subtree updates

poky: da0ce760c5..14c5392fde:
  Andrej Valek (1):
        busybox: add tmpdir option into mktemp applet

  Anuj Mittal (2):
        documentation: prepare for 3.3.2 release
        poky.conf: bump version for 3.3.2 hardknott release

  Asfak Rahman (1):
        openssh: Remove temporary keys before generating new ones

  Bruce Ashfield (6):
        linux-yocto/5.10: update to v5.10.47
        linux-yocto/5.4: update to v5.4.129
        linux-yocto/5.10: scsi-debug needs scsi-disk
        linux-yocto-dev: base AUTOREV on specified version
        kernel-devsrc: fix scripts/prepare for ARM64
        kernel-devsrc: fix scripts prepare for powerpc

  Changqing Li (2):
        libconvert-asn1-perl: fix CVE-2013-7488
        boost-build-native: workaround one rarely hang problem on fedora34

  Florian Amstutz (1):
        devtool: deploy-target: Fix preserving attributes when using --strip

  Kai Kang (1):
        rxvt-unicode: fix CVE-2021-33477

  Khairul Rohaizzat Jamaluddin (2):
        curl: Fix CVE-2021-22898
        curl: Fix CVE-2021-22897

  Marek Vasut (1):
        linux-firmware: Package RSI 911x WiFi firmware

  Mingli Yu (1):
        perl: correct libpth and glibpth

  Richard Purdie (9):
        oeqa/selftest/runcmd: Tweal test timeouts
        sstate/staging: Handle directory creation race issue
        oeqa/selftest/archiver: Allow tests to ignore empty directories
        runqemu: Remove potential lock races around tap device handling
        glibc-testsuite: Fix build failures when directly running recipe
        oeqa/selftest/multiprocesslauch: Fix test race
        dwarfsrcfiles: Avoid races over debug-link files
        bitbake: data_smart/parse: Allow ':' characters in variable/function names
        bitbake: data_smart: Allow colon in variable expansion regex

  Vinay Kumar (1):
        binutils: Fix CVE-2021-20197

  Wadim Egorov (1):
        xserver-xorg: Fix builds without glx

  wangmy (2):
        go: upgrade 1.16.3 -> 1.16.4
        go: upgrade 1.16.4 -> 1.16.5

  zhengruoqin (1):
        busybox: upgrade 1.33.0 -> 1.33.1

meta-raspberrypi: 064f5404ea..9d372828ba:
  Martin Jansa (1):
        python3-adafruit-*: fix branch parameter

meta-openembedded: c51e79dd85..5a4b2ab29d:
  Adrian Zaharia (1):
        ntp: fix ntpdate to wait for subprocesses

  Akifumi Chikazawa (1):
        openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist

  Andreas Müller (1):
        mariadb: Fix configure

  Armin Kuster (1):
        hiawatha: fix url.

  Changqing Li (1):
        nginx: fix CVE-2021-23017

  Gianfranco (3):
        vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
        vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
        vboxguestdrivers: add a fix for build failure with kernel 5.13

  Joe Slater (1):
        python3-pillow: fix CVE-2021-34552

  Kai Kang (1):
        mariadb: fix failures to start install_db.service

  Khem Raj (3):
        mariadb: Upgrade to 10.5.10
        mariadb: Include missing sys/type.h for ssize_t
        mariadb: Fix build with clang/musl

  Leon Anavi (1):
        python3-urllib3: Upgrade 1.26.4 -> 1.26.5

  Li Wang (1):
        apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641

  Masaki Ambai (1):
        nss: add CVE-2006-5201 to allowlist

  Sam Van Den Berge (1):
        libiio: fix installing libiio when python3 bindings are enabled

  Tony Tascioglu (2):
        redis: fix CVE-2021-29477
        redis: fix CVE-2021-29478

  Trevor Gamblin (1):
        python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)

  Zoltán Böszörményi (2):
        mariadb: Use qemu to run cross-compiled binaries
        mariadb: Upgrade to 10.5.11

  massimo toscanelli (1):
        sysbench: fix memory test

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I1321700b087985ab9b27f8f44cc89c8ef8d27e5f

43 files changed, 987 insertions, 128 deletions

diff --git a/poky/meta/classes/kernel-yocto.bbclass b/poky/meta/classes/kernel-yocto.bbclass
index 30f07de4ca..d38b60f519 100644
--- a/poky/meta/classes/kernel-yocto.bbclass
+++ b/poky/meta/classes/kernel-yocto.bbclass
@@ -614,7 +614,31 @@ do_validate_branches() {
 	# if SRCREV is AUTOREV it shows up as AUTOINC there's nothing to
 	# check and we can exit early
 	if [ "${machine_srcrev}" = "AUTOINC" ]; then
+	    linux_yocto_dev='${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "1", "", d)}'
+	    if [ -n "$linux_yocto_dev" ]; then
+		git checkout -q -f ${machine_branch}
+		ver=$(grep "^VERSION =" ${S}/Makefile | sed s/.*=\ *//)
+		patchlevel=$(grep "^PATCHLEVEL =" ${S}/Makefile | sed s/.*=\ *//)
+		sublevel=$(grep "^SUBLEVEL =" ${S}/Makefile | sed s/.*=\ *//)
+		kver="$ver.$patchlevel"
+		bbnote "dev kernel: performing version -> branch -> SRCREV validation"
+		bbnote "dev kernel: recipe version ${LINUX_VERSION}, src version: $kver"
+		echo "${LINUX_VERSION}" | grep -q $kver
+		if [ $? -ne 0 ]; then
+		    version="$(echo ${LINUX_VERSION} | sed 's/\+.*$//g')"
+		    versioned_branch="v$version/$machine_branch"
+
+		    machine_branch=$versioned_branch
+		    force_srcrev="$(git rev-parse $machine_branch 2> /dev/null)"
+		    if [ $? -ne 0 ]; then
+			bbfatal "kernel version mismatch detected, and no valid branch $machine_branch detected"
+		    fi
+
+		    bbnote "dev kernel: adjusting branch to $machine_branch, srcrev to: $force_srcrev"
+		fi
+	    else
 		bbnote "SRCREV validation is not required for AUTOREV"
+	    fi
 	elif [ "${machine_srcrev}" = "" ]; then
 		if [ "${SRCREV}" != "AUTOINC" ] && [ "${SRCREV}" != "INVALID" ]; then
 		       # SRCREV_machine_<MACHINE> was not set. This means that a custom recipe
diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass
index 3ab6328f91..2b5d94dd1f 100644
--- a/poky/meta/classes/sstate.bbclass
+++ b/poky/meta/classes/sstate.bbclass
@@ -483,7 +483,7 @@ def sstate_clean_cachefiles(d):
         ss = sstate_state_fromvars(ld, task)
         sstate_clean_cachefile(ss, ld)
 
-def sstate_clean_manifest(manifest, d, prefix=None):
+def sstate_clean_manifest(manifest, d, canrace=False, prefix=None):
     import oe.path
 
     mfile = open(manifest)
@@ -501,7 +501,9 @@ def sstate_clean_manifest(manifest, d, prefix=None):
             if entry.endswith("/"):
                 if os.path.islink(entry[:-1]):
                     os.remove(entry[:-1])
-                elif os.path.exists(entry) and len(os.listdir(entry)) == 0:
+                elif os.path.exists(entry) and len(os.listdir(entry)) == 0 and not canrace:
+                    # Removing directories whilst builds are in progress exposes a race. Only
+                    # do it in contexts where it is safe to do so.
                     os.rmdir(entry[:-1])
             else:
                 os.remove(entry)
@@ -539,7 +541,7 @@ def sstate_clean(ss, d):
         for lock in ss['lockfiles']:
             locks.append(bb.utils.lockfile(lock))
 
-        sstate_clean_manifest(manifest, d)
+        sstate_clean_manifest(manifest, d, canrace=True)
 
         for lock in locks:
             bb.utils.unlockfile(lock)
diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass
index 806a85773a..32a615c743 100644
--- a/poky/meta/classes/staging.bbclass
+++ b/poky/meta/classes/staging.bbclass
@@ -409,7 +409,7 @@ python extend_recipe_sysroot() {
         if os.path.islink(f) and not os.path.exists(f):
             bb.note("%s no longer exists, removing from sysroot" % f)
             lnk = os.readlink(f.replace(".complete", ""))
-            sstate_clean_manifest(depdir + "/" + lnk, d, workdir)
+            sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir)
             os.unlink(f)
             os.unlink(f.replace(".complete", ""))
 
