subtree updates:nanbield: Jan 11, 2024

poky: bf9f2f6f60..61a59d00a0:
  Adam Johnston (1):
        useradd_base: Fix sed command line for passwd-expire

  Alexander Kanavin (1):
        cmake: upgrade 3.27.5 -> 3.27.7

  Anuj Mittal (1):
        gstreamer1.0: upgrade 1.22.6 -> 1.22.7

  Bastian Krause (1):
        linux-firmware: add new fw file to ${PN}-rtl8821

  Bruce Ashfield (25):
        linux-yocto/6.1: update to v6.1.59
        linux-yocto/6.1: update to v6.1.60
        linux-yocto/6.5: update to v6.5.8
        linux-yocto/6.5: update to v6.5.9
        kern-tools: make lower context patches reproducible
        kern-tools: bump SRCREV for queue processing changes
        kern-tools: update SRCREV to include SECURITY.md file
        kernel-yocto: improve metadata patching
        linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
        linux-yocto/6.1: update to v6.1.61
        linux-yocto/6.1: update to v6.1.62
        linux-yocto/6.1: update to v6.1.65
        linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
        linux-yocto/6.5: update to v6.5.10
        linux-yocto/6.5: cfg: split runtime and symbol debug
        linux-yocto/6.5: update to v6.5.11
        linux-yocto/6.5: update to v6.5.12
        linux-yocto/6.5: update to v6.5.13
        linux-yocto/6.1: drop removed IMA option
        linux-yocto-rt/6.1: update to -rt18
        linux-yocto/6.1: update to v6.1.66
        linux-yocto/6.1: update to v6.1.67
        linux-yocto/6.1: update to v6.1.68
        linux-yocto/6.5: drop removed IMA option
        linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector

  Chen Qi (1):
        systemd: fix DynamicUser issue

  Deepthi Hemraj (1):
        rust: Fix CVE-2023-40030

  Dhairya Nagodra (2):
        cve-update-nvd2-native: faster requests with API keys
        cve-update-nvd2-native: increase the delay between subsequent request failures

  Dmitry Baryshkov (9):
        linux-firmware: upgrade 20230804 -> 20231030
        linux-firmware: add missing depenencies on license packages
        linux-firmware: add notice file to sdm845 modem firmware
        linux-firmware: add audio topology symlink to the X13's audio package
        linux-firmware: package firmware for Qualcomm Adreno a702
        linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
        linux-firmware: package Qualcomm Venus 6.0 firmware
        linux-firmware: package Robotics RB5 sensors DSP firmware
        meson: use correct targets for rust binaries

  Fahad Arslan (1):
        linux-firmware: create separate packages

  Javier Tia (1):
        kernel-arch: use ccache only for compiler

  Jermain Horsman (2):
        lib/oe/buildcfg.py: Include missing import
        lib/oe/buildcfg.py: Remove unused parameter

  Joakim Tjernlund (1):
        sed -i destroys symlinks

  Joshua Watt (1):
        bitbake: asyncrpc: Add context manager API

  Julien Stephan (2):
        devtool: fix update-recipe dry-run mode
        devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM

  Justin Bronder (1):
        contributor-guide: add License-Update tag

  Khem Raj (1):
        python3-urllib3: Upgrade to 2.0.7

  Lee Chee Yang (10):
        migration-guides: add release notes for 4.3.1
        migration-guide: add release notes for 4.2.4
        migration-guide: add release notes for 4.0.14
        migration-guides: reword fix in release-notes-4.3.1
        migration-guides: add release notes for 4.0.15
        avahi: add CVE-2023-38473.patch to SRC_URL
        grub: fix CVE-2023-4692 CVE-2023-4693
        curl: fix CVE-2023-46218
        perlcross: update to 1.5.2
        perl: 5.38.0 -> 5.38.2

  Marco Felsch (1):
        json-c: fix icecc compilation

  Markus Volk (3):
        gtk: Add rdepend on printbackend for cups
        bluez5: fix connection for ps5/dualshock controllers
        cups: Add root,sys,wheel to system groups

  Marta Rybczynska (1):
        bitbake: toastergui: verify that an existing layer path is given

