poky: subtree update:2dcd1f2a21..9d1b332292

Alejandro Hernandez Samaniego (2):
      baremetal-helloworld: Enable RISC-V 64 port
      baremetal-image: Fix post process command rootfs_update_timestamp

Alexander Kanavin (94):
      python3: add markdown/smartypants/typogrify modules
      gi-docgen: add a recipe and class
      gdk-pixbuf/pango: replace gtk-doc with gi-docgen
      vala: upgrade 0.50.4 -> 0.52.2
      xkbcomp: upgrade 1.4.4 -> 1.4.5
      stress-ng: upgrade 0.12.05 -> 0.12.06
      xserver-xorg: upgrade 1.20.10 -> 1.20.11
      xorgproto: upgrade 2020.1 -> 2021.3
      dpkg: update 1.20.7.1 -> 1.20.9
      puzzles: update to latest revision
      cmake: update 3.19.5 -> 3.20.1
      meson: update 0.57.1 -> 0.57.2
      systemd: backport a patch to avoid unnecessary rsync dependency with latest meson
      pulseaudio: unbreak build with latest meson
      libdnf: upgrade 0.58.0 -> 0.62.0
      bluez5: upgrade 5.56 -> 5.58
      libxkbcommon: update 1.0.3 -> 1.2.1
      libgudev: update 234 -> 236
      vulkan-samples: update to latest revision
      gnupg: upgrade 2.2.27 -> 2.3.1
      virglrenderer: update 0.8.2 -> 0.9.1
      webkitgtk: update 2.30.6 -> 2.32.0
      acl: upgrade 2.2.53 -> 2.3.1
      bind: upgrade 9.16.12 -> 9.16.13
      bison: upgrade 3.7.5 -> 3.7.6
      createrepo-c: upgrade 0.17.0 -> 0.17.2
      cronie: upgrade 1.5.5 -> 1.5.7
      dnf: upgrade 4.6.0 -> 4.7.0
      e2fsprogs: upgrade 1.46.1 -> 1.46.2
      gnu-efi: upgrade 3.0.12 -> 3.0.13
      systemd-boot: backport a fix to address failures with new gnu-efi
      gobject-introspection: upgrade 1.66.1 -> 1.68.0
      gtk+3: upgrade 3.24.25 -> 3.24.28
      harfbuzz: upgrade 2.7.4 -> 2.8.0
      less: upgrade 563 -> 581
      libfm: upgrade 1.3.1 -> 1.3.2
      libinput: upgrade 1.16.4 -> 1.17.1
      libwpe: upgrade 1.8.0 -> 1.10.0
      libxres: upgrade 1.2.0 -> 1.2.1
      linux-firmware: upgrade 20210208 -> 20210315
      pango: upgrade 1.48.2 -> 1.48.4
      piglit: upgrade to latest revision
      pkgconf: upgrade 1.7.3 -> 1.7.4
      python3-hypothesis: upgrade 6.2.0 -> 6.9.1
      python3-importlib-metadata: upgrade 3.4.0 -> 3.10.1
      python3-pytest: upgrade 6.2.2 -> 6.2.3
      python3-setuptools-scm: upgrade 5.0.1 -> 6.0.1
      x264: upgrade to latest revision
      ptest: add a test for orphaned ptests, and restore ones found by it
      swig: fix upstream version check
      liberation-fonts: fix upstream version check
      Revert "go: Use dl.google.com for SRC_URI"
      powertop: update 2.13 -> 2.14
      mesa: add lmsensors PACKAGECONFIG
      ffmpeg: update 4.3.2 -> 4.4
      qemu: use 4 cores in qemu guests
      avahi: disable gtk bits
      gdk-pixbuf: rewrite the cross-build support for tests
      gnome: drop upstream even condition from a few recipes
      expat: upgrade 2.2.10 -> 2.3.0
      meson.bbclass: split python routines into a separate class
      gstreamer1.0-plugins-base: backport a patch to fix meson 0.58 builds
      meson: update 0.57.2 -> 0.58.0
      qemu: backport a patch to fix meson 0.58 builds
      nativesdk-meson: correctly set cpu_family
      bitbake: fetch2/wget: when checking latest versions, consider all numerical directories
      mklibs: remove recipes and class
      local.conf: Drop support for mklibs
      u-boot: upgrade 2021.01 -> 2021.04
      gdk-pixbuf: update a patch status
      systemd: update 247.6 -> 248.3
      systemd-conf: do not version in lockstep with systemd
      gnu-config: update to latest revision
      mmc-utils: update to latest revision
      python3-smartypants: fix upstream version check
      at: upgrade 3.2.1 -> 3.2.2
      gnomebase: trim the SRC_URI directory from the back
      gsettings-desktop-schemas: upgrade 3.38.0 -> 40.0
      igt-gpu-tools: upgrade 1.25 -> 1.26
      mesa: update 21.0.3 -> 21.1.1
      vulkan-samples: update to latest revision
      libgpg-error: update 1.41 -> 1.42
      webkitgtk: update 2.32.0 -> 2.32.1
      glib-2.0: update 2.68.1 -> 2.68.2
      apt: upgrade 2.2.2 -> 2.2.3
      cmake: update 3.20.1 -> 3.20.2
      libdnf: update 0.62.0 -> 0.63.0
      harfbuzz: update 2.8.0 -> 2.8.1
      curl: update 7.76.0 -> 7.76.1
      systemtap: update 4.4 -> 4.5
      wayland: package target binaries into -tools, not into -dev
      ptest: add newly discovered missing runtime dependencies across recipes
      images: remove sato/weston ptest images
      images: add ptest images based on core-image-minimal