@@ -454,7 +454,7 @@ python extend_recipe_sysroot() {
             fl = depdir + "/" + l
             bb.note("Task %s no longer depends on %s, removing from sysroot" % (mytaskname, l))
             lnk = os.readlink(fl)
-            sstate_clean_manifest(depdir + "/" + lnk, d, workdir)
+            sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir)
             os.unlink(fl)
             os.unlink(fl + ".complete")
 
@@ -475,7 +475,7 @@ python extend_recipe_sysroot() {
                 continue
             else:
                 bb.note("%s exists in sysroot, but is stale (%s vs. %s), removing." % (c, lnk, c + "." + taskhash))
-                sstate_clean_manifest(depdir + "/" + lnk, d, workdir)
+                sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir)
                 os.unlink(depdir + "/" + c)
                 if os.path.lexists(depdir + "/" + c + ".complete"):
                     os.unlink(depdir + "/" + c + ".complete")
diff --git a/poky/meta/lib/oeqa/selftest/cases/archiver.py b/poky/meta/lib/oeqa/selftest/cases/archiver.py
index ddd08ecf84..0194ae9f69 100644
--- a/poky/meta/lib/oeqa/selftest/cases/archiver.py
+++ b/poky/meta/lib/oeqa/selftest/cases/archiver.py
@@ -35,11 +35,11 @@ class Archiver(OESelftestTestCase):
         src_path = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
 
         # Check that include_recipe was included
-        included_present = len(glob.glob(src_path + '/%s-*' % include_recipe))
+        included_present = len(glob.glob(src_path + '/%s-*/*' % include_recipe))
         self.assertTrue(included_present, 'Recipe %s was not included.' % include_recipe)
 
         # Check that exclude_recipe was excluded
-        excluded_present = len(glob.glob(src_path + '/%s-*' % exclude_recipe))
+        excluded_present = len(glob.glob(src_path + '/%s-*/*' % exclude_recipe))
         self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % exclude_recipe)
 
     def test_archiver_filters_by_type(self):
@@ -67,11 +67,11 @@ class Archiver(OESelftestTestCase):
         src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS'])
 
         # Check that target_recipe was included
-        included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipe))
+        included_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipe))
         self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipe)
 
         # Check that native_recipe was excluded
-        excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipe))
+        excluded_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipe))
         self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipe)
 
     def test_archiver_filters_by_type_and_name(self):
@@ -104,17 +104,17 @@ class Archiver(OESelftestTestCase):
         src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS'])
 
         # Check that target_recipe[0] and native_recipes[1] were included
-        included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[0]))
+        included_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipes[0]))
         self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipes[0])
 
-        included_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[1]))
+        included_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipes[1]))
         self.assertTrue(included_present, 'Recipe %s was not included.' % native_recipes[1])
 
         # Check that native_recipes[0] and target_recipes[1] were excluded
-        excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[0]))
+        excluded_present = len(glob.glob(src_path_native + '/%s-*/*' % native_recipes[0]))
         self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipes[0])
 
-        excluded_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[1]))
+        excluded_present = len(glob.glob(src_path_target + '/%s-*/*' % target_recipes[1]))
         self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % target_recipes[1])
 
 
diff --git a/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py b/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py
index a7214beb4c..bbf67bf9c9 100644
--- a/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py
+++ b/poky/meta/lib/oeqa/selftest/cases/oelib/utils.py
@@ -64,7 +64,7 @@ class TestMultiprocessLaunch(TestCase):
         import bb
 
         def testfunction(item, d):
-            if item == "2" or item == "1":
+            if item == "2":
                 raise KeyError("Invalid number %s" % item)
             return "Found %s" % item
 
@@ -99,5 +99,4 @@ class TestMultiprocessLaunch(TestCase):
         # Assert the function prints exceptions
         with captured_output() as (out, err):
             self.assertRaises(bb.BBHandledException, multiprocess_launch, testfunction, ["1", "2", "3", "4", "5", "6"], d, extraargs=(d,))
-        self.assertIn("KeyError: 'Invalid number 1'", out.getvalue())
         self.assertIn("KeyError: 'Invalid number 2'", out.getvalue())
diff --git a/poky/meta/lib/oeqa/selftest/cases/runcmd.py b/poky/meta/lib/oeqa/selftest/cases/runcmd.py
index fa6113d7fa..e9612389fe 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runcmd.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runcmd.py
@@ -27,8 +27,8 @@ class RunCmdTests(OESelftestTestCase):
 
     # The delta is intentionally smaller than the timeout, to detect cases where
     # we incorrectly apply the timeout more than once.
-    TIMEOUT = 5
-    DELTA = 3
+    TIMEOUT = 10
+    DELTA = 8
 
     def test_result_okay(self):
         result = runCmd("true")
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index 1931dc7153..ef117de897 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -6,6 +6,7 @@ generate_key() {
     local DIR="$(dirname "$FILE")"
 
     mkdir -p "$DIR"
+    rm -f ${FILE}.tmp
     ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
 