  Massimiliano Minella (1):
        systemd: update LICENSE statement

  Michael Opdenacker (14):
        migration-guides: release 3.5 is actually 4.0
        contributor-guide: fix command option
        dev-manual: layers: update link to YP Compatible form
        ref-manual: releases.svg: update nanbield release status
        manuals: fix URL
        test-manual: text and formatting fixes
        test-manual: resource updates
        test-manual: add links to python unittest
        test-manual: explicit or fix file paths
        test-manual: add or improve hyperlinks
        dev-manual: runtime-testing: fix test module name
        test-manual: use working example
        systemd-compat-units.bb: fix postinstall script
        ref-manual: update tested and supported distros

  Paul Barker (1):
        ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults

  Peter Kjellerstedt (3):
        oeqa/selftest/tinfoil: Add tests that parse virtual recipes
        dev-manual: Discourage the use of SRC_URI[md5sum]
        bitbake: command: Make parseRecipeFile() handle virtual recipes correctly

  Peter Marko (2):
        cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
        cve-update-nvd2-native: make number of fetch attemtps configurable

  Randy MacLeod (1):
        strace: backport fix for so_peerpidfd-test

  Rasmus Villemoes (1):
        perf: lift TARGET_CC_ARCH modification out of security_flags.inc

  Richard Purdie (7):
        qemu: Upgrade 8.1.0 -> 8.1.2
        sstate: Ensure sstate searches update file mtime
        testimage: Exclude wtmp from target-dumper commands
        bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
        linux/cve-exclusion6.1: Update to latest kernel point release
        package_ipk: Fix Source: field variable dependency
        testimage: Drop target_dumper and most of monitor_dumper

  Ross Burton (6):
        xwayland: upgrade to 23.2.2
        linux-yocto: update CVE exclusions
        linux-yocto: update CVE exclusions
        lib/oe/patch: ensure os.chdir restoring always happens
        tcl: skip timing-dependent tests in run-ptest
        tcl: skip async and event tests in run-ptest

  Shubham Kulkarni (1):
        tzdata: Upgrade to 2023d

  Simone Weiß (1):
        manuals: brief-yoctoprojectqs: align variable order with default local.conf

  Steve Sakoman (2):
        poky.conf: bump version for 4.3.2 release
        build-appliance-image: Update to nanbield head revision

  Sundeep KOKKONDA (2):
        glibc: stable 2.38 branch updates
        binutils: stable 2.41 branch updates

  Tim Orling (2):
        lsb-release: use https for UPSTREAM_CHECK_URI
        vim: upgrade 9.0.2068 -> 9.0.2130

  Trevor Gamblin (2):
        python3-ptest: skip test_storlines
        patchtest: shorten patch signed-off-by test output

  Vijay Anusuri (1):
        avahi: backport Debian patches to fix multiple CVE's

  Viswanath Kraleti (1):
        systemd-boot: Fix build issues on armv7a-linux

  Vyacheslav Yurkov (1):
        lib/oe/path: Deploy files can start only with a dot

  Wang Mingyu (16):
        base-passwd: upgrade 3.6.1 -> 3.6.2
        enchant2: upgrade 2.6.1 -> 2.6.2
        harfbuzz: upgrade 8.2.1 -> 8.2.2
        libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
        libnewt: upgrade 0.52.23 -> 0.52.24
        libnsl2: upgrade 2.0.0 -> 2.0.1
        msmtp: upgrade 1.8.24 -> 1.8.25
        glib-2.0: upgrade 2.78.0 -> 2.78.1
        xserver-xorg: upgrade 21.1.8 -> 21.1.9
        ghostscript: upgrade 10.02.0 -> 10.02.1
        libsolv: upgrade 0.7.25 -> 0.7.26
        bind: upgrade 9.18.19 -> 9.18.20
        ell: upgrade 0.59 -> 0.60
        libgcrypt: upgrade 1.10.2 -> 1.10.3
        libxslt: upgrade 1.1.38 -> 1.1.39
        log4cplus: upgrade 2.1.0 -> 2.1.1

  William Lyu (1):
        openssl: improve handshake test error reporting

  Zoltán Böszörményi (1):
        update_gtk_icon_cache: Fix for GTK4-only builds

meta-raspberrypi: 8231f97534..fde68b24f0:
  Lorenzo Arena (1):
        docs: fix syntax for overriding fs type for initramfs image

meta-openembedded: 1750c66ae8..2da6e1b0e4:
  Alexandre Belloni (1):
        poco: fix branch

  Christian Eggers (1):
        python3-gcovr: switch to main branch

  Dylan Turner (1):
        apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622

