poky: subtree update:488e39b623..c8075ed8f1

Alejandro Hernandez Samaniego (1):
      bitbake: fetch2/wget: Avoid crashing when connection drops mid checkstatus

Alexander Kanavin (17):
      webkit/wpe: only check even versions
      syslinux: use NO_INLINE_FUNCS in CFLAGS
      dosfstools: update 4.1 -> 4.2
      e2fsprogs: update 1.45.7 -> 1.46.1
      elfutils: update 0.182 -> 0.183
      meson: update 0.56.2 -> 0.57.1
      perl: update 5.32.0 -> 5.32.1
      openssl: address ptest failures caused by perl 5.32.1
      ptest-perl/run-ptest: address failures caused by perl 5.32.1
      pango: update 1.48.0 -> 1.48.2
      vulkan-samples: update to latest revision
      webkitgtk: update 2.30.4 -> 2.30.5
      libgcrypt: update 1.8.7 -> 1.9.2
      pinentry: update 1.1.0 -> 1.1.1
      libmd: add a recipe
      libbsd: udpate 0.10.0 -> 0.11.3
      scripts/lib/wic/partition.py: do not set FAT size

Charlie Davies (2):
      bitbake: bitbake: providers: fix incorrect return type bug
      bitbake: bitbake: providers: use pythonic empty list check

Colin Finck (1):
      dosfstools: Build --without-iconv

Diego Santa Cruz (4):
      packagegroup-base: use amixer instead of alsamixer
      packagegroup-base: do not force hdparm and e2fsprogs
      sysklogd: do not open any network sockets by default
      createrepo-c: set path to magic database for native and nativesdk

Dorinda (7):
      gdb-common.inc: add PACKAGECONFIG for debuginfod
      meta/recipes-bsp: Add HOMEPAGE / DESCRIPTION
      meta/recipes-connectivity: Add HOMEPAGE / DESCRIPTION
      meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
      meta/recipes-core: Add HOMEPAGE / DESCRIPTION
      scripts/oe-debuginfod: script that fetches package manager directory
      binutils: add PACKAGECONFIG for debuginfod

Florian Bezdeka (1):
      wic: Warn if an ext filesystem affected by the Y2038 problem is used

He Zhe (1):
      glibc: Disable CPU ISA level requirement check

Jan Brzezanski (1):
      bitbake: Force parser shutdown after catching an exception

Jan-Simon Moeller (1):
      Add core-image-weston to reproducible build tests

Jan-Simon Möller (2):
      reproducible_builds: SOURCE_DATE_EPOCH should not be 0
      oe-selftests: add rpm to reproducible build selftest

Jate Sujjavanich (1):
      iputils: Fix cap_net_raw for installed binaries

Joel Stanley (1):
      conf/machine-sdk: Add ppc64le SDK machine

Joshua Watt (2):
      bitbake: event: Fix broken builds when multiconfig has a hyphen in the name
      diffoscope: Add python3-rpm as dependency

Khem Raj (23):
      nettle: Upgrade to 3.7.1
      runqemu: Add new option to disable vga emulation
      linuxloader: Deal with little-endian ppc64 ldso name
      musl: Install /lib directory
      goarch.bbclass: Fix ppc64le detection
      bitbake.conf: Do not use lib64 for baselib on musl/ppc64
      glibc: Build for power9 cpu when using powerpc64le tunes
      tune-power9: Enable qemu-usermode
      selftest: Replace building dep tool with direnv
      goarch: Use softfloat instead of 387 for 386 goarch
      go: Upgrade compiler to 1.16 major release
      go: Enable CGO and pie buildmode on rv64
      go-helloworld: Turn into a go module enabled build
      binutils: Upgrade to 2.36.1 release
      llvm: Upgrade to 11.1.0 release
      oeqa/pam: Need shadow installed for the tests
      glibc: Fix rawmemchr
      rxvt-unicode: Do not use throw specifications
      llvm: Fix build with c++17
      dtc: Fix array-bounds error
      puzzles: Fix stringop-overflow warning
      igt-gpu-tools: Fix warnings with gcc 11
      kea: Fix configure test error with gcc11

Klaus Heinrich Kiwi (1):
      kernel-fitimage: Don't use unit addresses on FIT

Martin Jansa (3):
      sstatesig.py: show an error instead of warning when sstate manifest isn't found
      glib-2.0: replace THISDIR instead of COREBASE in find_meson_cross_files --cross-file paths
      coreutils: use u-a for base32

Meh Mbeh Ida Delphine (7):
      licenses: Update license file to match current SPDX names
      recipes-gnome: Add missing HOMEPAGE and DESCRIPTION for recipes
      recipes-graphics: Add missing HOMEPAGE and DESCRIPTION for recipes.
      recipes-kernel: Add missing HOMEPAGE and DESCRIPTION for recipes.
      recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes.
      recipes-sato: Add missing HOMEPAGE and DESCRIPTION for recipes
      recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipes

Michael Halstead (2):
      releases: update to include 3.2.2
      releases: update to include 3.1.6

Mike Crowe (2):
      externalsrc: Pass through npmsw URIs in SRC_URI
      gcc-sanitizers: Move content from gcclibdir into libdir

Milan Shah (1):
      report-error.bbclass: Add layer and bitbake version info to error report

Mingli Yu (1):
      python3: Fix python interpreter line length for nativesdk

Oleksandr Kravchuk (4):
      python3: update to 3.9.2
      ell: update to 0.38
      net-tools: update to 2.10
      busybox: update 1.33.0

Peter Kjellerstedt (1):
      asciidoc: Switch to using the main branch

Randy MacLeod (3):
      Add libgit2, libssh2 from meta-oe for rust
      libssh2: pull in additional commits from meta-oe
      libgit2: pull in updates from meta-oe

Richard Purdie (61):
      maintainers: Update email address for Victor
      figures/yp-how-it-works-new-diagram.png: Fix spelling error underline
      recipes: Update common-licenses references to match new names
      licenses.conf: Add missing 'or-later' mappings
      licenses: Fix canonical license for 'or-later' handling
      licenses: Update INCOMPATIBLE_LICENSE for 'or-later' handling
      license_image: Don't canonicalise INCOMPATIBLE_LICENSE
      selftest/incompatible_lic: Update the tests after the 'or-later' license handling changes
      gma500-gfx-check: Update licence to match changes in OE-Core
      diffoscope: Upgrade 166 -> 167
      linux-firmware: upgrade 20201218 -> 20210208
      python3-pycryptodome/pycryptodomex: upgrade 3.9.9 -> 3.10.1
      apt: Upgrade 1.8.2.1 -> 1.8.2.2
      python3-magic: upgrade 0.4.18 -> 0.4.20
      libproxy: Avoid /etc/sysconfig determinism issue
      rsync: Fix a file sorting determinism issue
      rsync: Fix group name determinism issue
      libcap-ng: Fix python bindings determinism issue
      libcap-ng: Replace python patch with a better fix
      libevdev: Update patch status to backport
      ca-certificates: Clean up two patches and submit upstream
      libpcre: Drop old/stale patch
      diffoscope: Ensure the correct magic file is used
      babeltrace2: Fix reproducibility
      reproducible: Improve SOURCE_DATE_EPOCH_FALLBACK handling
      selftest/reproducible: Remove exclusions for recipes which now reproduce
      diffoscope: Ensure rpm is configured correctly
      package/package_rpm: Disable font_provides configuration for reproducibilty
      fonts: Bump HASHEQUIV_HASH_VERSION after rpmdeps change
      reproduce: Fix exclusion list for rpm
      maintainers: add entries libssh2 libgit2
      cups: Fix reproducibility issues
      gcr: Fix reproducibility issue
      rsync: Update patch status
      gtk-doc: Fix reproducibility issue
      epiphany: Fix reproducibility issue
      epiphany: Fix distributor contamination from /etc/os-release
      gst-devtools: Fix reproducibility issue
      parted: Fix reproducibility issue
      libsecret: Improve determimism
      libhandy: Fix reproducibility issue
      selftest/reproducible: Don't call sync between each file compare
      image: Add directories to PSEUDO_IGNORE_PATHS
      populate_sdk: Add directories to PSEUDO_IGNORE_PATHS
      bitbake.conf/image: Move image specific PSEUDO_IGNORE_PATHS to image class
      bitbake.conf: Split PSEUDO_IGNORE_PATHS to be more readable
      bootchart2: Fix manpage reproducibility issue
      igt-gpu-tools: Fix reproducibility issue
      libid3tag: Fix reproducibility issue
      apr-util: Fix CFLAGS used in build
      gstreamer1.0-python: Set internal python library path correcty
      diffoscope: Upgrade 167 -> 168
      syslinux: Fix reproducibility issues
      swig: Fix reproducibility issue
      efivar: Fix reproducibility issue
      systemd-bootchart: Disable LTO to fix reproducibility
      selftest/reproducible: Add ability to pull some objects from sstate
      qemu: Determinism fixes
      lttng: Fix reproducibility issues
      ltp: Fixing determinism issues
      python3-cython: Remove build paths from debug sources

Ross Burton (1):
      grub: shuffle packaging for aarch64 builds

Scott Murray (1):
      screen: fix CVE-2021-26937

Stefan Ghinea (2):
      wpa-supplicant: fix CVE-2021-0326
      cups: fix CVE-2020-10001

Tomasz Dziendzielski (1):
      bitbake.conf: Introduce FAKEROOTLOGS variable used by bitbake to print pseudo.log