     # Atomically rename file public key
diff --git a/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch b/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
deleted file mode 100644
index 67c9f189cc..0000000000
--- a/poky/meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From fe791386ebc270219ca00406c9fdadc5130b64ee Mon Sep 17 00:00:00 2001
-From: Samuel Sapalski <samuel.sapalski@nokia.com>
-Date: Wed, 3 Mar 2021 16:31:22 +0100
-Subject: [PATCH] decompress_gunzip: Fix DoS if gzip is corrupt
-
-On certain corrupt gzip files, huft_build will set the error bit on
-the result pointer. If afterwards abort_unzip is called huft_free
-might run into a segmentation fault or an invalid pointer to
-free(p).
-
-In order to mitigate this, we check in huft_free if the error bit
-is set and clear it before the linked list is freed.
-
-Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
-Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-
-Upstream-Status: Backport
-CVE: CVE-2021-28831
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- archival/libarchive/decompress_gunzip.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
-index eb3b64930..e93cd5005 100644
---- a/archival/libarchive/decompress_gunzip.c
-+++ b/archival/libarchive/decompress_gunzip.c
-@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = {
-  * each table.
-  * t: table to free
-  */
-+#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
-+#define ERR_RET     ((huft_t*)(uintptr_t)1)
- static void huft_free(huft_t *p)
- {
- 	huft_t *q;
- 
-+	/*
-+	 * If 'p' has the error bit set we have to clear it, otherwise we might run
-+	 * into a segmentation fault or an invalid pointer to free(p)
-+	 */
-+	if (BAD_HUFT(p)) {
-+		p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
-+	}
-+
- 	/* Go through linked list, freeing from the malloced (t[-1]) address. */
- 	while (p) {
- 		q = (--p)->v.t;
-@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
-  * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
-  * is given: "fixed inflate" decoder feeds us such data.
-  */
--#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
--#define ERR_RET     ((huft_t*)(uintptr_t)1)
- static huft_t* huft_build(const unsigned *b, const unsigned n,
- 			const unsigned s, const struct cp_ext *cp_ext,
- 			unsigned *m)
diff --git a/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch b/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
new file mode 100644
index 0000000000..4a1960dff2
--- /dev/null
+++ b/poky/meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
@@ -0,0 +1,81 @@
+From ceb378209f953ea745ed93a8645567196380ce3c Mon Sep 17 00:00:00 2001
+From: Andrej Valek <andrej.valek@siemens.com>
+Date: Thu, 24 Jun 2021 19:13:22 +0200
+Subject: [PATCH] mktemp: add tmpdir option
+
+Make mktemp more compatible with coreutils.
+- add "--tmpdir" option
+- add long variants for "d,q,u" options
+
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2021-June/088932.html]
+
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ coreutils/mktemp.c | 26 ++++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/coreutils/mktemp.c b/coreutils/mktemp.c
+index 5393320a5..05c6d98c6 100644
+--- a/coreutils/mktemp.c
++++ b/coreutils/mktemp.c
+@@ -39,16 +39,17 @@
+ //kbuild:lib-$(CONFIG_MKTEMP) += mktemp.o
+ 
+ //usage:#define mktemp_trivial_usage
+-//usage:       "[-dt] [-p DIR] [TEMPLATE]"
++//usage:       "[-dt] [-p DIR, --tmpdir[=DIR]] [TEMPLATE]"
+ //usage:#define mktemp_full_usage "\n\n"
+ //usage:       "Create a temporary file with name based on TEMPLATE and print its name.\n"
+ //usage:       "TEMPLATE must end with XXXXXX (e.g. [/dir/]nameXXXXXX).\n"
+ //usage:       "Without TEMPLATE, -t tmp.XXXXXX is assumed.\n"
+-//usage:     "\n	-d	Make directory, not file"
+-//usage:     "\n	-q	Fail silently on errors"
+-//usage:     "\n	-t	Prepend base directory name to TEMPLATE"
+-//usage:     "\n	-p DIR	Use DIR as a base directory (implies -t)"
+-//usage:     "\n	-u	Do not create anything; print a name"
++//usage:     "\n	-d			Make directory, not file"
++//usage:     "\n	-q			Fail silently on errors"
++//usage:     "\n	-t			Prepend base directory name to TEMPLATE"
++//usage:     "\n	-p DIR, --tmpdir[=DIR]	Use DIR as a base directory (implies -t)"
++//usage:     "\n				For --tmpdir is a optional one."
++//usage:     "\n	-u			Do not create anything; print a name"
+ //usage:     "\n"
+ //usage:     "\nBase directory is: -p DIR, else $TMPDIR, else /tmp"
+ //usage:
+@@ -72,13 +73,22 @@ int mktemp_main(int argc UNUSED_PARAM, char **argv)
+ 		OPT_t = 1 << 2,
+ 		OPT_p = 1 << 3,
+ 		OPT_u = 1 << 4,
++		OPT_td = 1 << 5,
+ 	};
+ 
+ 	path = getenv("TMPDIR");
+ 	if (!path || path[0] == '\0')
+ 		path = "/tmp";
+ 
+-	opts = getopt32(argv, "^" "dqtp:u" "\0" "?1"/*1 arg max*/, &path);
++	opts = getopt32long(argv, "^"
++	       "dqtp:u\0"
++	       "?1" /* 1 arg max */,
++	       "directory\0" No_argument       "d"
++	       "quiet\0"     No_argument       "q"
++	       "dry-run\0"   No_argument       "u"
++	       "tmpdir\0"    Optional_argument "\xff"
++	       , &path, &path
++	);
+ 
+ 	chp = argv[optind];
+ 	if (!chp) {
+@@ -95,7 +105,7 @@ int mktemp_main(int argc UNUSED_PARAM, char **argv)
+ 		goto error;
+ 	}
+ #endif
+-	if (opts & (OPT_t|OPT_p))
++	if (opts & (OPT_t|OPT_p|OPT_td))
+ 		chp = concat_path_file(path, chp);
+ 
+ 	if (opts & OPT_u) {
+-- 
+2.11.0
+
diff --git a/poky/meta/recipes-core/busybox/busybox_1.33.0.bb b/poky/meta/recipes-core/busybox/busybox_1.33.1.bb
index b2a30ba16f..4002d6a5c6 100644
--- a/poky/meta/recipes-core/busybox/busybox_1.33.0.bb
+++ b/poky/meta/recipes-core/busybox/busybox_1.33.1.bb
@@ -37,6 +37,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            ${@["", "file://mdev.cfg"][(d.getVar('VIRTUAL-RUNTIME_dev_manager') == 'busybox-mdev')]} \
            file://syslog.cfg \
            file://unicode.cfg \
+           file://rev.cfg \
+           file://pgrep.cfg \
            file://rcS \
            file://rcK \
            file://makefile-libbb-race.patch \
@@ -44,11 +46,9 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-testsuite-use-www.example.org-for-wget-test-cases.patch \
            file://0001-du-l-works-fix-to-use-145-instead-of-144.patch \
            file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
-           file://rev.cfg \
-           file://pgrep.cfg \
-           file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \
            file://0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch \
+           file://0001-mktemp-add-tmpdir-option.patch \
            "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 
-SRC_URI[tarball.sha256sum] = "d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd"
+SRC_URI[tarball.sha256sum] = "12cec6bd2b16d8a9446dd16130f2b92982f1819f6e1c5f5887b6db03f5660d28"
diff --git a/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb b/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb
index d887aeff79..659d3132fa 100644
--- a/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb
+++ b/poky/meta/recipes-core/glibc/glibc-testsuite_2.33.bb
@@ -61,3 +61,4 @@ addtask do_check after do_compile
 inherit nopackages
 deltask do_stash_locale
 deltask do_install
+deltask do_populate_sysroot
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.36.inc b/poky/meta/recipes-devtools/binutils/binutils-2.36.inc
index 2968291889..9d770db5a8 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.36.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.36.inc
@@ -41,5 +41,8 @@ SRC_URI = "\
      file://0014-Fix-rpath-in-libtool-when-sysroot-is-enabled.patch \
      file://0015-sync-with-OE-libtool-changes.patch \
      file://0016-Check-for-clang-before-checking-gcc-version.patch \
+     file://0001-CVE-2021-20197.patch \
+     file://0002-CVE-2021-20197.patch \
+     file://0003-CVE-2021-20197.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch
new file mode 100644
index 0000000000..2b4eaba26d
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch
@@ -0,0 +1,201 @@
+From 8e03235147a9e774d3ba084e93c2da1aa94d1cec Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@gotplt.org>
+Date: Mon, 22 Feb 2021 20:45:50 +0530
+Subject: [PATCH] binutils: Avoid renaming over existing files
+
+Renaming over existing files needs additional care to restore
+permissions and ownership, which may not always succeed.
+Additionally, other properties of the file such as extended attributes
+may be lost, making the operation flaky.
+