  Edi Feschiyan (1):
        libbytesize: update SRC_URI

  Fabio Estevam (3):
        openocd: Use https for github
        python3-piccata: Use https for github
        multipath-tools: Use https for github

  Jeffrey Pautler (1):
        apache2: add vendor to product name used for CVE checking

  Jonas Gorski (1):
        frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}

  Khem Raj (3):
        hwdata: upgrade 0.370 -> 0.375
        openvpn: upgrade 2.6.3 -> 2.6.6
        python3-scapy: upgrade to latest revision

  Ross Burton (1):
        yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460

  Wang Mingyu (3):
        hdf5: Fix install conflict when enable multilib.
        dnf-plugin-tui: Recover BBCLASSEXTEND variants
        strongswan: upgrade 5.9.11 -> 5.9.12

  Zoltán Böszörményi (3):
        python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
        python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
        geos: Fix packaging

meta-arm: 0bd7fece41..79c52afe74:
  Debbie Martin (2):
        arm-systemready: Add parted dependency and inherit testimage
        ci: Add Arm SystemReady firmware and IR ACS builds

  Harsimran Singh Tungal (1):
        arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions

Change-Id: I9e8e09b85674d653415c01932a5f7a3cbeca877e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

2 files changed, 413 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch b/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch
new file mode 100644
index 0000000000..bf9b251226
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch
@@ -0,0 +1,412 @@
+Author: Eric Huss <eric@huss.org>
+Date:   Sun Jun 11 12:52:25 2023 -0700
+
+    Convert valid feature name warning to an error.
+
+Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33]
+CVE: CVE-2023-40030
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+diff --git a/src/tools/cargo/crates/resolver-tests/src/lib.rs b/src/tools/cargo/crates/resolver-tests/src/lib.rs
+index 01d9b5e6d..ab34e8663 100644
+--- a/src/tools/cargo/crates/resolver-tests/src/lib.rs
++++ b/src/tools/cargo/crates/resolver-tests/src/lib.rs
+@@ -179,7 +179,6 @@ pub fn resolve_with_config_raw(
+         used: HashSet::new(),
+     };
+     let summary = Summary::new(
+-        config,
+         pkg_id("root"),
+         deps,
+         &BTreeMap::new(),
+@@ -581,7 +580,6 @@ pub fn pkg_dep<T: ToPkgId>(name: T, dep: Vec<Dependency>) -> Summary {
+         None
+     };
+     Summary::new(
+-        &Config::default().unwrap(),
+         name.to_pkgid(),
+         dep,
+         &BTreeMap::new(),
+@@ -610,7 +608,6 @@ pub fn pkg_loc(name: &str, loc: &str) -> Summary {
+         None
+     };
+     Summary::new(
+-        &Config::default().unwrap(),
+         pkg_id_loc(name, loc),
+         Vec::new(),
+         &BTreeMap::new(),
+@@ -625,7 +622,6 @@ pub fn remove_dep(sum: &Summary, ind: usize) -> Summary {
+     deps.remove(ind);
+     // note: more things will need to be copied over in the future, but it works for now.
+     Summary::new(
+-        &Config::default().unwrap(),
+         sum.package_id(),
+         deps,
+         &BTreeMap::new(),
+diff --git a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
+index 002f11ff8..bf26d0498 100644
+--- a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
++++ b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
+@@ -73,7 +73,6 @@ impl VersionPreferences {
+ mod test {
+     use super::*;
+     use crate::core::SourceId;
+-    use crate::util::Config;
+     use std::collections::BTreeMap;
+
+     fn pkgid(name: &str, version: &str) -> PackageId {
+@@ -90,9 +89,8 @@ mod test {
+
+     fn summ(name: &str, version: &str) -> Summary {
+         let pkg_id = pkgid(name, version);
+-        let config = Config::default().unwrap();
+         let features = BTreeMap::new();
+-        Summary::new(&config, pkg_id, Vec::new(), &features, None::<&String>).unwrap()
++        Summary::new(pkg_id, Vec::new(), &features, None::<&String>).unwrap()
+     }
+
+     fn describe(summaries: &Vec<Summary>) -> String {
+
+diff --git a/src/tools/cargo/src/cargo/core/summary.rs b/src/tools/cargo/src/cargo/core/summary.rs
+index 2535c4482..1883df33b 100644
+--- a/src/tools/cargo/src/cargo/core/summary.rs
++++ b/src/tools/cargo/src/cargo/core/summary.rs
+@@ -1,6 +1,6 @@
+ use crate::core::{Dependency, PackageId, SourceId};
+ use crate::util::interning::InternedString;