Andreas Müller (1):
      gstreamer1.0-plugins-good: fix build with gcc11

Andrej Valek (1):
      expat: upgrade 2.3.0 -> 2.4.1

Anuj Mittal (1):
      lsb-release: fix reproducibility failure

Armin Kuster (5):
      bitbake: hashserv/server.py: drop unused imports
      bitbake: hashserver/client.py: drop unused imports
      poky.yaml: fedora33: add missing pkgs
      systemctl: Stop tracebacks use formated error messages
      package_manager/rpm: decode systemctl failures

Bastian Krause (1):
      ccache: version bump 4.2.1 -> 4.3

Bruce Ashfield (18):
      linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
      kern-tools: Kconfiglib: add support for bare 'modules' keyword
      lttng-modules: update devupstream to v2.13-rc
      lttng-modules: update to v2.12.6
      kernel-yocto: provide debug / summary information for metadata
      linux-yocto/5.10: update to v5.10.35
      linux-yocto/5.4: update to v5.4.117
      linux-yocto/5.10: ktypes/standard: disable obsolete crypto options by default
      linux-yocto/5.10: update to v5.10.36
      linux-yocto/5.4: update to v5.4.118
      linux-yocto/5.10: update to v5.10.37
      linux-yocto/5.4: update to v5.4.119
      kernel-devsrc: adjust NM and OBJTOOL variables for target
      linux-yocto/5.10: update to v5.10.38
      linux-yocto-dev: bump to v5.13+
      linux-yocto/5.4: update to v5.4.120
      linux-yocto/5.10: update to v5.10.41
      linux-yocto/5.4: update to v5.4.123

Carlos Rafael Giani (1):
      ffmpeg: Add libopus packageconfig

Changqing Li (2):
      unfs3: correct configure option
      pkgconfig: update SRC_URI

Chen Qi (3):
      db: update CVE_PRODUCT
      rt-tests: update SRCREV
      xxhash: backport patch to fix special char problem

Daniel McGregor (3):
      lib/oe/gpg_sign.py: Fix gpg verification
      sstate: Ignore sstate signing key
      bison: Make libtextstyle and libreadline optional

Daniel Wagenknecht (1):
      kernel-dev: document KCONFIG_MODE

Douglas Royds (3):
      Revert "icecc: Don't use icecc when INHIBIT_DEFAULT_DEPS is set"
      icecc: Demote "could not get ICECC_CC" warning to note
      icecc-create-env: Silence warning: invalid ICECC_ENV_EXEC

Drew Moseley (1):
      manuals: fix a few incorrect option specifications.