+For predictable results, resort to rename() only if the file does not
+exist, otherwise copy the file contents into the existing file.  This
+ensures that no additional tricks are needed to retain file
+properties.
+
+This also allows dropping of the redundant set_times on the tmpfile in
+objcopy/strip since now we no longer rename over existing files.
+
+binutils/
+
+	* ar.c (write_archive): Adjust call to SMART_RENAME.
+	* arsup.c (ar_save): Likewise.
+	* objcopy (strip_main): Don't set times on temporary file and
+	adjust call to SMART_RENAME.
+	(copy_main): Likewise.
+	* rename.c [!S_ISLNK]: Remove definitions.
+	(try_preserve_permissions): Remove function.
+	(smart_rename): Replace PRESERVE_DATES argument with
+	TARGET_STAT.  Use rename system call only if TO does not exist.
+	* bucomm.h (smart_rename): Adjust declaration.
+
+(cherry picked from commit 3685de750e6a091663a0abe42528cad29e960e35)
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8e03235147a9e774d3ba084e93c2da1aa94d1cec]
+CVE: CVE-2021-20197
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ binutils/ar.c      |  2 +-
+ binutils/arsup.c   |  2 +-
+ binutils/bucomm.h  |  3 ++-
+ binutils/objcopy.c |  8 ++-----
+ binutils/rename.c  | 55 +++++++++-------------------------------------
+ 6 files changed, 29 insertions(+), 54 deletions(-)
+
+diff --git a/binutils/ar.c b/binutils/ar.c
+index 45a34e3a6cf..3a91708b51c 100644
+--- a/binutils/ar.c
++++ b/binutils/ar.c
+@@ -1308,7 +1308,7 @@ write_archive (bfd *iarch)
+   /* We don't care if this fails; we might be creating the archive.  */
+   bfd_close (iarch);
+ 
+-  if (smart_rename (new_name, old_name, 0) != 0)
++  if (smart_rename (new_name, old_name, NULL) != 0)
+     xexit (1);
+   free (old_name);
+   free (new_name);
+diff --git a/binutils/arsup.c b/binutils/arsup.c
+index 5403a0c5d74..0a1f63f6456 100644
+--- a/binutils/arsup.c
++++ b/binutils/arsup.c
+@@ -351,7 +351,7 @@ ar_save (void)
+ 
+       bfd_close (obfd);
+ 
+-      smart_rename (ofilename, real_name, 0);
++      smart_rename (ofilename, real_name, NULL);
+       obfd = 0;
+       free (ofilename);
+     }
+diff --git a/binutils/bucomm.h b/binutils/bucomm.h
+index 91f6a5b228f..aa7e33d8cd1 100644
+--- a/binutils/bucomm.h
++++ b/binutils/bucomm.h
+@@ -71,7 +71,8 @@ extern void print_version (const char *);
+ /* In rename.c.  */
+ extern void set_times (const char *, const struct stat *);
+ 
+-extern int smart_rename (const char *, const char *, int);
++extern int smart_rename (const char *, const char *, struct stat *);
++
+ 
+ /* In libiberty.  */
+ void *xmalloc (size_t);
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index eab3b6db585..07a872b5a80 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -4861,12 +4861,10 @@ strip_main (int argc, char *argv[])
+ 		 output_target, NULL);
+       if (status == 0)
+ 	{
+-	  if (preserve_dates)
+-	    set_times (tmpname, &statbuf);
+ 	  if (output_file != tmpname)
+ 	    status = (smart_rename (tmpname,
+ 				    output_file ? output_file : argv[i],
+-				    preserve_dates) != 0);
++				    preserve_dates ? &statbuf : NULL) != 0);
+ 	  if (status == 0)
+ 	    status = hold_status;
+ 	}
+@@ -5931,11 +5929,9 @@ copy_main (int argc, char *argv[])
+ 	     output_target, input_arch);
+   if (status == 0)
+     {
+-      if (preserve_dates)
+-	set_times (tmpname, &statbuf);
+       if (tmpname != output_filename)
+ 	status = (smart_rename (tmpname, input_filename,
+-				preserve_dates) != 0);
++				preserve_dates ? &statbuf : NULL) != 0);
+     }
+   else
+     unlink_if_ordinary (tmpname);
+diff --git a/binutils/rename.c b/binutils/rename.c
+index 65ad5bf52c4..f471b45fd3f 100644
+--- a/binutils/rename.c
++++ b/binutils/rename.c
+@@ -122,20 +122,13 @@ set_times (const char *destination, const struct stat *statbuf)
+     non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno));
+ }
+ 
+-#ifndef S_ISLNK
+-#ifdef S_IFLNK
+-#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+-#else
+-#define S_ISLNK(m) 0
+-#define lstat stat
+-#endif
+-#endif
+-
+-/* Rename FROM to TO, copying if TO is a link.
+-   Return 0 if ok, -1 if error.  */
++/* Rename FROM to TO, copying if TO exists.  TARGET_STAT has the file status
++   that, if non-NULL, is used to fix up timestamps after rename.  Return 0 if
++   ok, -1 if error.  */
+ 
+ int
+-smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNUSED)
++smart_rename (const char *from, const char *to,
++	      struct stat *target_stat ATTRIBUTE_UNUSED)
+ {
+   bfd_boolean exists;
+   struct stat s;
+@@ -158,38 +151,10 @@ smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNU
+       unlink (from);
+     }
+ #else
+-  /* Use rename only if TO is not a symbolic link and has
+-     only one hard link, and we have permission to write to it.  */
+-  if (! exists
+-      || (!S_ISLNK (s.st_mode)
+-	  && S_ISREG (s.st_mode)
+-	  && (s.st_mode & S_IWUSR)
+-	  && s.st_nlink == 1)
+-      )
++  /* Avoid a full copy and use rename if TO does not exist.  */
++  if (!exists)
+     {
+-      ret = rename (from, to);
+-      if (ret == 0)
+-	{
+-	  if (exists)
+-	    {
+-	      /* Try to preserve the permission bits and ownership of
+-		 TO.  First get the mode right except for the setuid
+-		 bit.  Then change the ownership.  Then fix the setuid
+-		 bit.  We do the chmod before the chown because if the
+-		 chown succeeds, and we are a normal user, we won't be
+-		 able to do the chmod afterward.  We don't bother to
+-		 fix the setuid bit first because that might introduce
+-		 a fleeting security problem, and because the chown
+-		 will clear the setuid bit anyhow.  We only fix the
+-		 setuid bit if the chown succeeds, because we don't
+-		 want to introduce an unexpected setuid file owned by
+-		 the user running objcopy.  */
+-	      chmod (to, s.st_mode & 0777);
+-	      if (chown (to, s.st_uid, s.st_gid) >= 0)
+-		chmod (to, s.st_mode & 07777);
+-	    }
+-	}
+-      else
++      if ((ret = rename (from, to)) != 0)
+ 	{
+ 	  /* We have to clean up here.  */
+ 	  non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
+@@ -202,8 +167,8 @@ smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNU
+       if (ret != 0)
+ 	non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno));
+ 
+-      if (preserve_dates)
+-	set_times (to, &s);
++      if (target_stat != NULL)
++	set_times (to, target_stat);
+       unlink (from);
+     }
+ #endif /* _WIN32 && !__CYGWIN32__ */
+-- 
+2.31.1
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch
new file mode 100644
index 0000000000..3771f571eb
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch
@@ -0,0 +1,170 @@
+From d3edaa91d4cf7202ec14342410194841e2f67f12 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 26 Feb 2021 11:30:32 +1030
+Subject: [PATCH] Reinstate various pieces backed out from smart_rename changes
+
+In the interests of a stable release various last minute smart_rename
+patches were backed out of the 2.36 branch.  The main reason to
+reinstate some of those backed out changes here is to make necessary
+followup fixes to commit 8e03235147a9 simple cherry-picks from
+mainline.  A secondary reason is that ar -M support isn't fixed for
+pr26945 without this patch.
+
+	PR 26945
+	* ar.c: Don't include libbfd.h.
+	(write_archive): Replace xmalloc+strcpy with xstrdup.
+	* arsup.c (temp_name, real_ofd): New static variables.
+	(ar_open): Use make_tempname and bfd_fdopenw.
+	(ar_save): Adjust to suit ar_open changes.
+	* objcopy.c: Don't include libbfd.h.
+	* rename.c: Rename and reorder variables.
+
+(cherry picked from commit 95b91a043aeaeb546d2fea556d84a2de1e917770)
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d3edaa91d4cf7202ec14342410194841e2f67f12]
+CVE: CVE-2021-20197
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ binutils/ar.c      |  4 +---
+ binutils/arsup.c   | 37 +++++++++++++++++++++++++------------
+ binutils/objcopy.c |  1 -
+ binutils/rename.c  |  6 +++---
+ 5 files changed, 42 insertions(+), 19 deletions(-)
+
+diff --git a/binutils/ar.c b/binutils/ar.c
+index 3a91708b51c..44df48c5c67 100644
+--- a/binutils/ar.c
++++ b/binutils/ar.c
+@@ -25,7 +25,6 @@
+ 
+ #include "sysdep.h"
+ #include "bfd.h"
+-#include "libbfd.h"
+ #include "libiberty.h"
+ #include "progress.h"
+ #include "getopt.h"
+@@ -1255,8 +1254,7 @@ write_archive (bfd *iarch)
+   bfd *contents_head = iarch->archive_next;
+   int ofd = -1;
+ 
+-  old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1);
+-  strcpy (old_name, bfd_get_filename (iarch));
