_policy.m_print_cb (m_pp, cp);
++      c = dw.next_byte ();
+     }
+   print_newline ();
+   return lbounds;
+@@ -1664,14 +1874,14 @@ layout::print_annotation_line (linenum_t
+ class line_label
+ {
+ public:
+-  line_label (diagnostic_context *context, int state_idx, int column,
++  line_label (const cpp_char_column_policy &policy,
++	      int state_idx, int column,
+ 	      label_text text)
+   : m_state_idx (state_idx), m_column (column),
+     m_text (text), m_label_line (0), m_has_vbar (true)
+   {
+     const int bytes = strlen (text.m_buffer);
+-    m_display_width
+-      = cpp_display_width (text.m_buffer, bytes, context->tabstop);
++    m_display_width = cpp_display_width (text.m_buffer, bytes, policy);
+   }
+ 
+   /* Sorting is primarily by column, then by state index.  */
+@@ -1731,7 +1941,7 @@ layout::print_any_labels (linenum_type r
+ 	if (text.m_buffer == NULL)
+ 	  continue;
+ 
+-	labels.safe_push (line_label (m_context, i, disp_col, text));
++	labels.safe_push (line_label (m_policy, i, disp_col, text));
+       }
+   }
+ 
+@@ -2011,7 +2221,7 @@ public:
+ 
+ /* Get the range of bytes or display columns that HINT would affect.  */
+ static column_range
+-get_affected_range (diagnostic_context *context,
++get_affected_range (const cpp_char_column_policy &policy,
+ 		    const fixit_hint *hint, enum column_unit col_unit)
+ {
+   expanded_location exploc_start = expand_location (hint->get_start_loc ());
+@@ -2022,13 +2232,11 @@ get_affected_range (diagnostic_context *
+   int finish_column;
+   if (col_unit == CU_DISPLAY_COLS)
+     {
+-      start_column
+-	= location_compute_display_column (exploc_start, context->tabstop);
++      start_column = location_compute_display_column (exploc_start, policy);
+       if (hint->insertion_p ())
+ 	finish_column = start_column - 1;
+       else
+-	finish_column
+-	  = location_compute_display_column (exploc_finish, context->tabstop);
++	finish_column = location_compute_display_column (exploc_finish, policy);
+     }
+   else
+     {
+@@ -2041,12 +2249,13 @@ get_affected_range (diagnostic_context *
+ /* Get the range of display columns that would be printed for HINT.  */
+ 
+ static column_range
+-get_printed_columns (diagnostic_context *context, const fixit_hint *hint)
++get_printed_columns (const cpp_char_column_policy &policy,
++		     const fixit_hint *hint)
+ {
+   expanded_location exploc = expand_location (hint->get_start_loc ());
+-  int start_column = location_compute_display_column (exploc, context->tabstop);
++  int start_column = location_compute_display_column (exploc, policy);
+   int hint_width = cpp_display_width (hint->get_string (), hint->get_length (),
+-				      context->tabstop);
++				      policy);
+   int final_hint_column = start_column + hint_width - 1;
+   if (hint->insertion_p ())
+     {
+@@ -2056,8 +2265,7 @@ get_printed_columns (diagnostic_context
+     {
+       exploc = expand_location (hint->get_next_loc ());
+       --exploc.column;
+-      int finish_column
+-	= location_compute_display_column (exploc, context->tabstop);
++      int finish_column = location_compute_display_column (exploc, policy);
+       return column_range (start_column,
+ 			   MAX (finish_column, final_hint_column));
+     }
+@@ -2075,13 +2283,13 @@ public:
+ 	      column_range affected_columns,
+ 	      column_range printed_columns,
+ 	      const char *new_text, size_t new_text_len,
+-	      int tabstop)
++	      const cpp_char_column_policy &policy)
+   : m_affected_bytes (affected_bytes),
+     m_affected_columns (affected_columns),
+     m_printed_columns (printed_columns),
+     m_text (xstrdup (new_text)),
+     m_byte_length (new_text_len),
+-    m_tabstop (tabstop),
++    m_policy (policy),
+     m_alloc_sz (new_text_len + 1)
+   {
+     compute_display_cols ();
+@@ -2099,7 +2307,7 @@ public:
+ 
+   void compute_display_cols ()
+   {
+-    m_display_cols = cpp_display_width (m_text, m_byte_length, m_tabstop);
++    m_display_cols = cpp_display_width (m_text, m_byte_length, m_policy);
+   }
+ 
+   void overwrite (int dst_offset, const char_span &src_span)
+@@ -2127,7 +2335,7 @@ public:
+   char *m_text;
+   size_t m_byte_length; /* Not including null-terminator.  */
+   int m_display_cols;
+-  int m_tabstop;
++  const cpp_char_column_policy &m_policy;
+   size_t m_alloc_sz;
+ };
+ 
+@@ -2163,15 +2371,16 @@ correction::ensure_terminated ()
+ class line_corrections
+ {
+ public:
+-  line_corrections (diagnostic_context *context, const char *filename,
++  line_corrections (const char_display_policy &policy,
++		    const char *filename,
+ 		    linenum_type row)
+-    : m_context (context), m_filename (filename), m_row (row)
++  : m_policy (policy), m_filename (filename), m_row (row)
+   {}
+   ~line_corrections ();
+ 
+   void add_hint (const fixit_hint *hint);
+ 
+-  diagnostic_context *m_context;
++  const char_display_policy &m_policy;
+   const char *m_filename;
+   linenum_type m_row;
+   auto_vec <correction *> m_corrections;
+@@ -2217,10 +2426,10 @@ source_line::source_line (const char *fi
+ void
+ line_corrections::add_hint (const fixit_hint *hint)
+ {
+-  column_range affected_bytes = get_affected_range (m_context, hint, CU_BYTES);
+-  column_range affected_columns = get_affected_range (m_context, hint,
++  column_range affected_bytes = get_affected_range (m_policy, hint, CU_BYTES);
++  column_range affected_columns = get_affected_range (m_policy, hint,
+ 						      CU_DISPLAY_COLS);
+-  column_range printed_columns = get_printed_columns (m_context, hint);
++  column_range printed_columns = get_printed_columns (m_policy, hint);
+ 
+   /* Potentially consolidate.  */
+   if (!m_corrections.is_empty ())
+@@ -2289,7 +2498,7 @@ line_corrections::add_hint (const fixit_
+ 					   printed_columns,
+ 					   hint->get_string (),
+ 					   hint->get_length (),
+-					   m_context->tabstop));
++					   m_policy));
+ }
+ 
+ /* If there are any fixit hints on source line ROW, print them.
+@@ -2303,7 +2512,7 @@ layout::print_trailing_fixits (linenum_t
+ {
+   /* Build a list of correction instances for the line,
+      potentially consolidating hints (for the sake of readability).  */
+-  line_corrections corrections (m_context, m_exploc.file, row);
++  line_corrections corrections (m_policy, m_exploc.file, row);
+   for (unsigned int i = 0; i < m_fixit_hints.length (); i++)
+     {
+       const fixit_hint *hint = m_fixit_hints[i];
+@@ -2646,6 +2855,59 @@ namespace selftest {
+ 
+ /* Selftests for diagnostic_show_locus.  */
+ 
++/* Verify that cpp_display_width correctly handles escaping.  */
++
++static void
++test_display_widths ()
++{
++  gcc_rich_location richloc (UNKNOWN_LOCATION);
++
++  /* U+03C0 "GREEK SMALL LETTER PI".  */
++  const char *pi = "\xCF\x80";
++  /* U+1F642 "SLIGHTLY SMILING FACE".  */
++  const char *emoji = "\xF0\x9F\x99\x82";
++  /* Stray trailing byte of a UTF-8 character.  */
++  const char *stray = "\xBF";
++  /* U+10FFFF.  */
++  const char *max_codepoint = "\xF4\x8F\xBF\xBF";
++
++  /* No escaping.  */
++  {
++    test_diagnostic_context dc;
++    char_display_policy policy (make_policy (dc, richloc));
++    ASSERT_EQ (cpp_display_width (pi, strlen (pi), policy), 1);
++    ASSERT_EQ (cpp_display_width (emoji, strlen (emoji), policy), 2);
++    ASSERT_EQ (cpp_display_width (stray, strlen (stray), policy), 1);
++    /* Don't check width of U+10FFFF; it's in a private use plane.  */
++  }
++
++  richloc.set_escape_on_output (true);
++
++  {
++    test_diagnostic_context dc;
++    dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++    char_display_policy policy (make_policy (dc, richloc));
++    ASSERT_EQ (cpp_display_width (pi, strlen (pi), policy), 8);
++    ASSERT_EQ (cpp_display_width (emoji, strlen (emoji), policy), 9);
++    ASSERT_EQ (cpp_display_width (stray, strlen (stray), policy), 4);
++    ASSERT_EQ (cpp_display_width (max_codepoint, strlen (max_codepoint),
++				  policy),
++	       strlen ("<U+10FFFF>"));
++  }
++
++  {
++    test_diagnostic_context dc;
++    dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++    char_display_policy policy (make_policy (dc, richloc));
++    ASSERT_EQ (cpp_display_width (pi, strlen (pi), policy), 8);
++    ASSERT_EQ (cpp_display_width (emoji, strlen (emoji), policy), 16);
++    ASSERT_EQ (cpp_display_width (stray, strlen (stray), policy), 4);
++    ASSERT_EQ (cpp_display_width (max_codepoint, strlen (max_codepoint),
++				  policy),
++	       16);
++  }
++}
++
+ /* For precise tests of the layout, make clear where the source line will
+    start.  test_left_margin sets the total byte count from the left side of the
+    screen to the start of source lines, after the line number and the separator,
+@@ -2715,10 +2977,10 @@ test_layout_x_offset_display_utf8 (const
+   char_span lspan = location_get_source_line (tmp.get_filename (), 1);
+   ASSERT_EQ (line_display_cols,
+ 	     cpp_display_width (lspan.get_buffer (), lspan.length (),
+-				def_tabstop));
++				def_policy ()));
+   ASSERT_EQ (line_display_cols,
+ 	     location_compute_display_column (expand_location (line_end),
+-					      def_tabstop));
++					      def_policy ()));
+   ASSERT_EQ (0, memcmp (lspan.get_buffer () + (emoji_col - 1),
+ 			"\xf0\x9f\x98\x82\xf0\x9f\x98\x82", 8));
+ 
+@@ -2866,12 +3128,13 @@ test_layout_x_offset_display_tab (const
+   ASSERT_EQ ('\t', *(lspan.get_buffer () + (tab_col - 1)));
+   for (int tabstop = 1; tabstop != num_tabstops; ++tabstop)
+     {
++      cpp_char_column_policy policy (tabstop, cpp_wcwidth);
+       ASSERT_EQ (line_bytes + extra_width[tabstop],
+ 		 cpp_display_width (lspan.get_buffer (), lspan.length (),
+-				    tabstop));
++				    policy));
+       ASSERT_EQ (line_bytes + extra_width[tabstop],
+ 		 location_compute_display_column (expand_location (line_end),
+-						  tabstop));
++						  policy));
+     }
+ 
+   /* Check that the tab is expanded to the expected number of spaces.  */
+@@ -4003,6 +4266,43 @@ test_one_liner_labels_utf8 ()
+ 			   " bb\xf0\x9f\x98\x82\xf0\x9f\x98\x82\n",
+ 		  pp_formatted_text (dc.printer));
+   }
++
++  /* Example of escaping the source lines.  */
++  {
++    text_range_label label0 ("label 0\xf0\x9f\x98\x82");
++    text_range_label label1 ("label 1\xcf\x80");
++    text_range_label label2 ("label 2\xcf\x80");
++    gcc_rich_location richloc (foo, &label0);
++    richloc.add_range (bar, SHOW_RANGE_WITHOUT_CARET, &label1);
++    richloc.add_range (field, SHOW_RANGE_WITHOUT_CARET, &label2);
++    richloc.set_escape_on_output (true);
++
++    {
++      test_diagnostic_context dc;
++      dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++      diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++      ASSERT_STREQ (" <U+1F602>_foo = <U+03C0>_bar.<U+1F602>_field<U+03C0>;\n"
++		    " ^~~~~~~~~~~~~   ~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~\n"
++		    " |               |            |\n"
++		    " |               |            label 2\xcf\x80\n"
++		    " |               label 1\xcf\x80\n"
++		    " label 0\xf0\x9f\x98\x82\n",
++		    pp_formatted_text (dc.printer));
++    }
++    {
++      test_diagnostic_context dc;
++      dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++      diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++      ASSERT_STREQ
++	(" <f0><9f><98><82>_foo = <cf><80>_bar.<f0><9f><98><82>_field<cf><80>;\n"
++	 " ^~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
++	 " |                      |            |\n"
++	 " |                      |            label 2\xcf\x80\n"
++	 " |                      label 1\xcf\x80\n"
++	 " label 0\xf0\x9f\x98\x82\n",
++	 pp_formatted_text (dc.printer));
++    }
++  }
+ }
+ 
+ /* Make sure that colorization codes don't interrupt a multibyte
+@@ -4057,9 +4357,9 @@ test_diagnostic_show_locus_one_liner_utf
+ 
+   char_span lspan = location_get_source_line (tmp.get_filename (), 1);
+   ASSERT_EQ (25, cpp_display_width (lspan.get_buffer (), lspan.length (),
+-				    def_tabstop));
++				    def_policy ()));
+   ASSERT_EQ (25, location_compute_display_column (expand_location (line_end),
+-						  def_tabstop));
++						  def_policy ()));
+ 
+   test_one_liner_simple_caret_utf8 ();
+   test_one_liner_caret_and_range_utf8 ();
+@@ -4445,30 +4745,31 @@ test_overlapped_fixit_printing (const li
+ 		  pp_formatted_text (dc.printer));
+ 
+     /* Unit-test the line_corrections machinery.  */
++    char_display_policy policy (make_policy (dc, richloc));
+     ASSERT_EQ (3, richloc.get_num_fixit_hints ());
+     const fixit_hint *hint_0 = richloc.get_fixit_hint (0);
+     ASSERT_EQ (column_range (12, 12),
+-	       get_affected_range (&dc, hint_0, CU_BYTES));
++	       get_affected_range (policy, hint_0, CU_BYTES));
+     ASSERT_EQ (column_range (12, 12),
+-	       get_affected_range (&dc, hint_0, CU_DISPLAY_COLS));
+-    ASSERT_EQ (column_range (12, 22), get_printed_columns (&dc, hint_0));
++	       get_affected_range (policy, hint_0, CU_DISPLAY_COLS));
++    ASSERT_EQ (column_range (12, 22), get_printed_columns (policy, hint_0));
+     const fixit_hint *hint_1 = richloc.get_fixit_hint (1);
+     ASSERT_EQ (column_range (18, 18),
+-	       get_affected_range (&dc, hint_1, CU_BYTES));
++	       get_affected_range (policy, hint_1, CU_BYTES));
+     ASSERT_EQ (column_range (18, 18),
+-	       get_affected_range (&dc, hint_1, CU_DISPLAY_COLS));
+-    ASSERT_EQ (column_range (18, 20), get_printed_columns (&dc, hint_1));
++	       get_affected_range (policy, hint_1, CU_DISPLAY_COLS));
++    ASSERT_EQ (column_range (18, 20), get_printed_columns (policy, hint_1));
+     const fixit_hint *hint_2 = richloc.get_fixit_hint (2);
+     ASSERT_EQ (column_range (29, 28),
+-	       get_affected_range (&dc, hint_2, CU_BYTES));
++	       get_affected_range (policy, hint_2, CU_BYTES));
+     ASSERT_EQ (column_range (29, 28),
+-	       get_affected_range (&dc, hint_2, CU_DISPLAY_COLS));
+-    ASSERT_EQ (column_range (29, 29), get_printed_columns (&dc, hint_2));
++	       get_affected_range (policy, hint_2, CU_DISPLAY_COLS));
++    ASSERT_EQ (column_range (29, 29), get_printed_columns (policy, hint_2));
+ 
+     /* Add each hint in turn to a line_corrections instance,
+        and verify that they are consolidated into one correction instance
+        as expected.  */
+-    line_corrections lc (&dc, tmp.get_filename (), 1);
++    line_corrections lc (policy, tmp.get_filename (), 1);
+ 
+     /* The first replace hint by itself.  */
+     lc.add_hint (hint_0);
+@@ -4660,30 +4961,31 @@ test_overlapped_fixit_printing_utf8 (con
+ 		  pp_formatted_text (dc.printer));
+ 
+     /* Unit-test the line_corrections machinery.  */
++    char_display_policy policy (make_policy (dc, richloc));
+     ASSERT_EQ (3, richloc.get_num_fixit_hints ());
+     const fixit_hint *hint_0 = richloc.get_fixit_hint (0);
+     ASSERT_EQ (column_range (14, 14),
+-	       get_affected_range (&dc, hint_0, CU_BYTES));
++	       get_affected_range (policy, hint_0, CU_BYTES));
+     ASSERT_EQ (column_range (12, 12),
+-	       get_affected_range (&dc, hint_0, CU_DISPLAY_COLS));
+-    ASSERT_EQ (column_range (12, 22), get_printed_columns (&dc, hint_0));
++	       get_affected_range (policy, hint_0, CU_DISPLAY_COLS));
++    ASSERT_EQ (column_range (12, 22), get_printed_columns (policy, hint_0));
+     const fixit_hint *hint_1 = richloc.get_fixit_hint (1);
+     ASSERT_EQ (column_range (22, 22),
+-	       get_affected_range (&dc, hint_1, CU_BYTES));
++	       get_affected_range (policy, hint_1, CU_BYTES));
+     ASSERT_EQ (column_range (18, 18),
+-	       get_affected_range (&dc, hint_1, CU_DISPLAY_COLS));
+-    ASSERT_EQ (column_range (18, 20), get_printed_columns (&dc, hint_1));
++	       get_affected_range (policy, hint_1, CU_DISPLAY_COLS));
++    ASSERT_EQ (column_range (18, 20), get_printed_columns (policy, hint_1));
+     const fixit_hint *hint_2 = richloc.get_fixit_hint (2);
+     ASSERT_EQ (column_range (35, 34),
+-	       get_affected_range (&dc, hint_2, CU_BYTES));
++	       get_affected_range (policy, hint_2, CU_BYTES));
+     ASSERT_EQ (column_range (30, 29),
+-	       get_affected_range (&dc, hint_2, CU_DISPLAY_COLS));
+-    ASSERT_EQ (column_range (30, 30), get_printed_columns (&dc, hint_2));
++	       get_affected_range (policy, hint_2, CU_DISPLAY_COLS));
++    ASSERT_EQ (column_range (30, 30), get_printed_columns (policy, hint_2));
+ 
+     /* Add each hint in turn to a line_corrections instance,
+        and verify that they are consolidated into one correction instance
+        as expected.  */
+-    line_corrections lc (&dc, tmp.get_filename (), 1);
++    line_corrections lc (policy, tmp.get_filename (), 1);
+ 
+     /* The first replace hint by itself.  */
+     lc.add_hint (hint_0);
+@@ -4877,15 +5179,16 @@ test_overlapped_fixit_printing_2 (const
+     richloc.add_fixit_insert_before (col_21, "}");
+ 
+     /* These fixits should be accepted; they can't be consolidated.  */
++    char_display_policy policy (make_policy (dc, richloc));
+     ASSERT_EQ (2, richloc.get_num_fixit_hints ());
+     const fixit_hint *hint_0 = richloc.get_fixit_hint (0);
+     ASSERT_EQ (column_range (23, 22),
+-	       get_affected_range (&dc, hint_0, CU_BYTES));
+-    ASSERT_EQ (column_range (23, 23), get_printed_columns (&dc, hint_0));
++	       get_affected_range (policy, hint_0, CU_BYTES));
++    ASSERT_EQ (column_range (23, 23), get_printed_columns (policy, hint_0));
+     const fixit_hint *hint_1 = richloc.get_fixit_hint (1);
+     ASSERT_EQ (column_range (21, 20),
+-	       get_affected_range (&dc, hint_1, CU_BYTES));
+-    ASSERT_EQ (column_range (21, 21), get_printed_columns (&dc, hint_1));
++	       get_affected_range (policy, hint_1, CU_BYTES));
++    ASSERT_EQ (column_range (21, 21), get_printed_columns (policy, hint_1));
+ 
+     /* Verify that they're printed correctly.  */
+     diagnostic_show_locus (&dc, &richloc, DK_ERROR);
+@@ -5152,10 +5455,11 @@ test_tab_expansion (const line_table_cas
+      ....................123 45678901234 56789012345  columns  */
+ 
+   const int tabstop = 8;
++  cpp_char_column_policy policy (tabstop, cpp_wcwidth);
+   const int first_non_ws_byte_col = 7;
+   const int right_quote_byte_col = 15;
+   const int last_byte_col = 25;
+-  ASSERT_EQ (35, cpp_display_width (content, last_byte_col, tabstop));
++  ASSERT_EQ (35, cpp_display_width (content, last_byte_col, policy));
+ 
+   temp_source_file tmp (SELFTEST_LOCATION, ".c", content);
+   line_table_test ltt (case_);
+@@ -5198,6 +5502,114 @@ test_tab_expansion (const line_table_cas
+   }
+ }
+ 
++/* Verify that the escaping machinery can cope with a variety of different
++   invalid bytes.  */
++
++static void
++test_escaping_bytes_1 (const line_table_case &case_)
++{
++  const char content[] = "before\0\1\2\3\r\x80\xff""after\n";
++  const size_t sz = sizeof (content);
++  temp_source_file tmp (SELFTEST_LOCATION, ".c", content, sz);
++  line_table_test ltt (case_);
++  const line_map_ordinary *ord_map = linemap_check_ordinary
++    (linemap_add (line_table, LC_ENTER, false, tmp.get_filename (), 0));
++  linemap_line_start (line_table, 1, 100);
++
++  location_t finish
++    = linemap_position_for_line_and_column (line_table, ord_map, 1,
++					    strlen (content));
++
++  if (finish > LINE_MAP_MAX_LOCATION_WITH_COLS)
++    return;
++
++  /* Locations of the NUL and \r bytes.  */
++  location_t nul_loc
++    = linemap_position_for_line_and_column (line_table, ord_map, 1, 7);
++  location_t r_loc
++    = linemap_position_for_line_and_column (line_table, ord_map, 1, 11);
++  gcc_rich_location richloc (nul_loc);
++  richloc.add_range (r_loc);
++
++  {
++    test_diagnostic_context dc;
++    diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++    ASSERT_STREQ (" before \1\2\3 \x80\xff""after\n"
++		  "       ^   ~\n",
++		  pp_formatted_text (dc.printer));
++  }
++  richloc.set_escape_on_output (true);
++  {
++    test_diagnostic_context dc;
++    dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++    diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++    ASSERT_STREQ
++      (" before<U+0000><U+0001><U+0002><U+0003><U+000D><80><ff>after\n"
++       "       ^~~~~~~~                        ~~~~~~~~\n",
++       pp_formatted_text (dc.printer));
++  }
++  {
++    test_diagnostic_context dc;
++    dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++    diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++    ASSERT_STREQ (" before<00><01><02><03><0d><80><ff>after\n"
++		  "       ^~~~            ~~~~\n",
++		  pp_formatted_text (dc.printer));
++  }
++}
++
++/* As above, but verify that we handle the initial byte of a line
++   correctly.  */
++
++static void
++test_escaping_bytes_2 (const line_table_case &case_)
++{
++  const char content[]  = "\0after\n";
++  const size_t sz = sizeof (content);
++  temp_source_file tmp (SELFTEST_LOCATION, ".c", content, sz);
++  line_table_test ltt (case_);
++  const line_map_ordinary *ord_map = linemap_check_ordinary
++    (linemap_add (line_table, LC_ENTER, false, tmp.get_filename (), 0));
++  linemap_line_start (line_table, 1, 100);
++
++  location_t finish
++    = linemap_position_for_line_and_column (line_table, ord_map, 1,
++					    strlen (content));
++
++  if (finish > LINE_MAP_MAX_LOCATION_WITH_COLS)
++    return;
++
++  /* Location of the NUL byte.  */
++  location_t nul_loc
++    = linemap_position_for_line_and_column (line_table, ord_map, 1, 1);
++  gcc_rich_location richloc (nul_loc);
++
++  {
++    test_diagnostic_context dc;
++    diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++    ASSERT_STREQ ("  after\n"
++		  " ^\n",
++		  pp_formatted_text (dc.printer));
++  }
++  richloc.set_escape_on_output (true);
++  {
++    test_diagnostic_context dc;
++    dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++    diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++    ASSERT_STREQ (" <U+0000>after\n"
++		  " ^~~~~~~~\n",
++		  pp_formatted_text (dc.printer));
++  }
++  {
++    test_diagnostic_context dc;
++    dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++    diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++    ASSERT_STREQ (" <00>after\n"
++		  " ^~~~\n",
++		  pp_formatted_text (dc.printer));
++  }
++}
++
+ /* Verify that line numbers are correctly printed for the case of
+    a multiline range in which the width of the line numbers changes
+    (e.g. from "9" to "10").  */
+@@ -5254,6 +5666,8 @@ diagnostic_show_locus_c_tests ()
+   test_layout_range_for_single_line ();
+   test_layout_range_for_multiple_lines ();
+ 
++  test_display_widths ();
++
+   for_each_line_table_case (test_layout_x_offset_display_utf8);
+   for_each_line_table_case (test_layout_x_offset_display_tab);
+ 
+@@ -5274,6 +5688,8 @@ diagnostic_show_locus_c_tests ()
+   for_each_line_table_case (test_fixit_replace_containing_newline);
+   for_each_line_table_case (test_fixit_deletion_affecting_newline);
+   for_each_line_table_case (test_tab_expansion);
++  for_each_line_table_case (test_escaping_bytes_1);
++  for_each_line_table_case (test_escaping_bytes_2);
+ 
+   test_line_numbers_multiline_range ();
+ }
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi	2021-12-13 23:23:05.764437151 -0800
++++ b/gcc/doc/invoke.texi	2021-12-14 01:16:01.553943061 -0800
+@@ -312,7 +312,8 @@ Objective-C and Objective-C++ Dialects}.
+ -fdiagnostics-show-path-depths @gol
+ -fno-show-column @gol
+ -fdiagnostics-column-unit=@r{[}display@r{|}byte@r{]} @gol
+--fdiagnostics-column-origin=@var{origin}}
++-fdiagnostics-column-origin=@var{origin} @gol
++-fdiagnostics-escape-format=@r{[}unicode@r{|}bytes@r{]}}
+ 
+ @item Warning Options
+ @xref{Warning Options,,Options to Request or Suppress Warnings}.
+@@ -5083,6 +5084,38 @@ first column.  The default value of 1 co
+ behavior and to the GNU style guide.  Some utilities may perform better with an
+ origin of 0; any non-negative value may be specified.
+ 
++@item -fdiagnostics-escape-format=@var{FORMAT}
++@opindex fdiagnostics-escape-format
++When GCC prints pertinent source lines for a diagnostic it normally attempts
++to print the source bytes directly.  However, some diagnostics relate to encoding
++issues in the source file, such as malformed UTF-8, or issues with Unicode
++normalization.  These diagnostics are flagged so that GCC will escape bytes
++that are not printable ASCII when printing their pertinent source lines.
++
++This option controls how such bytes should be escaped.
++
++The default @var{FORMAT}, @samp{unicode} displays Unicode characters that
++are not printable ASCII in the form @samp{<U+XXXX>}, and bytes that do not
++correspond to a Unicode character validly-encoded in UTF-8-encoded will be
++displayed as hexadecimal in the form @samp{<XX>}.
++
++For example, a source line containing the string @samp{before} followed by the
++Unicode character U+03C0 (``GREEK SMALL LETTER PI'', with UTF-8 encoding
++0xCF 0x80) followed by the byte 0xBF (a stray UTF-8 trailing byte), followed by
++the string @samp{after} will be printed for such a diagnostic as:
++
++@smallexample
++ before<U+03C0><BF>after
++@end smallexample
++
++Setting @var{FORMAT} to @samp{bytes} will display all non-printable-ASCII bytes
++in the form @samp{<XX>}, thus showing the underlying encoding of non-ASCII
++Unicode characters.  For the example above, the following will be printed:
++
++@smallexample
++ before<CF><80><BF>after
++@end smallexample
++
+ @item -fdiagnostics-format=@var{FORMAT}
+ @opindex fdiagnostics-format
+ Select a different format for printing diagnostics.
+@@ -5150,9 +5183,11 @@ might be printed in JSON form (after for
+                         @}
+                     @}
+                 ],
++                "escape-source": false,
+                 "message": "...this statement, but the latter is @dots{}"
+             @}
+         ]
++	"escape-source": false,
+ 	"column-origin": 1,
+     @},
+     @dots{}
+@@ -5239,6 +5274,7 @@ of the expression, which have labels.  I
+                 "label": "T @{aka struct t@}"
+             @}
+         ],
++        "escape-source": false,
+         "message": "invalid operands to binary + @dots{}"
+     @}
+ @end smallexample
+@@ -5292,6 +5328,7 @@ might be printed in JSON form as:
+                 @}
+             @}
+         ],
++        "escape-source": false,
+         "message": "\u2018struct s\u2019 has no member named @dots{}"
+     @}
+ @end smallexample
+@@ -5349,6 +5386,10 @@ For example, the intraprocedural example
+     ]
+ @end smallexample
+ 
++Diagnostics have a boolean attribute @code{escape-source}, hinting whether
++non-ASCII bytes should be escaped when printing the pertinent lines of
++source code (@code{true} for diagnostics involving source encoding issues).
++
+ @end table
+ 
+ @node Warning Options
+diff --git a/gcc/input.c b/gcc/input.c
+--- a/gcc/input.c	2021-07-27 23:55:07.328287915 -0700
++++ b/gcc/input.c	2021-12-14 01:16:01.553943061 -0800
+@@ -913,7 +913,8 @@ make_location (location_t caret, source_
+    source line in order to calculate the display width.  If that cannot be done
+    for any reason, then returns the byte column as a fallback.  */
+ int
+-location_compute_display_column (expanded_location exploc, int tabstop)
++location_compute_display_column (expanded_location exploc,
++				 const cpp_char_column_policy &policy)
+ {
+   if (!(exploc.file && *exploc.file && exploc.line && exploc.column))
+     return exploc.column;
+@@ -921,7 +922,7 @@ location_compute_display_column (expande
+   /* If line is NULL, this function returns exploc.column which is the
+      desired fallback.  */
+   return cpp_byte_column_to_display_column (line.get_buffer (), line.length (),
+-					    exploc.column, tabstop);
++					    exploc.column, policy);
+ }
+ 
+ /* Dump statistics to stderr about the memory usage of the line_table
+@@ -3611,43 +3612,50 @@ test_line_offset_overflow ()
+ void test_cpp_utf8 ()
+ {
+   const int def_tabstop = 8;
++  cpp_char_column_policy policy (def_tabstop, cpp_wcwidth);
++
+   /* Verify that wcwidth of invalid UTF-8 or control bytes is 1.  */
+   {
+-    int w_bad = cpp_display_width ("\xf0!\x9f!\x98!\x82!", 8, def_tabstop);
++    int w_bad = cpp_display_width ("\xf0!\x9f!\x98!\x82!", 8, policy);
+     ASSERT_EQ (8, w_bad);
+-    int w_ctrl = cpp_display_width ("\r\n\v\0\1", 5, def_tabstop);
++    int w_ctrl = cpp_display_width ("\r\n\v\0\1", 5, policy);
+     ASSERT_EQ (5, w_ctrl);
+   }
+ 
+   /* Verify that wcwidth of valid UTF-8 is as expected.  */
+   {
+-    const int w_pi = cpp_display_width ("\xcf\x80", 2, def_tabstop);
++    const int w_pi = cpp_display_width ("\xcf\x80", 2, policy);
+     ASSERT_EQ (1, w_pi);
+-    const int w_emoji = cpp_display_width ("\xf0\x9f\x98\x82", 4, def_tabstop);
++    const int w_emoji = cpp_display_width ("\xf0\x9f\x98\x82", 4, policy);
+     ASSERT_EQ (2, w_emoji);
+     const int w_umlaut_precomposed = cpp_display_width ("\xc3\xbf", 2,
+-							def_tabstop);
++							policy);
+     ASSERT_EQ (1, w_umlaut_precomposed);
+     const int w_umlaut_combining = cpp_display_width ("y\xcc\x88", 3,
+-						      def_tabstop);
++						      policy);
+     ASSERT_EQ (1, w_umlaut_combining);
+-    const int w_han = cpp_display_width ("\xe4\xb8\xba", 3, def_tabstop);
++    const int w_han = cpp_display_width ("\xe4\xb8\xba", 3, policy);
+     ASSERT_EQ (2, w_han);
+-    const int w_ascii = cpp_display_width ("GCC", 3, def_tabstop);
++    const int w_ascii = cpp_display_width ("GCC", 3, policy);
+     ASSERT_EQ (3, w_ascii);
+     const int w_mixed = cpp_display_width ("\xcf\x80 = 3.14 \xf0\x9f\x98\x82"
+ 					   "\x9f! \xe4\xb8\xba y\xcc\x88",
+-					   24, def_tabstop);
++					   24, policy);
+     ASSERT_EQ (18, w_mixed);
+   }
+ 
+   /* Verify that display width properly expands tabs.  */
+   {
+     const char *tstr = "\tabc\td";
+-    ASSERT_EQ (6, cpp_display_width (tstr, 6, 1));
+-    ASSERT_EQ (10, cpp_display_width (tstr, 6, 3));
+-    ASSERT_EQ (17, cpp_display_width (tstr, 6, 8));
+-    ASSERT_EQ (1, cpp_display_column_to_byte_column (tstr, 6, 7, 8));
++    ASSERT_EQ (6, cpp_display_width (tstr, 6,
++				     cpp_char_column_policy (1, cpp_wcwidth)));
++    ASSERT_EQ (10, cpp_display_width (tstr, 6,
++				      cpp_char_column_policy (3, cpp_wcwidth)));
++    ASSERT_EQ (17, cpp_display_width (tstr, 6,
++				      cpp_char_column_policy (8, cpp_wcwidth)));
++    ASSERT_EQ (1,
++	       cpp_display_column_to_byte_column
++		 (tstr, 6, 7, cpp_char_column_policy (8, cpp_wcwidth)));
+   }
+ 
+   /* Verify that cpp_byte_column_to_display_column can go past the end,
+@@ -3660,13 +3668,13 @@ void test_cpp_utf8 ()
+       /* 111122223456
+ 	 Byte columns.  */
+ 
+-    ASSERT_EQ (5, cpp_display_width (str, 6, def_tabstop));
++    ASSERT_EQ (5, cpp_display_width (str, 6, policy));
+     ASSERT_EQ (105,
+-	       cpp_byte_column_to_display_column (str, 6, 106, def_tabstop));
++	       cpp_byte_column_to_display_column (str, 6, 106, policy));
+     ASSERT_EQ (10000,
+-	       cpp_byte_column_to_display_column (NULL, 0, 10000, def_tabstop));
++	       cpp_byte_column_to_display_column (NULL, 0, 10000, policy));
+     ASSERT_EQ (0,
+-	       cpp_byte_column_to_display_column (NULL, 10000, 0, def_tabstop));
++	       cpp_byte_column_to_display_column (NULL, 10000, 0, policy));
+   }
+ 
+   /* Verify that cpp_display_column_to_byte_column can go past the end,
+@@ -3680,25 +3688,25 @@ void test_cpp_utf8 ()
+       /* 000000000000000000000000000000000111111
+ 	 111122223333444456666777788889999012345
+ 	 Byte columns.  */
+-    ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 2, def_tabstop));
++    ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 2, policy));
+     ASSERT_EQ (15,
+-	       cpp_display_column_to_byte_column (str, 15, 11, def_tabstop));
++	       cpp_display_column_to_byte_column (str, 15, 11, policy));
+     ASSERT_EQ (115,
+-	       cpp_display_column_to_byte_column (str, 15, 111, def_tabstop));
++	       cpp_display_column_to_byte_column (str, 15, 111, policy));
+     ASSERT_EQ (10000,
+-	       cpp_display_column_to_byte_column (NULL, 0, 10000, def_tabstop));
++	       cpp_display_column_to_byte_column (NULL, 0, 10000, policy));
+     ASSERT_EQ (0,
+-	       cpp_display_column_to_byte_column (NULL, 10000, 0, def_tabstop));
++	       cpp_display_column_to_byte_column (NULL, 10000, 0, policy));
+ 
+     /* Verify that we do not interrupt a UTF-8 sequence.  */
+-    ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 1, def_tabstop));
++    ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 1, policy));
+ 
+     for (int byte_col = 1; byte_col <= 15; ++byte_col)
+       {
+ 	const int disp_col
+-	  = cpp_byte_column_to_display_column (str, 15, byte_col, def_tabstop);
++	  = cpp_byte_column_to_display_column (str, 15, byte_col, policy);
+ 	const int byte_col2
+-	  = cpp_display_column_to_byte_column (str, 15, disp_col, def_tabstop);
++	  = cpp_display_column_to_byte_column (str, 15, disp_col, policy);
+ 
+ 	/* If we ask for the display column in the middle of a UTF-8
+ 	   sequence, it will return the length of the partial sequence,
+diff --git a/gcc/input.h b/gcc/input.h
+--- a/gcc/input.h	2021-07-27 23:55:07.328287915 -0700
++++ b/gcc/input.h	2021-12-14 01:16:01.553943061 -0800
+@@ -39,8 +39,11 @@ STATIC_ASSERT (BUILTINS_LOCATION < RESER
+ extern bool is_location_from_builtin_token (location_t);
+ extern expanded_location expand_location (location_t);
+ 
+-extern int location_compute_display_column (expanded_location exploc,
+-					    int tabstop);
++class cpp_char_column_policy;
++
++extern int
++location_compute_display_column (expanded_location exploc,
++				 const cpp_char_column_policy &policy);
+ 
+ /* A class capturing the bounds of a buffer, to allow for run-time
+    bounds-checking in a checked build.  */
+diff --git a/gcc/opts.c b/gcc/opts.c
+--- a/gcc/opts.c	2021-07-27 23:55:07.364288417 -0700
++++ b/gcc/opts.c	2021-12-14 01:16:01.553943061 -0800
+@@ -2573,6 +2573,10 @@ common_handle_option (struct gcc_options
+       dc->column_origin = value;
+       break;
+ 
++    case OPT_fdiagnostics_escape_format_:
++      dc->escape_format = (enum diagnostics_escape_format)value;
++      break;
++
+     case OPT_fdiagnostics_show_cwe:
+       dc->show_cwe = value;
+       break;
+diff --git a/gcc/selftest.c b/gcc/selftest.c
+--- a/gcc/selftest.c	2021-07-27 23:55:07.500290315 -0700
++++ b/gcc/selftest.c	2021-12-14 01:16:01.557942991 -0800
+@@ -193,6 +193,21 @@ temp_source_file::temp_source_file (cons
+   fclose (out);
+ }
+ 
++/* As above, but with a size, to allow for NUL bytes in CONTENT.  */
++
++temp_source_file::temp_source_file (const location &loc,
++				    const char *suffix,
++				    const char *content,
++				    size_t sz)
++: named_temp_file (suffix)
++{
++  FILE *out = fopen (get_filename (), "w");
++  if (!out)
++    fail_formatted (loc, "unable to open tempfile: %s", get_filename ());
++  fwrite (content, sz, 1, out);
++  fclose (out);
++}
++
+ /* Avoid introducing locale-specific differences in the results
+    by hardcoding open_quote and close_quote.  */
+ 
+diff --git a/gcc/selftest.h b/gcc/selftest.h
+--- a/gcc/selftest.h	2021-07-27 23:55:07.500290315 -0700
++++ b/gcc/selftest.h	2021-12-14 01:16:01.557942991 -0800
+@@ -112,6 +112,8 @@ class temp_source_file : public named_te
+  public:
+   temp_source_file (const location &loc, const char *suffix,
+ 		    const char *content);
++  temp_source_file (const location &loc, const char *suffix,
++		    const char *content, size_t sz);
+ };
+ 
+ /* RAII-style class for avoiding introducing locale-specific differences
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c	2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c	2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+ 
+ /* { dg-regexp "\"kind\": \"error\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \"#error message\"" } */
+ 
+ /* { dg-regexp "\"caret\": \{" } */
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c	2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c	2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+ 
+ /* { dg-regexp "\"kind\": \"warning\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \"#warning message\"" } */
+ /* { dg-regexp "\"option\": \"-Wcpp\"" } */
+ /* { dg-regexp "\"option_url\": \"https:\[^\n\r\"\]*#index-Wcpp\"" } */
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c	2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c	2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+ 
+ /* { dg-regexp "\"kind\": \"error\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \"#warning message\"" } */
+ /* { dg-regexp "\"option\": \"-Werror=cpp\"" } */
+ /* { dg-regexp "\"option_url\": \"https:\[^\n\r\"\]*#index-Wcpp\"" } */
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c	2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c	2021-12-14 01:16:01.557942991 -0800
+@@ -19,6 +19,7 @@ int test (void)
+ 
+ /* { dg-regexp "\"kind\": \"note\"" } */
+ /* { dg-regexp "\"message\": \"...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'\"" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ 
+ /* { dg-regexp "\"caret\": \{" } */
+ /* { dg-regexp "\"file\": \"\[^\n\r\"\]*diagnostic-format-json-4.c\"" } */
+@@ -39,6 +40,7 @@ int test (void)
+ /* { dg-regexp "\"kind\": \"warning\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
+ /* { dg-regexp "\"message\": \"this 'if' clause does not guard...\"" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"option\": \"-Wmisleading-indentation\"" } */
+ /* { dg-regexp "\"option_url\": \"https:\[^\n\r\"\]*#index-Wmisleading-indentation\"" } */
+ 
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c	2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c	2021-12-14 01:16:01.557942991 -0800
+@@ -14,6 +14,7 @@ int test (struct s *ptr)
+ 
+ /* { dg-regexp "\"kind\": \"error\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \".*\"" } */
+ 
+ /* Verify fix-it hints.  */
+diff --git a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c
+--- a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c	2021-12-14 01:16:01.557942991 -0800
+@@ -0,0 +1,21 @@
++// { dg-do preprocess }
++// { dg-options "-std=gnu99 -Werror=normalized=nfc -fdiagnostics-show-caret -fdiagnostics-escape-format=bytes" }
++/* { dg-message "some warnings being treated as errors" "" {target "*-*-*"} 0 } */
++
++/* à½ = U+0F43 TIBETAN LETTER GHA, which has decomposition "0F42 0FB7" i.e.
++   U+0F42 TIBETAN LETTER GA: à½
++   U+0FB7 TIBETAN SUBJOINED LETTER HA: à¾·
++
++   The UTF-8 encoding of U+0F43 TIBETAN LETTER GHA is: E0 BD 83.  */
++
++foo before_\u0F43_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_\u0F43_after bar
++     ^~~~~~~~~~~~~~~~~~~
++   { dg-end-multiline-output "" } */
++
++foo before_à½_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_<e0><bd><83>_after bar
++     ^~~~~~~~~~~~~~~~~~~~~~~~~
++   { dg-end-multiline-output "" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c
+--- a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c	2021-12-14 01:16:01.557942991 -0800
+@@ -0,0 +1,19 @@
++// { dg-do preprocess }
++// { dg-options "-std=gnu99 -Werror=normalized=nfc -fdiagnostics-show-caret -fdiagnostics-escape-format=unicode" }
++/* { dg-message "some warnings being treated as errors" "" {target "*-*-*"} 0 } */
++
++/* à½ = U+0F43 TIBETAN LETTER GHA, which has decomposition "0F42 0FB7" i.e.
++   U+0F42 TIBETAN LETTER GA: à½
++   U+0FB7 TIBETAN SUBJOINED LETTER HA: à¾·  */
++
++foo before_\u0F43_after bar  // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_\u0F43_after bar
++     ^~~~~~~~~~~~~~~~~~~
++   { dg-end-multiline-output "" } */
++
++foo before_à½_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_<U+0F43>_after bar
++     ^~~~~~~~~~~~~~~~~~~~~
++   { dg-end-multiline-output "" } */
+diff --git a/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90 b/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90
+--- a/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90	2021-07-27 23:55:08.472303878 -0700
++++ b/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90	2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+ 
+ ! { dg-regexp "\"kind\": \"error\"" }
+ ! { dg-regexp "\"column-origin\": 1" }
++! { dg-regexp "\"escape-source\": false" }
+ ! { dg-regexp "\"message\": \"#error message\"" }
+ 
+ ! { dg-regexp "\"caret\": \{" }
+diff --git a/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90 b/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90
+--- a/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90	2021-07-27 23:55:08.472303878 -0700
++++ b/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90	2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+ 
+ ! { dg-regexp "\"kind\": \"warning\"" }
+ ! { dg-regexp "\"column-origin\": 1" }
++! { dg-regexp "\"escape-source\": false" }
+ ! { dg-regexp "\"message\": \"#warning message\"" }
+ ! { dg-regexp "\"option\": \"-Wcpp\"" }
+ ! { dg-regexp "\"option_url\": \"\[^\n\r\"\]*#index-Wcpp\"" }
+diff --git a/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90 b/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90
+--- a/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90	2021-07-27 23:55:08.472303878 -0700
++++ b/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90	2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+ 
+ ! { dg-regexp "\"kind\": \"error\"" }
+ ! { dg-regexp "\"column-origin\": 1" }
++! { dg-regexp "\"escape-source\": false" }
+ ! { dg-regexp "\"message\": \"#warning message\"" }
+ ! { dg-regexp "\"option\": \"-Werror=cpp\"" }
+ ! { dg-regexp "\"option_url\": \"\[^\n\r\"\]*#index-Wcpp\"" }
+diff --git a/libcpp/charset.c b/libcpp/charset.c
+--- a/libcpp/charset.c	2021-07-27 23:55:08.712307227 -0700
++++ b/libcpp/charset.c	2021-12-14 01:16:01.557942991 -0800
+@@ -1552,12 +1552,14 @@ convert_escape (cpp_reader *pfile, const
+ 		   "unknown escape sequence: '\\%c'", (int) c);
+       else
+ 	{
++	  encoding_rich_location rich_loc (pfile);
++
+ 	  /* diagnostic.c does not support "%03o".  When it does, this
+ 	     code can use %03o directly in the diagnostic again.  */
+ 	  char buf[32];
+ 	  sprintf(buf, "%03o", (int) c);
+-	  cpp_error (pfile, CPP_DL_PEDWARN,
+-		     "unknown escape sequence: '\\%s'", buf);
++	  cpp_error_at (pfile, CPP_DL_PEDWARN, &rich_loc,
++			"unknown escape sequence: '\\%s'", buf);
+ 	}
+     }
+ 
+@@ -2280,14 +2282,16 @@ cpp_string_location_reader::get_next ()
+ }
+ 
+ cpp_display_width_computation::
+-cpp_display_width_computation (const char *data, int data_length, int tabstop) :
++cpp_display_width_computation (const char *data, int data_length,
++			       const cpp_char_column_policy &policy) :
+   m_begin (data),
+   m_next (m_begin),
+   m_bytes_left (data_length),
+-  m_tabstop (tabstop),
++  m_policy (policy),
+   m_display_cols (0)
+ {
+-  gcc_assert (m_tabstop > 0);
++  gcc_assert (policy.m_tabstop > 0);
++  gcc_assert (policy.m_width_cb);
+ }
+ 
+ 
+@@ -2299,19 +2303,28 @@ cpp_display_width_computation (const cha
+    point to a valid UTF-8-encoded sequence, then it will be treated as a single
+    byte with display width 1.  m_cur_display_col is the current display column,
+    relative to which tab stops should be expanded.  Returns the display width of
+-   the codepoint just processed.  */
++   the codepoint just processed.
++   If OUT is non-NULL, it is populated.  */
+ 
+ int
+-cpp_display_width_computation::process_next_codepoint ()
++cpp_display_width_computation::process_next_codepoint (cpp_decoded_char *out)
+ {
+   cppchar_t c;
+   int next_width;
+ 
++  if (out)
++    out->m_start_byte = m_next;
++
+   if (*m_next == '\t')
+     {
+       ++m_next;
+       --m_bytes_left;
+-      next_width = m_tabstop - (m_display_cols % m_tabstop);
++      next_width = m_policy.m_tabstop - (m_display_cols % m_policy.m_tabstop);
++      if (out)
++	{
++	  out->m_ch = '\t';
++	  out->m_valid_ch = true;
++	}
+     }
+   else if (one_utf8_to_cppchar ((const uchar **) &m_next, &m_bytes_left, &c)
+ 	   != 0)
+@@ -2321,14 +2334,24 @@ cpp_display_width_computation::process_n
+ 	 of one.  */
+       ++m_next;
+       --m_bytes_left;
+-      next_width = 1;
++      next_width = m_policy.m_undecoded_byte_width;
++      if (out)
++	out->m_valid_ch = false;
+     }
+   else
+     {
+       /*  one_utf8_to_cppchar() has updated m_next and m_bytes_left for us.  */
+-      next_width = cpp_wcwidth (c);
++      next_width = m_policy.m_width_cb (c);
++      if (out)
++	{
++	  out->m_ch = c;
++	  out->m_valid_ch = true;
++	}
+     }
+ 
++  if (out)
++    out->m_next_byte = m_next;
++
+   m_display_cols += next_width;
+   return next_width;
+ }
+@@ -2344,7 +2367,7 @@ cpp_display_width_computation::advance_d
+   const int start = m_display_cols;
+   const int target = start + n;
+   while (m_display_cols < target && !done ())
+-    process_next_codepoint ();
++    process_next_codepoint (NULL);
+   return m_display_cols - start;
+ }
+ 
+@@ -2352,29 +2375,33 @@ cpp_display_width_computation::advance_d
+     how many display columns are occupied by the first COLUMN bytes.  COLUMN
+     may exceed DATA_LENGTH, in which case the phantom bytes at the end are
+     treated as if they have display width 1.  Tabs are expanded to the next tab
+-    stop, relative to the start of DATA.  */
++    stop, relative to the start of DATA, and non-printable-ASCII characters
++    will be escaped as per POLICY.  */
+ 
+ int
+ cpp_byte_column_to_display_column (const char *data, int data_length,
+-				   int column, int tabstop)
++				   int column,
++				   const cpp_char_column_policy &policy)
+ {
+   const int offset = MAX (0, column - data_length);
+-  cpp_display_width_computation dw (data, column - offset, tabstop);
++  cpp_display_width_computation dw (data, column - offset, policy);
+   while (!dw.done ())
+-    dw.process_next_codepoint ();
++    dw.process_next_codepoint (NULL);
+   return dw.display_cols_processed () + offset;
+ }
+ 
+ /*  For the string of length DATA_LENGTH bytes that begins at DATA, compute
+     the least number of bytes that will result in at least DISPLAY_COL display
+     columns.  The return value may exceed DATA_LENGTH if the entire string does
+-    not occupy enough display columns.  */
++    not occupy enough display columns.  Non-printable-ASCII characters
++    will be escaped as per POLICY.  */
+ 
+ int
+ cpp_display_column_to_byte_column (const char *data, int data_length,
+-				   int display_col, int tabstop)
++				   int display_col,
++				   const cpp_char_column_policy &policy)
+ {
+-  cpp_display_width_computation dw (data, data_length, tabstop);
++  cpp_display_width_computation dw (data, data_length, policy);
+   const int avail_display = dw.advance_display_cols (display_col);
+   return dw.bytes_processed () + MAX (0, display_col - avail_display);
+ }
+diff --git a/libcpp/errors.c b/libcpp/errors.c
+--- a/libcpp/errors.c	2021-07-27 23:55:08.712307227 -0700
++++ b/libcpp/errors.c	2021-12-14 01:16:01.557942991 -0800
+@@ -27,6 +27,31 @@ along with this program; see the file CO
+ #include "cpplib.h"
+ #include "internal.h"
+ 
++/* Get a location_t for the current location in PFILE,
++   generally that of the previously lexed token.  */
++
++location_t
++cpp_diagnostic_get_current_location (cpp_reader *pfile)
++{
++  if (CPP_OPTION (pfile, traditional))
++    {
++      if (pfile->state.in_directive)
++	return pfile->directive_line;
++      else
++	return pfile->line_table->highest_line;
++    }
++  /* We don't want to refer to a token before the beginning of the
++     current run -- that is invalid.  */
++  else if (pfile->cur_token == pfile->cur_run->base)
++    {
++      return 0;
++    }
++  else
++    {
++      return pfile->cur_token[-1].src_loc;
++    }
++}
++
+ /* Print a diagnostic at the given location.  */
+ 
+ ATTRIBUTE_FPTR_PRINTF(5,0)
+@@ -52,25 +77,7 @@ cpp_diagnostic (cpp_reader * pfile, enum
+ 		enum cpp_warning_reason reason,
+ 		const char *msgid, va_list *ap)
+ {
+-  location_t src_loc;
+-
+-  if (CPP_OPTION (pfile, traditional))
+-    {
+-      if (pfile->state.in_directive)
+-	src_loc = pfile->directive_line;
+-      else
+-	src_loc = pfile->line_table->highest_line;
+-    }
+-  /* We don't want to refer to a token before the beginning of the
+-     current run -- that is invalid.  */
+-  else if (pfile->cur_token == pfile->cur_run->base)
+-    {
+-      src_loc = 0;
+-    }
+-  else
+-    {
+-      src_loc = pfile->cur_token[-1].src_loc;
+-    }
++  location_t src_loc = cpp_diagnostic_get_current_location (pfile);
+   rich_location richloc (pfile->line_table, src_loc);
+   return cpp_diagnostic_at (pfile, level, reason, &richloc, msgid, ap);
+ }
+@@ -142,6 +149,43 @@ cpp_warning_syshdr (cpp_reader * pfile,
+ 
+   va_end (ap);
+   return ret;
++}
++
++/* As cpp_warning above, but use RICHLOC as the location of the diagnostic.  */
++
++bool cpp_warning_at (cpp_reader *pfile, enum cpp_warning_reason reason,
++		     rich_location *richloc, const char *msgid, ...)
++{
++  va_list ap;
++  bool ret;
++
++  va_start (ap, msgid);
++
++  ret = cpp_diagnostic_at (pfile, CPP_DL_WARNING, reason, richloc,
++			   msgid, &ap);
++
++  va_end (ap);
++  return ret;
++
++}
++
++/* As cpp_pedwarning above, but use RICHLOC as the location of the
++   diagnostic.  */
++
++bool
++cpp_pedwarning_at (cpp_reader * pfile, enum cpp_warning_reason reason,
++		   rich_location *richloc, const char *msgid, ...)
++{
++  va_list ap;
++  bool ret;
++
++  va_start (ap, msgid);
++
++  ret = cpp_diagnostic_at (pfile, CPP_DL_PEDWARN, reason, richloc,
++			   msgid, &ap);
++
++  va_end (ap);
++  return ret;
+ }
+ 
+ /* Print a diagnostic at a specific location.  */
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+--- a/libcpp/include/cpplib.h	2021-12-13 23:23:05.768437079 -0800
++++ b/libcpp/include/cpplib.h	2021-12-14 01:20:16.189507386 -0800
+@@ -1275,6 +1275,14 @@ extern bool cpp_warning_syshdr (cpp_read
+ 				const char *msgid, ...)
+   ATTRIBUTE_PRINTF_3;
+ 
++/* As their counterparts above, but use RICHLOC.  */
++extern bool cpp_warning_at (cpp_reader *, enum cpp_warning_reason,
++			    rich_location *richloc, const char *msgid, ...)
++  ATTRIBUTE_PRINTF_4;
++extern bool cpp_pedwarning_at (cpp_reader *, enum cpp_warning_reason,
++			       rich_location *richloc, const char *msgid, ...)
++  ATTRIBUTE_PRINTF_4;
++
+ /* Output a diagnostic with "MSGID: " preceding the
+    error string of errno.  No location is printed.  */
+ extern bool cpp_errno (cpp_reader *, enum cpp_diagnostic_level,
+@@ -1435,42 +1443,95 @@ extern const char * cpp_get_userdef_suff
+ 
+ /* In charset.c */
+ 
++/* The result of attempting to decode a run of UTF-8 bytes.  */
++
++struct cpp_decoded_char
++{
++  const char *m_start_byte;
++  const char *m_next_byte;
++
++  bool m_valid_ch;
++  cppchar_t m_ch;
++};
++
++/* Information for mapping between code points and display columns.
++
++   This is a tabstop value, along with a callback for getting the
++   widths of characters.  Normally this callback is cpp_wcwidth, but we
++   support other schemes for escaping non-ASCII unicode as a series of
++   ASCII chars when printing the user's source code in diagnostic-show-locus.c
++
++   For example, consider:
++   - the Unicode character U+03C0 "GREEK SMALL LETTER PI" (UTF-8: 0xCF 0x80)
++   - the Unicode character U+1F642 "SLIGHTLY SMILING FACE"
++     (UTF-8: 0xF0 0x9F 0x99 0x82)
++   - the byte 0xBF (a stray trailing byte of a UTF-8 character)
++   Normally U+03C0 would occupy one display column, U+1F642
++   would occupy two display columns, and the stray byte would be
++   printed verbatim as one display column.
++
++   However when escaping them as unicode code points as "<U+03C0>"
++   and "<U+1F642>" they occupy 8 and 9 display columns respectively,
++   and when escaping them as bytes as "<CF><80>" and "<F0><9F><99><82>"
++   they occupy 8 and 16 display columns respectively.  In both cases
++   the stray byte is escaped to <BF> as 4 display columns.  */
++
++struct cpp_char_column_policy
++{
++  cpp_char_column_policy (int tabstop,
++			  int (*width_cb) (cppchar_t c))
++  : m_tabstop (tabstop),
++    m_undecoded_byte_width (1),
++    m_width_cb (width_cb)
++  {}
++
++  int m_tabstop;
++  /* Width in display columns of a stray byte that isn't decodable
++     as UTF-8.  */
++  int m_undecoded_byte_width;
++  int (*m_width_cb) (cppchar_t c);
++};
++
+ /* A class to manage the state while converting a UTF-8 sequence to cppchar_t
+    and computing the display width one character at a time.  */
+ class cpp_display_width_computation {
+  public:
+   cpp_display_width_computation (const char *data, int data_length,
+-				 int tabstop);
++				 const cpp_char_column_policy &policy);
+   const char *next_byte () const { return m_next; }
+   int bytes_processed () const { return m_next - m_begin; }
+   int bytes_left () const { return m_bytes_left; }
+   bool done () const { return !bytes_left (); }
+   int display_cols_processed () const { return m_display_cols; }
+ 
+-  int process_next_codepoint ();
++  int process_next_codepoint (cpp_decoded_char *out);
+   int advance_display_cols (int n);
+ 
+  private:
+   const char *const m_begin;
+   const char *m_next;
+   size_t m_bytes_left;
+-  const int m_tabstop;
++  const cpp_char_column_policy &m_policy;
+   int m_display_cols;
+ };
+ 
+ /* Convenience functions that are simple use cases for class
+    cpp_display_width_computation.  Tab characters will be expanded to spaces
+-   as determined by TABSTOP.  */
++   as determined by POLICY.m_tabstop, and non-printable-ASCII characters
++   will be escaped as per POLICY.  */
++
+ int cpp_byte_column_to_display_column (const char *data, int data_length,
+-				       int column, int tabstop);
++				       int column,
++				       const cpp_char_column_policy &policy);
+ inline int cpp_display_width (const char *data, int data_length,
+-			      int tabstop)
++			      const cpp_char_column_policy &policy)
+ {
+   return cpp_byte_column_to_display_column (data, data_length, data_length,
+-					    tabstop);
++					    policy);
+ }
+ int cpp_display_column_to_byte_column (const char *data, int data_length,
+-				       int display_col, int tabstop);
++				       int display_col,
++				       const cpp_char_column_policy &policy);
+ int cpp_wcwidth (cppchar_t c);
+ 
+ #endif /* ! LIBCPP_CPPLIB_H */
+diff --git a/libcpp/include/line-map.h b/libcpp/include/line-map.h
+--- a/libcpp/include/line-map.h	2021-07-27 23:55:08.716307283 -0700
++++ b/libcpp/include/line-map.h	2021-12-14 01:16:01.557942991 -0800
+@@ -1781,6 +1781,18 @@ class rich_location
+   const diagnostic_path *get_path () const { return m_path; }
+   void set_path (const diagnostic_path *path) { m_path = path; }
+ 
++  /* A flag for hinting that the diagnostic involves character encoding
++     issues, and thus that it will be helpful to the user if we show some
++     representation of how the characters in the pertinent source lines
++     are encoded.
++     The default is false (i.e. do not escape).
++     When set to true, non-ASCII bytes in the pertinent source lines will
++     be escaped in a manner controlled by the user-supplied option
++     -fdiagnostics-escape-format=, so that the user can better understand
++     what's going on with the encoding in their source file.  */
++  bool escape_on_output_p () const { return m_escape_on_output; }
++  void set_escape_on_output (bool flag) { m_escape_on_output = flag; }
++
+ private:
+   bool reject_impossible_fixit (location_t where);
+   void stop_supporting_fixits ();
+@@ -1807,6 +1819,7 @@ protected:
+   bool m_fixits_cannot_be_auto_applied;
+ 
+   const diagnostic_path *m_path;
++  bool m_escape_on_output;
+ };
+ 
+ /* A struct for the result of range_label::get_text: a NUL-terminated buffer
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+--- a/libcpp/internal.h	2021-12-13 23:23:05.768437079 -0800
++++ b/libcpp/internal.h	2021-12-14 01:16:01.557942991 -0800
+@@ -776,6 +776,9 @@ extern void _cpp_do_file_change (cpp_rea
+ extern void _cpp_pop_buffer (cpp_reader *);
+ extern char *_cpp_bracket_include (cpp_reader *);
+ 
++/* In errors.c  */
++extern location_t cpp_diagnostic_get_current_location (cpp_reader *);
++
+ /* In traditional.c.  */
+ extern bool _cpp_scan_out_logical_line (cpp_reader *, cpp_macro *, bool);
+ extern bool _cpp_read_logical_line_trad (cpp_reader *);
+@@ -942,6 +945,26 @@ int linemap_get_expansion_line (class li
+ const char* linemap_get_expansion_filename (class line_maps *,
+ 					    location_t);
+ 
++/* A subclass of rich_location for emitting a diagnostic
++   at the current location of the reader, but flagging
++   it with set_escape_on_output (true).  */
++class encoding_rich_location : public rich_location
++{
++ public:
++  encoding_rich_location (cpp_reader *pfile)
++  : rich_location (pfile->line_table,
++		   cpp_diagnostic_get_current_location (pfile))
++  {
++    set_escape_on_output (true);
++  }
++
++  encoding_rich_location (cpp_reader *pfile, location_t loc)
++  : rich_location (pfile->line_table, loc)
++  {
++    set_escape_on_output (true);
++  }
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+--- a/libcpp/lex.c	2021-12-14 01:14:48.435225968 -0800
++++ b/libcpp/lex.c	2021-12-14 01:24:37.220995816 -0800
+@@ -1774,7 +1774,11 @@ skip_whitespace (cpp_reader *pfile, cppc
+   while (is_nvspace (c));
+ 
+   if (saw_NUL)
+-    cpp_error (pfile, CPP_DL_WARNING, "null character(s) ignored");
++    {
++      encoding_rich_location rich_loc (pfile);
++      cpp_error_at (pfile, CPP_DL_WARNING, &rich_loc,
++		    "null character(s) ignored");
++    }
+ 
+   buffer->cur--;
+ }
+@@ -1803,6 +1807,28 @@ warn_about_normalization (cpp_reader *pf
+   if (CPP_OPTION (pfile, warn_normalize) < NORMALIZE_STATE_RESULT (s)
+       && !pfile->state.skipping)
+     {
++      location_t loc = token->src_loc;
++
++      /* If possible, create a location range for the token.  */
++      if (loc >= RESERVED_LOCATION_COUNT
++	  && token->type != CPP_EOF
++	  /* There must be no line notes to process.  */
++	  && (!(pfile->buffer->cur
++		>= pfile->buffer->notes[pfile->buffer->cur_note].pos
++		&& !pfile->overlaid_buffer)))
++	{
++	  source_range tok_range;
++	  tok_range.m_start = loc;
++	  tok_range.m_finish
++	    = linemap_position_for_column (pfile->line_table,
++					   CPP_BUF_COLUMN (pfile->buffer,
++							   pfile->buffer->cur));
++	  loc = COMBINE_LOCATION_DATA (pfile->line_table,
++				       loc, tok_range, NULL);
++	}
++
++      encoding_rich_location rich_loc (pfile, loc);
++
+       /* Make sure that the token is printed using UCNs, even
+ 	 if we'd otherwise happily print UTF-8.  */
+       unsigned char *buf = XNEWVEC (unsigned char, cpp_token_len (token));
+@@ -1810,11 +1836,11 @@ warn_about_normalization (cpp_reader *pf
+ 
+       sz = cpp_spell_token (pfile, token, buf, false) - buf;
+       if (NORMALIZE_STATE_RESULT (s) == normalized_C)
+-	cpp_warning_with_line (pfile, CPP_W_NORMALIZE, token->src_loc, 0,
+-			       "`%.*s' is not in NFKC", (int) sz, buf);
++	cpp_warning_at (pfile, CPP_W_NORMALIZE, &rich_loc,
++			"`%.*s' is not in NFKC", (int) sz, buf);
+       else
+-	cpp_warning_with_line (pfile, CPP_W_NORMALIZE, token->src_loc, 0,
+-			       "`%.*s' is not in NFC", (int) sz, buf);
++	cpp_warning_at (pfile, CPP_W_NORMALIZE, &rich_loc,
++			"`%.*s' is not in NFC", (int) sz, buf);
+       free (buf);
+     }
+ }
+diff --git a/libcpp/line-map.c b/libcpp/line-map.c
+--- a/libcpp/line-map.c	2021-07-27 23:55:08.716307283 -0700
++++ b/libcpp/line-map.c	2021-12-14 01:16:01.561942921 -0800
+@@ -2086,7 +2086,8 @@ rich_location::rich_location (line_maps
+   m_fixit_hints (),
+   m_seen_impossible_fixit (false),
+   m_fixits_cannot_be_auto_applied (false),
+-  m_path (NULL)
++  m_path (NULL),
++  m_escape_on_output (false)
+ {
+   add_range (loc, SHOW_RANGE_WITH_CARET, label);
+ }
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch b/poky/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
new file mode 100644
index 0000000000..98841e6d7c
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
@@ -0,0 +1,39 @@
+From 574e7950bd6b34e9e2cacce18c802b45505d1d0a Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 18 Jun 2021 17:16:25 +0100
+Subject: [PATCH] arm: add erratum mitigation to __gnu_cmse_nonsecure_call
+ [PR102035]
+
+Add the recommended erratum mitigation sequence to
+__gnu_cmse_nonsecure_call for use on Armv8-m.main devices. Since this
+is in the library code we cannot know in advance whether the core we
+are running on will be affected by this, so always enable it.
+
+libgcc:
+	PR target/102035
+	* config/arm/cmse_nonsecure_call.S (__gnu_cmse_nonsecure_call):
+	Add vlldm erratum work-around.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libgcc/config/arm/cmse_nonsecure_call.S | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libgcc/config/arm/cmse_nonsecure_call.S b/libgcc/config/arm/cmse_nonsecure_call.S
+--- a/libgcc/config/arm/cmse_nonsecure_call.S
++++ b/libgcc/config/arm/cmse_nonsecure_call.S
+@@ -102,6 +102,11 @@ blxns	    r4
+ #ifdef __ARM_PCS_VFP
+ vpop.f64    {d8-d15}
+ #else
++/* VLLDM erratum mitigation sequence. */
++mrs	    r5, control
++tst	    r5, #8	  /* CONTROL_S.SFPA */
++it	    ne
++.inst.w	    0xeeb00a40	  /* vmovne s0, s0 */
+ vlldm	    sp		  /* Lazy restore of d0-d16 and FPSCR.  */
+ add	    sp, sp, #0x88 /* Free space used to save floating point registers.  */
+ #endif /* __ARM_PCS_VFP */
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch b/poky/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch
new file mode 100644
index 0000000000..9bad81d4d0
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch
@@ -0,0 +1,1765 @@
+From 51c500269bf53749b107807d84271385fad35628 Mon Sep 17 00:00:00 2001
+From: Marek Polacek <polacek@redhat.com>
+Date: Wed, 6 Oct 2021 14:33:59 -0400
+Subject: [PATCH] libcpp: Implement -Wbidi-chars for CVE-2021-42574 [PR103026]
+
+From a link below:
+"An issue was discovered in the Bidirectional Algorithm in the Unicode
+Specification through 14.0. It permits the visual reordering of
+characters via control sequences, which can be used to craft source code
+that renders different logic than the logical ordering of tokens
+ingested by compilers and interpreters. Adversaries can leverage this to
+encode source code for compilers accepting Unicode such that targeted
+vulnerabilities are introduced invisibly to human reviewers."
+
+More info:
+https://nvd.nist.gov/vuln/detail/CVE-2021-42574
+https://trojansource.codes/
+
+This is not a compiler bug.  However, to mitigate the problem, this patch
+implements -Wbidi-chars=[none|unpaired|any] to warn about possibly
+misleading Unicode bidirectional control characters the preprocessor may
+encounter.
+
+The default is =unpaired, which warns about improperly terminated
+bidirectional control characters; e.g. a LRE without its corresponding PDF.
+The level =any warns about any use of bidirectional control characters.
+
+This patch handles both UCNs and UTF-8 characters.  UCNs designating
+bidi characters in identifiers are accepted since r204886.  Then r217144
+enabled -fextended-identifiers by default.  Extended characters in C/C++
+identifiers have been accepted since r275979.  However, this patch still
+warns about mixing UTF-8 and UCN bidi characters; there seems to be no
+good reason to allow mixing them.
+
+We warn in different contexts: comments (both C and C++-style), string
+literals, character constants, and identifiers.  Expectedly, UCNs are ignored
+in comments and raw string literals.  The bidirectional control characters
+can nest so this patch handles that as well.
+
+I have not included nor tested this at all with Fortran (which also has
+string literals and line comments).
+
+Dave M. posted patches improving diagnostic involving Unicode characters.
+This patch does not make use of this new infrastructure yet.
+
+	PR preprocessor/103026
+
+gcc/c-family/ChangeLog:
+
+	* c.opt (Wbidi-chars, Wbidi-chars=): New option.
+
+gcc/ChangeLog:
+
+	* doc/invoke.texi: Document -Wbidi-chars.
+
+libcpp/ChangeLog:
+
+	* include/cpplib.h (enum cpp_bidirectional_level): New.
+	(struct cpp_options): Add cpp_warn_bidirectional.
+	(enum cpp_warning_reason): Add CPP_W_BIDIRECTIONAL.
+	* internal.h (struct cpp_reader): Add warn_bidi_p member
+	function.
+	* init.c (cpp_create_reader): Set cpp_warn_bidirectional.
+	* lex.c (bidi): New namespace.
+	(get_bidi_utf8): New function.
+	(get_bidi_ucn): Likewise.
+	(maybe_warn_bidi_on_close): Likewise.
+	(maybe_warn_bidi_on_char): Likewise.
+	(_cpp_skip_block_comment): Implement warning about bidirectional
+	control characters.
+	(skip_line_comment): Likewise.
+	(forms_identifier_p): Likewise.
+	(lex_identifier): Likewise.
+	(lex_string): Likewise.
+	(lex_raw_string): Likewise.
+
+gcc/testsuite/ChangeLog:
+
+	* c-c++-common/Wbidi-chars-1.c: New test.
+	* c-c++-common/Wbidi-chars-2.c: New test.
+	* c-c++-common/Wbidi-chars-3.c: New test.
+	* c-c++-common/Wbidi-chars-4.c: New test.
+	* c-c++-common/Wbidi-chars-5.c: New test.
+	* c-c++-common/Wbidi-chars-6.c: New test.
+	* c-c++-common/Wbidi-chars-7.c: New test.
+	* c-c++-common/Wbidi-chars-8.c: New test.
+	* c-c++-common/Wbidi-chars-9.c: New test.
+	* c-c++-common/Wbidi-chars-10.c: New test.
+	* c-c++-common/Wbidi-chars-11.c: New test.
+	* c-c++-common/Wbidi-chars-12.c: New test.
+	* c-c++-common/Wbidi-chars-13.c: New test.
+	* c-c++-common/Wbidi-chars-14.c: New test.
+	* c-c++-common/Wbidi-chars-15.c: New test.
+	* c-c++-common/Wbidi-chars-16.c: New test.
+	* c-c++-common/Wbidi-chars-17.c: New test.
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=51c500269bf53749b107807d84271385fad35628]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/c-family/c.opt                          |  24 ++
+ gcc/doc/invoke.texi                         |  21 +-
+ gcc/testsuite/c-c++-common/Wbidi-chars-1.c  |  12 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-10.c |  27 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-11.c |  13 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-12.c |  19 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-13.c |  17 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-14.c |  38 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-15.c |  59 +++
+ gcc/testsuite/c-c++-common/Wbidi-chars-16.c |  26 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-17.c |  30 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-2.c  |   9 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-3.c  |  11 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-4.c  | 188 +++++++++
+ gcc/testsuite/c-c++-common/Wbidi-chars-5.c  | 188 +++++++++
+ gcc/testsuite/c-c++-common/Wbidi-chars-6.c  | 155 ++++++++
+ gcc/testsuite/c-c++-common/Wbidi-chars-7.c  |   9 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-8.c  |  13 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-9.c  |  29 ++
+ libcpp/include/cpplib.h                     |  18 +-
+ libcpp/init.c                               |   1 +
+ libcpp/internal.h                           |   7 +
+ libcpp/lex.c                                | 408 +++++++++++++++++++-
+ 23 files changed, 1315 insertions(+), 7 deletions(-)
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-1.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-10.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-11.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-12.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-13.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-14.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-15.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-16.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-17.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-2.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-3.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-4.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-5.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-6.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-7.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-8.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-9.c
+
+diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
+index 8a4cd634f77..3976fc368db 100644
+--- a/gcc/c-family/c.opt
++++ b/gcc/c-family/c.opt
+@@ -370,6 +370,30 @@ Wbad-function-cast
+ C ObjC Var(warn_bad_function_cast) Warning
+ Warn about casting functions to incompatible types.
+ 
++Wbidi-chars
++C ObjC C++ ObjC++ Warning Alias(Wbidi-chars=,any,none)
++;
++
++Wbidi-chars=
++C ObjC C++ ObjC++ RejectNegative Joined Warning CPP(cpp_warn_bidirectional) CppReason(CPP_W_BIDIRECTIONAL) Var(warn_bidirectional) Init(bidirectional_unpaired) Enum(cpp_bidirectional_level)
++-Wbidi-chars=[none|unpaired|any] Warn about UTF-8 bidirectional control characters.
++
++; Required for these enum values.
++SourceInclude
++cpplib.h
++
++Enum
++Name(cpp_bidirectional_level) Type(int) UnknownError(argument %qs to %<-Wbidi-chars%> not recognized)
++
++EnumValue
++Enum(cpp_bidirectional_level) String(none) Value(bidirectional_none)
++
++EnumValue
++Enum(cpp_bidirectional_level) String(unpaired) Value(bidirectional_unpaired)
++
++EnumValue
++Enum(cpp_bidirectional_level) String(any) Value(bidirectional_any)
++
+ Wbool-compare
+ C ObjC C++ ObjC++ Var(warn_bool_compare) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall)
+ Warn about boolean expression compared with an integer value different from true/false.
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index 6070288856c..a22758d18ee 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -326,7 +326,9 @@ Objective-C and Objective-C++ Dialects}.
+ -Warith-conversion @gol
+ -Warray-bounds  -Warray-bounds=@var{n} @gol
+ -Wno-attributes  -Wattribute-alias=@var{n} -Wno-attribute-alias @gol
+--Wno-attribute-warning  -Wbool-compare  -Wbool-operation @gol
++-Wno-attribute-warning  @gol
++-Wbidi-chars=@r{[}none@r{|}unpaired@r{|}any@r{]} @gol
++-Wbool-compare  -Wbool-operation @gol
+ -Wno-builtin-declaration-mismatch @gol
+ -Wno-builtin-macro-redefined  -Wc90-c99-compat  -Wc99-c11-compat @gol
+ -Wc11-c2x-compat @gol
+@@ -7559,6 +7561,23 @@ Attributes considered include @code{allo
+ This is the default.  You can disable these warnings with either
+ @option{-Wno-attribute-alias} or @option{-Wattribute-alias=0}.
+ 
++@item -Wbidi-chars=@r{[}none@r{|}unpaired@r{|}any@r{]}
++@opindex Wbidi-chars=
++@opindex Wbidi-chars
++@opindex Wno-bidi-chars
++Warn about possibly misleading UTF-8 bidirectional control characters in
++comments, string literals, character constants, and identifiers.  Such
++characters can change left-to-right writing direction into right-to-left
++(and vice versa), which can cause confusion between the logical order and
++visual order.  This may be dangerous; for instance, it may seem that a piece
++of code is not commented out, whereas it in fact is.
++
++There are three levels of warning supported by GCC@.  The default is
++@option{-Wbidi-chars=unpaired}, which warns about improperly terminated
++bidi contexts.  @option{-Wbidi-chars=none} turns the warning off.
++@option{-Wbidi-chars=any} warns about any use of bidirectional control
++characters.
++
+ @item -Wbool-compare
+ @opindex Wno-bool-compare
+ @opindex Wbool-compare
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-10.c b/gcc/testsuite/c-c++-common/Wbidi-chars-10.c
+new file mode 100644
+index 00000000000..34f5ac19271
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-10.c
+@@ -0,0 +1,27 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* More nesting testing.  */
++
++/* RLEâ« LRIâ¦ PDFâ¬ PDIâ©*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int LRE_\u202a_PDF_\u202c;
++int LRE_\u202a_PDF_\u202c_LRE_\u202a_PDF_\u202c;
++int LRE_\u202a_LRI_\u2066_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLE_\u202b_RLI_\u2067_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLE_\u202b_RLI_\u2067_PDI_\u2069_PDF_\u202c;
++int FSI_\u2068_LRO_\u202d_PDI_\u2069_PDF_\u202c;
++int FSI_\u2068;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int FSI_\u2068_PDI_\u2069;
++int FSI_\u2068_FSI_\u2068_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069;
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDF_\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_FSI_\u2068_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-11.c b/gcc/testsuite/c-c++-common/Wbidi-chars-11.c
+new file mode 100644
+index 00000000000..270ce2368a9
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-11.c
+@@ -0,0 +1,13 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test that we warn when mixing UCN and UTF-8.  */
++
++int LRE_âª_PDF_\u202c;
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++int LRE_\u202a_PDF_â¬_;
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++const char *s1 = "LRE_âª_PDF_\u202c";
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++const char *s2 = "LRE_\u202a_PDF_â¬";
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-12.c b/gcc/testsuite/c-c++-common/Wbidi-chars-12.c
+new file mode 100644
+index 00000000000..b07eec1da91
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-12.c
+@@ -0,0 +1,19 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile { target { c || c++11 } } } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test raw strings.  */
++
++const char *s1 = R"(a b c LREâª 1 2 3 PDFâ¬ x y z)";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++const char *s2 = R"(a b c RLEâ« 1 2 3 PDFâ¬ x y z)";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++const char *s3 = R"(a b c LROâ 1 2 3 PDFâ¬ x y z)";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++const char *s4 = R"(a b c RLOâ® 1 2 3 PDFâ¬ x y z)";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++const char *s7 = R"(a b c FSIâ¨ 1 2 3 PDIâ© x y) z";
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++const char *s8 = R"(a b c PDIâ© x y )z";
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++const char *s9 = R"(a b c PDFâ¬ x y z)";
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
+diff -uprN '-x*.orig' '-x*.rej' del/gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c
+--- del/gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c	1969-12-31 16:00:00.000000000 -0800
++++ gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c	2021-12-13 23:11:22.328439287 -0800
+@@ -0,0 +1,17 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile { target { c || c++11 } } } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test raw strings.  */
++
++const char *s1 = R"(a b c LREâª 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s2 = R"(a b c RLEâ« 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s3 = R"(a b c LROâ 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s4 = R"(a b c FSIâ¨ 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s5 = R"(a b c LRIâ¦ 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s6 = R"(a b c RLIâ§ 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-14.c b/gcc/testsuite/c-c++-common/Wbidi-chars-14.c
+new file mode 100644
+index 00000000000..ba5f75d9553
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-14.c
+@@ -0,0 +1,38 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test PDI handling, which also pops any subsequent LREs, RLEs, LROs,
++   or RLOs.  */
++
++/* LRI_â¦_LRI_â¦_RLE_â«_RLE_â«_RLE_â«_PDI_â©*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// LRI_â¦_RLE_â«_RLE_â«_RLE_â«_PDI_â©
++// LRI_â¦_RLO_â®_RLE_â«_RLE_â«_PDI_â©
++// LRI_â¦_RLO_â®_RLE_â«_PDI_â©
++// FSI_â¨_RLO_â®_PDI_â©
++// FSI_â¨_FSI_â¨_RLO_â®_PDI_â©
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++int LRI_\u2066_LRI_\u2066_LRE_\u202a_LRE_\u202a_LRE_\u202a_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int LRI_\u2066_LRI_\u2066_LRE_\u202a_LRE_\u202a_LRE_\u202a_PDI_\u2069_PDI_\u2069;
++int LRI_\u2066_LRI_\u2066_LRI_\u2066_LRE_\u202a_LRE_\u202a_LRE_\u202a_PDI_\u2069_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int PDI_\u2069;
++int LRI_\u2066_PDI_\u2069;
++int RLI_\u2067_PDI_\u2069;
++int LRE_\u202a_LRI_\u2066_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int LRI_\u2066_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++int LRI_\u2066_LRE_\u202a_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++int RLI_\u2067_LRI_\u2066_LRE_\u202a_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int FSI_\u2068_LRI_\u2066_LRE_\u202a_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLO_\u202e_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_PDI_\u2069_RLI_\u2067;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int FSI_\u2068_PDF_\u202c_PDI_\u2069;
++int FSI_\u2068_FSI_\u2068_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-15.c b/gcc/testsuite/c-c++-common/Wbidi-chars-15.c
+new file mode 100644
+index 00000000000..a0ce8ff5e2c
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-15.c
+@@ -0,0 +1,59 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test unpaired bidi control chars in multiline comments.  */
++
++/*
++ * LREâª end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * RLEâ« end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * LROâ end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * RLOâ® end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * LRIâ¦ end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * RLIâ§ end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * FSIâ¨ end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/* LREâª
++   PDFâ¬ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/* FSIâ¨
++   PDIâ© */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++
++/* LRE<âª>
++ *
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-3 } */
++
++/*
++ * LRE<âª>
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++
++/*
++ *
++ * LRE<âª> */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++/* RLI<â§> */ /* PDI<â©> */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRE<âª> */ /* PDF<â¬> */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-16.c b/gcc/testsuite/c-c++-common/Wbidi-chars-16.c