Guillaume Champagne (1):
      image-live.bbclass: order do_bootimg after do_rootfs

Joshua Watt (1):
      zstd: Add patch to fix MinGW builds

Kai Kang (1):
      grub2.inc: remove '-O2' from CFLAGS

Khem Raj (17):
      swig: Upgrade to 4.0.2
      python3-markdown: Upgrade to 3.3.4
      ffmpeg: Fix build on mips
      npth: Check for pthread_create for including lpthread
      gcc: Add target gcc include search for musl config too
      gcc: Extend .gccrelocprefix section support to musl configs
      gcc: Refresh patch to fix patch fuzz
      musl: Fix __NR_fstatat syscall name for riscv
      libxfixes: Update to 6.0.0 release
      xorgproto: Upgrade to 2021.4 release
      glibc: Update to latest 2.33 branch
      systemd: Fix 248.3 on musl
      glibc: Enable memory tagging for aarch64
      gcc: Update to latest on release/gcc-11 branch
      apt: Add missing <array> header
      ovmf: Fix VLA warnings with GCC 11
      libucontext: Switch to meson build system

Martin Jansa (4):
      gcc-sanitizers: Package up static hwasan files as well
      webkitgtk: fix build without opengl in DISTRO_FEATURES
      binutils: backport DWARF-5 support for gold
      sstatesig.py: make it fatal error when sstate manifest isn't found

Michael Halstead (3):
      releases: update to include 3.2.4
      uninative: Upgrade to 3.2 (gcc11 support)
      releases: update to include 3.3.1

Michael Opdenacker (8):
      manuals: reduce verbosity with "worry about" expression
      manuals: reduce verbosity related to "the following" expression
      ref-manual: simplify style
      kernel-dev manual: simplify style
      dev-manual: simplify style
      sdk-manual: simplify style and fix formating
      overview-manual: simplify style and add missings references
      manuals: simplify style

Mike Crowe (2):
      npm.bbclass: Allow nodedir to be overridden by NPM_NODEDIR
      libnotify: Make gtk+3 dependency optional

Ming Liu (4):
      kernel-fitimage.bbclass: fix a wrong conditional check
      initramfs-framework:rootfs: fix wrong indentions
      kernel-fitimage.bbclass: drop unit addresses from bootscr sections
      uboot-sign/kernel-fitimage: split generate_rsa_keys task

Nikolay Papenkov (1):
      flex: correct license information

Nisha Parrakat (1):
      squashfs-tools: package squashfs-fs.h

Peter Kjellerstedt (3):
      libcap: Configure Make variables correctly without a horrible hack
      util-linux.inc: Do not modify BPN
      native.bbclass: Do not remove "-native" in the middle of recipe names