+-use crate::util::{CargoResult, Config};
++use crate::util::CargoResult;
+ use anyhow::bail;
+ use semver::Version;
+ use std::collections::{BTreeMap, HashMap, HashSet};
+@@ -30,7 +30,6 @@ struct Inner {
+ 
+ impl Summary {
+     pub fn new(
+-        config: &Config,
+         pkg_id: PackageId,
+         dependencies: Vec<Dependency>,
+         features: &BTreeMap<InternedString, Vec<InternedString>>,
+@@ -49,7 +48,7 @@ impl Summary {
+                 )
+             }
+         }
+-        let feature_map = build_feature_map(config, pkg_id, features, &dependencies)?;
++        let feature_map = build_feature_map(pkg_id, features, &dependencies)?;
+         Ok(Summary {
+             inner: Rc::new(Inner {
+                 package_id: pkg_id,
+@@ -140,7 +139,6 @@ impl Hash for Summary {
+ /// Checks features for errors, bailing out a CargoResult:Err if invalid,
+ /// and creates FeatureValues for each feature.
+ fn build_feature_map(
+-    config: &Config,
+     pkg_id: PackageId,
+     features: &BTreeMap<InternedString, Vec<InternedString>>,
+     dependencies: &[Dependency],
+@@ -204,7 +202,7 @@ fn build_feature_map(
+                 feature
+             );
+         }
+-        validate_feature_name(config, pkg_id, feature)?;
++        validate_feature_name(pkg_id, feature)?;
+         for fv in fvs {
+             // Find data for the referenced dependency...
+             let dep_data = {
+@@ -431,33 +429,63 @@ impl fmt::Display for FeatureValue {
+ 
+ pub type FeatureMap = BTreeMap<InternedString, Vec<FeatureValue>>;
+ 
+-fn validate_feature_name(config: &Config, pkg_id: PackageId, name: &str) -> CargoResult<()> {
++fn validate_feature_name(pkg_id: PackageId, name: &str) -> CargoResult<()> {
+     let mut chars = name.chars();
+-    const FUTURE: &str = "This was previously accepted but is being phased out; \
+-        it will become a hard error in a future release.\n\
+-        For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, \
+-        and please leave a comment if this will be a problem for your project.";
+     if let Some(ch) = chars.next() {
+         if !(unicode_xid::UnicodeXID::is_xid_start(ch) || ch == '_' || ch.is_digit(10)) {
+-            config.shell().warn(&format!(
++            bail!(
+                 "invalid character `{}` in feature `{}` in package {}, \
+                 the first character must be a Unicode XID start character or digit \
+-                (most letters or `_` or `0` to `9`)\n\
+-                {}",
+-                ch, name, pkg_id, FUTURE
+-            ))?;
++                (most letters or `_` or `0` to `9`)",
++                ch,
++                name,
++                pkg_id
++            );
+         }
+     }
+     for ch in chars {
+         if !(unicode_xid::UnicodeXID::is_xid_continue(ch) || ch == '-' || ch == '+' || ch == '.') {
+-            config.shell().warn(&format!(
++            bail!(
+                 "invalid character `{}` in feature `{}` in package {}, \
+                 characters must be Unicode XID characters, `+`, or `.` \
+-                (numbers, `+`, `-`, `_`, `.`, or most letters)\n\
+-                {}",
+-                ch, name, pkg_id, FUTURE
+-            ))?;
++                (numbers, `+`, `-`, `_`, `.`, or most letters)",
++                ch,
++                name,
++                pkg_id
++            );
+         }
+     }
+     Ok(())
+ }
++
++#[cfg(test)]
++mod tests {
++    use super::*;
++    use crate::sources::CRATES_IO_INDEX;
++    use crate::util::into_url::IntoUrl;
++
++    use crate::core::SourceId;
++
++    #[test]
++    fn valid_feature_names() {
++        let loc = CRATES_IO_INDEX.into_url().unwrap();
++        let source_id = SourceId::for_registry(&loc).unwrap();
++        let pkg_id = PackageId::new("foo", "1.0.0", source_id).unwrap();
++
++        assert!(validate_feature_name(pkg_id, "c++17").is_ok());
++        assert!(validate_feature_name(pkg_id, "128bit").is_ok());
++        assert!(validate_feature_name(pkg_id, "_foo").is_ok());
++        assert!(validate_feature_name(pkg_id, "feat-name").is_ok());
++        assert!(validate_feature_name(pkg_id, "feat_name").is_ok());
++        assert!(validate_feature_name(pkg_id, "foo.bar").is_ok());
++
++        assert!(validate_feature_name(pkg_id, "+foo").is_err());
++        assert!(validate_feature_name(pkg_id, "-foo").is_err());
++        assert!(validate_feature_name(pkg_id, ".foo").is_err());