+new file mode 100644
+index 00000000000..baa0159861c
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-16.c
+@@ -0,0 +1,26 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test LTR/RTL chars.  */
++
++/* LTR<â> */
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++// LTR<â>
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++/* RTL<â> */
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++// RTL<â>
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++
++const char *s1 = "LTR<â>";
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++const char *s2 = "LTR\u200e";
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++const char *s3 = "LTR\u200E";
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++const char *s4 = "RTL<â>";
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++const char *s5 = "RTL\u200f";
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++const char *s6 = "RTL\u200F";
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-17.c b/gcc/testsuite/c-c++-common/Wbidi-chars-17.c
+new file mode 100644
+index 00000000000..07cb4321f96
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-17.c
+@@ -0,0 +1,30 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test LTR/RTL chars.  */
++
++/* LTR<â> */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// LTR<â>
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* RTL<â> */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// RTL<â>
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int ltr_\u200e;
++/* { dg-error "universal character " "" { target *-*-* } .-1 } */
++int rtl_\u200f;
++/* { dg-error "universal character " "" { target *-*-* } .-1 } */
++
++const char *s1 = "LTR<â>";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s2 = "LTR\u200e";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s3 = "LTR\u200E";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s4 = "RTL<â>";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s5 = "RTL\u200f";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s6 = "RTL\u200F";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-1.c b/gcc/testsuite/c-c++-common/Wbidi-chars-1.c
+new file mode 100644
+index 00000000000..2340374f276
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-1.c
+@@ -0,0 +1,12 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++
++int main() {
++    int isAdmin = 0;
++    /*â® } â¦if (isAdmin)â© â¦ begin admins only */
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++        __builtin_printf("You are an admin.\n");
++    /* end admins only â® { â¦*/
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++    return 0;
++}
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-2.c b/gcc/testsuite/c-c++-common/Wbidi-chars-2.c
+new file mode 100644
+index 00000000000..2340374f276
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-2.c
+@@ -0,0 +1,9 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++
++int main() {
++    /* Say hello; newlineâ§/*/ return 0 ;
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++    __builtin_printf("Hello world.\n");
++    return 0;
++}
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-3.c b/gcc/testsuite/c-c++-common/Wbidi-chars-3.c
+new file mode 100644
+index 00000000000..9dc7edb6e64
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-3.c
+@@ -0,0 +1,11 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++
++int main() {
++    const char* access_level = "user";
++    if (__builtin_strcmp(access_level, "userâ® â¦// Check if adminâ© â¦")) {
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++        __builtin_printf("You are an admin.\n");
++    }
++    return 0;
++}
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-4.c b/gcc/testsuite/c-c++-common/Wbidi-chars-4.c
+new file mode 100644
+index 00000000000..639e5c62e88
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-4.c
+@@ -0,0 +1,188 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any -Wno-multichar -Wno-overflow" } */
++/* Test all bidi chars in various contexts (identifiers, comments,
++   string literals, character constants), both UCN and UTF-8.  The bidi
++   chars here are properly terminated, except for the character constants.  */
++
++/* a b c LREâª 1 2 3 PDFâ¬ x y z */
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++/* a b c RLEâ« 1 2 3 PDFâ¬ x y z */
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++/* a b c LROâ 1 2 3 PDFâ¬ x y z */
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++/* a b c RLOâ® 1 2 3 PDFâ¬ x y z */
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++/* a b c LRIâ¦ 1 2 3 PDIâ© x y z */
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++/* a b c RLIâ§ 1 2 3 PDIâ© x y */
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++/* a b c FSIâ¨ 1 2 3 PDIâ© x y z */
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++
++/* Same but C++ comments instead.  */
++// a b c LREâª 1 2 3 PDFâ¬ x y z
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++// a b c RLEâ« 1 2 3 PDFâ¬ x y z
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++// a b c LROâ 1 2 3 PDFâ¬ x y z
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++// a b c RLOâ® 1 2 3 PDFâ¬ x y z
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++// a b c LRIâ¦ 1 2 3 PDIâ© x y z
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++// a b c RLIâ§ 1 2 3 PDIâ© x y
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++// a b c FSIâ¨ 1 2 3 PDIâ© x y z
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++
++/* Here we're closing an unopened context, warn when =any.  */
++/* a b c PDIâ© x y z */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++/* a b c PDFâ¬ x y z */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++// a b c PDIâ© x y z
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++// a b c PDFâ¬ x y z
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++/* Multiline comments.  */
++/* a b c PDIâ© x y z
++   */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-2 } */
++/* a b c PDFâ¬ x y z
++   */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-2 } */
++/* first
++   a b c PDIâ© x y z
++   */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-2 } */
++/* first
++   a b c PDFâ¬ x y z
++   */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-2 } */
++/* first
++   a b c PDIâ© x y z */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++/* first
++   a b c PDFâ¬ x y z */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++void
++g1 ()
++{
++  const char *s1 = "a b c LREâª 1 2 3 PDFâ¬ x y z";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++  const char *s2 = "a b c RLEâ« 1 2 3 PDFâ¬ x y z";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++  const char *s3 = "a b c LROâ 1 2 3 PDFâ¬ x y z";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++  const char *s4 = "a b c RLOâ® 1 2 3 PDFâ¬ x y z";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++  const char *s5 = "a b c LRIâ¦ 1 2 3 PDIâ© x y z";
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++  const char *s6 = "a b c RLIâ§ 1 2 3 PDIâ© x y z";
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++  const char *s7 = "a b c FSIâ¨ 1 2 3 PDIâ© x y z";
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++  const char *s8 = "a b c PDIâ© x y z";
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++  const char *s9 = "a b c PDFâ¬ x y z";
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++  const char *s10 = "a b c LRE\u202a 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++  const char *s11 = "a b c LRE\u202A 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++  const char *s12 = "a b c RLE\u202b 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++  const char *s13 = "a b c RLE\u202B 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++  const char *s14 = "a b c LRO\u202d 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++  const char *s15 = "a b c LRO\u202D 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++  const char *s16 = "a b c RLO\u202e 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++  const char *s17 = "a b c RLO\u202E 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++  const char *s18 = "a b c LRI\u2066 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++  const char *s19 = "a b c RLI\u2067 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++  const char *s20 = "a b c FSI\u2068 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++}
++
++void
++g2 ()
++{
++  const char c1 = '\u202a';
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++  const char c2 = '\u202A';
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++  const char c3 = '\u202b';
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++  const char c4 = '\u202B';
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++  const char c5 = '\u202d';
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++  const char c6 = '\u202D';
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++  const char c7 = '\u202e';
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++  const char c8 = '\u202E';
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++  const char c9 = '\u2066';
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++  const char c10 = '\u2067';
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++  const char c11 = '\u2068';
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++}
++
++int aâªbâ¬c;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int aâ«bâ¬c;
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++int aâbâ¬c;
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++int aâ®bâ¬c;
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++int aâ¦bâ©c;
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++int aâ§bâ©c;
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++int aâ¨bâ©c;
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++int Aâ¬X;
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++int A\u202cY;
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++int A\u202CY2;
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++int d\u202ae\u202cf;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int d\u202Ae\u202cf2;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int d\u202be\u202cf;
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++int d\u202Be\u202cf2;
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++int d\u202de\u202cf;
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++int d\u202De\u202cf2;
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++int d\u202ee\u202cf;
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++int d\u202Ee\u202cf2;
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++int d\u2066e\u2069f;
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++int d\u2067e\u2069f;
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++int d\u2068e\u2069f;
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++int X\u2069;
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-5.c b/gcc/testsuite/c-c++-common/Wbidi-chars-5.c
+new file mode 100644
+index 00000000000..68cb053144b
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-5.c
+@@ -0,0 +1,188 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired -Wno-multichar -Wno-overflow" } */
++/* Test all bidi chars in various contexts (identifiers, comments,
++   string literals, character constants), both UCN and UTF-8.  The bidi
++   chars here are properly terminated, except for the character constants.  */
++
++/* a b c LREâª 1 2 3 PDFâ¬ x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLEâ« 1 2 3 PDFâ¬ x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LROâ 1 2 3 PDFâ¬ x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLOâ® 1 2 3 PDFâ¬ x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LRIâ¦ 1 2 3 PDIâ© x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLIâ§ 1 2 3 PDIâ© x y */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c FSIâ¨ 1 2 3 PDIâ© x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++/* Same but C++ comments instead.  */
++// a b c LREâª 1 2 3 PDFâ¬ x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLEâ« 1 2 3 PDFâ¬ x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c LROâ 1 2 3 PDFâ¬ x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLOâ® 1 2 3 PDFâ¬ x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c LRIâ¦ 1 2 3 PDIâ© x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLIâ§ 1 2 3 PDIâ© x y
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c FSIâ¨ 1 2 3 PDIâ© x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++/* Here we're closing an unopened context, warn when =any.  */
++/* a b c PDIâ© x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c PDFâ¬ x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c PDIâ© x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c PDFâ¬ x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++/* Multiline comments.  */
++/* a b c PDIâ© x y z
++   */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* a b c PDFâ¬ x y z
++   */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* first
++   a b c PDIâ© x y z
++   */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* first
++   a b c PDFâ¬ x y z
++   */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* first
++   a b c PDIâ© x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* first
++   a b c PDFâ¬ x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++void
++g1 ()
++{
++  const char *s1 = "a b c LREâª 1 2 3 PDFâ¬ x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s2 = "a b c RLEâ« 1 2 3 PDFâ¬ x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s3 = "a b c LROâ 1 2 3 PDFâ¬ x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s4 = "a b c RLOâ® 1 2 3 PDFâ¬ x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s5 = "a b c LRIâ¦ 1 2 3 PDIâ© x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s6 = "a b c RLIâ§ 1 2 3 PDIâ© x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s7 = "a b c FSIâ¨ 1 2 3 PDIâ© x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s8 = "a b c PDIâ© x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s9 = "a b c PDFâ¬ x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++  const char *s10 = "a b c LRE\u202a 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s11 = "a b c LRE\u202A 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s12 = "a b c RLE\u202b 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s13 = "a b c RLE\u202B 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s14 = "a b c LRO\u202d 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s15 = "a b c LRO\u202D 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s16 = "a b c RLO\u202e 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s17 = "a b c RLO\u202E 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s18 = "a b c LRI\u2066 1 2 3 PDI\u2069 x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s19 = "a b c RLI\u2067 1 2 3 PDI\u2069 x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++  const char *s20 = "a b c FSI\u2068 1 2 3 PDI\u2069 x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++}
++
++void
++g2 ()
++{
++  const char c1 = '\u202a';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c2 = '\u202A';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c3 = '\u202b';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c4 = '\u202B';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c5 = '\u202d';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c6 = '\u202D';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c7 = '\u202e';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c8 = '\u202E';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c9 = '\u2066';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c10 = '\u2067';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char c11 = '\u2068';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++}
++
++int aâªbâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ«bâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâbâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ®bâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ¦bâ©c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ§bâ©c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ¨bâ©c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int Aâ¬X;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int A\u202cY;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int A\u202CY2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++int d\u202ae\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202Ae\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202be\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202Be\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202de\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202De\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202ee\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202Ee\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u2066e\u2069f;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u2067e\u2069f;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u2068e\u2069f;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int X\u2069;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-6.c b/gcc/testsuite/c-c++-common/Wbidi-chars-6.c
+new file mode 100644
+index 00000000000..0ce6fff2dee
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-6.c
+@@ -0,0 +1,155 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test nesting of bidi chars in various contexts.  */
++
++/* Terminated by the wrong char:  */
++/* a b c LREâª 1 2 3 PDIâ© x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLEâ« 1 2 3 PDIâ© x y  z*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LROâ 1 2 3 PDIâ© x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLOâ® 1 2 3 PDIâ© x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LRIâ¦ 1 2 3 PDFâ¬ x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLIâ§ 1 2 3 PDFâ¬ x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c FSIâ¨ 1 2 3 PDFâ¬ x y  z*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++/* LREâª PDFâ¬ */
++/* LREâª LREâª PDFâ¬ PDFâ¬ */
++/* PDFâ¬ LREâª PDFâ¬ */
++/* LREâª PDFâ¬ LREâª PDFâ¬ */
++/* LREâª LREâª PDFâ¬ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* PDFâ¬ LREâª */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++// a b c LREâª 1 2 3 PDIâ© x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLEâ« 1 2 3 PDIâ© x y  z*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c LROâ 1 2 3 PDIâ© x y z 
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLOâ® 1 2 3 PDIâ© x y z 
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c LRIâ¦ 1 2 3 PDFâ¬ x y z 
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLIâ§ 1 2 3 PDFâ¬ x y z 
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c FSIâ¨ 1 2 3 PDFâ¬ x y  z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++// LREâª PDFâ¬ 
++// LREâª LREâª PDFâ¬ PDFâ¬
++// PDFâ¬ LREâª PDFâ¬
++// LREâª PDFâ¬ LREâª PDFâ¬
++// LREâª LREâª PDFâ¬
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// PDFâ¬ LREâª
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++void
++g1 ()
++{
++  const char *s1 = "a b c LREâª 1 2 3 PDIâ© x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s2 = "a b c LRE\u202a 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s3 = "a b c RLEâ« 1 2 3 PDIâ© x y ";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s4 = "a b c RLE\u202b 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s5 = "a b c LROâ 1 2 3 PDIâ© x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s6 = "a b c LRO\u202d 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s7 = "a b c RLOâ® 1 2 3 PDIâ© x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s8 = "a b c RLO\u202e 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s9 = "a b c LRIâ¦ 1 2 3 PDFâ¬ x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s10 = "a b c LRI\u2066 1 2 3 PDF\u202c x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s11 = "a b c RLIâ§ 1 2 3 PDFâ¬ x y z\
++    ";
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++  const char *s12 = "a b c RLI\u2067 1 2 3 PDF\u202c x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s13 = "a b c FSIâ¨ 1 2 3 PDFâ¬ x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s14 = "a b c FSI\u2068 1 2 3 PDF\u202c x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s15 = "PDFâ¬ LREâª";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s16 = "PDF\u202c LRE\u202a";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s17 = "LREâª PDFâ¬";
++  const char *s18 = "LRE\u202a PDF\u202c";
++  const char *s19 = "LREâª LREâª PDFâ¬ PDFâ¬";
++  const char *s20 = "LRE\u202a LRE\u202a PDF\u202c PDF\u202c";
++  const char *s21 = "PDFâ¬ LREâª PDFâ¬";
++  const char *s22 = "PDF\u202c LRE\u202a PDF\u202c";
++  const char *s23 = "LREâª LREâª PDFâ¬";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s24 = "LRE\u202a LRE\u202a PDF\u202c";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s25 = "PDFâ¬ LREâª";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s26 = "PDF\u202c LRE\u202a";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s27 = "PDFâ¬ LRE\u202a";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++  const char *s28 = "PDF\u202c LREâª";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++}
++
++int aLREâªbPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int A\u202aB\u2069C;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aRLEâ«bPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u202bB\u2069c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aLROâbPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u202db\u2069c2;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aRLOâ®bPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u202eb\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aLRIâ¦bPDFâ¬;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u2066b\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aRLIâ§bPDFâ¬c
++;
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++int a\u2067b\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aFSIâ¨bPDFâ¬;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u2068b\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aFSIâ¨bPD\u202C;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aFSI\u2068bPDFâ¬_;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aLREâªbPDFâ¬b; 
++int A\u202aB\u202c;
++int a_LREâª_LREâª_b_PDFâ¬_PDFâ¬;
++int A\u202aA\u202aB\u202cB\u202c;
++int aPDFâ¬bLREadPDFâ¬;
++int a_\u202C_\u202a_\u202c;
++int a_LREâª_b_PDFâ¬_c_LREâª_PDFâ¬;
++int a_\u202a_\u202c_\u202a_\u202c_;
++int a_LREâª_b_PDFâ¬_c_LREâª;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a_\u202a_\u202c_\u202a_;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-7.c b/gcc/testsuite/c-c++-common/Wbidi-chars-7.c
+new file mode 100644
+index 00000000000..d012d420ec0
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-7.c
+@@ -0,0 +1,9 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test we ignore UCNs in comments.  */
++
++// a b c \u202a 1 2 3
++// a b c \u202A 1 2 3
++/* a b c \u202a 1 2 3 */
++/* a b c \u202A 1 2 3 */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-8.c b/gcc/testsuite/c-c++-common/Wbidi-chars-8.c
+new file mode 100644
+index 00000000000..4f54c5092ec
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-8.c
+@@ -0,0 +1,13 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test \u vs \U.  */
++
++int a_\u202A;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int a_\u202a_2;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int a_\U0000202A_3;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int a_\U0000202a_4;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-9.c b/gcc/testsuite/c-c++-common/Wbidi-chars-9.c
+new file mode 100644
+index 00000000000..e2af1b1ca97
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-9.c
+@@ -0,0 +1,29 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test that we properly separate bidi contexts (comment/identifier/character
++   constant/string literal).  */
++
++/* LRE ->âª<- */ int pdf_\u202c_1;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* RLE ->â«<- */ int pdf_\u202c_2;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRO ->â<- */ int pdf_\u202c_3;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* RLO ->â®<- */ int pdf_\u202c_4;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRI ->â¦<-*/ int pdi_\u2069_1;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* RLI ->â§<- */ int pdi_\u2069_12;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* FSI ->â¨<- */ int pdi_\u2069_3;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++const char *s1 = "LRE\u202a"; /* PDF ->â¬<- */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRE ->âª<- */ const char *s2 = "PDF\u202c";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s3 = "LRE\u202a"; int pdf_\u202c_5;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int lre_\u202a; const char *s4 = "PDF\u202c";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 176f8c5bbce..112b9c24751 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -318,6 +318,17 @@ enum cpp_main_search
+   CMS_system,  /* Search the system INCLUDE path.  */
+ };
+ 
++/* The possible bidirectional control characters checking levels, from least
++   restrictive to most.  */
++enum cpp_bidirectional_level {
++  /* No checking.  */
++  bidirectional_none,
++  /* Only detect unpaired uses of bidirectional control characters.  */
++  bidirectional_unpaired,
++  /* Detect any use of bidirectional control characters.  */
++  bidirectional_any
++};
++
+ /* This structure is nested inside struct cpp_reader, and
+    carries all the options visible to the command line.  */
+ struct cpp_options
+@@ -531,6 +542,10 @@ struct cpp_options
+   /* True if warn about differences between C++98 and C++11.  */
+   bool cpp_warn_cxx11_compat;
+ 
++  /* Nonzero if bidirectional control characters checking is on.  See enum
++     cpp_bidirectional_level.  */
++  unsigned char cpp_warn_bidirectional;
++
+   /* Dependency generation.  */
+   struct
+   {
+@@ -635,7 +650,8 @@ enum cpp_warning_reason {
+   CPP_W_C90_C99_COMPAT,
+   CPP_W_C11_C2X_COMPAT,
+   CPP_W_CXX11_COMPAT,
+-  CPP_W_EXPANSION_TO_DEFINED
++  CPP_W_EXPANSION_TO_DEFINED,
++  CPP_W_BIDIRECTIONAL
+ };
+ 
+ /* Callback for header lookup for HEADER, which is the name of a
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 5a424e23553..f9a8f5f088f 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -219,6 +219,7 @@ cpp_create_reader (enum c_lang lang, cpp
+       = ENABLE_CANONICAL_SYSTEM_HEADERS;
+   CPP_OPTION (pfile, ext_numeric_literals) = 1;
+   CPP_OPTION (pfile, warn_date_time) = 0;
++  CPP_OPTION (pfile, cpp_warn_bidirectional) = bidirectional_unpaired;
+ 
+   /* Default CPP arithmetic to something sensible for the host for the
+      benefit of dumb users like fix-header.  */
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 8577cab6c83..0ce0246c5a2 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -597,6 +597,13 @@ struct cpp_reader
+   /* Location identifying the main source file -- intended to be line
+      zero of said file.  */
+   location_t main_loc;
++
++  /* Returns true iff we should warn about UTF-8 bidirectional control
++     characters.  */
++  bool warn_bidi_p () const
++  {
++    return CPP_OPTION (this, cpp_warn_bidirectional) != bidirectional_none;
++  }
+ };
+ 
+ /* Character classes.  Based on the more primitive macros in safe-ctype.h.
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index fa2253d41c3..6a4fbce6030 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -1164,6 +1164,324 @@ _cpp_process_line_notes (cpp_reader *pfi
+     }
+ }
+ 
++namespace bidi {
++  enum class kind {
++    NONE, LRE, RLE, LRO, RLO, LRI, RLI, FSI, PDF, PDI, LTR, RTL
++  };
++
++  /* All the UTF-8 encodings of bidi characters start with E2.  */
++  constexpr uchar utf8_start = 0xe2;
++
++  /* A vector holding currently open bidi contexts.  We use a char for
++     each context, its LSB is 1 if it represents a PDF context, 0 if it
++     represents a PDI context.  The next bit is 1 if this context was open
++     by a bidi character written as a UCN, and 0 when it was UTF-8.  */
++  semi_embedded_vec <unsigned char, 16> vec;
++
++  /* Close the whole comment/identifier/string literal/character constant
++     context.  */
++  void on_close ()
++  {
++    vec.truncate (0);
++  }
++
++  /* Pop the last element in the vector.  */
++  void pop ()
++  {
++    unsigned int len = vec.count ();
++    gcc_checking_assert (len > 0);
++    vec.truncate (len - 1);
++  }
++
++  /* Return the context of the Ith element.  */
++  kind ctx_at (unsigned int i)
++  {
++    return (vec[i] & 1) ? kind::PDF : kind::PDI;
++  }
++
++  /* Return which context is currently opened.  */
++  kind current_ctx ()
++  {
++    unsigned int len = vec.count ();
++    if (len == 0)
++      return kind::NONE;
++    return ctx_at (len - 1);
++  }
++
++  /* Return true if the current context comes from a UCN origin, that is,
++     the bidi char which started this bidi context was written as a UCN.  */
++  bool current_ctx_ucn_p ()
++  {
++    unsigned int len = vec.count ();
++    gcc_checking_assert (len > 0);
++    return (vec[len - 1] >> 1) & 1;
++  }
++
++  /* We've read a bidi char, update the current vector as necessary.  */
++  void on_char (kind k, bool ucn_p)
++  {
++    switch (k)
++      {
++      case kind::LRE:
++      case kind::RLE:
++      case kind::LRO:
++      case kind::RLO:
++	vec.push (ucn_p ? 3u : 1u);
++	break;
++      case kind::LRI:
++      case kind::RLI:
++      case kind::FSI:
++	vec.push (ucn_p ? 2u : 0u);
++	break;
++      /* PDF terminates the scope of the last LRE, RLE, LRO, or RLO
++	 whose scope has not yet been terminated.  */
++      case kind::PDF:
++	if (current_ctx () == kind::PDF)
++	  pop ();
++	break;
++      /* PDI terminates the scope of the last LRI, RLI, or FSI whose
++	 scope has not yet been terminated, as well as the scopes of
++	 any subsequent LREs, RLEs, LROs, or RLOs whose scopes have not
++	 yet been terminated.  */
++      case kind::PDI:
++	for (int i = vec.count () - 1; i >= 0; --i)
++	  if (ctx_at (i) == kind::PDI)
++	    {
++	      vec.truncate (i);
++	      break;
++	    }
++	break;
++      case kind::LTR:
++      case kind::RTL:
++	/* These aren't popped by a PDF/PDI.  */
++	break;
++      [[likely]] case kind::NONE:
++	break;
++      default:
++	abort ();
++      }
++  }
++
++  /* Return a descriptive string for K.  */
++  const char *to_str (kind k)
++  {
++    switch (k)
++      {
++      case kind::LRE:
++	return "U+202A (LEFT-TO-RIGHT EMBEDDING)";
++      case kind::RLE:
++	return "U+202B (RIGHT-TO-LEFT EMBEDDING)";
++      case kind::LRO:
++	return "U+202D (LEFT-TO-RIGHT OVERRIDE)";
++      case kind::RLO:
++	return "U+202E (RIGHT-TO-LEFT OVERRIDE)";
++      case kind::LRI:
++	return "U+2066 (LEFT-TO-RIGHT ISOLATE)";
++      case kind::RLI:
++	return "U+2067 (RIGHT-TO-LEFT ISOLATE)";
++      case kind::FSI:
++	return "U+2068 (FIRST STRONG ISOLATE)";
++      case kind::PDF:
++	return "U+202C (POP DIRECTIONAL FORMATTING)";
++      case kind::PDI:
++	return "U+2069 (POP DIRECTIONAL ISOLATE)";
++      case kind::LTR:
++	return "U+200E (LEFT-TO-RIGHT MARK)";
++      case kind::RTL:
++	return "U+200F (RIGHT-TO-LEFT MARK)";
++      default:
++	abort ();
++      }
++  }
++}
++
++/* Parse a sequence of 3 bytes starting with P and return its bidi code.  */
++
++static bidi::kind
++get_bidi_utf8 (const unsigned char *const p)
++{
++  gcc_checking_assert (p[0] == bidi::utf8_start);
++
++  if (p[1] == 0x80)
++    switch (p[2])
++      {
++      case 0xaa:
++	return bidi::kind::LRE;
++      case 0xab:
++	return bidi::kind::RLE;
++      case 0xac:
++	return bidi::kind::PDF;
++      case 0xad:
++	return bidi::kind::LRO;
++      case 0xae:
++	return bidi::kind::RLO;
++      case 0x8e:
++	return bidi::kind::LTR;
++      case 0x8f:
++	return bidi::kind::RTL;
++      default:
++	break;
++      }
++  else if (p[1] == 0x81)
++    switch (p[2])
++      {
++      case 0xa6:
++	return bidi::kind::LRI;
++      case 0xa7:
++	return bidi::kind::RLI;
++      case 0xa8:
++	return bidi::kind::FSI;
++      case 0xa9:
++	return bidi::kind::PDI;
++      default:
++	break;
++      }
++
++  return bidi::kind::NONE;
++}
++
++/* Parse a UCN where P points just past \u or \U and return its bidi code.  */
++
++static bidi::kind
++get_bidi_ucn (const unsigned char *p, bool is_U)
++{
++  /* 6.4.3 Universal Character Names
++      \u hex-quad
++      \U hex-quad hex-quad
++     where \unnnn means \U0000nnnn.  */
++
++  if (is_U)
++    {
++      if (p[0] != '0' || p[1] != '0' || p[2] != '0' || p[3] != '0')
++	return bidi::kind::NONE;
++      /* Skip 4B so we can treat \u and \U the same below.  */
++      p += 4;
++    }
++
++  /* All code points we are looking for start with 20xx.  */
++  if (p[0] != '2' || p[1] != '0')
++    return bidi::kind::NONE;
++  else if (p[2] == '2')
++    switch (p[3])
++      {
++      case 'a':
++      case 'A':
++	return bidi::kind::LRE;
++      case 'b':
++      case 'B':
++	return bidi::kind::RLE;
++      case 'c':
++      case 'C':
++	return bidi::kind::PDF;
++      case 'd':
++      case 'D':
++	return bidi::kind::LRO;
++      case 'e':
++      case 'E':
++	return bidi::kind::RLO;
++      default:
++	break;
++      }
++  else if (p[2] == '6')
++    switch (p[3])
++      {
++      case '6':
++	return bidi::kind::LRI;
++      case '7':
++	return bidi::kind::RLI;
++      case '8':
++	return bidi::kind::FSI;
++      case '9':
++	return bidi::kind::PDI;
++      default:
++	break;
++      }
++  else if (p[2] == '0')
++    switch (p[3])
++      {
++      case 'e':
++      case 'E':
++	return bidi::kind::LTR;
++      case 'f':
++      case 'F':
++	return bidi::kind::RTL;
++      default:
++	break;
++      }
++
++  return bidi::kind::NONE;
++}
++
++/* We're closing a bidi context, that is, we've encountered a newline,
++   are closing a C-style comment, or are at the end of a string literal,
++   character constant, or identifier.  Warn if this context was not
++   properly terminated by a PDI or PDF.  P points to the last character
++   in this context.  */
++
++static void
++maybe_warn_bidi_on_close (cpp_reader *pfile, const uchar *p)
++{
++  if (CPP_OPTION (pfile, cpp_warn_bidirectional) == bidirectional_unpaired
++      && bidi::vec.count () > 0)
++    {
++      const location_t loc
++	= linemap_position_for_column (pfile->line_table,
++				       CPP_BUF_COLUMN (pfile->buffer, p));
++      cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++			     "unpaired UTF-8 bidirectional control character "
++			     "detected");
++    }
++  /* We're done with this context.  */
++  bidi::on_close ();
++}
++
++/* We're at the beginning or in the middle of an identifier/comment/string
++   literal/character constant.  Warn if we've encountered a bidi character.
++   KIND says which bidi character it was; P points to it in the character
++   stream.  UCN_P is true iff this bidi character was written as a UCN.  */
++
++static void
++maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
++			 bool ucn_p)
++{
++  if (__builtin_expect (kind == bidi::kind::NONE, 1))
++    return;
++
++  const auto warn_bidi = CPP_OPTION (pfile, cpp_warn_bidirectional);
++
++  if (warn_bidi != bidirectional_none)
++    {
++      const location_t loc
++	= linemap_position_for_column (pfile->line_table,
++				       CPP_BUF_COLUMN (pfile->buffer, p));
++      /* It seems excessive to warn about a PDI/PDF that is closing
++	 an opened context because we've already warned about the
++	 opening character.  Except warn when we have a UCN x UTF-8
++	 mismatch.  */
++      if (kind == bidi::current_ctx ())
++	{
++	  if (warn_bidi == bidirectional_unpaired
++	      && bidi::current_ctx_ucn_p () != ucn_p)
++	    cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++				   "UTF-8 vs UCN mismatch when closing "
++				   "a context by \"%s\"", bidi::to_str (kind));
++	}
++      else if (warn_bidi == bidirectional_any)
++	{
++	  if (kind == bidi::kind::PDF || kind == bidi::kind::PDI)
++	    cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++				   "\"%s\" is closing an unopened context",
++				   bidi::to_str (kind));
++	  else
++	    cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++				   "found problematic Unicode character \"%s\"",
++				   bidi::to_str (kind));
++	}
++    }
++  /* We're done with this context.  */
++  bidi::on_char (kind, ucn_p);
++}
++
+ /* Skip a C-style block comment.  We find the end of the comment by
+    seeing if an asterisk is before every '/' we encounter.  Returns
+    nonzero if comment terminated by EOF, zero otherwise.
+@@ -1175,6 +1493,7 @@ _cpp_skip_block_comment (cpp_reader *pfi
+   cpp_buffer *buffer = pfile->buffer;
+   const uchar *cur = buffer->cur;
+   uchar c;
++  const bool warn_bidi_p = pfile->warn_bidi_p ();
+ 
+   cur++;
+   if (*cur == '/')
+@@ -1189,7 +1508,11 @@ _cpp_skip_block_comment (cpp_reader *pfi
+       if (c == '/')
+ 	{
+ 	  if (cur[-2] == '*')
+-	    break;
++	    {
++	      if (warn_bidi_p)
++		maybe_warn_bidi_on_close (pfile, cur);
++	      break;
++	    }
+ 
+ 	  /* Warn about potential nested comments, but not if the '/'
+ 	     comes immediately before the true comment delimiter.
+@@ -1208,6 +1531,8 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ 	{
+ 	  unsigned int cols;
+ 	  buffer->cur = cur - 1;
++	  if (warn_bidi_p)
++	    maybe_warn_bidi_on_close (pfile, cur);
+ 	  _cpp_process_line_notes (pfile, true);
+ 	  if (buffer->next_line >= buffer->rlimit)
+ 	    return true;
+@@ -1218,6 +1543,13 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ 
+ 	  cur = buffer->cur;
+ 	}
++      /* If this is a beginning of a UTF-8 encoding, it might be
++	 a bidirectional control character.  */
++      else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
++	{
++	  bidi::kind kind = get_bidi_utf8 (cur - 1);
++	  maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/false);
++	}
+     }
+ 
+   buffer->cur = cur;
+@@ -1233,9 +1565,31 @@ skip_line_comment (cpp_reader *pfile)
+ {
+   cpp_buffer *buffer = pfile->buffer;
+   location_t orig_line = pfile->line_table->highest_line;
++  const bool warn_bidi_p = pfile->warn_bidi_p ();
+ 
+-  while (*buffer->cur != '\n')
+-    buffer->cur++;
++  if (!warn_bidi_p)
++    while (*buffer->cur != '\n')
++      buffer->cur++;
++  else
++    {
++      while (*buffer->cur != '\n'
++	     && *buffer->cur != bidi::utf8_start)
++	buffer->cur++;
++      if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0))
++	{
++	  while (*buffer->cur != '\n')
++	    {
++	      if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0))
++		{
++		  bidi::kind kind = get_bidi_utf8 (buffer->cur);
++		  maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
++					   /*ucn_p=*/false);
++		}
++	      buffer->cur++;
++	    }
++	  maybe_warn_bidi_on_close (pfile, buffer->cur);
++	}
++    }
+ 
+   _cpp_process_line_notes (pfile, true);
+   return orig_line != pfile->line_table->highest_line;
+@@ -1317,11 +1671,13 @@ static const cppchar_t utf8_signifier =
+ 
+ /* Returns TRUE if the sequence starting at buffer->cur is valid in
+    an identifier.  FIRST is TRUE if this starts an identifier.  */
++
+ static bool
+ forms_identifier_p (cpp_reader *pfile, int first,
+ 		    struct normalize_state *state)
+ {
+   cpp_buffer *buffer = pfile->buffer;
++  const bool warn_bidi_p = pfile->warn_bidi_p ();
+ 
+   if (*buffer->cur == '$')
+     {
+@@ -1344,6 +1700,13 @@ forms_identifier_p (cpp_reader *pfile, i
+       cppchar_t s;
+       if (*buffer->cur >= utf8_signifier)
+ 	{
++	  if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0)
++	      && warn_bidi_p)
++	    {
++	      bidi::kind kind = get_bidi_utf8 (buffer->cur);
++	      maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
++				       /*ucn_p=*/false);
++	    }
+ 	  if (_cpp_valid_utf8 (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ 			       state, &s))
+ 	    return true;
+@@ -1352,6 +1715,13 @@ forms_identifier_p (cpp_reader *pfile, i
+ 	       && (buffer->cur[1] == 'u' || buffer->cur[1] == 'U'))
+ 	{
+ 	  buffer->cur += 2;
++	  if (warn_bidi_p)
++	    {
++	      bidi::kind kind = get_bidi_ucn (buffer->cur,
++					      buffer->cur[-1] == 'U');
++	      maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
++				       /*ucn_p=*/true);
++	    }
+ 	  if (_cpp_valid_ucn (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ 			      state, &s, NULL, NULL))
+ 	    return true;
+@@ -1460,6 +1830,7 @@ lex_identifier (cpp_reader *pfile, const
+   const uchar *cur;
+   unsigned int len;
+   unsigned int hash = HT_HASHSTEP (0, *base);
++  const bool warn_bidi_p = pfile->warn_bidi_p ();
+ 
+   cur = pfile->buffer->cur;
+   if (! starts_ucn)
+@@ -1483,6 +1854,8 @@ lex_identifier (cpp_reader *pfile, const
+ 	    pfile->buffer->cur++;
+ 	  }
+       } while (forms_identifier_p (pfile, false, nst));
++      if (warn_bidi_p)
++	maybe_warn_bidi_on_close (pfile, pfile->buffer->cur);
+       result = _cpp_interpret_identifier (pfile, base,
+ 					  pfile->buffer->cur - base);
+       *spelling = cpp_lookup (pfile, base, pfile->buffer->cur - base);
+@@ -1719,6 +2092,7 @@ static void
+ lex_raw_string (cpp_reader *pfile, cpp_token *token, const uchar *base)
+ {
+   const uchar *pos = base;
++  const bool warn_bidi_p = pfile->warn_bidi_p ();
+ 
+   /* 'tis a pity this information isn't passed down from the lexer's
+      initial categorization of the token.  */
+@@ -1955,8 +2329,15 @@ lex_raw_string (cpp_reader *pfile, cpp_t
+ 	  pos = base = pfile->buffer->cur;
+ 	  note = &pfile->buffer->notes[pfile->buffer->cur_note];
+ 	}
++      else if (__builtin_expect ((unsigned char) c == bidi::utf8_start, 0)
++	       && warn_bidi_p)
++	maybe_warn_bidi_on_char (pfile, pos - 1, get_bidi_utf8 (pos - 1),
++				 /*ucn_p=*/false);
+     }
+ 
++  if (warn_bidi_p)
++    maybe_warn_bidi_on_close (pfile, pos);
++
+   if (CPP_OPTION (pfile, user_literals))
+     {
+       /* If a string format macro, say from inttypes.h, is placed touching
+@@ -2051,15 +2432,27 @@ lex_string (cpp_reader *pfile, cpp_token
+   else
+     terminator = '>', type = CPP_HEADER_NAME;
+ 
++  const bool warn_bidi_p = pfile->warn_bidi_p ();
+   for (;;)
+     {
+       cppchar_t c = *cur++;
+ 
+       /* In #include-style directives, terminators are not escapable.  */
+       if (c == '\\' && !pfile->state.angled_headers && *cur != '\n')
+-	cur++;
++	{
++	  if ((cur[0] == 'u' || cur[0] == 'U') && warn_bidi_p)
++	    {
++	      bidi::kind kind = get_bidi_ucn (cur + 1, cur[0] == 'U');
++	      maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/true);
++	    }
++	  cur++;
++	}
+       else if (c == terminator)
+-	break;
++	{
++	  if (warn_bidi_p)
++	    maybe_warn_bidi_on_close (pfile, cur - 1);
++	  break;
++	}
+       else if (c == '\n')
+ 	{
+ 	  cur--;
+@@ -2076,6 +2469,11 @@ lex_string (cpp_reader *pfile, cpp_token
+ 	}
+       else if (c == '\0')
+ 	saw_NUL = true;
++      else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
++	{
++	  bidi::kind kind = get_bidi_utf8 (cur - 1);
++	  maybe_warn_bidi_on_char (pfile, cur - 1, kind, /*ucn_p=*/false);
++	}
+     }
+ 
+   if (saw_NUL && !pfile->state.skipping)
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch b/poky/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
new file mode 100644
index 0000000000..d87be19866
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
@@ -0,0 +1,103 @@
+From 30461cf8dba3d3adb15a125e4da48800eb2b9b8f Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 18 Jun 2021 17:18:37 +0100
+Subject: [PATCH] arm: fix vlldm erratum for Armv8.1-m [PR102035]
+
+For Armv8.1-m we generate code that emits VLLDM directly and do not
+rely on support code in the library, so emit the mitigation directly
+as well, when required.  In this case, we can use the compiler options
+to determine when to apply the fix and when it is safe to omit it.
+
+gcc:
+	PR target/102035
+	* config/arm/arm.md (attribute arch): Add fix_vlldm.
+	(arch_enabled): Use it.
+	* config/arm/vfp.md (lazy_store_multiple_insn): Add alternative to
+	use when erratum mitigation is needed.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/config/arm/arm.md | 11 +++++++++--
+ gcc/config/arm/vfp.md | 10 +++++++---
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff -upr a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md
+--- a/gcc/config/arm/arm.md	2020-07-22 23:35:17.344384552 -0700
++++ b/gcc/config/arm/arm.md	2021-11-11 20:33:58.431543947 -0800
+@@ -132,9 +132,12 @@
+ ; TARGET_32BIT, "t1" or "t2" to specify a specific Thumb mode.  "v6"
+ ; for ARM or Thumb-2 with arm_arch6, and nov6 for ARM without
+ ; arm_arch6.  "v6t2" for Thumb-2 with arm_arch6 and "v8mb" for ARMv8-M
+-; Baseline.  This attribute is used to compute attribute "enabled",
++; Baseline.  "fix_vlldm" is for fixing the v8-m/v8.1-m VLLDM erratum.
++; This attribute is used to compute attribute "enabled",
+ ; use type "any" to enable an alternative in all cases.
+-(define_attr "arch" "any,a,t,32,t1,t2,v6,nov6,v6t2,v8mb,iwmmxt,iwmmxt2,armv6_or_vfpv3,neon,mve"
++(define_attr "arch" "any, a, t, 32, t1, t2, v6,nov6, v6t2, \
++		     v8mb, fix_vlldm, iwmmxt, iwmmxt2, armv6_or_vfpv3, \
++		     neon, mve"
+   (const_string "any"))
+ 
+ (define_attr "arch_enabled" "no,yes"
+@@ -177,6 +180,10 @@
+ 	      (match_test "TARGET_THUMB1 && arm_arch8"))
+ 	 (const_string "yes")
+ 
++	 (and (eq_attr "arch" "fix_vlldm")
++	      (match_test "fix_vlldm"))
++	 (const_string "yes")
++
+ 	 (and (eq_attr "arch" "iwmmxt2")
+ 	      (match_test "TARGET_REALLY_IWMMXT2"))
+ 	 (const_string "yes")
+diff -upr a/gcc/config/arm/vfp.md b/gcc/config/arm/vfp.md
+--- a/gcc/config/arm/vfp.md	2020-07-22 23:35:17.356384684 -0700
++++ b/gcc/config/arm/vfp.md	2021-11-11 20:33:58.431543947 -0800
+@@ -1703,12 +1703,15 @@
+    (set_attr "type" "mov_reg")]
+ )
+ 
++;; Both this and the next instruction are treated by GCC in the same
++;; way as a blockage pattern.  That's perhaps stronger than it needs
++;; to be, but we do not want accesses to the VFP register bank to be
++;; moved across either instruction.
++
+ (define_insn "lazy_store_multiple_insn"
+-  [(set (match_operand:SI 0 "s_register_operand" "+&rk")
+-	(post_dec:SI (match_dup 0)))
+-   (unspec_volatile [(const_int 0)
+-		     (mem:SI (post_dec:SI (match_dup 0)))]
+-		    VUNSPEC_VLSTM)]
++  [(unspec_volatile
++    [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk"))]
++    VUNSPEC_VLSTM)]
+   "use_cmse && reload_completed"
+   "vlstm%?\\t%0"
+   [(set_attr "predicable" "yes")
+@@ -1716,14 +1719,16 @@
+ )
+ 
+ (define_insn "lazy_load_multiple_insn"
+-  [(set (match_operand:SI 0 "s_register_operand" "+&rk")
+-	(post_inc:SI (match_dup 0)))
+-   (unspec_volatile:SI [(const_int 0)
+-			(mem:SI (match_dup 0))]
+-		       VUNSPEC_VLLDM)]
++  [(unspec_volatile
++    [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk,rk"))]
++    VUNSPEC_VLLDM)]
+   "use_cmse && reload_completed"
+-  "vlldm%?\\t%0"
+-  [(set_attr "predicable" "yes")
++  "@
++   vscclrm\\t{vpr}\;vlldm\\t%0
++   vlldm\\t%0"
++  [(set_attr "arch" "fix_vlldm,*")
++   (set_attr "predicable" "no")
++   (set_attr "length" "8,4")
+    (set_attr "type" "load_4")]
+ )
+ 
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch b/poky/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch
new file mode 100644
index 0000000000..2995a6fc61
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch
@@ -0,0 +1,142 @@
+From 1a7f2c0774129750fdf73e9f1b78f0ce983c9ab3 Mon Sep 17 00:00:00 2001
+From: David Malcolm <dmalcolm@redhat.com>
+Date: Tue, 2 Nov 2021 09:54:32 -0400
+Subject: [PATCH] libcpp: escape non-ASCII source bytes in -Wbidi-chars=
+ [PR103026]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This flags rich_locations associated with -Wbidi-chars= so that
+non-ASCII bytes will be escaped when printing the source lines
+(using the diagnostics support I added in
+r12-4825-gbd5e882cf6e0def3dd1bc106075d59a303fe0d1e).
+
+In particular, this ensures that the printed source lines will
+be pure ASCII, and thus the visual ordering of the characters
+will be the same as the logical ordering.
+
+Before:
+
+  Wbidi-chars-1.c: In function âmainâ:
+  Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+      6 |     /*â® } â¦if (isAdmin)â© â¦ begin admins only */
+        |                                           ^
+  Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+      9 |     /* end admins only â® { â¦*/
+        |                            ^
+
+  Wbidi-chars-11.c:6:15: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+      6 | int LRE_âª_PDF_\u202c;
+        |               ^
+  Wbidi-chars-11.c:8:19: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+      8 | int LRE_\u202a_PDF_â¬_;
+        |                   ^
+  Wbidi-chars-11.c:10:28: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+     10 | const char *s1 = "LRE_âª_PDF_\u202c";
+        |                            ^
+  Wbidi-chars-11.c:12:33: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+     12 | const char *s2 = "LRE_\u202a_PDF_â¬";
+        |                                 ^
+
+After:
+
+  Wbidi-chars-1.c: In function âmainâ:
+  Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+      6 |     /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+        |                                                                           ^
+  Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+      9 |     /* end admins only <U+202E> { <U+2066>*/
+        |                                            ^
+
+  Wbidi-chars-11.c:6:15: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+      6 | int LRE_<U+202A>_PDF_\u202c;
+        |                       ^
+  Wbidi-chars-11.c:8:19: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+      8 | int LRE_\u202a_PDF_<U+202C>_;
+        |                   ^
+  Wbidi-chars-11.c:10:28: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+     10 | const char *s1 = "LRE_<U+202A>_PDF_\u202c";
+        |                                    ^
+  Wbidi-chars-11.c:12:33: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+     12 | const char *s2 = "LRE_\u202a_PDF_<U+202C>";
+        |                                 ^
+
+libcpp/ChangeLog:
+	PR preprocessor/103026
+	* lex.c (maybe_warn_bidi_on_close): Use a rich_location
+	and call set_escape_on_output (true) on it.
+	(maybe_warn_bidi_on_char): Likewise.
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a7f2c0774129750fdf73e9f1b78f0ce983c9ab3]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libcpp/lex.c | 29 +++++++++++++++++------------
+ 1 file changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index 8188e33b07d..2421d6c0f40 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -1427,9 +1427,11 @@ maybe_warn_bidi_on_close (cpp_reader *pfile, const uchar *p)
+       const location_t loc
+ 	= linemap_position_for_column (pfile->line_table,
+ 				       CPP_BUF_COLUMN (pfile->buffer, p));
+-      cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+-			     "unpaired UTF-8 bidirectional control character "
+-			     "detected");
++      rich_location rich_loc (pfile->line_table, loc);
++      rich_loc.set_escape_on_output (true);
++      cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++		      "unpaired UTF-8 bidirectional control character "
++		      "detected");
+     }
+   /* We're done with this context.  */
+   bidi::on_close ();
+@@ -1454,6 +1456,9 @@ maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
+       const location_t loc
+ 	= linemap_position_for_column (pfile->line_table,
+ 				       CPP_BUF_COLUMN (pfile->buffer, p));
++      rich_location rich_loc (pfile->line_table, loc);
++      rich_loc.set_escape_on_output (true);
++
+       /* It seems excessive to warn about a PDI/PDF that is closing
+ 	 an opened context because we've already warned about the
+ 	 opening character.  Except warn when we have a UCN x UTF-8
+@@ -1462,20 +1467,20 @@ maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
+ 	{
+ 	  if (warn_bidi == bidirectional_unpaired
+ 	      && bidi::current_ctx_ucn_p () != ucn_p)
+-	    cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+-				   "UTF-8 vs UCN mismatch when closing "
+-				   "a context by \"%s\"", bidi::to_str (kind));
++	    cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++			    "UTF-8 vs UCN mismatch when closing "
++			    "a context by \"%s\"", bidi::to_str (kind));
+ 	}
+       else if (warn_bidi == bidirectional_any)
+ 	{
+ 	  if (kind == bidi::kind::PDF || kind == bidi::kind::PDI)
+-	    cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+-				   "\"%s\" is closing an unopened context",
+-				   bidi::to_str (kind));
++	    cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++			    "\"%s\" is closing an unopened context",
++			    bidi::to_str (kind));
+ 	  else
+-	    cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+-				   "found problematic Unicode character \"%s\"",
+-				   bidi::to_str (kind));
++	    cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++			    "found problematic Unicode character \"%s\"",
++			    bidi::to_str (kind));
+ 	}
+     }
+   /* We're done with this context.  */
+-- 
+2.27.0
+
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch b/poky/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
new file mode 100644
index 0000000000..12dfe682fa
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
@@ -0,0 +1,304 @@
+From 809330ab8450261e05919b472783bf15e4b000f7 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Tue, 6 Jul 2021 15:10:18 +0100
+Subject: [PATCH] arm: Add tests for VLLDM mitigation [PR102035]
+
+New tests for the erratum mitigation.
+
+gcc/testsuite:
+	PR target/102035
+	* gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c: New test.
+	* gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c: Likewise.
+	* gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c: Likewise.
+	* gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c: Likewise.
+	* gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c: Likewise.
+	* gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c: Likewise.
+	* gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c: Likewise.
+	* gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c: Likewise.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ .../arm/cmse/mainline/8_1m/soft/cmse-13a.c    | 31 +++++++++++++++++++
+ .../arm/cmse/mainline/8_1m/soft/cmse-7a.c     | 28 +++++++++++++++++
+ .../arm/cmse/mainline/8_1m/soft/cmse-8a.c     | 30 ++++++++++++++++++
+ .../cmse/mainline/8_1m/softfp-sp/cmse-7a.c    | 27 ++++++++++++++++
+ .../cmse/mainline/8_1m/softfp-sp/cmse-8a.c    | 29 +++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-13a.c  | 30 ++++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-7a.c   | 27 ++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-8a.c   | 29 +++++++++++++++++
+ 8 files changed, 231 insertions(+)
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c
+
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,31 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-13.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,28 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,30 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,30 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-13.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,27 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,29 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,27 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c	1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c	2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,29 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" }  */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call.  */
++/* Shift on the same register as blxns.  */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice.  */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++   register is missing.  */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns.  */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around.  */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call.  */
++/* { dg-final { scan-assembler "blxns" } } */
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch b/poky/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch
new file mode 100644
index 0000000000..4999c71b64
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch
@@ -0,0 +1,573 @@
+From bef32d4a28595e933f24fef378cf052a30b674a7 Mon Sep 17 00:00:00 2001
+From: David Malcolm <dmalcolm@redhat.com>
+Date: Tue, 2 Nov 2021 15:45:22 -0400
+Subject: [PATCH] libcpp: capture and underline ranges in -Wbidi-chars=
+ [PR103026]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This patch converts the bidi::vec to use a struct so that we can
+capture location_t values for the bidirectional control characters.
+
+Before:
+
+  Wbidi-chars-1.c: In function âmainâ:
+  Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+      6 |     /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+        |                                                                           ^
+  Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+      9 |     /* end admins only <U+202E> { <U+2066>*/
+        |                                            ^
+
+After:
+
+  Wbidi-chars-1.c: In function âmainâ:
+  Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control characters detected [-Wbidi-chars=]
+      6 |     /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+        |       ~~~~~~~~                                ~~~~~~~~                    ^
+        |       |                                       |                           |
+        |       |                                       |                           end of bidirectional context
+        |       U+202E (RIGHT-TO-LEFT OVERRIDE)         U+2066 (LEFT-TO-RIGHT ISOLATE)
+  Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control characters detected [-Wbidi-chars=]
+      9 |     /* end admins only <U+202E> { <U+2066>*/
+        |                        ~~~~~~~~   ~~~~~~~~ ^
+        |                        |          |        |
+        |                        |          |        end of bidirectional context
+        |                        |          U+2066 (LEFT-TO-RIGHT ISOLATE)
+        |                        U+202E (RIGHT-TO-LEFT OVERRIDE)
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+gcc/testsuite/ChangeLog:
+	PR preprocessor/103026
+	* c-c++-common/Wbidi-chars-ranges.c: New test.
+
+libcpp/ChangeLog:
+	PR preprocessor/103026
+	* lex.c (struct bidi::context): New.
+	(bidi::vec): Convert to a vec of context rather than unsigned
+	char.
+	(bidi::ctx_at): Rename to...
+	(bidi::pop_kind_at): ...this and reimplement for above change.
+	(bidi::current_ctx): Update for change to vec.
+	(bidi::current_ctx_ucn_p): Likewise.
+	(bidi::current_ctx_loc): New.
+	(bidi::on_char): Update for usage of context struct.  Add "loc"
+	param and pass it when pushing contexts.
+	(get_location_for_byte_range_in_cur_line): New.
+	(get_bidi_utf8): Rename to...
+	(get_bidi_utf8_1): ...this, reintroducing...
+	(get_bidi_utf8): ...as a wrapper, setting *OUT when the result is
+	not NONE.
+	(get_bidi_ucn): Rename to...
+	(get_bidi_ucn_1): ...this, reintroducing...
+	(get_bidi_ucn): ...as a wrapper, setting *OUT when the result is
+	not NONE.
+	(class unpaired_bidi_rich_location): New.
+	(maybe_warn_bidi_on_close): Use unpaired_bidi_rich_location when
+	reporting on unpaired bidi chars.  Split into singular vs plural
+	spellings.
+	(maybe_warn_bidi_on_char): Pass in a location_t rather than a
+	const uchar * and use it when emitting warnings, and when calling
+	bidi::on_char.
+	(_cpp_skip_block_comment): Capture location when kind is not NONE
+	and pass it to maybe_warn_bidi_on_char.
+	(skip_line_comment): Likewise.
+	(forms_identifier_p): Likewise.
+	(lex_raw_string): Likewise.
+	(lex_string): Likewise.
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=bef32d4a28595e933f24fef378cf052a30b674a7]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ .../c-c++-common/Wbidi-chars-ranges.c         |  54 ++++
+ libcpp/lex.c                                  | 251 ++++++++++++++----
+ 2 files changed, 257 insertions(+), 48 deletions(-)
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c
+
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c b/gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c
+new file mode 100644
+index 00000000000..298750a2a64
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c
+@@ -0,0 +1,54 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired -fdiagnostics-show-caret" } */
++/* Verify that we escape and underline pertinent bidirectional
++   control characters when quoting the source.  */
++
++int test_unpaired_bidi () {
++    int isAdmin = 0;
++    /*â® } â¦if (isAdmin)â© â¦ begin admins only */
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++#if 0
++   { dg-begin-multiline-output "" }
++     /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
++       ~~~~~~~~                                ~~~~~~~~                    ^
++       |                                       |                           |
++       |                                       |                           end of bidirectional context
++       U+202E (RIGHT-TO-LEFT OVERRIDE)         U+2066 (LEFT-TO-RIGHT ISOLATE)
++   { dg-end-multiline-output "" }
++#endif
++
++        __builtin_printf("You are an admin.\n");
++    /* end admins only â® { â¦*/
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++#if 0
++   { dg-begin-multiline-output "" }
++     /* end admins only <U+202E> { <U+2066>*/
++                        ~~~~~~~~   ~~~~~~~~ ^
++                        |          |        |
++                        |          |        end of bidirectional context
++                        |          U+2066 (LEFT-TO-RIGHT ISOLATE)
++                        U+202E (RIGHT-TO-LEFT OVERRIDE)
++   { dg-end-multiline-output "" }
++#endif
++
++    return 0;
++}
++
++int LRE_âª_PDF_\u202c;
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++#if 0
++   { dg-begin-multiline-output "" }
++ int LRE_<U+202A>_PDF_\u202c;
++         ~~~~~~~~     ^~~~~~
++   { dg-end-multiline-output "" }
++#endif
++
++const char *s1 = "LRE_âª_PDF_\u202c";
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++#if 0
++   { dg-begin-multiline-output "" }
++ const char *s1 = "LRE_<U+202A>_PDF_\u202c";
++                       ~~~~~~~~     ^~~~~~
++   { dg-end-multiline-output "" }
++#endif
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index 2421d6c0f40..94c36f0d014 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -1172,11 +1172,34 @@ namespace bidi {
+   /* All the UTF-8 encodings of bidi characters start with E2.  */
+   constexpr uchar utf8_start = 0xe2;
+ 
++  struct context
++  {
++    context () {}
++    context (location_t loc, kind k, bool pdf, bool ucn)
++    : m_loc (loc), m_kind (k), m_pdf (pdf), m_ucn (ucn)
++    {
++    }
++
++    kind get_pop_kind () const
++    {
++      return m_pdf ? kind::PDF : kind::PDI;
++    }
++    bool ucn_p () const
++    {
++      return m_ucn;
++    }
++
++    location_t m_loc;
++    kind m_kind;
++    unsigned m_pdf : 1;
++    unsigned m_ucn : 1;
++  };
++
+   /* A vector holding currently open bidi contexts.  We use a char for
+      each context, its LSB is 1 if it represents a PDF context, 0 if it
+      represents a PDI context.  The next bit is 1 if this context was open
+      by a bidi character written as a UCN, and 0 when it was UTF-8.  */
+-  semi_embedded_vec <unsigned char, 16> vec;
++  semi_embedded_vec <context, 16> vec;
+ 
+   /* Close the whole comment/identifier/string literal/character constant
+      context.  */
+@@ -1193,19 +1216,19 @@ namespace bidi {
+     vec.truncate (len - 1);
+   }
+ 
+-  /* Return the context of the Ith element.  */
+-  kind ctx_at (unsigned int i)
++  /* Return the pop kind of the context of the Ith element.  */
++  kind pop_kind_at (unsigned int i)
+   {
+-    return (vec[i] & 1) ? kind::PDF : kind::PDI;
++    return vec[i].get_pop_kind ();
+   }
+ 
+-  /* Return which context is currently opened.  */
++  /* Return the pop kind of the context that is currently opened.  */
+   kind current_ctx ()
+   {
+     unsigned int len = vec.count ();
+     if (len == 0)
+       return kind::NONE;
+-    return ctx_at (len - 1);
++    return vec[len - 1].get_pop_kind ();
+   }
+ 
+   /* Return true if the current context comes from a UCN origin, that is,
+@@ -1214,11 +1237,19 @@ namespace bidi {
+   {
+     unsigned int len = vec.count ();
+     gcc_checking_assert (len > 0);
+-    return (vec[len - 1] >> 1) & 1;
++    return vec[len - 1].m_ucn;
+   }
+ 
+-  /* We've read a bidi char, update the current vector as necessary.  */
+-  void on_char (kind k, bool ucn_p)
++  location_t current_ctx_loc ()
++  {
++    unsigned int len = vec.count ();
++    gcc_checking_assert (len > 0);
++    return vec[len - 1].m_loc;
++  }
++
++  /* We've read a bidi char, update the current vector as necessary.
++     LOC is only valid when K is not kind::NONE.  */
++  void on_char (kind k, bool ucn_p, location_t loc)
+   {
+     switch (k)
+       {
+@@ -1226,12 +1257,12 @@ namespace bidi {
+       case kind::RLE:
+       case kind::LRO:
+       case kind::RLO:
+-	vec.push (ucn_p ? 3u : 1u);
++	vec.push (context (loc, k, true, ucn_p));
+ 	break;
+       case kind::LRI:
+       case kind::RLI:
+       case kind::FSI:
+-	vec.push (ucn_p ? 2u : 0u);
++	vec.push (context (loc, k, false, ucn_p));
+ 	break;
+       /* PDF terminates the scope of the last LRE, RLE, LRO, or RLO
+ 	 whose scope has not yet been terminated.  */
+@@ -1245,7 +1276,7 @@ namespace bidi {
+ 	 yet been terminated.  */
+       case kind::PDI:
+ 	for (int i = vec.count () - 1; i >= 0; --i)
+-	  if (ctx_at (i) == kind::PDI)
++	  if (pop_kind_at (i) == kind::PDI)
+ 	    {
+ 	      vec.truncate (i);
+ 	      break;
+@@ -1295,10 +1326,47 @@ namespace bidi {
+   }
+ }
+ 
++/* Get location_t for the range of bytes [START, START + NUM_BYTES)
++   within the current line in FILE, with the caret at START.  */
++
++static location_t
++get_location_for_byte_range_in_cur_line (cpp_reader *pfile,
++					 const unsigned char *const start,
++					 size_t num_bytes)
++{
++  gcc_checking_assert (num_bytes > 0);
++
++  /* CPP_BUF_COLUMN and linemap_position_for_column both refer
++     to offsets in bytes, but CPP_BUF_COLUMN is 0-based,
++     whereas linemap_position_for_column is 1-based.  */
++
++  /* Get 0-based offsets within the line.  */
++  size_t start_offset = CPP_BUF_COLUMN (pfile->buffer, start);
++  size_t end_offset = start_offset + num_bytes - 1;
++
++  /* Now convert to location_t, where "columns" are 1-based byte offsets.  */
++  location_t start_loc = linemap_position_for_column (pfile->line_table,
++						      start_offset + 1);
++  location_t end_loc = linemap_position_for_column (pfile->line_table,
++						     end_offset + 1);
++
++  if (start_loc == end_loc)
++    return start_loc;
++
++  source_range src_range;
++  src_range.m_start = start_loc;
++  src_range.m_finish = end_loc;
++  location_t combined_loc = COMBINE_LOCATION_DATA (pfile->line_table,
++						   start_loc,
++						   src_range,
++						   NULL);
++  return combined_loc;
++}
++
+ /* Parse a sequence of 3 bytes starting with P and return its bidi code.  */
+ 
+ static bidi::kind
+-get_bidi_utf8 (const unsigned char *const p)
++get_bidi_utf8_1 (const unsigned char *const p)
+ {
+   gcc_checking_assert (p[0] == bidi::utf8_start);
+ 
+@@ -1340,10 +1408,25 @@ get_bidi_utf8 (const unsigned char *cons
+   return bidi::kind::NONE;
+ }
+ 
++/* Parse a sequence of 3 bytes starting with P and return its bidi code.
++   If the kind is not NONE, write the location to *OUT.*/
++
++static bidi::kind
++get_bidi_utf8 (cpp_reader *pfile, const unsigned char *const p, location_t *out)
++{
++  bidi::kind result = get_bidi_utf8_1 (p);
++  if (result != bidi::kind::NONE)
++    {
++      /* We have a sequence of 3 bytes starting at P.  */
++      *out = get_location_for_byte_range_in_cur_line (pfile, p, 3);
++    }
++  return result;
++}
++
+ /* Parse a UCN where P points just past \u or \U and return its bidi code.  */
+ 
+ static bidi::kind
+-get_bidi_ucn (const unsigned char *p, bool is_U)
++get_bidi_ucn_1 (const unsigned char *p, bool is_U)
+ {
+   /* 6.4.3 Universal Character Names
+       \u hex-quad
+@@ -1412,6 +1495,62 @@ get_bidi_ucn (const unsigned char *p, bo
+   return bidi::kind::NONE;
+ }
+ 
++/* Parse a UCN where P points just past \u or \U and return its bidi code.
++   If the kind is not NONE, write the location to *OUT.*/
++
++static bidi::kind
++get_bidi_ucn (cpp_reader *pfile,  const unsigned char *p, bool is_U,
++	      location_t *out)
++{
++  bidi::kind result = get_bidi_ucn_1 (p, is_U);
++  if (result != bidi::kind::NONE)
++    {
++      const unsigned char *start = p - 2;
++      size_t num_bytes = 2 + (is_U ? 8 : 4);
++      *out = get_location_for_byte_range_in_cur_line (pfile, start, num_bytes);
++    }
++  return result;
++}
++
++/* Subclass of rich_location for reporting on unpaired UTF-8
++   bidirectional control character(s).
++   Escape the source lines on output, and show all unclosed
++   bidi context, labelling everything.  */
++
++class unpaired_bidi_rich_location : public rich_location
++{
++ public:
++  class custom_range_label : public range_label
++  {
++   public:
++     label_text get_text (unsigned range_idx) const FINAL OVERRIDE
++     {
++       /* range 0 is the primary location; each subsequent range i + 1
++	  is for bidi::vec[i].  */
++       if (range_idx > 0)
++	 {
++	   const bidi::context &ctxt (bidi::vec[range_idx - 1]);
++	   return label_text::borrow (bidi::to_str (ctxt.m_kind));
++	 }
++       else
++	 return label_text::borrow (_("end of bidirectional context"));
++     }
++  };
++
++  unpaired_bidi_rich_location (cpp_reader *pfile, location_t loc)
++  : rich_location (pfile->line_table, loc, &m_custom_label)
++  {
++    set_escape_on_output (true);
++    for (unsigned i = 0; i < bidi::vec.count (); i++)
++      add_range (bidi::vec[i].m_loc,
++		 SHOW_RANGE_WITHOUT_CARET,
++		 &m_custom_label);
++  }
++
++ private:
++   custom_range_label m_custom_label;
++};
++
+ /* We're closing a bidi context, that is, we've encountered a newline,
+    are closing a C-style comment, or are at the end of a string literal,
+    character constant, or identifier.  Warn if this context was not
+@@ -1427,11 +1566,17 @@ maybe_warn_bidi_on_close (cpp_reader *pf
+       const location_t loc
+ 	= linemap_position_for_column (pfile->line_table,
+ 				       CPP_BUF_COLUMN (pfile->buffer, p));
+-      rich_location rich_loc (pfile->line_table, loc);
+-      rich_loc.set_escape_on_output (true);
+-      cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
+-		      "unpaired UTF-8 bidirectional control character "
+-		      "detected");
++      unpaired_bidi_rich_location rich_loc (pfile, loc);
++      /* cpp_callbacks doesn't yet have a way to handle singular vs plural
++	 forms of a diagnostic, so fake it for now.  */
++      if (bidi::vec.count () > 1)
++	cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++			"unpaired UTF-8 bidirectional control characters "
++			"detected");
++      else
++	cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++			"unpaired UTF-8 bidirectional control character "
++			"detected");
+     }
+   /* We're done with this context.  */
+   bidi::on_close ();
+@@ -1439,12 +1584,13 @@ maybe_warn_bidi_on_close (cpp_reader *pf
+ 
+ /* We're at the beginning or in the middle of an identifier/comment/string
+    literal/character constant.  Warn if we've encountered a bidi character.
+-   KIND says which bidi character it was; P points to it in the character
+-   stream.  UCN_P is true iff this bidi character was written as a UCN.  */
++   KIND says which bidi control character it was; UCN_P is true iff this bidi
++   control character was written as a UCN.  LOC is the location of the
++   character, but is only valid if KIND != bidi::kind::NONE.  */
+ 
+ static void
+-maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
+-			 bool ucn_p)
++maybe_warn_bidi_on_char (cpp_reader *pfile, bidi::kind kind,
++			 bool ucn_p, location_t loc)
+ {
+   if (__builtin_expect (kind == bidi::kind::NONE, 1))
+     return;
+@@ -1453,9 +1599,6 @@ maybe_warn_bidi_on_char (cpp_reader *pfi
+ 
+   if (warn_bidi != bidirectional_none)
+     {
+-      const location_t loc
+-	= linemap_position_for_column (pfile->line_table,
+-				       CPP_BUF_COLUMN (pfile->buffer, p));
+       rich_location rich_loc (pfile->line_table, loc);
+       rich_loc.set_escape_on_output (true);
+ 
+@@ -1467,9 +1610,12 @@ maybe_warn_bidi_on_char (cpp_reader *pfi
+ 	{
+ 	  if (warn_bidi == bidirectional_unpaired
+ 	      && bidi::current_ctx_ucn_p () != ucn_p)
+-	    cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
+-			    "UTF-8 vs UCN mismatch when closing "
+-			    "a context by \"%s\"", bidi::to_str (kind));
++	    {
++	      rich_loc.add_range (bidi::current_ctx_loc ());
++	      cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++			      "UTF-8 vs UCN mismatch when closing "
++			      "a context by \"%s\"", bidi::to_str (kind));
++	    }
+ 	}
+       else if (warn_bidi == bidirectional_any)
+ 	{
+@@ -1484,7 +1630,7 @@ maybe_warn_bidi_on_char (cpp_reader *pfi
+ 	}
+     }
+   /* We're done with this context.  */
+-  bidi::on_char (kind, ucn_p);
++  bidi::on_char (kind, ucn_p, loc);
+ }
+ 
+ /* Skip a C-style block comment.  We find the end of the comment by
+@@ -1552,8 +1698,9 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ 	 a bidirectional control character.  */
+       else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
+ 	{
+-	  bidi::kind kind = get_bidi_utf8 (cur - 1);
+-	  maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/false);
++	  location_t loc;
++	  bidi::kind kind = get_bidi_utf8 (pfile, cur - 1, &loc);
++	  maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ 	}
+     }
+ 
+@@ -1586,9 +1733,9 @@ skip_line_comment (cpp_reader *pfile)
+ 	    {
+ 	      if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0))
+ 		{
+-		  bidi::kind kind = get_bidi_utf8 (buffer->cur);
+-		  maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
+-					   /*ucn_p=*/false);
++		  location_t loc;
++		  bidi::kind kind = get_bidi_utf8 (pfile, buffer->cur, &loc);
++		  maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ 		}
+ 	      buffer->cur++;
+ 	    }
+@@ -1708,9 +1855,9 @@ forms_identifier_p (cpp_reader *pfile, i
+ 	  if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0)
+ 	      && warn_bidi_p)
+ 	    {
+-	      bidi::kind kind = get_bidi_utf8 (buffer->cur);
+-	      maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
+-				       /*ucn_p=*/false);
++	      location_t loc;
++	      bidi::kind kind = get_bidi_utf8 (pfile, buffer->cur, &loc);
++	      maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ 	    }
+ 	  if (_cpp_valid_utf8 (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ 			       state, &s))
+@@ -1722,10 +1869,12 @@ forms_identifier_p (cpp_reader *pfile, i
+ 	  buffer->cur += 2;
+ 	  if (warn_bidi_p)
+ 	    {
+-	      bidi::kind kind = get_bidi_ucn (buffer->cur,
+-					      buffer->cur[-1] == 'U');
+-	      maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
+-				       /*ucn_p=*/true);
++	      location_t loc;
++	      bidi::kind kind = get_bidi_ucn (pfile,
++					      buffer->cur,
++					      buffer->cur[-1] == 'U',
++					      &loc);
++	      maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/true, loc);
+ 	    }
+ 	  if (_cpp_valid_ucn (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ 			      state, &s, NULL, NULL))
+@@ -2336,8 +2485,11 @@ lex_raw_string (cpp_reader *pfile, cpp_t
+ 	}
+       else if (__builtin_expect ((unsigned char) c == bidi::utf8_start, 0)
+ 	       && warn_bidi_p)
+-	maybe_warn_bidi_on_char (pfile, pos - 1, get_bidi_utf8 (pos - 1),
+-				 /*ucn_p=*/false);
++	{
++	  location_t loc;
++	  bidi::kind kind = get_bidi_utf8 (pfile, pos - 1, &loc);
++	  maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
++	}
+     }
+ 
+   if (warn_bidi_p)
+@@ -2447,8 +2599,10 @@ lex_string (cpp_reader *pfile, cpp_token
+ 	{
+ 	  if ((cur[0] == 'u' || cur[0] == 'U') && warn_bidi_p)
+ 	    {
+-	      bidi::kind kind = get_bidi_ucn (cur + 1, cur[0] == 'U');
+-	      maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/true);
++	      location_t loc;
++	      bidi::kind kind = get_bidi_ucn (pfile, cur + 1, cur[0] == 'U',
++					      &loc);
++	      maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/true, loc);
+ 	    }
+ 	  cur++;
+ 	}
+@@ -2476,8 +2630,9 @@ lex_string (cpp_reader *pfile, cpp_token
+ 	saw_NUL = true;
+       else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
+ 	{
+-	  bidi::kind kind = get_bidi_utf8 (cur - 1);
+-	  maybe_warn_bidi_on_char (pfile, cur - 1, kind, /*ucn_p=*/false);
++	  location_t loc;
++	  bidi::kind kind = get_bidi_utf8 (pfile, cur - 1, &loc);
++	  maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ 	}
+     }
+ 
diff --git a/poky/meta/recipes-devtools/go/go-1.16.8.inc b/poky/meta/recipes-devtools/go/go-1.16.13.inc
index 925bf46965..46c6528dc4 100644
--- a/poky/meta/recipes-devtools/go/go-1.16.8.inc
+++ b/poky/meta/recipes-devtools/go/go-1.16.13.inc
@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.16"
-PV = "1.16.8"
+PV = "1.16.13"
 FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -17,7 +17,7 @@ SRC_URI += "\
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
     file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
 "
-SRC_URI[main.sha256sum] = "8f2a8c24b793375b3243df82fdb0c8387486dcc8a892ca1c991aa99ace086b98"
+SRC_URI[main.sha256sum] = "b0926654eaeb01ef43816638f42d7b1681f2d3f41b9559f07735522b7afad41a"
 