Petr Vorel (1):
      ltp: Update to 20210524

Richard Purdie (92):
      oeqa/qemurunner: Fix binary vs str issue
      oeqa/qemurunner: Improve handling of run_serial for shutdown commands
      ptest-packagelists: Add expat-ptest to fast ptests
      puzzles: Upstream changed to main branch for development
      grub2: Add CVE whitelist entries for issues fixed in 2.06
      glibc: Document and whitelist CVE-2019-1010022-25
      qemu: Exclude CVE-2017-5957 from cve-check
      qemu: Exclude CVE-2007-0998 from cve-check
      qemu: Exclude CVE-2018-18438 from cve-check
      jquery: Exclude CVE-2007-2379 from cve-check
      logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check
      openssh: Exclude CVE-2007-2768 from cve-check
      ovmf: Improve reproducibility by enabling prefix mapping
      bind: Exclude CVE-2019-6470 from cve-check
      openssh: Exclude CVE-2008-3844 from cve-check
      unzip: Exclude CVE-2008-0888 from cve-check
      cpio: Exclude CVE-2010-4226 from cve-check
      xinetd: Exclude CVE-2013-4342 from cve-check
      ghostscript: Exclude CVE-2013-6629 from cve-check
      bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-check
      tiff: Exclude CVE-2015-7313 from cve-check
      ovmf: Disable lto to aid reproducibility
      ovmf: Fix other reproducibility issues
      rpm: Exclude CVE-2021-20271 from cve-check
      coreutils: Exclude CVE-2016-2781 from cve-check
      librsvg: Exclude CVE-2018-1000041 from cve-check
      avahi: Exclude CVE-2021-26720 from cve-check
      qemu: Set SMP to 4 cpus for arm/x86 only
      qemuboot-x86: Switch to IvyBridge and q35 instead of pc
      qemu-x86: Add commandline options to improve boot
      sstate: Handle manifest 'corruption' issue
      lttng-ust: Upgrade 2.12.1 -> 2.12.2
      qemu: Upgrade 5.2.0 -> 6.0.0
      python3-markupsafe: Upgrade 1.1.1 -> 2.0.0
      python3-jinja2: Upgrade 2.11.3 -> 3.0.0
      ofono: upgrade 1.31 -> 1.32
      libnss-mdns: upgrade 0.14.1 -> 0.15
      python3-git: upgrade 3.1.14 -> 3.1.17
      bind: upgrade 9.16.13 -> 9.16.15
      vala: upgrade 0.52.2 -> 0.52.3
      libjpeg-turbo: upgrade 2.0.6 -> 2.1.0
      btrfs-tools: upgrade 5.12 -> 5.12.1
      python3-hypothesis: upgrade 6.9.1 -> 6.12.0
      python3-numpy: upgrade 1.20.2 -> 1.20.3
      gtk+3: upgrade 3.24.28 -> 3.24.29
      sudo: upgrade 1.9.6p1 -> 1.9.7
      stress-ng: upgrade 0.12.06 -> 0.12.08
      less: upgrade 581 -> 586
      libtirpc: upgrade 1.3.1 -> 1.3.2
      libinput: upgrade 1.17.1 -> 1.17.2
      zstd: upgrade 1.4.9 -> 1.5.0
      hdparm: upgrade 9.61 -> 9.62
      libxkbcommon: upgrade 1.2.1 -> 1.3.0
      spirv-tools: upgrade 2020.7 -> 2021.1
      diffoscope: upgrade 172 -> 175
      mpg123: upgrade 1.26.5 -> 1.27.2
      sqlite3: upgrade 3.35.3 -> 3.35.5
      wayland-protocols: upgrade 1.20 -> 1.21
      shaderc: upgrade 2020.5 -> 2021.0
      wpebackend-fdo: upgrade 1.8.3 -> 1.8.4
      libxcrypt-compat: upgrade 4.4.19 -> 4.4.20
      Revert "cml1.bbclass: Return sorted list of cfg files"
      bitbake: server/process: Handle error in heartbeat funciton in OOM case
      glibc: Add 8GB VM usage cap for usermode test suite
      cve-extra-exclusions.inc: add exclusion list for intractable CVE's
      rpm: Drop CVE exclusion as database fixed to handle
      cve-extra-exclusions: Fix typos
      grub: Exclude CVE-2019-14865 from cve-check
      cve-extra-exclusions.inc: Clean up merged CPE updates
      ltp: Disable problematic tests causing autobuilder hangs
      python3-setuptools: upgrade 56.0.0 -> 56.2.0
      distro/maintainers: Fix up the ptest image entries
      oeqa/runtime/rpm: Drop log message counting test component
      linux-firmware: upgrade 20210315 -> 20210511
      libxcrypt: Upgrade 4.4.20 -> 4.4.22
      iproute2: upgrade 5.11.0 -> 5.12.0
      libx11: upgrade 1.7.0 -> 1.7.1
      python3-hypothesis: upgrade 6.12.0 -> 6.13.7
      pango: upgrade 1.48.4 -> 1.48.5
      python3-importlib-metadata: upgrade 4.0.1 -> 4.3.0
      libmodulemd: upgrade 2.12.0 -> 2.12.1
      vte: upgrade 0.64.0 -> 0.64.1
      libinput: upgrade 1.17.2 -> 1.17.3
      gi-docgen: upgrade 2021.5 -> 2021.6
      kmod: upgrade 28 -> 29
      xorgproto: upgrade 2021.4 -> 2021.4.99.1
      libpcre2: upgrade 10.36 -> 10.37
      libepoxy: upgrade 1.5.5 -> 1.5.8
      python3-jinja2: upgrade 3.0.0 -> 3.0.1
      curl: upgrade 7.76.1 -> 7.77.0
      python3-setuptools: upgrade 56.2.0 -> 57.0.0
      oeqa/qemurunner: Improve timeout handling