++        assert!(validate_feature_name(pkg_id, "foo:bar").is_err());
++        assert!(validate_feature_name(pkg_id, "foo?").is_err());
++        assert!(validate_feature_name(pkg_id, "?foo").is_err());
++        assert!(validate_feature_name(pkg_id, "ⒶⒷⒸ").is_err());
++        assert!(validate_feature_name(pkg_id, "a¼").is_err());
++    }
++}
+diff --git a/src/tools/cargo/src/cargo/sources/registry/index.rs b/src/tools/cargo/src/cargo/sources/registry/index.rs
+index aa5c2a78c..6d565da8f 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/index.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/index.rs
+@@ -293,7 +293,6 @@ impl<'cfg> RegistryIndex<'cfg>
+         'a: 'b,
+     {
+         let source_id = self.source_id;
+-        let config = self.config;
+
+         // First up actually parse what summaries we have available. If Cargo
+         // has run previously this will parse a Cargo-specific cache file rather
+@@ -312,15 +311,13 @@ impl<'cfg> RegistryIndex<'cfg> {
+             .versions
+             .iter_mut()
+             .filter_map(move |(k, v)| if req.matches(k) { Some(v) } else { None })
+-            .filter_map(
+-                move |maybe| match maybe.parse(config, raw_data, source_id) {
++            .filter_map(move |maybe| match maybe.parse(raw_data, source_id) {
+                     Ok(summary) => Some(summary),
+                     Err(e) => {
+                         info!("failed to parse `{}` registry package: {}", name, e);
+                         None
+                     }
+-                },
+-            )
++                })
+             .filter(move |is| {
+                 if is.v > INDEX_V_MAX {
+                     debug!(
+@@ -605,7 +602,7 @@ impl Summaries {
+                     // allow future cargo implementations to break the
+                     // interpretation of each line here and older cargo will simply
+                     // ignore the new lines.
+-                    let summary = match IndexSummary::parse(config, line, source_id) {
++                    let summary = match IndexSummary::parse(line, source_id) {
+                         Ok(summary) => summary,
+                         Err(e) => {
+                             // This should only happen when there is an index
+@@ -793,17 +790,12 @@ impl MaybeIndexSummary {
+     /// Does nothing if this is already `Parsed`, and otherwise the `raw_data`
+     /// passed in is sliced with the bounds in `Unparsed` and then actually
+     /// parsed.
+-    fn parse(
+-        &mut self,
+-        config: &Config,
+-        raw_data: &[u8],
+-        source_id: SourceId,
+-    ) -> CargoResult<&IndexSummary> {
++    fn parse(&mut self, raw_data: &[u8], source_id: SourceId,) -> CargoResult<&IndexSummary> {
+         let (start, end) = match self {
+             MaybeIndexSummary::Unparsed { start, end } => (*start, *end),
+             MaybeIndexSummary::Parsed(summary) => return Ok(summary),
+         };
+-        let summary = IndexSummary::parse(config, &raw_data[start..end], source_id)?;
++        let summary = IndexSummary::parse(&raw_data[start..end], source_id)?;
+         *self = MaybeIndexSummary::Parsed(summary);
+         match self {
+             MaybeIndexSummary::Unparsed { .. } => unreachable!(),
+@@ -823,7 +815,7 @@ impl IndexSummary {
+     /// a package.
+     ///
+     /// The `line` provided is expected to be valid JSON.
+-    fn parse(config: &Config, line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> {
++    fn parse(line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> {
+         // ****CAUTION**** Please be extremely careful with returning errors
+         // from this function. Entries that error are not included in the
+         // index cache, and can cause cargo to get confused when switching
+@@ -853,7 +845,7 @@ impl IndexSummary {
+                 features.entry(name).or_default().extend(values);
+             }
+         }
+-        let mut summary = Summary::new(config, pkgid, deps, &features, links)?;
++        let mut summary = Summary::new(pkgid, deps, &features, links)?;
+         summary.set_checksum(cksum);
+         Ok(IndexSummary {
+             summary,
+
+diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs
+index 1cc32dee8..a32f0384b 100644
+--- a/src/tools/cargo/src/cargo/util/toml/mod.rs
++++ b/src/tools/cargo/src/cargo/util/toml/mod.rs
+@@ -2432,7 +2432,6 @@ impl TomlManifest {