 # Upstream don't believe it is a signifiant real world issue and will only
 # fix in 1.17 onwards where we can drop this.
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.16.8.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.16.13.bb
index 926222089d..6e498a17be 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.16.13.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
 PROVIDES = "go-native"
 
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "f32501aeb8b7b723bc7215f6c373abb6981bbc7e1c7b44e9f07317e1a300dce2"
-SRC_URI[go_linux_arm64.sha256sum] = "430dbe185417204f6788913197ab3b189b6deae9c9b524f262858e53dab239c2"
+SRC_URI[go_linux_amd64.sha256sum] = "275fc03c90c13b0bbff13125a43f1f7a9f9c00a0d5a9f2d5b16dbc2fa2c6e12a"
+SRC_URI[go_linux_arm64.sha256sum] = "3dd8e14837105cbfedf7124c7f8c524ce492748c370036c7316ef99e18d116d7"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb
index 7ac9449e47..7ac9449e47 100644
--- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb
diff --git a/poky/meta/recipes-devtools/go/go-cross_1.16.8.bb b/poky/meta/recipes-devtools/go/go-cross_1.16.13.bb
index 80b5a03f6c..80b5a03f6c 100644
--- a/poky/meta/recipes-devtools/go/go-cross_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go-cross_1.16.13.bb
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.13.bb
index 1857c8a577..1857c8a577 100644
--- a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.13.bb
diff --git a/poky/meta/recipes-devtools/go/go-native_1.16.8.bb b/poky/meta/recipes-devtools/go/go-native_1.16.13.bb
index ffe4ef3523..ffe4ef3523 100644
--- a/poky/meta/recipes-devtools/go/go-native_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go-native_1.16.13.bb
diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb b/poky/meta/recipes-devtools/go/go-runtime_1.16.13.bb
index 63464a1501..63464a1501 100644
--- a/poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go-runtime_1.16.13.bb
diff --git a/poky/meta/recipes-devtools/go/go_1.16.8.bb b/poky/meta/recipes-devtools/go/go_1.16.13.bb
index 34dc89bb0c..34dc89bb0c 100644
--- a/poky/meta/recipes-devtools/go/go_1.16.8.bb
+++ b/poky/meta/recipes-devtools/go/go_1.16.13.bb
diff --git a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc
index 7104c98c20..a636926ef9 100644
--- a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc
+++ b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc
@@ -9,22 +9,23 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
     file://libltdl/COPYING.LIB;md5=4fbd65380cdd255951079008b364516c "
 
 SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
-           file://trailingslash.patch \
-           file://rename-with-sysroot.patch \
-           file://use-sysroot-in-libpath.patch \
-           file://fix-final-rpath.patch \
-           file://fix-rpath.patch \
-           file://norm-rpath.patch \
+           file://0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch \
+           file://0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch \
+           file://0003-ltmain.in-Add-missing-sysroot-to-library-path.patch \
+           file://0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch \
+           file://0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch \
            file://dont-depend-on-help2man.patch \
-           file://fix-resolve-lt-sysroot.patch \
+           file://0006-libtool.m4-Handle-as-a-sysroot-correctly.patch \
            file://nohardcodepaths.patch \
            file://unwind-opt-parsing.patch \
-           file://0001-libtool-Fix-support-for-NIOS2-processor.patch \
-           file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \
-           file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
-           file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \
-           file://lto-prefix.patch \
-           file://debian-no_hostname.patch \
+           file://0007-libtool-Fix-support-for-NIOS2-processor.patch \
+           file://0008-libtool-Check-for-static-libs-for-internal-compiler-.patch \
+           file://0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
+           file://0010-Makefile.am-make-sure-autoheader-run-before-automake.patch \
+           file://0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch \
+           file://0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch \
+           file://libool.m4-add-ARFLAGS-variable.patch \
+           file://ARFLAGS-use-cr-instead-of-cru-by-default.patch \
           "
 
 SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e"
diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch b/poky/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch
new file mode 100644
index 0000000000..eeb5ebf416
--- /dev/null
+++ b/poky/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch
@@ -0,0 +1,35 @@
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 01/12] ltmain.in: Handle trailing slashes on install commands correctly
+
+A command like:
+
+libtool --mode=install /usr/bin/install -c gck-roots-store-standalone.la '/image/usr/lib/gnome-keyring/standalone/'
+
+where the path ends with a trailing slash currently fails. This occurs in
+software like gnome-keyring or pulseaudio and is because the comparision
+code doesn't see the paths as equal. Strip both paths to ensure this works
+reliably.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00010.html]
+
+diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
+--- a/build-aux/ltmain.in
++++ b/build-aux/ltmain.in
+@@ -2356,8 +2356,14 @@ func_mode_install ()
+ 	func_append dir "$objdir"
+ 
+ 	if test -n "$relink_command"; then
++	  # Strip any trailing slash from the destination.
++	  func_stripname '' '/' "$libdir"
++	  destlibdir=$func_stripname_result
++	  func_stripname '' '/' "$destdir"
++	  s_destdir=$func_stripname_result
++
+ 	  # Determine the prefix the user has applied to our future dir.
+-	  inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
++	  inst_prefix_dir=`$ECHO "X$s_destdir" | $Xsed -e "s%$destlibdir\$%%"`
+ 
+ 	  # Don't allow the user to place us outside of our expected
+ 	  # location b/c this prevents finding dependent libraries that
diff --git a/poky/meta/recipes-devtools/libtool/libtool/rename-with-sysroot.patch b/poky/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch
index ad2b110530..6da283959e 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/rename-with-sysroot.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch
@@ -1,16 +1,17 @@
-Upstream-Status: Pending
+From: Khem Raj <raj.khem@gmail.com>
+Subject: [PATCH 02/12] libtool.m4: Rename the --with-sysroot option to avoid conflict with gcc/binutils
 