Richard Weinberger (1):
      Add support for erofs filesystems

Robert Joslyn (3):
      liberation-fonts: Update to 2.1.4
      epiphany: Update to 40.1
      btrfs-tools: Update to 5.12

Robert P. J. Day (8):
      sdk-manual: couple minor fixes in using.rst
      sdk-manual: various cleanups to intro.rst
      ref-manual: delete references to dead LSB compliance
      ref-manual: delete extraneous back quote
      image.bbclass: fix comment "pacackages" -> "packages"
      meta/lib/oe/rootfs.py: Fix typo "Restoreing" -> "Restoring"
      bitbake.conf: alphabetize contents of ASSUME_PROVIDED
      ref-manual: add links to some variables in glossary

Romain Naour (1):
      dejagnu: needs expect at runtime

Ross Burton (12):
      cairo: backport patch for CVE-2020-35492
      libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)
      builder: whitelist CVE-2008-4178 (a different builder)
      libarchive: disable redundant libxml2 PACKAGECONFIG
      meson: update patch status
      cups: whitelist CVE-2021-25317
      libsolv: add missing db dependency
      rpm: turn Berkeley DB hard dependency into PACKAGECONFIG
      python3: update status on upstreamed patch
      ref-manual: Ubuntu 20.04 is also LTS
      package_rpm: pass XZ_THREADS to rpm
      gcc: revert libstc++-gdb.py installation changes

Samuli Piippo (3):
      gcc-cross-canadian: add symlinks for ld.bfd and ld.gold
      libarchive: enable zstd support
      cmake-native: enabled zstd support

Stefan Ghinea (1):
      boost: fix do_fetch failure

Steve Sakoman (1):
      expat: set CVE_PRODUCT

Tony Tascioglu (3):
      libxml2: Reformat runtest.patch
      libxml2: Add bash dependency for ptests.
      libxml2: Update to 2.9.12

Trevor Gamblin (2):
      python3: upgrade 3.9.4 -> 3.9.5
      bind: upgrade 9.16.15 -> 9.16.16

Ulrich Ölmann (1):
      local.conf.sample: fix typo

Vinícius Ossanes Aquino (1):
      lttng-modules: backport patches to fix build against 5.12+ kernel