Vivien Didelot (1):
      systemd: Fix importd requirements comment

Wang Mingyu (12):
      util-linux: upgrade 2.36.1 -> 2.36.2
      xkeyboard-config: upgrade 2.31 -> 2.32
      liburcu: upgrade 0.12.1 -> 0.12.2
      lttng-ust: upgrade 2.12.0 -> 2.12.1
      openssl: upgrade 1.1.1i -> 1.1.1j
      bluez5: upgrade 5.55 -> 5.56
      libxcrypt: upgrade 4.4.17 -> 4.4.18
      nfs-utils: upgrade 2.5.2 -> 2.5.3
      ccache: upgrade 4.1 -> 4.2
      eudev: upgrade 3.2.9 -> 3.2.10
      glslang: upgrade 11.1.0 -> 11.2.0
      iproute2: upgrade 5.10.0 -> 5.11.0

Yi Fan Yu (3):
      libnl: add ptest support
      gdb: Remove "ALLOW_EMPTY_gdbserver" on riscv
      valgrind: Increase timeout duration 30 -> 90 s

zhengruoqin (8):
      glibc-package.inc: Fix arm multlib header issue with struct_stat.h
      glibc: Unify wordsize.h with arm multilibs
      libxcrypt-compat: upgrade 4.4.17 -> 4.4.18
      log4cplus: upgrade 2.0.5 -> 2.0.6
      python3-cython: upgrade 0.29.21 -> 0.29.22
      python3-git: upgrade 3.1.13 -> 3.1.14
      sysvinit: upgrade 2.98 -> 2.99
      python3-magic: upgrade 0.4.20 -> 0.4.22

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I69b5102d327da636a9c36642b46841e4341368d8
diff --git a/poky/meta/recipes-extended/screen/screen/CVE-2021-26937.patch b/poky/meta/recipes-extended/screen/screen/CVE-2021-26937.patch
new file mode 100644
index 0000000..983b35c
--- /dev/null
+++ b/poky/meta/recipes-extended/screen/screen/CVE-2021-26937.patch
@@ -0,0 +1,68 @@
+Description: [CVE-2021-26937] Fix out of bounds array access
+Author: Michael Schröder <mls@suse.de>
+Bug-Debian: https://bugs.debian.org/982435
+Bug: https://savannah.gnu.org/bugs/?60030
+Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
+Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3
+Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html
+
+CVE: CVE-2021-26937
+Upstream-Status: Pending
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+--- a/encoding.c
++++ b/encoding.c
+@@ -43,7 +43,7 @@
+ # ifdef UTF8
+ static int   recode_char __P((int, int, int));
+ static int   recode_char_to_encoding __P((int, int));
+-static void  comb_tofront __P((int, int));
++static void  comb_tofront __P((int));
+ #  ifdef DW_CHARS
+ static int   recode_char_dw __P((int, int *, int, int));
+ static int   recode_char_dw_to_encoding __P((int, int *, int));
+@@ -1263,6 +1263,8 @@
+     {0x30000, 0x3FFFD},
+   };
+ 
++  if (c >= 0xdf00 && c <= 0xdfff)
++    return 1;          /* dw combining sequence */
+   return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
+           (cjkwidth &&
+            bisearch(c, ambiguous,
+@@ -1330,11 +1332,12 @@
+ }
+ 
+ static void
+-comb_tofront(root, i)
+-int root, i;
++comb_tofront(i)
++int i;
+ {
+   for (;;)
+     {
++      int root = i >= 0x700 ? 0x801 : 0x800;
+       debug1("bring to front: %x\n", i);
+       combchars[combchars[i]->prev]->next = combchars[i]->next;
+       combchars[combchars[i]->next]->prev = combchars[i]->prev;
+@@ -1396,9 +1399,9 @@
+     {
+       /* full, recycle old entry */
+       if (c1 >= 0xd800 && c1 < 0xe000)
+-        comb_tofront(root, c1 - 0xd800);
++        comb_tofront(c1 - 0xd800);
+       i = combchars[root]->prev;
+-      if (c1 == i + 0xd800)
++      if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
+ 	{
+ 	  /* completely full, can't recycle */
+ 	  debug("utf8_handle_comp: completely full!\n");
+@@ -1422,7 +1425,7 @@
+   mc->font  = (i >> 8) + 0xd8;
+   mc->fontx = 0;
+   debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+-  comb_tofront(root, i);
++  comb_tofront(i);
+ }
+ 
+ #else /* !UTF8 */
diff --git a/poky/meta/recipes-extended/screen/screen_4.8.0.bb b/poky/meta/recipes-extended/screen/screen_4.8.0.bb
index 4772eb6..fe640c2 100644
--- a/poky/meta/recipes-extended/screen/screen_4.8.0.bb
+++ b/poky/meta/recipes-extended/screen/screen_4.8.0.bb
@@ -21,6 +21,7 @@
            file://0002-comm.h-now-depends-on-term.h.patch \
            file://0001-fix-for-multijob-build.patch \
            file://0001-Remove-more-compatibility-stuff.patch \
+           file://CVE-2021-26937.patch \
           "
 
 SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e"