 This patch renames the --with-sysroot option to --with-libtool-sysroot
 to avoid namespace conflict with binutils, gcc and other toolchain
-components.
+components since these componets also add that option to configure
+and this becomes confusing and conflicting otherwise.
 
-I also reported the problem to libtool here
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
+Upstream report:
 http://lists.gnu.org/archive/html/libtool/2010-10/msg00048.html
 
--Khem Raj <raj.khem@gmail.com>
-
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00014.html]
 
 diff --git a/m4/libtool.m4 b/m4/libtool.m4
 --- a/m4/libtool.m4
diff --git a/poky/meta/recipes-devtools/libtool/libtool/use-sysroot-in-libpath.patch b/poky/meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch
index 6af99f327c..0103a00451 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/use-sysroot-in-libpath.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch
@@ -1,12 +1,14 @@
-Upstream-Status: Pending
+From: Khem Raj <raj.khem@gmail.com>
+Subject: [PATCH 03/12] ltmain.in: Add missing sysroot to library path
 
-When using sysroot we should append it to libdir, which is helpful in
+When using a sysroot we should append it to libdir, which is helpful in
 cross builds as the system is staged in the sysroot. For normal builds,
 i.e. when lt_sysroot is not set, it will still behave the same and add
 -L/usr/lib to the relink command.
 
--Khem Raj <raj.khem@gmail.com>
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00017.html]
 
 diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
 --- a/build-aux/ltmain.in
diff --git a/poky/meta/recipes-devtools/libtool/libtool/fix-final-rpath.patch b/poky/meta/recipes-devtools/libtool/libtool/0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch
index 5c9f8cc9c0..21b3dfe306 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/fix-final-rpath.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch
@@ -1,13 +1,13 @@
-Upstream-Status: Inappropriate [embedded specific]
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 04/12] ltmain.sh: Fix sysroot paths being encoded into RPATHs
 
-Enalbing sysroot support exposed a bug where the final library
-had an RPATH encoded into it which still pointed to the sysroot.
-This works around the issue until it gets sorted out upstream.
+There is a bug where RPATHs could end up containing sysroot values when
+cross compiling which is obviously incorrect. Strip out sysroot components
+from libdir when building RPATH values to avoid this.
 
-Fix suggested by Richard Purdie <richard.purdie@intel.com>
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00009.html]
 
 diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
 --- a/build-aux/ltmain.in
diff --git a/poky/meta/recipes-devtools/libtool/libtool/fix-rpath.patch b/poky/meta/recipes-devtools/libtool/libtool/0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch
index a2ec9473e7..50d47d9f7a 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/fix-rpath.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch
@@ -1,18 +1,21 @@
-We don't want to add RPATHS which match default linker
-search paths, they're a waste of space. This patch
-filters libtools list and removes the ones we don't need.
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 05/12] ltmain.in: Don't encode RATHS which match default linker paths
 
-RP 23/9/2011
+We don't want to add RPATHS which match default linker search paths, they're
+a waste of space. This patch filters libtools list of paths to encoode and
+removes the ones we don't need.
 
-Upstream-Status: Pending
+Libtool may be passed link paths of the form "/usr/lib/../lib" so normalize
+the paths before comparision.
 
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
-Index: libtool-2.4.2/build-aux/ltmain.in
-===================================================================
---- libtool-2.4.2.orig/build-aux/ltmain.in
-+++ libtool-2.4.2/build-aux/ltmain.in
-@@ -7286,8 +7286,14 @@ EOF
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00013.html]
+
+diff -u b/build-aux/ltmain.in b/build-aux/ltmain.in
+--- b/build-aux/ltmain.in
++++ b/build-aux/ltmain.in	2012-08-22 11:01:34.191345989 -0700
+@@ -7286,8 +7286,16 @@
  		  esac
  		fi
  	      else
@@ -20,8 +23,10 @@ Index: libtool-2.4.2/build-aux/ltmain.in
 -		func_append dep_rpath " $flag"
 +                # We only want to hardcode in an rpath if it isn't in the
 +                # default dlsearch path.
++                func_normal_abspath "$libdir"
++                libdir_norm=$func_normal_abspath_result
 +	        case " $sys_lib_dlsearch_path " in
-+	        *" $libdir "*) ;;
++	        *" $libdir_norm "*) ;;
 +	        *) eval flag=\"$hardcode_libdir_flag_spec\"
 +                   func_append dep_rpath " $flag"
 +                   ;;
@@ -29,7 +34,7 @@ Index: libtool-2.4.2/build-aux/ltmain.in
  	      fi
  	    elif test -n "$runpath_var"; then
  	      case "$perm_rpath " in
-@@ -8019,8 +8025,14 @@ EOF
+@@ -8019,8 +8027,16 @@
  	      esac
  	    fi
  	  else
@@ -37,8 +42,10 @@ Index: libtool-2.4.2/build-aux/ltmain.in
 -	    func_append rpath " $flag"
 +            # We only want to hardcode in an rpath if it isn't in the
 +            # default dlsearch path.
++            func_normal_abspath "$libdir"
++            libdir_norm=$func_normal_abspath_result
 +	    case " $sys_lib_dlsearch_path " in
-+	    *" $libdir "*) ;;
++	    *" $libdir_norm "*) ;;
 +	    *) eval flag=\"$hardcode_libdir_flag_spec\"
 +               rpath+=" $flag"
 +               ;;
@@ -46,7 +53,7 @@ Index: libtool-2.4.2/build-aux/ltmain.in
  	  fi
  	elif test -n "$runpath_var"; then
  	  case "$perm_rpath " in
-@@ -8070,8 +8082,14 @@ EOF
+@@ -8070,8 +8086,14 @@
  	      esac
  	    fi
  	  else
diff --git a/poky/meta/recipes-devtools/libtool/libtool/fix-resolve-lt-sysroot.patch b/poky/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
index 1bd95980c0..999971241f 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/fix-resolve-lt-sysroot.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
@@ -1,16 +1,18 @@
-Upstream-Status: Pending
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 06/12] libtool.m4: Handle "/" as a sysroot correctly
 
-This patch updates libtool.m4 (and its output) to resolve a problem
-with variable 'lt_sysroot' not being properly updated if the option
-'--with[-libtool]-sysroot' is not provided when running the 'configure'
-script for a package.
+Update libtool.m4 to resolve a problem with lt_sysroot not being properly
+updated if the option '--with[-libtool]-sysroot' is not provided when
+running the 'configure' script for a package so that "/" as a sysroot
+is handled correctly by libtool.
 
-I have also reported the problem to libtool here
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
+Upstream Report:
 http://lists.gnu.org/archive/html/bug-libtool/2013-09/msg00005.html
 
-Signed-off-by: Hans Beckerus <hans.beckerus at gmail.com>
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00018.html]
+
 ---
 diff --git a/m4/libtool.m4 b/m4/libtool.m4
 --- a/m4/libtool.m4
diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-libtool-Fix-support-for-NIOS2-processor.patch b/poky/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
index bbd36d8dc1..395464e908 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/0001-libtool-Fix-support-for-NIOS2-processor.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
@@ -1,7 +1,5 @@
-From df2cd898e48208f26320d40c3ed6b19c75c27142 Mon Sep 17 00:00:00 2001
 From: Marek Vasut <marex@denx.de>
-Date: Thu, 17 Sep 2015 00:43:15 +0200
-Subject: [PATCH] libtool: Fix support for NIOS2 processor
+Subject: [PATCH 07/12] libtool: Fix support for NIOS2 processor
 
 The name of the system contains the string "nios2". This string
 is caught by the some of the greedy checks for OS/2 in libtool,
@@ -13,7 +11,10 @@ checks to prevent the OS/2 check incorrectly trapping the nios2
 as well.
 
 Signed-off-by: Marek Vasut <marex@denx.de>
-Upstream-Status: Submitted
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00021.html]
+
 ---
  build-aux/ltmain.in | 20 ++++++++++++++++++++
  1 file changed, 20 insertions(+)
diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-libtool-Check-for-static-libs-for-internal-compiler-.patch b/poky/meta/recipes-devtools/libtool/libtool/0008-libtool-Check-for-static-libs-for-internal-compiler-.patch
index 8c7c39feb6..afffdb9fd4 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/0001-libtool-Check-for-static-libs-for-internal-compiler-.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0008-libtool-Check-for-static-libs-for-internal-compiler-.patch
@@ -1,8 +1,7 @@
-From 40a2da75e6d95cc7c498ebda95ab19ae0db2ebfb Mon Sep 17 00:00:00 2001
+From b9993338080325a6e2b2ec94ca0ece80e7fa3fb6 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 26 Jan 2019 12:54:26 -0800
-Subject: [PATCH] libtool: Check for static libs for internal compiler
- libraries
+Subject: [PATCH 08/12] libtool: Check for static libs for internal compiler libraries
 
 Libtool checks only for libraries linked as -l* when trying to
 find internal compiler libraries. Clang, however uses the absolute
@@ -10,11 +9,13 @@ path to link its internal libraries e.g. compiler_rt. This patch
 handles clang's statically linked libraries when finding internal
 compiler libraries.
 
-https://crbug.com/749263
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
-Upstream-Status: Submitted [https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27866]
+https://crbug.com/749263
+https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27866
 
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00016.html]
 ---
  m4/libtool.m4 | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch b/poky/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
index 2e9908725e..348cd3c1ae 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
@@ -1,7 +1,5 @@
-From dfbbbd359e43e0a55fbea06f2647279ad8761cb9 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 24 Mar 2021 03:04:13 +0000
-Subject: [PATCH] Makefile.am: make sure autoheader run before autoconf
+Subject: [PATCH 09/12] Makefile.am: make sure autoheader run before autoconf
 
 autoheader will update ../libtool-2.4.6/libltdl/config-h.in which
 autoconf needs, so there comes a race sometimes as below:
@@ -10,9 +8,11 @@ autoconf needs, so there comes a race sometimes as below:
 
 So make sure autoheader run before autoconf to avoid this race.
 
-Upstream-Status: Submitted [libtool-patches@gnu.org maillist]
-
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00015.html]
+
 ---
  Makefile.am | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch b/poky/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch
index 87f8492346..cd963ef1be 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch
@@ -1,7 +1,5 @@
-From e82c06584f02e3e4487aa73aa05981e2a35dc6d1 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
-Date: Tue, 13 Apr 2021 07:17:29 +0000
-Subject: [PATCH] Makefile.am: make sure autoheader run before automake
+Subject: [PATCH 10/12] Makefile.am: make sure autoheader run before automake
 
 When use automake to generate Makefile.in from Makefile.am, there
 comes below race:
@@ -10,7 +8,10 @@ comes below race:
 It is because the file config-h.in in updating process by autoheader,
 so make automake run after autoheader to avoid the above race.
 
-Upstream-Status: Submitted [libtool-patches@gnu.org maillist]
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00020.html]
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
 ---
diff --git a/poky/meta/recipes-devtools/libtool/libtool/lto-prefix.patch b/poky/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
index 2bd010b8e4..b121a3c750 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/lto-prefix.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
@@ -1,9 +1,13 @@
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 11/12] ltmain.in: Handle prefix-map compiler options correctly
+
 If lto is enabled, we need the prefix-map variables to be passed to the linker.
 Add these to the list of options libtool passes through.
 
-Upstream-Status: Pending
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00019.html]
+
 Index: libtool-2.4.6/build-aux/ltmain.in
 ===================================================================
 --- libtool-2.4.6.orig/build-aux/ltmain.in
diff --git a/poky/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch b/poky/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch
index 5add0cca3b..64f911d46c 100755..100644
--- a/poky/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch
@@ -1,10 +1,16 @@
-libtool: remove host specific info from header file
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 12/12] libtool.m4: For reproducibility stop encoding hostname in libtool script
+
+For reproducibilty, stop encoding the hostname into the libtool script, this isn't
+really adding much to debugging and most distros are carrying such a patch now as
+reproducibility is important.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
 https://sources.debian.org/data/main/libt/libtool/2.4.6-10/debian/patches/
         no_hostname.patch
 
-Upstream-Status: Inappropriate [not author]
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00011.html]
 
 ---
 Index: libtool-2.4.6/m4/libtool.m4
diff --git a/poky/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch b/poky/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
new file mode 100644
index 0000000000..447640cef6
--- /dev/null
+++ b/poky/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
@@ -0,0 +1,133 @@
+From 418129bc63afc312701e84cb8afa5ca413df1ab5 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Fri, 17 Apr 2015 16:54:58 +0200
+Subject: ARFLAGS: use 'cr' instead of 'cru' by default
+
+In some GNU/Linux distributions people started to compile 'ar'
+binary with --enable-deterministic-archives (binutils project).
+That, however, in combination with our previous long time working
+default AR_FLAGS=cru causes warnings on such installations:
+ar: `u' modifier ignored since `D' is the default (see `U')
+
+The 'u' option (at least with GNU binutils) did small optimization
+during repeated builds because it instructed 'ar' to not
+open/close unchanged *.o files and to rather read their contents
+from old archive file.  However, its removal should not cause a
+big performance hit for usual workflows.
+
+Distributions started using --enable-deterministic-archives
+knowing that it would disable the 'u', just to rather have a bit
+more deterministic builds.
+
+Also, to justify this change a bit more, keeping 'u' in ARFLAGS
+could only result in many per-project changes to override
+Libtool's ARFLAGS default, just to silent such warnings.
+
+Fixes bug#19967.  Reported by Eric Blake.
+
+* m4/libtool.m4 (_LT_PROG_AR): Default AR_FLAGS to 'cr'.
+(_LT_REQUIRED_DARWIN_CHECKS): Use $AR_FLAGS instead 'cru' string.
+* doc/libtool.texi: Do 's/ar cru/ar cr/' in whole documentation.
+* NEWS: Document.
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=418129bc63afc312701e84cb8afa5ca413df1ab5]
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ NEWS             |  4 ++++
+ doc/libtool.texi | 10 +++++-----
+ m4/libtool.m4    |  6 +++---
+ 3 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 71a932d..1518f09 100644
+--- a/NEWS
++++ b/NEWS
+@@ -13,6 +13,10 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+     variable, which obsoletes AR_FLAGS.  This is due to naming conventions
+     among other *FLAGS and to be consistent with Automake's ARFLAGS.
+ 
++** Important incompatible changes:
++
++  - Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
++
+ ** Bug fixes:
+ 
+   - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/doc/libtool.texi b/doc/libtool.texi
+index 0298627..4c664bb 100644
+--- a/doc/libtool.texi
++++ b/doc/libtool.texi
+@@ -602,7 +602,7 @@ Without libtool, the programmer would invoke the @command{ar} command to
+ create a static library:
+ 
+ @example
+-burger$ @kbd{ar cru libhello.a hello.o foo.o}
++burger$ @kbd{ar cr libhello.a hello.o foo.o}
+ burger$
+ @end example
+ 
+@@ -632,7 +632,7 @@ libtool are the same ones you would use to produce an executable named
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.o hello.o}
+ *** Warning: Linking the shared library libhello.la against the
+ *** non-libtool objects foo.o hello.o is not portable!
+-ar cru .libs/libhello.a
++ar cr .libs/libhello.a
+ ranlib .libs/libhello.a
+ creating libhello.la
+ (cd .libs && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -662,7 +662,7 @@ archive, not a shared library (@pxref{Static libraries}).}:
+ @example
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+                 -rpath /usr/local/lib -lm}
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -676,7 +676,7 @@ burger$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+                 -rpath /usr/local/lib -lm}
+ rm -fr  @value{objdir}/libhello.a @value{objdir}/libhello.la
+ ld -Bshareable -o @value{objdir}/libhello.so.0.0 @value{objdir}/foo.o @value{objdir}/hello.o -lm
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -6001,7 +6001,7 @@ in cases where it is necessary.
+ @subsection Archivers
+ 
+ On all known systems, building a static library can be accomplished by
+-running @kbd{ar cru lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
++running @kbd{ar cr lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
+ where the @file{.a} file is the output library, and each @file{.o} file is an
+ object file.
+ 
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 6514196..add06ee 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1041,8 +1041,8 @@ int forced_loaded() { return 2;}
+ _LT_EOF
+       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
++      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
++      $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+       echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+       $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+       cat > conftest.c << _LT_EOF
+@@ -1505,7 +1505,7 @@ _LT_DECL([], [AR], [1], [The archiver])
+ # ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+ # variable obsoleted/removed.
+ 
+-test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+ lt_ar_flags=$AR_FLAGS
+ _LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+ 
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-devtools/libtool/libtool/fixinstall.patch b/poky/meta/recipes-devtools/libtool/libtool/fixinstall.patch
index 8f343bf436..48330d82fb 100644
--- a/poky/meta/recipes-devtools/libtool/libtool/fixinstall.patch
+++ b/poky/meta/recipes-devtools/libtool/libtool/fixinstall.patch
@@ -27,9 +27,9 @@ diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
  