++  old_name = xstrdup (bfd_get_filename (iarch));
+   new_name = make_tempname (old_name, &ofd);
+ 
+   if (new_name == NULL)
+diff --git a/binutils/arsup.c b/binutils/arsup.c
+index 0a1f63f6456..f7ce8f0bc82 100644
+--- a/binutils/arsup.c
++++ b/binutils/arsup.c
+@@ -42,6 +42,8 @@ extern int deterministic;
+ 
+ static bfd *obfd;
+ static char *real_name;
++static char *temp_name;
++static int real_ofd;
+ static FILE *outfile;
+ 
+ static void
+@@ -149,27 +151,24 @@ maybequit (void)
+ void
+ ar_open (char *name, int t)
+ {
+-  char *tname;
+-  const char *bname = lbasename (name);
+-  real_name = name;
++  real_name = xstrdup (name);
++  temp_name = make_tempname (real_name, &real_ofd);
+ 
+-  /* Prepend tmp- to the beginning, to avoid file-name clashes after
+-     truncation on filesystems with limited namespaces (DOS).  */
+-  if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1)
++  if (temp_name == NULL)
+     {
+-      fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"),
++      fprintf (stderr, _("%s: Can't open temporary file (%s)\n"),
+ 	       program_name, strerror(errno));
+       maybequit ();
+       return;
+     }
+ 
+-  obfd = bfd_openw (tname, NULL);
++  obfd = bfd_fdopenw (temp_name, NULL, real_ofd);
+ 
+   if (!obfd)
+     {
+       fprintf (stderr,
+ 	       _("%s: Can't open output archive %s\n"),
+-	       program_name,  tname);
++	       program_name, temp_name);
+ 
+       maybequit ();
+     }
+@@ -344,16 +343,30 @@ ar_save (void)
+     }
+   else
+     {
+-      char *ofilename = xstrdup (bfd_get_filename (obfd));
++      struct stat target_stat;
+ 
+       if (deterministic > 0)
+         obfd->flags |= BFD_DETERMINISTIC_OUTPUT;
+ 
+       bfd_close (obfd);
+ 
+-      smart_rename (ofilename, real_name, NULL);
++      if (stat (real_name, &target_stat) != 0)
++	{
++	  /* The temp file created in ar_open has mode 0600 as per mkstemp.
++	     Create the real empty output file here so smart_rename will
++	     update the mode according to the process umask.  */
++	  obfd = bfd_openw (real_name, NULL);
++	  if (obfd != NULL)
++	    {
++	      bfd_set_format (obfd, bfd_archive);
++	      bfd_close (obfd);
++	    }
++	}
++
++      smart_rename (temp_name, real_name, NULL);
+       obfd = 0;
+-      free (ofilename);
++      free (temp_name);
++      free (real_name);
+     }
+ }
+ 
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index 07a872b5a80..73aa8bc2514 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -20,7 +20,6 @@
+ 
+ #include "sysdep.h"
+ #include "bfd.h"
+-#include "libbfd.h"
+ #include "progress.h"
+ #include "getopt.h"
+ #include "libiberty.h"
+diff --git a/binutils/rename.c b/binutils/rename.c
+index f471b45fd3f..2ff092ee22b 100644
+--- a/binutils/rename.c
++++ b/binutils/rename.c
+@@ -130,11 +130,11 @@ int
+ smart_rename (const char *from, const char *to,
+ 	      struct stat *target_stat ATTRIBUTE_UNUSED)
+ {
+-  bfd_boolean exists;
+-  struct stat s;
+   int ret = 0;
++  struct stat to_stat;
++  bfd_boolean exists;
+ 
+-  exists = lstat (to, &s) == 0;
++  exists = lstat (to, &to_stat) == 0;
+ 
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but
+-- 
+2.31.1
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch b/poky/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch
new file mode 100644
index 0000000000..082b28b29c
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch
@@ -0,0 +1,171 @@
+From 8b69e61d4be276bb862698aaafddc3e779d23c8f Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 23 Feb 2021 09:37:39 +1030
+Subject: [PATCH] PR27456, lstat in rename.c on MinGW
+
+	PR 27456
+	* rename.c: Tidy throughout.
+	(smart_rename): Always copy.  Remove windows specific code.
+
+(cherry picked from commit cca8873dd5a6015d5557ea44bc1ea9c252435a29)
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8b69e61d4be276bb862698aaafddc3e779d23c8f]
+CVE: CVE-2021-20197
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ binutils/rename.c  | 111 ++++++++++++++-------------------------------
+ 2 files changed, 40 insertions(+), 76 deletions(-)
+
+diff --git a/binutils/rename.c b/binutils/rename.c
+index 2ff092ee22b..72a9323d72c 100644
+--- a/binutils/rename.c
++++ b/binutils/rename.c
+@@ -24,14 +24,9 @@
+ 
+ #ifdef HAVE_GOOD_UTIME_H
+ #include <utime.h>
+-#else /* ! HAVE_GOOD_UTIME_H */
+-#ifdef HAVE_UTIMES
++#elif defined HAVE_UTIMES
+ #include <sys/time.h>
+-#endif /* HAVE_UTIMES */
+-#endif /* ! HAVE_GOOD_UTIME_H */
+-
+-#if ! defined (_WIN32) || defined (__CYGWIN32__)
+-static int simple_copy (const char *, const char *);
++#endif
+ 
+ /* The number of bytes to copy at once.  */
+ #define COPY_BUF 8192
+@@ -82,7 +77,6 @@ simple_copy (const char *from, const char *to)
+     }
+   return 0;
+ }
+-#endif /* __CYGWIN32__ or not _WIN32 */
+ 
+ /* Set the times of the file DESTINATION to be the same as those in
+    STATBUF.  */
+@@ -91,87 +85,52 @@ void
+ set_times (const char *destination, const struct stat *statbuf)
+ {
+   int result;
+-
+-  {
+ #ifdef HAVE_GOOD_UTIME_H
+-    struct utimbuf tb;
+-
+-    tb.actime = statbuf->st_atime;
+-    tb.modtime = statbuf->st_mtime;
+-    result = utime (destination, &tb);
+-#else /* ! HAVE_GOOD_UTIME_H */
+-#ifndef HAVE_UTIMES
+-    long tb[2];
+-
+-    tb[0] = statbuf->st_atime;
+-    tb[1] = statbuf->st_mtime;
+-    result = utime (destination, tb);
+-#else /* HAVE_UTIMES */
+-    struct timeval tv[2];
+-
+-    tv[0].tv_sec = statbuf->st_atime;
+-    tv[0].tv_usec = 0;
+-    tv[1].tv_sec = statbuf->st_mtime;
+-    tv[1].tv_usec = 0;
+-    result = utimes (destination, tv);
+-#endif /* HAVE_UTIMES */
+-#endif /* ! HAVE_GOOD_UTIME_H */
+-  }
++  struct utimbuf tb;
++
++  tb.actime = statbuf->st_atime;
++  tb.modtime = statbuf->st_mtime;
++  result = utime (destination, &tb);
++#elif defined HAVE_UTIMES
++  struct timeval tv[2];
++
++  tv[0].tv_sec = statbuf->st_atime;
++  tv[0].tv_usec = 0;
++  tv[1].tv_sec = statbuf->st_mtime;
++  tv[1].tv_usec = 0;
++  result = utimes (destination, tv);
++#else
++  long tb[2];
++
++  tb[0] = statbuf->st_atime;
++  tb[1] = statbuf->st_mtime;
++  result = utime (destination, tb);
++#endif
+ 
+   if (result != 0)
+     non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno));
+ }
+ 
+-/* Rename FROM to TO, copying if TO exists.  TARGET_STAT has the file status
+-   that, if non-NULL, is used to fix up timestamps after rename.  Return 0 if
+-   ok, -1 if error.  */
++/* Copy FROM to TO.  TARGET_STAT has the file status that, if non-NULL,
++   is used to fix up timestamps.  Return 0 if ok, -1 if error.
++   At one time this function renamed files, but file permissions are
++   tricky to update given the number of different schemes used by
++   various systems.  So now we just copy.  */
+ 
+ int
+ smart_rename (const char *from, const char *to,
+-	      struct stat *target_stat ATTRIBUTE_UNUSED)
++	      struct stat *target_stat)
+ {
+-  int ret = 0;
+-  struct stat to_stat;
+-  bfd_boolean exists;
+-
+-  exists = lstat (to, &to_stat) == 0;
+-
+-#if defined (_WIN32) && !defined (__CYGWIN32__)
+-  /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but
+-     fail instead.  Also, chown is not present.  */
+-
+-  if (exists)
+-    remove (to);
++  int ret;
+ 
+-  ret = rename (from, to);
++  ret = simple_copy (from, to);
+   if (ret != 0)
+-    {
+-      /* We have to clean up here.  */
+-      non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
+-      unlink (from);
+-    }
+-#else
+-  /* Avoid a full copy and use rename if TO does not exist.  */
+-  if (!exists)
+-    {
+-      if ((ret = rename (from, to)) != 0)
+-	{
+-	  /* We have to clean up here.  */
+-	  non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
+-	  unlink (from);
+-	}
+-    }
+-  else
+-    {
+-      ret = simple_copy (from, to);
+-      if (ret != 0)
+-	non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno));
++    non_fatal (_("unable to copy file '%s'; reason: %s"),
++	       to, strerror (errno));
+ 
+-      if (target_stat != NULL)
+-	set_times (to, target_stat);
+-      unlink (from);
+-    }
+-#endif /* _WIN32 && !__CYGWIN32__ */
++  if (target_stat != NULL)
++    set_times (to, target_stat);
++  unlink (from);
+ 
+   return ret;
+ }
+-- 
+2.31.1
+
diff --git a/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c b/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c
index af7af524eb..9eb5ca807a 100644
--- a/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c
+++ b/poky/meta/recipes-devtools/dwarfsrcfiles/files/dwarfsrcfiles.c
@@ -9,6 +9,7 @@
 