+         let empty_features = BTreeMap::new();
+ 
+         let summary = Summary::new(
+-            config,
+             pkgid,
+             deps,
+             me.features.as_ref().unwrap_or(&empty_features),
+diff --git a/src/tools/cargo/tests/testsuite/features.rs b/src/tools/cargo/tests/testsuite/features.rs
+index 848e05677..557fab14a 100644
+--- a/src/tools/cargo/tests/testsuite/features.rs
++++ b/src/tools/cargo/tests/testsuite/features.rs
+@@ -1937,8 +1937,8 @@ fn nonexistent_required_features() {
+ }
+ 
+ #[cargo_test]
+-fn invalid_feature_names_warning() {
+-    // Warnings for more restricted feature syntax.
++fn invalid_feature_names_error() {
++    // Errors for more restricted feature syntax.
+     let p = project()
+         .file(
+             "Cargo.toml",
+@@ -1948,72 +1948,57 @@ fn invalid_feature_names_warning() {
+                 version = "0.1.0"
+ 
+                 [features]
+-                # Some valid, but unusual names, shouldn't warn.
+-                "c++17" = []
+-                "128bit" = []
+-                "_foo" = []
+-                "feat-name" = []
+-                "feat_name" = []
+-                "foo.bar" = []
+-
+-                # Invalid names.
++                # Invalid start character.
+                 "+foo" = []
+-                "-foo" = []
+-                ".foo" = []
+-                "foo:bar" = []
+-                "foo?" = []
+-                "?foo" = []
+-                "ⒶⒷⒸ" = []
+-                "a¼" = []
+             "#,
+         )
+         .file("src/lib.rs", "")
+         .build();
+ 
+-    // Unfortunately the warnings are duplicated due to the Summary being
+-    // loaded twice (once in the Workspace, and once in PackageRegistry) and
+-    // Cargo does not have a de-duplication system. This should probably be
+-    // OK, since I'm not expecting this to affect anyone.
+     p.cargo("check")
+-        .with_stderr("\
+-[WARNING] invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `-` in feature `-foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `.` in feature `.foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `?` in feature `?foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `¼` in feature `a¼` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `:` in feature `foo:bar` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `?` in feature `foo?` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `Ⓐ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `Ⓑ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `Ⓒ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[CHECKING] foo v0.1.0 [..]
+-[FINISHED] [..]
+-")
++        .with_status(101)
++        .with_stderr(
++            "\
++error: failed to parse manifest at `[ROOT]/foo/Cargo.toml`
++
++Caused by:
++  invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), \
++  the first character must be a Unicode XID start character or digit \
++  (most letters or `_` or `0` to `9`)
++",
++        )
++        .run();
++
++    p.change_file(
++        "Cargo.toml",
++        r#"
++            [package]
++            name = "foo"
++            version = "0.1.0"
++
++            [features]
++            # Invalid continue character.
++            "a&b" = []
++        "#,
++    );
++
++    p.cargo("check")
++        .with_status(101)
++        .with_stderr(
++            "\
++error: failed to parse manifest at `[ROOT]/foo/Cargo.toml`
++
++Caused by:
++  invalid character `&` in feature `a&b` in package foo v0.1.0 ([ROOT]/foo), \
++  characters must be Unicode XID characters, `+`, or `.` \
++  (numbers, `+`, `-`, `_`, `.`, or most letters)
++",
++        )
+         .run();
+ }
+ 
+ #[cargo_test]
+-fn invalid_feature_names_error() {
++fn invalid_feature_name_slash_error() {
+     // Errors for more restricted feature syntax.
+     let p = project()
+         .file(
diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc
index 4a720e645b..086375a3c6 100644
--- a/poky/meta/recipes-devtools/rust/rust-source.inc
+++ b/poky/meta/recipes-devtools/rust/rust-source.inc
@@ -7,6 +7,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
             file://zlib-off64_t.patch;patchdir=${RUSTSRC} \
             file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
             file://bootstrap_fail.patch;patchdir=${RUSTSRC} \
+	    file://0002-CVE-2023-40030.patch;patchdir=${RUSTSRC} \
 "
 SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"