 -	if test -n "$relink_command"; then
 +	if test "$fast_install" = no && test -n "$relink_command"; then
-       # Strip any trailing slash from the destination.
-       func_stripname '' '/' "$libdir"
-       destlibdir=$func_stripname_result
+ 	  # Strip any trailing slash from the destination.
+ 	  func_stripname '' '/' "$libdir"
+	  destlibdir=$func_stripname_result
 @@ -2394,7 +2394,7 @@ func_mode_install ()
  	  shift
  
diff --git a/poky/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch b/poky/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
new file mode 100644
index 0000000000..bb11887cda
--- /dev/null
+++ b/poky/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
@@ -0,0 +1,77 @@
+From 4335de1dfb7d2ec728427e07a54136b94a2d40f6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Fri, 17 Apr 2015 15:05:42 +0200
+Subject: libool.m4: add ARFLAGS variable
+
+Libtool has used $AR_FLAGS since 2000-05-29 commit
+8300de4c54e6f04f0d, Automake ARFLAGS since 2003-04-06 commit
+a71b3490639831ca.  Even though ARFLAGS is younger, it sounds like
+better name according GNU Coding Standards.
+
+Related to bug#20082.
+
+* m4/libtool.m4 (_LT_PROG_AR): Copy ARFLAGS value into AR_FLAGS
+variable if AR_FLAGS is not set.  Add new _LT_DECL'ed variable
+'lt_ar_flags' to keep the configure-time value of AR_FLAGS.  The
+new 'lt_ar_flags' is to be used as the default value for AR_FLAGS
+at libtool-runtime.
+* NEWS: Document.
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=4335de1dfb7d2ec728427e07a54136b94a2d40f6]
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ NEWS          |  6 ++++++
+ m4/libtool.m4 | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index d7ca434..71a932d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,12 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+   - LT_SYS_LIBRARY_PATH can be set in config.site, or at configure time
+     and persists correctly in the generated libtool script.
+ 
++** New features:
++
++  - Libtool script now supports (configure-time and runtime) ARFLAGS
++    variable, which obsoletes AR_FLAGS.  This is due to naming conventions
++    among other *FLAGS and to be consistent with Automake's ARFLAGS.
++
+ ** Bug fixes:
+ 
+   - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 63acd09..6514196 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1497,9 +1497,22 @@ need_locks=$enable_libtool_lock
+ m4_defun([_LT_PROG_AR],
+ [AC_CHECK_TOOLS(AR, [ar], false)
+ : ${AR=ar}
+-: ${AR_FLAGS=cru}
+ _LT_DECL([], [AR], [1], [The archiver])
+-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
++
++# Use ARFLAGS variable as AR's operation code to sync the variable naming with
++# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
++# higher priority because thats what people were doing historically (setting
++# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
++# variable obsoleted/removed.
++
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++lt_ar_flags=$AR_FLAGS
++_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
++
++# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
++# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
++_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
++         [Flags to create an archive])
+ 
+ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+   [lt_cv_ar_at_file=no
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-devtools/libtool/libtool/norm-rpath.patch b/poky/meta/recipes-devtools/libtool/libtool/norm-rpath.patch
deleted file mode 100644
index 1e4c65e024..0000000000
--- a/poky/meta/recipes-devtools/libtool/libtool/norm-rpath.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-libtool: normalize link paths before considering for RPATH
-
-Libtool may be passed link paths of the form "/usr/lib/../lib", which
-fool its detection code into thinking it should be included as an
-RPATH in the generated binary.  Normalize before comparision.
-
-Signed-off-by: Andy Ross <andy.ross@windriver.com>
-Upstream-Status: Pending
-
-Updated by: Robert Yang <liezhi.yang@windriver.com>
-
-diff -ur a/build-aux/ltmain.in b/build-aux/ltmain.in
---- a/build-aux/ltmain.in	2012-08-16 13:58:55.058900363 -0700
-+++ b/build-aux/ltmain.in	2012-08-22 11:01:34.191345989 -0700
-@@ -7288,8 +7288,10 @@
- 	      else
-                 # We only want to hardcode in an rpath if it isn't in the
-                 # default dlsearch path.
-+                func_normal_abspath "$libdir"
-+                libdir_norm=$func_normal_abspath_result
- 	        case " $sys_lib_dlsearch_path " in
--	        *" $libdir "*) ;;
-+	        *" $libdir_norm "*) ;;
- 	        *) eval flag=\"$hardcode_libdir_flag_spec\"
-                    func_append dep_rpath " $flag"
-                    ;;
-@@ -8027,8 +8029,10 @@
- 	  else
-             # We only want to hardcode in an rpath if it isn't in the
-             # default dlsearch path.
-+            func_normal_abspath "$libdir"
-+            libdir_norm=$func_normal_abspath_result
- 	    case " $sys_lib_dlsearch_path " in
--	    *" $libdir "*) ;;
-+	    *" $libdir_norm "*) ;;
- 	    *) eval flag=\"$hardcode_libdir_flag_spec\"
-                rpath+=" $flag"
-                ;;
diff --git a/poky/meta/recipes-devtools/libtool/libtool/trailingslash.patch b/poky/meta/recipes-devtools/libtool/libtool/trailingslash.patch
deleted file mode 100644
index e8824d7db9..0000000000
--- a/poky/meta/recipes-devtools/libtool/libtool/trailingslash.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Pending
-
-A command like /bin/sh ../../i586-poky-linux-libtool   --mode=install /usr/bin/install -c   gck-roots-store-standalone.la '/media/data1/builds/poky1/tmp/work/core2-poky-linux/gnome-keyring-2.26.1-r1/image/usr/lib/gnome-keyring/standalone/' fails (e.g. gnome-keyring or pulseaudio)
-
-This is because libdir has a trailing slash which breaks the comparision.
-
-RP 2/1/10
-
-Merged a patch received from Gary Thomas <gary@mlbassoc.com>
-
-Date: 2010/07/12
-Nitin A Kamble <nitin.a.kamble@intel.com>
-
-Updated by: Robert Yang <liezhi.yang@windriver.com>
-
-diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
---- a/build-aux/ltmain.in
-+++ b/build-aux/ltmain.in
-@@ -2356,8 +2356,15 @@ func_mode_install ()
- 	func_append dir "$objdir"
- 
- 	if test -n "$relink_command"; then
-+      # Strip any trailing slash from the destination.
-+      func_stripname '' '/' "$libdir"
-+      destlibdir=$func_stripname_result
-+
-+      func_stripname '' '/' "$destdir"
-+      s_destdir=$func_stripname_result
-+
- 	  # Determine the prefix the user has applied to our future dir.
--	  inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
-+	  inst_prefix_dir=`$ECHO "X$s_destdir" | $Xsed -e "s%$destlibdir\$%%"`
- 
- 	  # Don't allow the user to place us outside of our expected
- 	  # location b/c this prevents finding dependent libraries that
diff --git a/poky/meta/recipes-devtools/python/python3-pyelftools_0.27.bb b/poky/meta/recipes-devtools/python/python3-pyelftools_0.27.bb
index 0cfd99504b..e2d0e18277 100644
--- a/poky/meta/recipes-devtools/python/python3-pyelftools_0.27.bb
+++ b/poky/meta/recipes-devtools/python/python3-pyelftools_0.27.bb
@@ -11,3 +11,5 @@ PYPI_PACKAGE = "pyelftools"
 inherit pypi setuptools3
 
 BBCLASSEXTEND = "native"
+
+RDEPENDS:${PN} += "${PYTHON_PN}-debugger ${PYTHON_PN}-pprint"
diff --git a/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch b/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
index c4fae09a5b..99968b81de 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
@@ -1,7 +1,8 @@
-From 1ad771d86728ee2ed30e202e9768d8d825f96467 Mon Sep 17 00:00:00 2001
+From d9eb634b3d2e6ba831e864c50f6a37c48edfc4f3 Mon Sep 17 00:00:00 2001
 From: Matthias Schoepfer <matthias.schoepfer@ithinx.io>
 Date: Fri, 31 May 2019 15:34:34 +0200
 Subject: [PATCH] bpo-36852: proper detection of mips architecture for soft
+
  float
 
 When (cross) compiling for softfloat mips, __mips_hard_float will not be
@@ -13,18 +14,18 @@ to do this in a more autoconf/autotools manner.
 Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196]
 Signed-off-by: Matthias Schoepfer <matthias.schoepfer@ithinx.io>
 
-%% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
+
 ---
  configure.ac | 175 +++++++--------------------------------------------
  1 file changed, 21 insertions(+), 154 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index ede710e..bc81b0b 100644
+index e2979a8..337182d 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -710,160 +710,27 @@ fi
- MULTIARCH=$($CC --print-multiarch 2>/dev/null)
- AC_SUBST(MULTIARCH)
+@@ -728,160 +728,27 @@ then
+ fi
+ 
  
 -AC_MSG_CHECKING([for the platform triplet based on compiler characteristics])
 -cat >> conftest.c <<EOF
@@ -202,8 +203,5 @@ index ede710e..bc81b0b 100644
 +	;;
 +esac	
  
- if test x$PLATFORM_TRIPLET != x && test x$MULTIARCH != x; then
-   if test x$PLATFORM_TRIPLET != x$MULTIARCH; then
--- 
-2.24.1
-
+ if test x$PLATFORM_TRIPLET != xdarwin; then
+   MULTIARCH=$($CC --print-multiarch 2>/dev/null)
diff --git a/poky/meta/recipes-devtools/python/python3_3.9.7.bb b/poky/meta/recipes-devtools/python/python3_3.9.9.bb
index 772dcb8d9d..5c6077a467 100644
--- a/poky/meta/recipes-devtools/python/python3_3.9.7.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.9.9.bb
@@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \
            file://12-distutils-prefix-is-inside-staging-area.patch \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
-SRC_URI[sha256sum] = "f8145616e68c00041d1a6399b76387390388f8359581abc24432bb969b5e3c57"
+SRC_URI[sha256sum] = "06828c04a573c073a4e51c4292a27c1be4ae26621c3edc7cf9318418ce3b6d27"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index cb15415d7f..48cd79f9cb 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -133,6 +133,9 @@ do_install:append:class-nativesdk() {
 do_install:append:class-target() {
     rm -rf ${D}/var
 }
+do_install:append:class-nativesdk() {
+    rm -rf ${D}${SDKPATHNATIVE}/var
+}
 
 do_install:append () {
 	sed -i -e 's:${HOSTTOOLS_DIR}/::g' \
diff --git a/poky/meta/recipes-devtools/rust/rust-cross.inc b/poky/meta/recipes-devtools/rust/rust-cross.inc
index bee7c9f12f..5f8671257e 100644
--- a/poky/meta/recipes-devtools/rust/rust-cross.inc
+++ b/poky/meta/recipes-devtools/rust/rust-cross.inc
@@ -32,7 +32,7 @@ DEPENDS += "virtual/${TARGET_PREFIX}gcc virtual/${TARGET_PREFIX}compilerlibs vir
 DEPENDS += "rust-native"
 
 PROVIDES = "virtual/${TARGET_PREFIX}rust"
-PN = "rust-cross-${TARGET_ARCH}"
+PN = "rust-cross-${TUNE_PKGARCH}-${TCLIBC}"
 
 # In the cross compilation case, rustc doesn't seem to get the rpath quite
 # right. It manages to include '../../lib/${TARGET_PREFIX}', but doesn't
diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_40.3.bb b/poky/meta/recipes-gnome/epiphany/epiphany_40.6.bb
index c5dc0baefa..1f3fab3c4a 100644
--- a/poky/meta/recipes-gnome/epiphany/epiphany_40.3.bb
+++ b/poky/meta/recipes-gnome/epiphany/epiphany_40.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN
            file://migrator.patch \
            file://distributor.patch \
            "
-SRC_URI[archive.sha256sum] = "dad138b9f2d55de271128fca38b61f53fd980c587d29e1ba6b508fff3b19f564"
+SRC_URI[archive.sha256sum] = "a2abf71b165b4302643147d637808847d64df6a97ce460703542dec75e81b5f7"
 
 # Developer mode enables debugging
 PACKAGECONFIG[developer-mode] = "-Ddeveloper_mode=true,-Ddeveloper_mode=false"
diff --git a/poky/meta/recipes-graphics/drm/libdrm_2.4.107.bb b/poky/meta/recipes-graphics/drm/libdrm_2.4.109.bb
index b645898481..fb5ddd82c0 100644
--- a/poky/meta/recipes-graphics/drm/libdrm_2.4.107.bb
+++ b/poky/meta/recipes-graphics/drm/libdrm_2.4.109.bb
@@ -13,7 +13,7 @@ DEPENDS = "libpthread-stubs"
 SRC_URI = "http://dri.freedesktop.org/libdrm/${BP}.tar.xz \
           "
 
-SRC_URI[sha256sum] = "c554cef03b033636a975543eab363cc19081cb464595d3da1ec129f87370f888"
+SRC_URI[sha256sum] = "629352e08c1fe84862ca046598d8a08ce14d26ab25ee1f4704f993d074cb7f26"
 
 inherit meson pkgconfig manpages
 
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
index 41632f25ce..984dc1253f 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
@@ -17,7 +17,7 @@ S = "${WORKDIR}/git"
 
 REQUIRED_DISTRO_FEATURES = "vulkan"
 
-inherit cmake features_check
+inherit cmake features_check pkgconfig
 ANY_OF_DISTRO_FEATURES = "x11 wayland"
 
 DEPENDS += "vulkan-headers"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index e1fc0a06dc..8864564b3e 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -19,7 +19,15 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
 
 UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
 
-CVE_PRODUCT = "xorg-server"
+CVE_PRODUCT = "xorg-server x_server"
+# This is specific to Debian's xserver-wrapper.c
+CVE_CHECK_WHITELIST += "CVE-2011-4613"
+# As per upstream, exploiting this flaw is non-trivial and it requires exact
+# timing on the behalf of the attacker. Many graphical applications exit if their
+# connection to the X server is lost, so a typical desktop session is either
+# impossible or difficult to exploit. There is currently no upstream patch
+# available for this flaw.
+CVE_CHECK_WHITELIST += "CVE-2020-25697"
 
 S = "${WORKDIR}/${XORG_PN}-${PV}"
 
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index 01a54070c7..71367c247e 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -8,7 +8,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \
            "
-SRC_URI[sha256sum] = "40aa4e96a56a81a301f15a9b10e06a22700f12b42d9e0e453c7f11d354386300"
+SRC_URI[sha256sum] = "5cc5b70b9be89443e2594b93656c60bd5e82cd7f01deb4ce4faf81dcf546a16b"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.
diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index ef035aed23..95983fe69b 100644
--- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -8,9 +8,8 @@ LIC_FILES_CHKSUM = "file://tools/kgit;beginline=5;endline=9;md5=9c30e971d435e249
 
 DEPENDS = "git-native"
 
-SRCREV = "d220b063852245fdd16b9731a395ace525f932d6"
-PR = "r12"
-PV = "0.2+git${SRCPV}"
+SRCREV = "90598a5fae1172e3f7782a1b02f7b7518efd32c8"
+PV = "0.3+git${SRCPV}"
 
 inherit native
 
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb
index 97d42e98e2..65bfda1d9f 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
                     file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
                     file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-                    file://WHENCE;md5=d627873bd934d7c52b2c8191304a8eb7 \
+                    file://WHENCE;md5=79f477f9d53eedee5a65b45193785963 \
                     "
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -205,7 +205,7 @@ PE = "1"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "bc2657dd8eb82386a9a7ec6df9ccf31c32c7e9073c05d37786c1edc273f9440a"
+SRC_URI[sha256sum] = "eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d"
 
 inherit allarch
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index f666ac0611..52ba3b9f61 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "12f6a7187b3c8abab5e139dbfdf7f58f265f4169"
-SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546"
+SRCREV_machine ?= "e137d5d92c05530840f2e191ec471f8f0ea2d62e"
+SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.78"
+LINUX_VERSION ?= "5.10.90"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb
index 7e02f83d51..6f22173b1e 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "672665c11dd86abd71bbad0537e6388c6a5a84ca"
-SRCREV_meta ?= "b3ac9c40a22d6b00545b7ce51ef6dfb0cb9d2933"
+SRCREV_machine ?= "b18aaa90f5ce15336aacf4cc24c7a086aeb4bc84"
+SRCREV_meta ?= "f9e349e174542980f72dcd087445d0106b7a5e75"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.14;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.14.17"
+LINUX_VERSION ?= "5.14.21"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 86010f106f..d0166f6c4f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.10.78"
+LINUX_VERSION ?= "5.10.90"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "cdec5045c5323846adaf2510e539843d0cfe74ae"
-SRCREV_machine ?= "344c0c38f5b892312b0a1db7f613d2704dd4942f"
-SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546"
+SRCREV_machine:qemuarm ?= "c0774ebd6bc1c7541deb4f9a649a1a6bfa42853f"
+SRCREV_machine ?= "ab201bf6e3f9d187c7c26a0ec6537fadb41de918"
+SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb
index 9ad9549554..d44fac6094 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.14.17"
+LINUX_VERSION ?= "5.14.21"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "566227d5b0913910467a7736d78cad37e60217f8"
-SRCREV_machine ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_meta ?= "b3ac9c40a22d6b00545b7ce51ef6dfb0cb9d2933"
+SRCREV_machine:qemuarm ?= "159f57f8e022351d5193e51c02c951f2e255db1a"
+SRCREV_machine ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_meta ?= "f9e349e174542980f72dcd087445d0106b7a5e75"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 2e81068330..43274a318f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86  ?= "v5.10/standard/base"
 KBRANCH:qemux86-64 ?= "v5.10/standard/base"
 KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "f98b917d7826304daeecf11cc52be2562a9304ff"
-SRCREV_machine:qemuarm64 ?= "13ff8a3ae368724e008e3bcd77833611de7962b2"
-SRCREV_machine:qemumips ?= "7b94dec2b0f5b582b97cdb3ac97fe153559869e4"
-SRCREV_machine:qemuppc ?= "652531fb0cc8eb3607109bb8d878253be2d3d534"
-SRCREV_machine:qemuriscv64 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
-SRCREV_machine:qemuriscv32 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
-SRCREV_machine:qemux86 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
-SRCREV_machine:qemux86-64 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
-SRCREV_machine:qemumips64 ?= "4c817df0fd06350e18693551699c33361e16a193"
-SRCREV_machine ?= "2daa192783edd4974da8e900c0dc93186e57a838"
-SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546"
+SRCREV_machine:qemuarm ?= "d9597fe71e155c5a96452d23694188d6d4091673"
+SRCREV_machine:qemuarm64 ?= "210fcd9ee603afb731beaa5833e7e3f1d1918786"
+SRCREV_machine:qemumips ?= "8688d3707cea38bd7ed115a12005079c2215f77d"
+SRCREV_machine:qemuppc ?= "933b47667b7549bb36a809cca90bc372a7182620"
+SRCREV_machine:qemuriscv64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
+SRCREV_machine:qemuriscv32 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
+SRCREV_machine:qemux86 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
+SRCREV_machine:qemux86-64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
+SRCREV_machine:qemumips64 ?= "25fcfe4f5c4be9bbb67498f09b2dd088f8bb6dfd"
+SRCREV_machine ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
+SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
 # KMACHINE:qemuarm ?= "qemuarma15"
@@ -32,11 +32,11 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.78"
+LINUX_VERSION ?= "5.10.90"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-DEPENDS += "gmp-native"
+DEPENDS += "gmp-native libmpc-native"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.14.bb
index f034f36d45..b5be96b7c9 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.14.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86  ?= "v5.14/standard/base"
 KBRANCH:qemux86-64 ?= "v5.14/standard/base"
 KBRANCH:qemumips64 ?= "v5.14/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "eef94a78151c2227eba9a8468ac611d9507482b5"
-SRCREV_machine:qemuarm64 ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_machine:qemumips ?= "607d94618b35382f38ab2bc0d37494372897ae4d"
-SRCREV_machine:qemuppc ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_machine:qemuriscv64 ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_machine:qemuriscv32 ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_machine:qemux86 ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_machine:qemux86-64 ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_machine:qemumips64 ?= "9ed182ebbcd4c77b8f99439d2feb6c4591148324"
-SRCREV_machine ?= "35888b3a9a222963b856c960e8f0c72c2de18d4a"
-SRCREV_meta ?= "b3ac9c40a22d6b00545b7ce51ef6dfb0cb9d2933"
+SRCREV_machine:qemuarm ?= "5ca7fd91b258a07ed1b6f38593ff8c48cc574b1c"
+SRCREV_machine:qemuarm64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemumips ?= "1e7a6d0d29015bf1f383cf5f52fc451c1969561d"
+SRCREV_machine:qemuppc ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemuriscv64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemuriscv32 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemux86 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemux86-64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemumips64 ?= "f6646a344afbf6cacc91cbeaaec4240b372dd192"
+SRCREV_machine ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_meta ?= "f9e349e174542980f72dcd087445d0106b7a5e75"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
@@ -31,7 +31,7 @@ SRCREV_meta ?= "b3ac9c40a22d6b00545b7ce51ef6dfb0cb9d2933"
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
 DEFAULT_PREFERENCE:class-devupstream = "-1"
-SRCREV_machine:class-devupstream ?= "3dfa869cb79d60a2fe66efb4a11517ec7c89de16"
+SRCREV_machine:class-devupstream ?= "545728d9e08593767dd55192b0324dd4f9b71151"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.14/base"
 
@@ -42,7 +42,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.14;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.14.17"
+LINUX_VERSION ?= "5.14.21"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
new file mode 100644
index 0000000000..b0ff1a0885
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
@@ -0,0 +1,32 @@
+From 5adbc377cd90aa40f0cd56ae325ca70065a8aa19 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 13 Jan 2022 16:45:59 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing
+
+CVE: CVE-2021-4156.patch
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/issues/731]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 0be82ac..6548bba 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++                }
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 443ca95e32..884d680fbe 100644
--- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
            file://CVE-2017-12562.patch \
            file://CVE-2018-19758.patch \
            file://CVE-2019-3832.patch \
+           file://CVE-2021-4156.patch \
           "
 
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch b/poky/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
new file mode 100644
index 0000000000..e866a1a193
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
@@ -0,0 +1,22 @@
+Injection a year based on the current date isn't reproducible. Hack this
+to a specific year for now for reproducibilty and to avoid autobuilder failures.
+
+The correct fix would be to use SOURCE_DATE_EPOCH from the environment and
+then this could be submitted upstream, sadly my ruby isn't up to that.
+
+Upstream-Status: Pending [could be reworked]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb
+===================================================================
+--- webkitgtk-2.34.2.orig/Source/JavaScriptCore/generator/GeneratedFile.rb
++++ webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb
+@@ -25,7 +25,7 @@ require 'date'
+ require 'digest'
+ 
+ $LICENSE = <<-EOF
+-Copyright (C) #{Date.today.year} Apple Inc. All rights reserved.
++Copyright (C) 2021 Apple Inc. All rights reserved.
+ 
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
index 1f3f7a9c00..bab1c17902 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
+++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://reduce-memory-overheads.patch \
            file://musl-lower-stack-usage.patch \
            file://0001-MiniBrowser-Fix-reproduciblity.patch \
+           file://reproducibility.patch \
            "
 