Yann Dirson (1):
      linux-firmware: include all relevant files in -bcm4356

hongxu (1):
      gdk-pixbuf: fix nativesdk do_configure failed

wangmy (21):
      python3-pygments: upgrade 2.8.1 -> 2.9.0
      at-spi2-core: upgrade 2.40.0 -> 2.40.1
      ell: upgrade 0.39 -> 0.40
      kexec-tools: upgrade 2.0.21 -> 2.0.22
      go: upgrade 1.16.3 -> 1.16.4
      python3-attrs: upgrade 20.3.0 -> 21.2.0
      python3-six: upgrade 1.15.0 -> 1.16.0
      vulkan-samples: update to latest revision
      vulkan-headers: upgrade 1.2.170.0 -> 1.2.176.0
      vulkan-tools: upgrade 1.2.170.0 -> 1.2.176.0
      vulkan-loader: upgrade 1.2.170.0 -> 1.2.176.0
      distcc: upgrade 3.3.5 -> 3.4
      libdrm: upgrade 2.4.105 -> 2.4.106
      libidn2: upgrade 2.3.0 -> 2.3.1
      libtasn1: upgrade 4.16.0 -> 4.17.0
      python3-libarchive-c: upgrade 2.9 -> 3.0
      python3-markupsafe: upgrade 2.0.0 -> 2.0.1
      python3-more-itertools: upgrade 8.7.0 -> 8.8.0
      python3-pytest: upgrade 6.2.3 -> 6.2.4
      logrotate: upgrade 3.18.0 -> 3.18.1
      stress-ng: upgrade 0.12.08 -> 0.12.09

zhengruoqin (10):
      busybox: upgrade 1.33.0 -> 1.33.1
      rng-tools: upgrade 6.11 -> 6.12
      rpcbind: upgrade 1.2.5 -> 1.2.6
      sysklogd: upgrade 2.2.2 -> 2.2.3
      python3-importlib-metadata: upgrade 3.10.1 -> 4.0.1
      python3-sortedcontainers: upgrade 2.3.0 -> 2.4.0
      rxvt-unicode: upgrade 9.22 -> 9.26
      libedit: upgrade 20210419-3.1 -> 20210522-3.1
      libtest-needs-perl: upgrade 0.002006 -> 0.002009
      libucontext: upgrade 0.10 -> 1.1

Change-Id: I5e5148036ac2a7918974733e5751c3392139b17e
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index c8a3f87..5c46bbf 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -30,10 +30,13 @@
 SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
 SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
 
+# Issue only affects Debian/SUSE, not us
+CVE_CHECK_WHITELIST += "CVE-2021-26720"
+
 DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native"
 
 # For gtk related PACKAGECONFIGs: gtk, gtk3
-AVAHI_GTK ?= "gtk3"
+AVAHI_GTK ?= ""
 
 PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}"
 PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/0001-avoid-start-failure-with-bind-user.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-avoid-start-failure-with-bind-user.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.16.16/bind9
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/bind9
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/bind9
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.16/conf.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/conf.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/conf.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.16.16/generate-rndc-key.sh
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/generate-rndc-key.sh
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/generate-rndc-key.sh
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.16/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/init.d-add-support-for-read-only-rootfs.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/init.d-add-support-for-read-only-rootfs.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.16/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/make-etc-initd-bind-stop-work.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/make-etc-initd-bind-stop-work.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.12/named.service b/poky/meta/recipes-connectivity/bind/bind-9.16.16/named.service
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.16.12/named.service
rename to poky/meta/recipes-connectivity/bind/bind-9.16.16/named.service
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.16.12.bb b/poky/meta/recipes-connectivity/bind/bind_9.16.16.bb
similarity index 94%
rename from poky/meta/recipes-connectivity/bind/bind_9.16.12.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.16.16.bb
index 09f7703..b152598 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.16.12.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.16.16.bb
@@ -20,12 +20,16 @@
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "9914af9311fd349cab441097898d94fb28d0bfd9bf6ed04fe1f97f042644da7f"
+SRC_URI[sha256sum] = "6c913902adf878e7dc5e229cea94faefc9d40f44775a30213edd08860f761d7b"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # stay at 9.16 follow the ESV versions divisible by 4
 UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/"
 
+# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
+# so the issue doesn't affect us.
+CVE_CHECK_WHITELIST += "CVE-2019-6470"
+
 inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
 
