subtree updates

meta-security: 93232ae6d5..6466c6fb02:
  Armin Kuster (1):
        tpm-tools: fix build issue

poky: dc29017614..7d2f118cb6:
  Alexander Kanavin (3):
        python3: apply test skipping patch unconditionally
        selftest: do not hardcode /tmp/sdk
        bootchart2: update 0.14.8 -> 0.14.9

  Andrej Valek (1):
        busybox: add tmpdir option into mktemp applet

  Bruce Ashfield (7):
        linux-yocto/5.4: update to v5.4.124
        linux-yocto/5.4: update to v5.4.125
        linux-yocto/5.4: update to v5.4.128
        linux-yocto/5.4: update to v5.4.129
        linux-yocto/5.4: update to v5.4.131
        linux-yocto/5.4: update to v5.4.132
        kernel-devsrc: fix 32bit ARM devsrc builds

  Chen Qi (1):
        busybox: fix CVE-2021-28831

  Denys Dmytriyenko (1):
        bitbake: providers: replace newly added logger.warn() with logger.warning()

  Florian Amstutz (1):
        devtool: deploy-target: Fix preserving attributes when using --strip

  Khem Raj (1):
        webkitgtk: Upgrade to 2.28.4

  Marek Vasut (1):
        update-rc.d: update SRCREV to pull in fix for non-bash shell support

  Michael Ho (1):
        sstate.bbclass: fix errors about read-only sstate mirrors

  Minjae Kim (3):
        rpm: fix CVE-2021-3421
        gstreamer-plugins-base: fix CVE-2021-3522
        dhcp: fix CVE-2021-25217

  Richard Purdie (16):
        kernel: Fix interaction when packaging disabled
        kernel-devicetree: Fix interaction when packaging disabled
        perf: Use python3targetconfig to ensure we use target libraries
        package_pkgdata: Avoid task hash mismatches for generic task changes
        oeqa/selftest/runcmd: Tweal test timeouts
        sstate/staging: Handle directory creation race issue
        oeqa/selftest/archiver: Allow tests to ignore empty directories
        webkitgtk: upgrade 2.28.2 -> 2.28.3
        dwarfsrcfiles: Avoid races over debug-link files
        oeqa/selftest/multiprocesslauch: Fix test race
        report-error: Drop pointless inherit
        pseudo: Add uninative configuration sanity check
        pseudo: Update to latest version including statx fix
        sstate: Drop pseudo exclusion
        bitbake: data_smart/parse: Allow ':' characters in variable/function names
        bitbake: data_smart: Allow colon in variable expansion regex

  Steve Sakoman (6):
        glibc: update to lastest 2.31 release HEAD
        bluez: fix CVE-2021-3588
        gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
        gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
        documentation: prepare for 3.1.10 release
        poky.conf: Bump version for 3.1.10 release

  Tim Orling (2):
        python3: skip tests requiring tools-sdk
        python3: upgrade 3.8.10 -> 3.8.11

  Tomasz Dziendzielski (1):
        bitbake: BBHandler: Don't classify shell functions that names start with "python*" as python function

  Zoltán Böszörményi (1):
        tzdata: Allow controlling zoneinfo binary format

meta-openembedded: c38d2a74f7..85f8047c71:
  Adrian Zaharia (1):
        ntp: fix ntpdate to wait for subprocesses

  Armin Kuster (4):
        dovecot: add CVE-2016-4983 to allowlist
        mariadb: update to 10.4.20
        hiawatha: fix url.
        wireshark: update to 3.2.15

  Armin kuster (1):
        postgresql: update to 12.7

  Bruce Ashfield (1):
        vboxguestdrivers: fix build against kernel v5.10+

  Changqing Li (2):
        nginx: fix CVE-2021-23017
        php: allow php as empty

  Chen Qi (1):
        python3-django: upgrade to 2.2.20

  Diego Santa Cruz (1):
        php: split out phpdbg into a separate package

  Gianfranco (5):
        vboxguestdrivers: upgrade 6.1.16 -> 6.1.18
        vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386
        vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
        vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
        vboxguestdrivers: add a fix for build failure with kernel 5.13

  Gianfranco Costamagna (3):
        vboxguestdrivers: upgrade 6.1.6 -> 6.1.12
        vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility patch, now part of upstream codebase
        vboxguestdrivers: upgrade 6.1.14 -> 6.1.16

  Hongxu Jia (1):
        vboxguestdrivers: fix failed to compile with kernel 5.8.0

  Jate Sujjavanich (1):
        ufw: backport patches, update RRECOMMENDS, python3 support, tests

  Khem Raj (5):
        tracker-miners: Check for commercial license to enable ffmpeg
        sysprof: Enable sysprofd/libsysprof only when polkit in DISTRO_FEATURES
        vboxguestdrivers: Fix build with kernel 5.8
        vboxguestdrivers: Add __divmoddi4 builtin support
        libdevmapper,lvm2: Do not inherit license

  Li Wang (1):
        apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641

  Marek Vasut (1):
        nss: Fix build on Centos 7

  Masaki Ambai (1):
        nss: add CVE-2006-5201 to allowlist

  Mingli Yu (1):
        php: Upgrade to 7.4.16

  Nicolas Dechesne (4):
        python3-markupsafe: remove recipe
        python3-jinja2: remove recipe
        python3-{pyyaml,cython,pyparsing}: move from meta-python to meta-oe
        ostree: Do not check for meta-python

  Sekine Shigeki (1):
        add CVE-2011-2411 to allowlist

  Stefan Ghinea (1):
        python3-django: fix CVE-2021-28658

  Trevor Gamblin (5):
        python3-django: upgrade 2.2.7 -> 2.2.13
        python3-django: upgrade 2.2.13 -> 2.2.16
        python3-django: upgrade 2.2.20 -> 2.2.22
        python3-django: upgrade 2.2.22 -> 2.2.23
        python3-django: upgrade 2.2.23 -> 2.2.24

  ito-yuichi@fujitsu.com (1):
        cyrus-sasl: add CVE-2020-8032 to allowlist

meta-raspberrypi: f0c75016f0..59c2d6f7a8:
  Omer Akram (1):
        Update raspberrypi firmware to 20210527
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I2e79fff133f97a0afa01ba390435aa22142bf976

1 files changed, 5 insertions, 0 deletions

diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb
index 0e127975b4..13661cc967 100644
--- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -55,6 +55,8 @@ TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc
 
 TARGET_CC_ARCH += "${LDFLAGS}"
 
+CFLAGS_append_class-native = " -D_XOPEN_SOURCE "
+
 do_configure_prepend_libc-musl () {
     sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
 }
@@ -283,3 +285,6 @@ FILES_${PN}-dev = "\
 RDEPENDS_${PN}-smime = "perl"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# CVE-2006-5201 affects only Sun Solaris
+CVE_CHECK_WHITELIST += "CVE-2006-5201"