 SRC_URI[sha256sum] = "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc"
diff --git a/poky/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch b/poky/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch
new file mode 100644
index 0000000000..0a9ee2cc95
--- /dev/null
+++ b/poky/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch
@@ -0,0 +1,50 @@
+From e193f080c7d209516ac9b712fa0c50bb08026fa2 Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Tue, 19 Oct 2021 12:24:31 +0000
+Subject: [PATCH] BoostConfig.cmake: allow searching for python310
+
+* accept double digits in Python3_VERSION_MINOR
+
+* if someone is using e.g.:
+  find_package(Python3 REQUIRED)
+  find_package(Boost REQUIRED python${Python3_VERSION_MAJOR}${Python3_VERSION_MINOR})
+
+  with python-3.10 then it currently fails with:
+
+  -- Found PythonLibs: /usr/lib/libpython3.10.so (found version "3.10.0")
+  -- Found Python3: -native/usr/bin/python3-native/python3 (found version "3.10.0") found components: Interpreter
+  CMake Error at /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:141 (find_package):
+    Could not find a package configuration file provided by "boost_python310"
+    (requested version 1.77.0) with any of the following names:
+
+      boost_python310Config.cmake
+      boost_python310-config.cmake
+
+    Add the installation prefix of "boost_python310" to CMAKE_PREFIX_PATH or
+    set "boost_python310_DIR" to a directory containing one of the above files.
+    If "boost_python310" provides a separate development package or SDK, be
+    sure it has been installed.
+  Call Stack (most recent call first):
+    /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:258 (boost_find_component)
+    /usr/share/cmake-3.21/Modules/FindBoost.cmake:594 (find_package)
+    CMakeLists.txt:18 (find_package)
+
+Upstream-Status: Submitted [https://github.com/boostorg/boost_install/pull/53]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ tools/boost_install/BoostConfig.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/boost_install/BoostConfig.cmake b/tools/boost_install/BoostConfig.cmake
+index fd17821..5dffa58 100644
+--- a/tools/boost_install/BoostConfig.cmake
++++ b/tools/boost_install/BoostConfig.cmake
+@@ -113,7 +113,7 @@ macro(boost_find_component comp required quiet)
+     set(_BOOST_REQUIRED REQUIRED)
+   endif()
+ 
+-  if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9])$")
++  if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9][0-9]?)$")
+ 
+     # handle pythonXY and numpyXY versioned components for compatibility
+ 
diff --git a/poky/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch b/poky/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch
new file mode 100644
index 0000000000..b05b795084
--- /dev/null
+++ b/poky/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch
@@ -0,0 +1,53 @@
+From 32bd6197353f6ea8e5bef01f09e25c944141acfc Mon Sep 17 00:00:00 2001
+From: jzmaddock <john@johnmaddock.co.uk>
+Date: Wed, 1 Sep 2021 18:54:54 +0100
+Subject: [PATCH] Allow definition of BOOST_MATH_NO_ATOMIC_INT on the command
+ line. Allows us to test/emulate platforms with no atomic integers.
+
+[buildroot@heine.tech:
+  - backport from boostorg/math 32bd6197353f6ea8e5bef01f09e25c944141acfc
+  - alter path to match boost release
+]
+Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
+---
+Upstream-Status: Backport [https://github.com/boostorg/math/pull/684/commits/32bd6197353f6ea8e5bef01f09e25c944141acfc]
+ boost/math/tools/atomic.hpp | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/boost/math/tools/atomic.hpp b/boost/math/tools/atomic.hpp
+index cc76ed269f..e3cbf5db89 100644
+--- a/boost/math/tools/atomic.hpp
++++ b/boost/math/tools/atomic.hpp
+@@ -16,27 +16,27 @@
+ namespace boost {
+    namespace math {
+       namespace detail {
+-#if ATOMIC_INT_LOCK_FREE == 2
++#if (ATOMIC_INT_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+          typedef std::atomic<int> atomic_counter_type;
+          typedef std::atomic<unsigned> atomic_unsigned_type;
+          typedef int atomic_integer_type;
+          typedef unsigned atomic_unsigned_integer_type;
+-#elif ATOMIC_SHORT_LOCK_FREE == 2
++#elif (ATOMIC_SHORT_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+          typedef std::atomic<short> atomic_counter_type;
+          typedef std::atomic<unsigned short> atomic_unsigned_type;
+          typedef short atomic_integer_type;
+          typedef unsigned short atomic_unsigned_type;
+-#elif ATOMIC_LONG_LOCK_FREE == 2
++#elif (ATOMIC_LONG_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+          typedef std::atomic<long> atomic_unsigned_integer_type;
+          typedef std::atomic<unsigned long> atomic_unsigned_type;
+          typedef unsigned long atomic_unsigned_type;
+          typedef long atomic_integer_type;
+-#elif ATOMIC_LLONG_LOCK_FREE == 2
++#elif (ATOMIC_LLONG_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+          typedef std::atomic<long long> atomic_unsigned_integer_type;
+          typedef std::atomic<unsigned long long> atomic_unsigned_type;
+          typedef long long atomic_integer_type;
+          typedef unsigned long long atomic_unsigned_integer_type;
+-#else
++#elif !defined(BOOST_MATH_NO_ATOMIC_INT)
+ #  define BOOST_MATH_NO_ATOMIC_INT
+ #endif
+       } // Namespace detail
diff --git a/poky/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch b/poky/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch
new file mode 100644
index 0000000000..f69e4f21f3
--- /dev/null
+++ b/poky/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch
@@ -0,0 +1,151 @@
+From 7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b Mon Sep 17 00:00:00 2001
+From: jzmaddock <john@johnmaddock.co.uk>
+Date: Wed, 1 Sep 2021 20:31:53 +0100
+Subject: [PATCH] Make no atomics a soft failure in bernoulli_details.hpp.
+ Include an "escape macro" so thread safety can be disabled if certain
+ bernoulli features are to be used in a no-atomics environment. Fixes
+ https://github.com/boostorg/math/issues/673.
+
+[buildroot@heine.tech:
+  - backport from boostorg/math 7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b
+  - alter path to match boost release
+]
+Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
+---
+Upstream-Status: Backport [https://github.com/boostorg/math/pull/684/commits/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b]
+ .../detail/bernoulli_details.hpp                 | 10 +++++++---
+ libs/math/test/Jamfile.v2                        |  3 +++
+ test/compile_test/bernoulli_no_atomic_d.cpp      | 14 ++++++++++++++
+ test/compile_test/bernoulli_no_atomic_fail.cpp   | 15 +++++++++++++++
+ test/compile_test/bernoulli_no_atomic_mp.cpp     | 16 ++++++++++++++++
+ 5 files changed, 55 insertions(+), 3 deletions(-)
+ create mode 100644 test/compile_test/bernoulli_no_atomic_d.cpp
+ create mode 100644 test/compile_test/bernoulli_no_atomic_fail.cpp
+ create mode 100644 test/compile_test/bernoulli_no_atomic_mp.cpp
+
+diff --git a/boost/math/special_functions/detail/bernoulli_details.hpp b/boost/math/special_functions/detail/bernoulli_details.hpp
+index cf35545264..8519b7c89c 100644
+--- a/boost/math/special_functions/detail/bernoulli_details.hpp
++++ b/boost/math/special_functions/detail/bernoulli_details.hpp
+@@ -360,7 +360,7 @@ class bernoulli_numbers_cache
+          return out;
+       }
+ 
+-      #ifndef BOOST_HAS_THREADS
++      #if !defined(BOOST_HAS_THREADS) || defined(BOOST_MATH_BERNOULLI_UNTHREADED)
+       //
+       // Single threaded code, very simple:
+       //
+@@ -382,6 +382,8 @@ class bernoulli_numbers_cache
+          *out = (i >= m_overflow_limit) ? policies::raise_overflow_error<T>("boost::math::bernoulli_b2n<%1%>(std::size_t)", 0, T(i), pol) : bn[i];
+          ++out;
+       }
++      #elif defined(BOOST_MATH_NO_ATOMIC_INT)
++      static_assert(sizeof(T) == 1, "Unsupported configuration: your platform appears to have no atomic integers.  If you are happy with thread-unsafe code, then you may define BOOST_MATH_BERNOULLI_UNTHREADED to suppress this error.");
+       #else
+       //
+       // Double-checked locking pattern, lets us access cached already cached values
+@@ -464,7 +466,7 @@ class bernoulli_numbers_cache
+          return out;
+       }
+ 
+-      #ifndef BOOST_HAS_THREADS
++      #if !defined(BOOST_HAS_THREADS) || defined(BOOST_MATH_BERNOULLI_UNTHREADED)
+       //
+       // Single threaded code, very simple:
+       //
+@@ -494,6 +496,8 @@ class bernoulli_numbers_cache
+          }
+          ++out;
+       }
++      #elif defined(BOOST_MATH_NO_ATOMIC_INT)
++      static_assert(sizeof(T) == 1, "Unsupported configuration: your platform appears to have no atomic integers.  If you are happy with thread-unsafe code, then you may define BOOST_MATH_BERNOULLI_UNTHREADED to suppress this error.");
+       #else
+       //
+       // Double-checked locking pattern, lets us access cached already cached values
+@@ -555,7 +559,7 @@ class bernoulli_numbers_cache
+    // The value at which we know overflow has already occurred for the Bn:
+    std::size_t m_overflow_limit;
+ 
+-   #ifdef BOOST_HAS_THREADS
++   #if defined(BOOST_HAS_THREADS) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+    std::mutex m_mutex;
+    atomic_counter_type m_counter, m_current_precision;
+    #else
+diff --git a/libs/math/test/Jamfile.v2 b/libs/math/test/Jamfile.v2
+index 52fb87f5e5..3ac63f9279 100644
+--- a/libs/math/test/Jamfile.v2
++++ b/libs/math/test/Jamfile.v2
+@@ -1137,6 +1137,9 @@ test-suite misc :
+ 
+ #   [ run __temporary_test.cpp test_instances//test_instances : : : <test-info>always_show_run_output <pch>off ]
+    [ compile test_no_long_double_policy.cpp ]
++   [ compile compile_test/bernoulli_no_atomic_d.cpp ]
++   [ compile compile_test/bernoulli_no_atomic_mp.cpp ]
++   [ compile-fail compile_test/bernoulli_no_atomic_fail.cpp ]
+ ;
+ 
+ test-suite interpolators :
+diff --git a/test/compile_test/bernoulli_no_atomic_d.cpp b/test/compile_test/bernoulli_no_atomic_d.cpp
+new file mode 100644
+index 0000000000..61926f7e1f
+--- /dev/null
++++ b/test/compile_test/bernoulli_no_atomic_d.cpp
+@@ -0,0 +1,14 @@
++//  (C) Copyright John Maddock 2021.
++//  Use, modification and distribution are subject to the
++//  Boost Software License, Version 1.0. (See accompanying file
++//  LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
++
++#define BOOST_MATH_NO_ATOMIC_INT
++
++#include <boost/math/special_functions/bernoulli.hpp>
++#include "test_compile_result.hpp"
++
++void compile_and_link_test()
++{
++   check_result<double>(boost::math::bernoulli_b2n<double>(4));
++}
+diff --git a/test/compile_test/bernoulli_no_atomic_fail.cpp b/test/compile_test/bernoulli_no_atomic_fail.cpp
+new file mode 100644
+index 0000000000..bbd7152412
+--- /dev/null
++++ b/test/compile_test/bernoulli_no_atomic_fail.cpp
+@@ -0,0 +1,15 @@
++//  (C) Copyright John Maddock 2021.
++//  Use, modification and distribution are subject to the
++//  Boost Software License, Version 1.0. (See accompanying file
++//  LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
++
++#define BOOST_MATH_NO_ATOMIC_INT
++
++#include <boost/math/special_functions/bernoulli.hpp>
++#include <boost/multiprecision/cpp_bin_float.hpp>
++#include "test_compile_result.hpp"
++
++void compile_and_link_test()
++{
++   check_result<boost::multiprecision::cpp_bin_float_50>(boost::math::bernoulli_b2n<boost::multiprecision::cpp_bin_float_50>(4));
++}
+diff --git a/test/compile_test/bernoulli_no_atomic_mp.cpp b/test/compile_test/bernoulli_no_atomic_mp.cpp
+new file mode 100644
+index 0000000000..8d5a6e78e6
+--- /dev/null
++++ b/test/compile_test/bernoulli_no_atomic_mp.cpp
+@@ -0,0 +1,16 @@
++//  (C) Copyright John Maddock 2021.
++//  Use, modification and distribution are subject to the
++//  Boost Software License, Version 1.0. (See accompanying file
++//  LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
++
++#define BOOST_MATH_NO_ATOMIC_INT
++#define BOOST_MATH_BERNOULLI_UNTHREADED
++
++#include <boost/math/special_functions/bernoulli.hpp>
++#include <boost/multiprecision/cpp_bin_float.hpp>
++#include "test_compile_result.hpp"
++
++void compile_and_link_test()
++{
++   check_result<boost::multiprecision::cpp_bin_float_50>(boost::math::bernoulli_b2n<boost::multiprecision::cpp_bin_float_50>(4));
++}
diff --git a/poky/meta/recipes-support/boost/boost_1.77.0.bb b/poky/meta/recipes-support/boost/boost_1.77.0.bb
index df8e08ad76..bde6b14a79 100644
--- a/poky/meta/recipes-support/boost/boost_1.77.0.bb
+++ b/poky/meta/recipes-support/boost/boost_1.77.0.bb
@@ -6,4 +6,7 @@ SRC_URI += "file://boost-CVE-2012-2677.patch \
            file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
            file://0001-dont-setup-compiler-flags-m32-m64.patch \
            file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \
+           file://0001-BoostConfig.cmake-allow-searching-for-python310.patch \
+           file://0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch \
+           file://0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch \
            "
diff --git a/poky/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/poky/meta/recipes-support/gmp/gmp/cve-2021-43618.patch
new file mode 100644
index 0000000000..095fb21eaa
--- /dev/null
+++ b/poky/meta/recipes-support/gmp/gmp/cve-2021-43618.patch
@@ -0,0 +1,27 @@
+CVE: CVE-2021-43618
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
diff --git a/poky/meta/recipes-support/gmp/gmp_6.2.1.bb b/poky/meta/recipes-support/gmp/gmp_6.2.1.bb
index d5996abd00..e61582afdf 100644
--- a/poky/meta/recipes-support/gmp/gmp_6.2.1.bb
+++ b/poky/meta/recipes-support/gmp/gmp_6.2.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
            file://use-includedir.patch \
            file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
            file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \
+           file://cve-2021-43618.patch \
            "
 SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"
 SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c"
diff --git a/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch b/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
new file mode 100644
index 0000000000..28c61cd782
--- /dev/null
+++ b/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
@@ -0,0 +1,62 @@
+CVE: CVE-2021-3927
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 93b427c6e729260d0700c3b2804ec153bc8284fa Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Thu, 4 Nov 2021 15:10:11 +0000
+Subject: [PATCH] patch 8.2.3581: reading character past end of line
+
+Problem:    Reading character past end of line.
+Solution:   Correct the cursor column.
+---
+ src/ex_docmd.c           |  1 +
+ src/testdir/test_put.vim | 12 ++++++++++++
+ src/version.c            |  2 ++
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index fde726477..59e245bee 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap)
+ 	eap->forceit = TRUE;
+     }
+     curwin->w_cursor.lnum = eap->line2;
++    check_cursor_col();
+     do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L,
+ 						       PUT_LINE|PUT_CURSLINE);
+ }
+diff --git a/src/testdir/test_put.vim b/src/testdir/test_put.vim
+index 225ebd1f3..922e5b269 100644
+--- a/src/testdir/test_put.vim
++++ b/src/testdir/test_put.vim
+@@ -113,3 +113,15 @@ func Test_put_p_indent_visual()
+   call assert_equal('select that text', getline(2))
+   bwipe!
+ endfunc
++
++func Test_put_above_first_line()
++  new
++  let @" = 'text'
++  silent! normal 0o00
++  0put
++  call assert_equal('text', getline(1))
++  bwipe!
++endfunc
++
++
++" vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index a9e8be0e7..df4ec9a47 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -742,6 +742,8 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    3581,
+ /**/
+     3564,
+ /**/
diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch
new file mode 100644
index 0000000000..d117a98893
--- /dev/null
+++ b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch
@@ -0,0 +1,63 @@
+CVE: CVE-2021-3928
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From ade0f0481969f1453c60e7c8354b00dfe4238739 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Thu, 4 Nov 2021 15:46:05 +0000
+Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving
+ spell suggestions
+
+Problem:    Reading uninitialized memory when giving spell suggestions.
+Solution:   Check that preword is not empty.
+---
+ src/spellsuggest.c         | 2 +-
+ src/testdir/test_spell.vim | 8 ++++++++
+ src/version.c              | 2 ++
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/spellsuggest.c b/src/spellsuggest.c
+index 9d6df7930..8615d5280 100644
+--- a/src/spellsuggest.c
++++ b/src/spellsuggest.c
+@@ -1600,7 +1600,7 @@ suggest_trie_walk(
+ 		    // char, e.g., "thes," -> "these".
+ 		    p = fword + sp->ts_fidx;
+ 		    MB_PTR_BACK(fword, p);
+-		    if (!spell_iswordp(p, curwin))
++		    if (!spell_iswordp(p, curwin) && *preword != NUL)
+ 		    {
+ 			p = preword + STRLEN(preword);
+ 			MB_PTR_BACK(preword, p);
+diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
+index 79fb8927c..e435e9172 100644
+--- a/src/testdir/test_spell.vim
++++ b/src/testdir/test_spell.vim
+@@ -498,6 +498,14 @@ func Test_spell_screendump()
+   call delete('XtestSpell')
+ endfunc
+ 
++func Test_spell_single_word()
++  new
++  silent! norm 0R00
++  spell! ßÂ
++  silent 0norm 0r$ Dvz=
++  bwipe!
++endfunc
++
+ let g:test_data_aff1 = [
+       \"SET ISO8859-1",
+       \"TRY esianrtolcdugmphbyfvkwjkqxz-\xEB\xE9\xE8\xEA\xEF\xEE\xE4\xE0\xE2\xF6\xFC\xFB'ESIANRTOLCDUGMPHBYFVKWJKQXZ",
+diff --git a/src/version.c b/src/version.c
+index df4ec9a47..e1bc0d09b 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -742,6 +742,8 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    3582,
+ /**/
+     3581,
+ /**/
diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch
new file mode 100644
index 0000000000..58d3442677
--- /dev/null
+++ b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch
@@ -0,0 +1,92 @@
+CVE: CVE-2021-3973
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From b6154e9f530544ddc3130d981caae0dabc053757 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 17 Nov 2021 18:00:31 +0000
+Subject: [PATCH] patch 8.2.3611: crash when using CTRL-W f without finding a
+ file name  Problem:    Crash when using CTRL-W f without finding
+ a file name. Solution:   Bail out when the file name length is zero.
+
+---
+ src/findfile.c              | 8 ++++++++
+ src/normal.c                | 6 ++++--
+ src/testdir/test_visual.vim | 8 ++++++++
+ src/version.c               | 2 ++
+ 4 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/src/findfile.c b/src/findfile.c
+index dba547da1..5764fd7b8 100644
+--- a/src/findfile.c
++++ b/src/findfile.c
+@@ -1727,6 +1727,9 @@ find_file_in_path_option(
+     proc->pr_WindowPtr = (APTR)-1L;
+ # endif
+ 
++    if (len == 0)
++	return NULL;
++
+     if (first == TRUE)
+     {
+ 	// copy file name into NameBuff, expanding environment variables
+@@ -2094,7 +2097,12 @@ find_file_name_in_path(
+     int		c;
+ # if defined(FEAT_FIND_ID) && defined(FEAT_EVAL)
+     char_u	*tofree = NULL;
++# endif
+ 
++    if (len == 0)
++	return NULL;
++
++# if defined(FEAT_FIND_ID) && defined(FEAT_EVAL)
+     if ((options & FNAME_INCL) && *curbuf->b_p_inex != NUL)
+     {
+ 	tofree = eval_includeexpr(ptr, len);
+diff --git a/src/normal.c b/src/normal.c
+index 7cb959257..f0084f2ac 100644
+--- a/src/normal.c
++++ b/src/normal.c
+@@ -3778,8 +3778,10 @@ get_visual_text(
+ 	    *pp = ml_get_pos(&VIsual);
+ 	    *lenp = curwin->w_cursor.col - VIsual.col + 1;
+ 	}
+-	if (has_mbyte)
+-	    // Correct the length to include the whole last character.
++	if (**pp == NUL)
++	    *lenp = 0;
++	if (has_mbyte && *lenp > 0)
++	    // Correct the length to include all bytes of the last character.
+ 	    *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1;
+     }
+     reset_VIsual_and_resel();
+diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
+index ae281238e..0705fdb57 100644
+--- a/src/testdir/test_visual.vim
++++ b/src/testdir/test_visual.vim
+@@ -894,4 +894,12 @@ func Test_block_insert_replace_tabs()
+   bwipe!
+ endfunc
+ 
++func Test_visual_block_ctrl_w_f()
++  " Emtpy block selected in new buffer should not result in an error.
++  au! BufNew foo sil norm f
++  edit foo
++
++  au! BufNew
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index 52be3c39d..59a314b3a 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -742,6 +742,8 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    3611,
+ /**/
+     3582,
+ /**/
diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc
index 943856e07c..6cdf157cb6 100644
--- a/poky/meta/recipes-support/vim/vim.inc
+++ b/poky/meta/recipes-support/vim/vim.inc
@@ -23,6 +23,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch \
            file://0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch \
            file://0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch \
+           file://0001-patch-8.2.3581-reading-character-past-end-of-line.patch \
+           file://0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch \
+           file://0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch \
            "
 
 SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
@@ -30,6 +33,9 @@ SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
 
+# CVE-2021-3968 is related to an issue which was introduced after 8.2, this can be removed after 8.3.
+CVE_CHECK_WHITELIST += "CVE-2021-3968"
+
 S = "${WORKDIR}/git"
 
 VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}"
diff --git a/poky/scripts/buildhistory-diff b/poky/scripts/buildhistory-diff
index 3bd40a2a1e..a6e785aa23 100755
--- a/poky/scripts/buildhistory-diff
+++ b/poky/scripts/buildhistory-diff
@@ -11,7 +11,6 @@
 import sys
 import os
 import argparse
-from distutils.version import LooseVersion
 
 # Ensure PythonGit is installed (buildhistory_analysis needs it)
 try:
@@ -73,10 +72,6 @@ def main():
     parser = get_args_parser()
     args = parser.parse_args()
 
-    if LooseVersion(git.__version__) < '0.3.1':
-        sys.stderr.write("Version of GitPython is too old, please install GitPython (python-git) 0.3.1 or later in order to use this script\n")
-        sys.exit(1)
-
     if len(args.revisions) > 2:
         sys.stderr.write('Invalid argument(s) specified: %s\n\n' % ' '.join(args.revisions[2:]))
         parser.print_help()
diff --git a/poky/scripts/lib/checklayer/cases/common.py b/poky/scripts/lib/checklayer/cases/common.py
index b82304e361..4495f71b24 100644
--- a/poky/scripts/lib/checklayer/cases/common.py
+++ b/poky/scripts/lib/checklayer/cases/common.py
@@ -14,7 +14,7 @@ class CommonCheckLayer(OECheckLayerTestCase):
         # The top-level README file may have a suffix (like README.rst or README.txt).
         readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*'))
         self.assertTrue(len(readme_files) > 0,
-                        msg="Layer doesn't contains README file.")
+                        msg="Layer doesn't contain a README file.")
 
         # There might be more than one file matching the file pattern above
         # (for example, README.rst and README-COPYING.rst). The one with the shortest
diff --git a/poky/scripts/lib/recipetool/create.py b/poky/scripts/lib/recipetool/create.py
index a6607b97c6..63e7f0658b 100644
--- a/poky/scripts/lib/recipetool/create.py
+++ b/poky/scripts/lib/recipetool/create.py
@@ -366,7 +366,7 @@ def supports_srcrev(uri):
 def reformat_git_uri(uri):
     '''Convert any http[s]://....git URI into git://...;protocol=http[s]'''
     checkuri = uri.split(';', 1)[0]
-    if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://github.com/[^/]+/[^/]+/?$', checkuri):
+    if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://git(hub|lab).com/[^/]+/[^/]+/?$', checkuri):
         # Appends scheme if the scheme is missing
         if not '://' in uri:
             uri = 'git://' + uri
@@ -389,9 +389,6 @@ def reformat_git_uri(uri):
                 parms.update({('protocol', 'ssh')})
         elif (scheme == "http" or scheme == 'https' or scheme == 'ssh') and not ('protocol' in parms):
             parms.update({('protocol', scheme)})
-        # We assume 'master' branch if not set
-        if not 'branch' in parms:
-            parms.update({('branch', 'master')})
         # Always append 'git://'
         fUrl = bb.fetch2.encodeurl(('git', host, path, user, pswd, parms))
         return fUrl
@@ -481,6 +478,9 @@ def create_recipe(args):
             storeTagName = params['tag']
             params['nobranch'] = '1'
             del params['tag']
+        # Assume 'master' branch if not set
+        if scheme in ['git', 'gitsm'] and 'branch' not in params and 'nobranch' not in params:
+            params['branch'] = 'master'
         fetchuri = bb.fetch2.encodeurl((scheme, network, path, user, passwd, params))
 
         tmpparent = tinfoil.config_data.getVar('BASE_WORKDIR')
@@ -530,10 +530,9 @@ def create_recipe(args):
             # Remove HEAD reference point and drop remote prefix
             get_branch = [x.split('/', 1)[1] for x in get_branch if not x.startswith('origin/HEAD')]
             if 'master' in get_branch:
-                # If it is master, we do not need to append 'branch=master' as this is default.
                 # Even with the case where get_branch has multiple objects, if 'master' is one
                 # of them, we should default take from 'master'
-                srcbranch = ''
+                srcbranch = 'master'
             elif len(get_branch) == 1:
                 # If 'master' isn't in get_branch and get_branch contains only ONE object, then store result into 'srcbranch'
                 srcbranch = get_branch[0]
@@ -546,8 +545,8 @@ def create_recipe(args):
         # Since we might have a value in srcbranch, we need to
         # recontruct the srcuri to include 'branch' in params.
         scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(srcuri)
-        if srcbranch:
-            params['branch'] = srcbranch
+        if scheme in ['git', 'gitsm']:
+            params['branch'] = srcbranch or 'master'
 
         if storeTagName and scheme in ['git', 'gitsm']:
             # Check srcrev using tag and check validity of the tag
@@ -606,7 +605,7 @@ def create_recipe(args):
                     splitline = line.split()
                     if len(splitline) > 1:
                         if splitline[0] == 'origin' and scriptutils.is_src_url(splitline[1]):
-                            srcuri = reformat_git_uri(splitline[1])
+                            srcuri = reformat_git_uri(splitline[1]) + ';branch=master'
                             srcsubdir = 'git'
                             break
 
diff --git a/poky/scripts/lib/recipetool/create_buildsys.py b/poky/scripts/lib/recipetool/create_buildsys.py
index 35a97c9345..5015634476 100644
--- a/poky/scripts/lib/recipetool/create_buildsys.py
+++ b/poky/scripts/lib/recipetool/create_buildsys.py
@@ -545,7 +545,7 @@ class AutotoolsRecipeHandler(RecipeHandler):
                 deps.append('zlib')
             elif keyword in ('AX_CHECK_OPENSSL', 'AX_LIB_CRYPTO'):
                 deps.append('openssl')
-            elif keyword == 'AX_LIB_CURL':
+            elif keyword in ('AX_LIB_CURL', 'LIBCURL_CHECK_CONFIG'):
                 deps.append('curl')
             elif keyword == 'AX_LIB_BEECRYPT':
                 deps.append('beecrypt')
@@ -624,6 +624,7 @@ class AutotoolsRecipeHandler(RecipeHandler):
                     'AX_CHECK_OPENSSL',
                     'AX_LIB_CRYPTO',
                     'AX_LIB_CURL',
+                    'LIBCURL_CHECK_CONFIG',
                     'AX_LIB_BEECRYPT',
                     'AX_LIB_EXPAT',
                     'AX_LIB_GCRYPT',
diff --git a/poky/scripts/lib/scriptutils.py b/poky/scripts/lib/scriptutils.py
index 3164171eb2..47a08194d0 100644
--- a/poky/scripts/lib/scriptutils.py
+++ b/poky/scripts/lib/scriptutils.py
@@ -18,7 +18,8 @@ import sys
 import tempfile
 import threading
 import importlib
-from importlib import machinery
+import importlib.machinery
+import importlib.util
 
 class KeepAliveStreamHandler(logging.StreamHandler):
     def __init__(self, keepalive=True, **kwargs):
@@ -82,7 +83,9 @@ def load_plugins(logger, plugins, pluginpath):
         logger.debug('Loading plugin %s' % name)
         spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] )
         if spec:
-            return spec.loader.load_module()
+            mod = importlib.util.module_from_spec(spec)
+            spec.loader.exec_module(mod)
+            return mod
 
     def plugin_name(filename):
         return os.path.splitext(os.path.basename(filename))[0]
diff --git a/poky/scripts/lib/wic/engine.py b/poky/scripts/lib/wic/engine.py
index 018815b966..674ccfc244 100644
--- a/poky/scripts/lib/wic/engine.py
+++ b/poky/scripts/lib/wic/engine.py
@@ -19,10 +19,10 @@ import os
 import tempfile
 import json
 import subprocess
+import shutil
 import re
 
 from collections import namedtuple, OrderedDict
-from distutils.spawn import find_executable
 
 from wic import WicError
 from wic.filemap import sparse_copy
@@ -245,7 +245,7 @@ class Disk:
             for path in pathlist.split(':'):
                 self.paths = "%s%s:%s" % (native_sysroot, path, self.paths)
 
-        self.parted = find_executable("parted", self.paths)
+        self.parted = shutil.which("parted", path=self.paths)
         if not self.parted:
             raise WicError("Can't find executable parted")
 
@@ -283,7 +283,7 @@ class Disk:
                     "resize2fs", "mkswap", "mkdosfs", "debugfs","blkid"):
             aname = "_%s" % name
             if aname not in self.__dict__:
-                setattr(self, aname, find_executable(name, self.paths))
+                setattr(self, aname, shutil.which(name, path=self.paths))
                 if aname not in self.__dict__ or self.__dict__[aname] is None:
                     raise WicError("Can't find executable '{}'".format(name))
             return self.__dict__[aname]
diff --git a/poky/scripts/lib/wic/misc.py b/poky/scripts/lib/wic/misc.py
index 57c042c503..3e11822996 100644
--- a/poky/scripts/lib/wic/misc.py
+++ b/poky/scripts/lib/wic/misc.py
@@ -16,9 +16,9 @@ import logging
 import os
 import re
 import subprocess
+import shutil
 
 from collections import defaultdict
-from distutils import spawn
 
 from wic import WicError
 
@@ -122,7 +122,7 @@ def find_executable(cmd, paths):
     if provided and "%s-native" % recipe in provided:
         return True
 
-    return spawn.find_executable(cmd, paths)
+    return shutil.which(cmd, path=paths)
 
 def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""):
     """
diff --git a/poky/scripts/lib/wic/pluginbase.py b/poky/scripts/lib/wic/pluginbase.py
index d9b4e57747..b64568339b 100644
--- a/poky/scripts/lib/wic/pluginbase.py
+++ b/poky/scripts/lib/wic/pluginbase.py
@@ -9,9 +9,11 @@ __all__ = ['ImagerPlugin', 'SourcePlugin']
 
 import os
 import logging
+import types
 
 from collections import defaultdict
-from importlib.machinery import SourceFileLoader
+import importlib
+import importlib.util
 
 from wic import WicError
 from wic.misc import get_bitbake_var
@@ -54,7 +56,9 @@ class PluginMgr:
                             mname = fname[:-3]
                             mpath = os.path.join(ppath, fname)
                             logger.debug("loading plugin module %s", mpath)
-                            SourceFileLoader(mname, mpath).load_module()
+                            spec = importlib.util.spec_from_file_location(mname, mpath)
+                            module = importlib.util.module_from_spec(spec)
+                            spec.loader.exec_module(module)
 
         return PLUGINS.get(ptype)
 
diff --git a/poky/scripts/lib/wic/plugins/imager/direct.py b/poky/scripts/lib/wic/plugins/imager/direct.py
index 495518fac8..e57fba9c12 100644
--- a/poky/scripts/lib/wic/plugins/imager/direct.py
+++ b/poky/scripts/lib/wic/plugins/imager/direct.py
@@ -259,6 +259,8 @@ class DirectPlugin(ImagerPlugin):
             if part.mountpoint == "/":
                 if part.uuid:
                     return "PARTUUID=%s" % part.uuid
+                elif part.label:
+                    return "PARTLABEL=%s" % part.label
                 else:
                     suffix = 'p' if part.disk.startswith('mmcblk') else ''
                     return "/dev/%s%s%-d" % (part.disk, suffix, part.realnum)
diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu
index c467b0eb19..66e035c9af 100755
--- a/poky/scripts/runqemu
+++ b/poky/scripts/runqemu
@@ -1580,7 +1580,8 @@ def main():
 
         def sigterm_handler(signum, frame):
             logger.info("SIGTERM received")
-            os.kill(config.qemupid, signal.SIGTERM)
+            if config.qemupid:
+                os.kill(config.qemupid, signal.SIGTERM)
             config.cleanup()
             # Deliberately ignore the return code of 'tput smam'.
             subprocess.call(["tput", "smam"])
diff --git a/poky/scripts/wic b/poky/scripts/wic
index 57197c2048..4bcff8f79c 100755
--- a/poky/scripts/wic
+++ b/poky/scripts/wic
@@ -22,9 +22,9 @@ import sys
 import argparse
 import logging
 import subprocess
+import shutil
 
 from collections import namedtuple
-from distutils import spawn
 
 # External modules
 scripts_path = os.path.dirname(os.path.realpath(__file__))
@@ -47,7 +47,7 @@ if os.environ.get('SDKTARGETSYSROOT'):
             break
         sdkroot = os.path.dirname(sdkroot)
 
-bitbake_exe = spawn.find_executable('bitbake')
+bitbake_exe = shutil.which('bitbake')
 if bitbake_exe:
     bitbake_path = scriptpath.add_bitbake_lib_path()
     import bb
author	Patrick Williams <patrick@stwcx.xyz>	2022-01-19 20:23:10 +0300
committer	Patrick Williams <patrick@stwcx.xyz>	2022-01-19 20:24:09 +0300
commit	415294223a164a804e31e39c90043d15e9b153de (patch)
tree	576ef1eab075f3b5859e7aecc45b343feaadf43d
parent	89e2f5ce97de5668f541afea23027dc76b3157ac (diff)
download	openbmc-415294223a164a804e31e39c90043d15e9b153de.tar.xz