 #include <argp.h>
 #include <stdio.h>
+#include <stdlib.h>
 
 #include <dwarf.h>
 #include <elfutils/libdw.h>
@@ -83,13 +84,15 @@ process_cu (Dwarf_Die *cu_die)
 int
 main (int argc, char **argv)
 {
-  char* args[3];
+  char* args[5];
   int res = 0;
   Dwfl *dwfl;
   Dwarf_Addr bias;
   
-  if (argc != 2)
+  if (argc != 2) {
     fprintf(stderr, "Usage %s <file>", argv[0]);
+    exit(EXIT_FAILURE);
+  }
   
   // Pretend "dwarfsrcfiles -e <file>" was given, so we can use standard
   // dwfl argp parser to open the file for us and get our Dwfl. Useful
@@ -98,8 +101,12 @@ main (int argc, char **argv)
   args[0] = argv[0];
   args[1] = "-e";
   args[2] = argv[1];
+  // We don't want to follow debug linked files due to the way OE processes
+  // files, could race against changes in the linked binary (e.g. objcopy on it)
+  args[3] = "--debuginfo-path";
+  args[4] = "/not/exist";
   
-  argp_parse (dwfl_standard_argp (), 3, args, 0, NULL, &dwfl);
+  argp_parse (dwfl_standard_argp (), 5, args, 0, NULL, &dwfl);
   
   Dwarf_Die *cu = NULL;
   while ((cu = dwfl_nextcu (dwfl, cu, &bias)) != NULL)
diff --git a/poky/meta/recipes-devtools/go/go-1.16.3.inc b/poky/meta/recipes-devtools/go/go-1.16.5.inc
index ebd25a5eaa..bd928e44f8 100644
--- a/poky/meta/recipes-devtools/go/go-1.16.3.inc
+++ b/poky/meta/recipes-devtools/go/go-1.16.5.inc
@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.16"
-PV = "1.16.3"
+PV = "1.16.5"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -17,4 +17,4 @@ SRC_URI += "\
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
     file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
 "
-SRC_URI[main.sha256sum] = "b298d29de9236ca47a023e382313bcc2d2eed31dfa706b60a04103ce83a71a25"
+SRC_URI[main.sha256sum] = "7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80"
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.16.3.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.16.5.bb
index d01a2bd8f1..b3e2b6a60e 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.16.5.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
 PROVIDES = "go-native"
 
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "951a3c7c6ce4e56ad883f97d9db74d3d6d80d5fec77455c6ada6c1f7ac4776d2"
-SRC_URI[go_linux_arm64.sha256sum] = "566b1d6f17d2bc4ad5f81486f0df44f3088c3ed47a3bec4099d8ed9939e90d5d"
+SRC_URI[go_linux_amd64.sha256sum] = "b12c23023b68de22f74c0524f10b753e7b08b1504cb7e417eccebdd3fae49061"
+SRC_URI[go_linux_arm64.sha256sum] = "d5446b46ef6f36fdffa852f73dfbbe78c1ddf010b99fa4964944b9ae8b4d6799"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.3.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.5.bb
index 7ac9449e47..7ac9449e47 100644
--- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.5.bb
diff --git a/poky/meta/recipes-devtools/go/go-cross_1.16.3.bb b/poky/meta/recipes-devtools/go/go-cross_1.16.5.bb
index 80b5a03f6c..80b5a03f6c 100644
--- a/poky/meta/recipes-devtools/go/go-cross_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go-cross_1.16.5.bb
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.3.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.5.bb
index 1857c8a577..1857c8a577 100644
--- a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.5.bb
diff --git a/poky/meta/recipes-devtools/go/go-native_1.16.3.bb b/poky/meta/recipes-devtools/go/go-native_1.16.5.bb
index f14892cdb0..f14892cdb0 100644
--- a/poky/meta/recipes-devtools/go/go-native_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go-native_1.16.5.bb
diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.16.3.bb b/poky/meta/recipes-devtools/go/go-runtime_1.16.5.bb
index 63464a1501..63464a1501 100644
--- a/poky/meta/recipes-devtools/go/go-runtime_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go-runtime_1.16.5.bb
diff --git a/poky/meta/recipes-devtools/go/go_1.16.3.bb b/poky/meta/recipes-devtools/go/go_1.16.5.bb
index 4e9e0ebec8..4e9e0ebec8 100644
--- a/poky/meta/recipes-devtools/go/go_1.16.3.bb
+++ b/poky/meta/recipes-devtools/go/go_1.16.5.bb
diff --git a/poky/meta/recipes-devtools/perl/perl_5.32.1.bb b/poky/meta/recipes-devtools/perl/perl_5.32.1.bb
index b28040c7fb..f8893af3e2 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.32.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.32.1.bb
@@ -62,6 +62,8 @@ do_configure_class-target() {
     -Dsoname=libperl.so.5 \
     -Dvendorprefix=${prefix} \
     -Darchlibexp=${STAGING_LIBDIR}/perl5/${PV}/${TARGET_ARCH}-linux \
+    -Dlibpth='${libdir} ${base_libdir}' \
+    -Dglibpth='${libdir} ${base_libdir}' \
     ${PACKAGECONFIG_CONFARGS}
 
     #perl.c uses an ARCHLIB_EXP define to generate compile-time code that
diff --git a/poky/meta/recipes-extended/perl/libconvert-asn1-perl/CVE-2013-7488.patch b/poky/meta/recipes-extended/perl/libconvert-asn1-perl/CVE-2013-7488.patch
new file mode 100644
index 0000000000..d0aca65393
--- /dev/null
+++ b/poky/meta/recipes-extended/perl/libconvert-asn1-perl/CVE-2013-7488.patch
@@ -0,0 +1,35 @@
+From 8070c6a4931801b6550c79c5766dfd3a99976036 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 8 Jul 2021 14:48:36 +0800
+Subject: [PATCH] Merge pull request #15 from danaj/danaj/unsafe-decoding
+
+Upstream-Status: Backport[https://github.com/gbarr/perl-Convert-ASN1/commit/108e784417db7893f348c381c837537c3bd39373]
+CVE: CVE-2013-7488
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/Convert/ASN1/_decode.pm | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
+index cd173f9..495e1bf 100644
+--- a/lib/Convert/ASN1/_decode.pm
++++ b/lib/Convert/ASN1/_decode.pm
+@@ -683,12 +683,14 @@ sub _scan_indef {
+       $pos += 2;
+       next;
+     }
++    return if $pos >= $end;
+ 
+     my $tag = substr($_[0], $pos++, 1);
+ 
+     if((unpack("C",$tag) & 0x1f) == 0x1f) {
+       my $b;
+       do {
++        return if $pos >= $end;
+ 	$tag .= substr($_[0],$pos++,1);
+ 	$b = ord substr($tag,-1);
+       } while($b & 0x80);
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb b/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
index 409a8f3896..8ec96860ad 100644
--- a/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
+++ b/poky/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
@@ -5,7 +5,8 @@ DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data using
 LICENSE = "Artistic-1.0 | GPL-1.0+"
 LIC_FILES_CHKSUM = "file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f"
 
-SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz"
+SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz \
+           file://CVE-2013-7488.patch"
 
 SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c"
 SRC_URI[sha256sum] = "74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch
new file mode 100644
index 0000000000..4c9cb0ebb2
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch
@@ -0,0 +1,46 @@
+From 836f93de99b35050d78d61d3654f7c5655184144 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 19 Apr 2019 10:19:50 +0200
+Subject: [PATCH] hw/xwayland/Makefile.am: fix build without glx
+
+Commit d8ec33fe0542141aed1d9016d2ecaf52da944b4b added libglxvnd.la to
+Xwayland_LDFLAGS but GLX can be disabled through --disable-glx.
+In this case, build fails on:
+
+make[3]: *** No rule to make target '../../glx/libglxvnd.la', needed by 'Xwayland'.  Stop.
+make[3]: *** Waiting for unfinished jobs....
+
+Fixes:
+ - http://autobuild.buildroot.org/results/397f8098c57fc6c88aa12dc8d35ebb1b933d52ef
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/836f93de99b35050d78d61d3654f7c5655184144]
+Signed-off-by: Wadim Egorov <w.egorov@phytec.de>
+---
+ hw/xwayland/Makefile.am | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xwayland/Makefile.am b/hw/xwayland/Makefile.am
+index bc1cb8506..502879e2a 100644
+--- a/hw/xwayland/Makefile.am
++++ b/hw/xwayland/Makefile.am
+@@ -21,10 +21,14 @@ Xwayland_SOURCES =				\
+ 	$(top_srcdir)/Xi/stubs.c		\
+ 	$(top_srcdir)/mi/miinitext.c
+ 
++if GLX
++GLXVND_LIB = $(top_builddir)/glx/libglxvnd.la
++endif
++
+ Xwayland_LDADD =				\
+ 	$(glamor_lib)				\
+ 	$(XWAYLAND_LIBS)			\
+-	$(top_builddir)/glx/libglxvnd.la	\
++	$(GLXVND_LIB)				\
+ 	$(XWAYLAND_SYS_LIBS)			\
+ 	$(top_builddir)/Xext/libXvidmode.la	\
+ 	$(XSERVER_SYS_LIBS)
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
index 755a762a73..e0551fa999 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \
            file://CVE-2021-3472.patch \
+           file://0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch \
            "
 SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99"
 