 # PACKAGECONFIGs readline and libedit should NOT be set at same time
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index 74b59e4..635cad8 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -53,6 +53,7 @@
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
            file://0001-audio-Rename-pause-funciton-to-avoid-shadowing-glibc.patch \
+           file://0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch
new file mode 100644
index 0000000..03b42f7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch
@@ -0,0 +1,25 @@
+From d341ba650af1b7068d9ad034732b4f41b91bb2c1 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Sun, 25 Apr 2021 18:56:41 +0200
+Subject: [PATCH] Makefile.am: add missing mkdir for ell/shared
+
+This addresses build errors out of source tree.
+
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index be5d5c7..72ad425 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -623,6 +623,7 @@ lib/bluetooth/%.h: lib/%.h
+ 	$(AM_V_GEN)$(LN_S) -f $(abspath $<) $@
+ 
+ ell/shared: Makefile
++	$(AM_V_at)$(MKDIR_P) ell
+ 	$(AM_V_GEN)for f in $(ell_shared) ; do \
+ 		if [ ! -f $$f ] ; then \
+ 			$(LN_S) -t ell -f $(abs_srcdir)/../ell/$$f ; \
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.56.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.58.bb
similarity index 87%
rename from poky/meta/recipes-connectivity/bluez5/bluez5_5.56.bb
rename to poky/meta/recipes-connectivity/bluez5/bluez5_5.58.bb
index 676cb2d..eb8475e 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.56.bb
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.58.bb
@@ -1,7 +1,9 @@
 require bluez5.inc
 
-SRC_URI[md5sum] = "e6c51b2aefa7c56ff072819a78611fa5"
-SRC_URI[sha256sum] = "59c4dba9fc8aae2a6a5f8f12f19bc1b0c2dc27355c7ca3123eed3fe6bd7d0b9d"
+SRC_URI[sha256sum] = "c8065e75a5eb67236849ef68a354b1700540305a8c88ef0a0fd6288f19daf1f1"
+
+# These issues have kernel fixes rather than bluez fixes so exclude here
+CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.11.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.12.0.bb
similarity index 75%
rename from poky/meta/recipes-connectivity/iproute2/iproute2_5.11.0.bb
rename to poky/meta/recipes-connectivity/iproute2/iproute2_5.12.0.bb
index e27b42d..3631123 100644
--- a/poky/meta/recipes-connectivity/iproute2/iproute2_5.11.0.bb
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2_5.12.0.bb
@@ -4,7 +4,7 @@
            file://0001-libc-compat.h-add-musl-workaround.patch \
            "
 
-SRC_URI[sha256sum] = "c5e2ea108212b3445051b35953ec267f9f3469e1d5c67ac034ab559849505c54"
+SRC_URI[sha256sum] = "9d268db98a36ee2a0e3ff3b92b2efff66fc1138a51e409bdef6ab3cfe15f326f"
 
 # CFLAGS are computed in Makefile and reference CCOPTS
 #
diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb
similarity index 95%
rename from poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
rename to poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb
index 9a83898..75e8ba0 100644
--- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
+++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb
@@ -11,7 +11,7 @@
 SRC_URI = "git://github.com/lathiat/nss-mdns \
            "
 
-SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae"
+SRCREV = "65ad25563937682ab2770c36d56667a754837102"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.32.bb
similarity index 92%
rename from poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
rename to poky/meta/recipes-connectivity/ofono/ofono_1.32.bb
index 2425ef7..f3d875b 100644
--- a/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
+++ b/poky/meta/recipes-connectivity/ofono/ofono_1.32.bb
@@ -13,8 +13,7 @@
     file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
     file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
 "
-SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc"
-SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
+SRC_URI[sha256sum] = "f7d775887b7b80cf3b82e3f0a6c2696c6d01963d222ca2217919d21b9e803042"
 
 inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
 
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
index be56fe4..e8f041c 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
@@ -27,10 +27,16 @@
            "
 SRC_URI[sha256sum] = "c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae"
 
+# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
+CVE_CHECK_WHITELIST += "CVE-2007-2768"
+
 # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
 CVE_CHECK_WHITELIST += "CVE-2014-9278"
 
+# CVE only applies to some distributed RHEL binaries
+CVE_CHECK_WHITELIST += "CVE-2008-3844"
+
 PAM_SRC_URI = "file://sshd"
 
 inherit manpages useradd update-rc.d update-alternatives systemd