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
index ed6e78175a..26091fba70 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
@@ -229,6 +229,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
              ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \
              ${PN}-vt6656-license ${PN}-vt6656 \
+             ${PN}-rs9113 ${PN}-rs9116 \
              ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
              ${PN}-rtl8168 \
              ${PN}-cypress-license \
@@ -529,6 +530,16 @@ RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license"
 RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license"
 RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license"
 
+# For RSI RS911x WiFi
+LICENSE_${PN}-rs9113 = "WHENCE"
+LICENSE_${PN}-rs9116 = "WHENCE"
+
+FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps "
+FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps "
+
+RDEPENDS_${PN}-rs9113 += "${PN}-whence-license"
+RDEPENDS_${PN}-rs9116 += "${PN}-whence-license"
+
 # For rtl
 LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware"
diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
index 84e99233e6..92076ac8b0 100644
--- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -112,6 +112,9 @@ do_install() {
 	if [ "${ARCH}" = "arm64" ]; then
 	    cp -a --parents arch/arm64/kernel/vdso/vdso.lds $kerneldir/build/
 	fi
+	if [ "${ARCH}" = "powerpc" ]; then
+	    cp -a --parents arch/powerpc/kernel/vdso32/vdso32.lds $kerneldir/build 2>/dev/null || :
+	fi
 
 	cp -a include $kerneldir/build/include
 
@@ -163,6 +166,14 @@ do_install() {
             cp -a --parents arch/arm64/kernel/vdso/gen_vdso_offsets.sh $kerneldir/build/
 
             cp -a --parents arch/arm64/kernel/module.lds $kerneldir/build/ 2>/dev/null || :
+
+            # 5.13+ needs these tools
+            cp -a --parents arch/arm64/tools/gen-cpucaps.awk $kerneldir/build/ 2>/dev/null || :
+            cp -a --parents arch/arm64/tools/cpucaps $kerneldir/build/ 2>/dev/null || :
+
+            if [ -e $kerneldir/build/arch/arm64/tools/gen-cpucaps.awk ]; then
+                 sed -i -e "s,#!.*awk.*,#!${USRBINPATH}/env awk," $kerneldir/build/arch/arm64/tools/gen-cpucaps.awk
+            fi
 	fi
 
 	if [ "${ARCH}" = "powerpc" ]; then
@@ -170,6 +181,7 @@ do_install() {
 	    cp -a --parents arch/${ARCH}/kernel/syscalls/syscall.tbl $kerneldir/build/ 2>/dev/null || :
 	    cp -a --parents arch/${ARCH}/kernel/syscalls/syscalltbl.sh $kerneldir/build/ 2>/dev/null || :
 	    cp -a --parents arch/${ARCH}/kernel/syscalls/syscallhdr.sh $kerneldir/build/ 2>/dev/null || :
+	    cp -a --parents arch/${ARCH}/kernel/vdso32/* $kerneldir/build/ 2>/dev/null || :
 	fi
 
 	# include the machine specific headers for ARM variants, if available.
@@ -273,7 +285,11 @@ do_install() {
         sed -i 's/ifneq "$(LD)" ".*-linux-.*ld.bfd.*$/ifneq "$(LD)" "ld"/' "$kerneldir/build/include/config/auto.conf.cmd"
         sed -i 's/ifneq "$(AR)" ".*-linux-.*ar.*$/ifneq "$(AR)" "ar"/' "$kerneldir/build/include/config/auto.conf.cmd"
         sed -i 's/ifneq "$(OBJCOPY)" ".*-linux-.*objcopy.*$/ifneq "$(OBJCOPY)" "objcopy"/' "$kerneldir/build/include/config/auto.conf.cmd"
-        sed -i 's/ifneq "$(NM)" ".*-linux-.*nm.*$/ifneq "$(NM)" "nm"/' "$kerneldir/build/include/config/auto.conf.cmd"
+        if [ "${ARCH}" = "powerpc" ]; then
+            sed -i 's/ifneq "$(NM)" ".*-linux-.*nm.*$/ifneq "$(NM)" "nm --synthetic"/' "$kerneldir/build/include/config/auto.conf.cmd"
+        else
+            sed -i 's/ifneq "$(NM)" ".*-linux-.*nm.*$/ifneq "$(NM)" "nm"/' "$kerneldir/build/include/config/auto.conf.cmd"
+        fi
         sed -i 's/ifneq "$(HOSTCXX)" ".*$/ifneq "$(HOSTCXX)" "g++"/' "$kerneldir/build/include/config/auto.conf.cmd"
         sed -i 's/ifneq "$(HOSTCC)" ".*$/ifneq "$(HOSTCC)" "gcc"/' "$kerneldir/build/include/config/auto.conf.cmd"
         sed -i 's/ifneq "$(CC_VERSION_TEXT)".*\(gcc.*\)"/ifneq "$(CC_VERSION_TEXT)" "\1"/' "$kerneldir/build/include/config/auto.conf.cmd"
@@ -307,3 +323,7 @@ RDEPENDS_${PN} += "openssl-dev util-linux"
 RDEPENDS_${PN} += "${@bb.utils.contains('ARCH', 'x86', 'elfutils', '', d)}"
 # 5.8+ needs gcc-plugins libmpc-dev
 RDEPENDS_${PN} += "gcc-plugins libmpc-dev"
+# 5.13+ needs awk for arm64
+RDEPENDS_${PN}_append_aarch64 = " gawk"
+# 5.13+ needs grep for powerpc
+RDEPENDS_${PN}_append_powerpc = " grep"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index f511f233b6..e0d8280128 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "4a59bc57b2be77da9394b10eb37067da7d63b7a4"
-SRCREV_meta ?= "b969f83647833d21d8826c4667492f58895213c3"
+SRCREV_machine ?= "42032770803ba26765376967cef09945f48abe04"
+SRCREV_meta ?= "82899c6a7119b9668be9ae508159f5ac96554cc2"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.46"
+LINUX_VERSION ?= "5.10.47"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 3e97058f68..7a4267531f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "f3ac47f313e4ce608b3567c006f61d1d8b820ae2"
-SRCREV_meta ?= "78949176d073f5cf04c9e0c4be699e39528f2880"
+SRCREV_machine ?= "c86c4081f4764f57bbb26df8a9202c01799c3771"
+SRCREV_meta ?= "c5e5dc4e13bd4882a8ed96b8026e6fd268b68f8a"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.128"
+LINUX_VERSION ?= "5.4.129"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index f5ade2992c..6b71573a39 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.10.46"
+LINUX_VERSION ?= "5.10.47"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "dd1f9602f3e4e9dc177421ba12ce073ad2099a58"
-SRCREV_machine ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_meta ?= "b969f83647833d21d8826c4667492f58895213c3"
+SRCREV_machine_qemuarm ?= "eaad1adbc817d996edf44fdd520da4810e57e66d"
+SRCREV_machine ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_meta ?= "82899c6a7119b9668be9ae508159f5ac96554cc2"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 2eb5ebdbbd..5d487ac23f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.128"
+LINUX_VERSION ?= "5.4.129"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "987d6fd6c916297cde5cc7e988c28ef1e458f1cf"
-SRCREV_machine ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_meta ?= "78949176d073f5cf04c9e0c4be699e39528f2880"
+SRCREV_machine_qemuarm ?= "ca636d1a2ccbb2626c4eacbdb0da2c30654b108c"
+SRCREV_machine ?= "d46f8ecb3f81bdba8131b90dc90174ecb36a1b78"
+SRCREV_meta ?= "c5e5dc4e13bd4882a8ed96b8026e6fd268b68f8a"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index dd4aef7f89..0315808989 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH_qemux86  ?= "v5.10/standard/base"
 KBRANCH_qemux86-64 ?= "v5.10/standard/base"
 KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "17e89ca08f67fdcbaf0a3ae4c429602f76463923"
-SRCREV_machine_qemuarm64 ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_machine_qemumips ?= "bdcaaee7b7ce0e865670a2cee55b1974eb67357b"
-SRCREV_machine_qemuppc ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_machine_qemuriscv64 ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_machine_qemuriscv32 ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_machine_qemux86 ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_machine_qemux86-64 ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_machine_qemumips64 ?= "2f11a726a60ad9e8a48de6bc2101a993b461e8d1"
-SRCREV_machine ?= "139fe7d68413054f850e206ab749f97a968867a8"
-SRCREV_meta ?= "b969f83647833d21d8826c4667492f58895213c3"
+SRCREV_machine_qemuarm ?= "8950bba5dc5b6139af3711cf82b6c35ea3ef873f"
+SRCREV_machine_qemuarm64 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_machine_qemumips ?= "271e6f3b206246da2937788d83c3b4e57cb33da0"
+SRCREV_machine_qemuppc ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_machine_qemuriscv64 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_machine_qemuriscv32 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_machine_qemux86 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_machine_qemux86-64 ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_machine_qemumips64 ?= "1112c8f8594df02dd6f2bd1cf13848536ca3f536"
+SRCREV_machine ?= "52bcc5b2342739bbfc8fc385d151616883c4425c"
+SRCREV_meta ?= "82899c6a7119b9668be9ae508159f5ac96554cc2"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.46"
+LINUX_VERSION ?= "5.10.47"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 5a7e9f0a35..94605b3942 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "69874edb0838e4d26002a8d30e14a5e1b355e397"
-SRCREV_machine_qemuarm64 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_machine_qemumips ?= "1bfafb3ce048d4a30aca35e847168855980f5dbc"
-SRCREV_machine_qemuppc ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_machine_qemuriscv64 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_machine_qemux86 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_machine_qemux86-64 ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_machine_qemumips64 ?= "2a0ea1bced3f4b8ebebb19debc19b7930a4924a8"
-SRCREV_machine ?= "befa5fba9b9f972f68acc891f2ca143d6b3e4011"
-SRCREV_meta ?= "78949176d073f5cf04c9e0c4be699e39528f2880"
+SRCREV_machine_qemuarm ?= "dfb964733268c1e6f932900a384a793a0ca8de34"
+SRCREV_machine_qemuarm64 ?= "7d3eac73a6edc8fdcd701bbb0aa8c21030eb2027"
+SRCREV_machine_qemumips ?= "a40b68f2f4be601dfe020940ad29ac894cc31298"
+SRCREV_machine_qemuppc ?= "a3258c8b1690ecfa620eae9552a75cec9224ecd4"
+SRCREV_machine_qemuriscv64 ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778"
+SRCREV_machine_qemux86 ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778"
+SRCREV_machine_qemux86-64 ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778"
+SRCREV_machine_qemumips64 ?= "dded4f6e58cd90c7333b5257c9327e5e30f78e26"
+SRCREV_machine ?= "e211c039dcd85ad2d4c1f1a70909d0eefef49778"
+SRCREV_meta ?= "c5e5dc4e13bd4882a8ed96b8026e6fd268b68f8a"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.128"
+LINUX_VERSION ?= "5.4.129"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch
new file mode 100644
index 0000000000..6c3590c311
--- /dev/null
+++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch
@@ -0,0 +1,33 @@
+Backport patch to fix CVE-2021-33477.
+
+CVE: CVE-2021-33477
+
+Upstream-Status: Backport [http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/command.C | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/command.C b/src/command.C
+index 7b79f51..2f7de60 100644
+--- a/src/command.C
++++ b/src/command.C
+@@ -2725,7 +2725,7 @@ rxvt_term::process_escape_seq ()
+         /* kidnapped escape sequence: Should be 8.3.48 */
+       case C1_ESA:		/* ESC G */
+         // used by original rxvt for rob nations own graphics mode
+-        if (cmd_getc () == 'Q')
++        if (cmd_getc () == 'Q' && option (Opt_insecure))
+           tt_printf ("\033G0\012");	/* query graphics - no graphics */
+         break;
+ 
+@@ -2944,7 +2944,7 @@ rxvt_term::process_csi_seq ()
+         break;
+ 
+       case CSI_CUB:		/* 8.3.18: (1) CURSOR LEFT */
+-      case CSI_HPB: 		/* 8.3.59: (1) CHARACTER POSITION BACKWARD */
++      case CSI_HPB:		/* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ #ifdef ISO6429
+         arg[0] = -arg[0];
+ #else				/* emulate common DEC VTs */
diff --git a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb
index 283e8d7751..dee549cc78 100644
--- a/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb
+++ b/poky/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb
@@ -4,7 +4,9 @@ LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
                     file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6"
 
-SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch"
+SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch \
+            file://rxvt-unicode-fix-CVE-2021-33477.patch \
+            "
 
 SRC_URI[sha256sum] = "e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd"
 
diff --git a/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb b/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb
index 19e991e65f..00f3a86dd6 100644
--- a/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb
+++ b/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb
@@ -20,7 +20,7 @@ do_compile() {
 }
 
 do_install() {
-    ./b2 install --prefix=${prefix} staging-prefix=${D}${prefix}
+    HOME=/var/run ./b2 install --prefix=${prefix} staging-prefix=${D}${prefix}
 }
 
 # The build is either release mode (pre-stripped) or debug (-O0).
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22897.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22897.patch
new file mode 100644
index 0000000000..fcd11b7674
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22897.patch
@@ -0,0 +1,72 @@
+From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 23 Apr 2021 10:54:10 +0200
+Subject: [PATCH] schannel: don't use static to store selected ciphers
+
+CVE-2021-22897
+
+Bug: https://curl.se/docs/CVE-2021-22897.html
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511]
+
+CVE: CVE-2021-22897
+
+Signed-off-by: Daniel Stenberg <daniel@haxx.se>
+Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
+---
+ lib/vtls/schannel.c | 9 +++++----
+ lib/vtls/schannel.h | 3 +++
+ 2 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
+index 8c25ac5dd5a5..dba7072273a9 100644
+--- a/lib/vtls/schannel.c
++++ b/lib/vtls/schannel.c
+@@ -328,12 +328,12 @@ get_alg_id_by_name(char *name)
+ }
+ 
+ static CURLcode
+-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
++                int *algIds)
+ {
+   char *startCur = ciphers;
+   int algCount = 0;
+-  static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/
+-  while(startCur && (0 != *startCur) && (algCount < 45)) {
++  while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) {
+     long alg = strtol(startCur, 0, 0);
+     if(!alg)
+       alg = get_alg_id_by_name(startCur);
+@@ -593,7 +593,8 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
+     }
+ 
+     if(SSL_CONN_CONFIG(cipher_list)) {
+-      result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list));
++      result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list),
++                               BACKEND->algIds);
+       if(CURLE_OK != result) {
+         failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG");
+         return result;
+diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
+index 2952caa1a5a1..77853aa30f96 100644
+--- a/lib/vtls/schannel.h
++++ b/lib/vtls/schannel.h
+@@ -71,6 +71,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
+ #endif
+ #endif
+ 
++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */
++
+ struct Curl_schannel_cred {
+   CredHandle cred_handle;
+   TimeStamp time_stamp;
+@@ -102,6 +104,7 @@ struct ssl_backend_data {
+ #ifdef HAS_MANUAL_VERIFY_API
+   bool use_manual_cred_validation; /* true if manual cred validation is used */
+ #endif
++  ALG_ID algIds[NUMOF_CIPHERS];
+ };
+ #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
+ 
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22898.patch
new file mode 100644
index 0000000000..1a9cd7289e
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22898.patch
@@ -0,0 +1,32 @@
+From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Fri, 7 May 2021 13:09:57 +0200
+Subject: [PATCH] telnet: check sscanf() for correct number of matches
+
+CVE-2021-22898
+
+Bug: https://curl.se/docs/CVE-2021-22898.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde]
+
+CVE: CVE-2021-22898
+
+Signed-off-by: Harry Sintonen <sintonen@iki.fi>
+Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
+---
+ lib/telnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 26e0658ba9cc..fdd137fb0c04 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
+         size_t tmplen = (strlen(v->data) + 1);
+         /* Add the variable only if it fits */
+         if(len + tmplen < (int)sizeof(temp)-6) {
+-          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
++          if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+             msnprintf((char *)&temp[len], sizeof(temp) - len,
+                       "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+                       CURL_NEW_ENV_VALUE, varval);
diff --git a/poky/meta/recipes-support/curl/curl_7.75.0.bb b/poky/meta/recipes-support/curl/curl_7.75.0.bb
index f7a8202bc9..42be2eb0b5 100644
--- a/poky/meta/recipes-support/curl/curl_7.75.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.75.0.bb
@@ -15,6 +15,8 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0002-transfer-strip-credentials-from-the-auto-referer-hea.patch \
            file://vtls-fix-addsessionid.patch \
            file://vtls-fix-warning.patch \
+           file://CVE-2021-22898.patch \
+           file://CVE-2021-22897.patch \
 "
 
 SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026"