poky: subtree update:796be0593a..9294bc4bb4

This includes our temporary libpam revert until OpenBMC can get in
support for the new libraries. See openbmc/openbmc#3750 for more
information.

Abdellatif El Khlifi (4):
      kernel-fitimage: adding support for Initramfs bundle and u-boot script
      kernel: skip installing fitImage when using Initramfs bundles
      oeqa/selftest/imagefeatures: adding fitImage initramfs bundle testcase
      ref-manual/ref-classes: update kernel-fitimage with Initramfs bundle and boot script

Adrian Herrera (2):
      scripts: oe-run-native, fix *-native directories
      common-licenses: add BSD-3-Clause-Clear license

Alan Perry (2):
      binutils: add libopcodes package for perf
      iproute2: Add subpackage for rdma command

Alejandro Hernandez Samaniego (2):
      newlib: Upgrade 3.3.0 -> 4.1.0
      newlib: Update licence

Alex Stewart (1):
      opkg: upgrade to version 0.4.4

Alexander Kanavin (89):
      selftest/reproducible: enable world reproducibility test
      selftest/reproducible: add an exclusion list for items that are not yet reproducible
      kea: upgrade 1.7.10 -> 1.8.1
      valgrind: exclude bar_bad/bar_bad_xml from ptests
      bzip2: run ptests without valgrind
      lttng-tools: disable more failing ptests
      glib-2.0: add a patch to increase a test timeout
      acpica: upgrade 20201113 -> 20201217
      bind: upgrade 9.16.9 -> 9.16.10
      diffoscope: upgrade 161 -> 163
      dnf: upgrade 4.4.0 -> 4.5.2
      enchant2: upgrade 2.2.13 -> 2.2.14
      epiphany: upgrade 3.38.1 -> 3.38.2
      ethtool: upgrade 5.9 -> 5.10
      gtk+3: upgrade 3.24.23 -> 3.24.24
      init-system-helpers: upgrade 1.58 -> 1.60
      kbd: upgrade 2.3.0 -> 2.4.0
      kea: upgrade 1.8.1 -> 1.8.2
      libmodulemd: upgrade 2.9.4 -> 2.11.1
      libpcre2: upgrade 10.35 -> 10.36
      libtirpc: upgrade 1.2.6 -> 1.3.1
      libusb1: upgrade 1.0.23 -> 1.0.24
      libva: upgrade 2.9.0 -> 2.10.0
      libx11: upgrade 1.6.12 -> 1.7.0
      lighttpd: upgrade 1.4.56 -> 1.4.57
      ninja: upgrade 1.10.1 -> 1.10.2
      puzzles: upgrade to latest revision
      python3-hypothesis: upgrade 5.41.5 -> 5.43.3
      python3-py: upgrade 1.9.0 -> 1.10.0
      python3-setuptools-scm: upgrade 4.1.2 -> 5.0.1
      sqlite3: upgrade 3.33.0 -> 3.34.0
      stress-ng: upgrade 0.11.24 -> 0.12.00
      sudo: upgrade 1.9.3p1 -> 1.9.4p1
      sysvinit: upgrade 2.97 -> 2.98
      vala: upgrade 0.50.1 -> 0.50.2
      vulkan-headers: upgrade 1.2.154.0 -> 1.2.162.0
      webkitgtk: upgrade 2.30.2 -> 2.30.4
      xprop: upgrade 1.2.4 -> 1.2.5
      xserver-xorg: upgrade 1.20.9 -> 1.20.10
      glib-2.0: update 2.66.2 -> 2.66.4
      rpm: update 4.16.0 -> 4.16.1.2
      piglit: update to latest revision
      sbc: update 1.4 -> 1.5
      libdnf: update 0.55.0 -> 0.55.2
      libva-utils: update 2.9.1 -> 2.10.0
      python3-importlib-metadata: update 3.1.1 -> 3.3.0
      python3: update 3.9.0 -> 3.9.1
      vulkan-loader: upgrade 1.2.154.1 -> 1.2.162.0
      vulkan-tools: upgrade 1.2.154.0 -> 1.2.162.0
      systemd-bootchart: update 233 -> 234
      zstd: add recipe from meta-oe
      zstd: update 1.4.5 -> 1.4.8
      devtool: gitsm:// should be handled same as git:// in upgrades
      ovmf: upgrade 202008 -> 202011
      libksba: update 1.4.0 -> 1.5.0
      libjitterentropy: update 2.2.0 -> 3.0.0
      icu: update 68.1 -> 68.2
      gnutls: update 3.6.15 -> 3.7.0
      gnupg: update 2.2.23 -> 2.2.26
      boost: update 1.74.0 -> 1.75.0
      kexec-tools: update 2.0.20 -> 2.0.21
      vulkan-samples: update to latest revision
      libpam: update 1.3.1 -> 1.5.1
      strace: update 5.9 -> 5.10
      python3-pytest: update 6.1.2 -> 6.2.1
      mtools: update 4.0.25 -> 4.0.26
      gnu-config: update to latest revision
      cmake: update 3.18.4 -> 3.19.2
      ccache: upgrade 3.7.11 -> 4.1
      ccache.bbclass: use ccache from host distribution
      gawk: add missing ptest dependency
      util-linux: upgrade 2.36 -> 2.36.1
      ell: upgrade 0.33 -> 0.35
      net-tools: correct version check
      oeqa/ptest: print a warning if ptests failed
      bash: update 5.0 -> 5.1
      runtime_test.py: correct output check for bash 5.1
      distcc: update 3.3.3 -> 3.3.5
      gptfdisk: update 1.0.5 -> 1.0.6
      python3-setuptools: update 51.0.0 -> 52.0.0
      ruby: update 2.7.2 -> 3.0.0
      vulkan-samples: update to latest revision
      dpkg: update 1.20.5 -> 1.20.7.1
      libhandy: upgrade 1.0.2 -> 1.0.3
      tar: update 1.32 -> 1.33
      at: correct upstream version check
      shaderc: correct version check
      spirv-tools: correct version check
      u-boot: upgrade 2020.10 -> 2021.01

Alistair Francis (1):
      opensbi: Bump from 0.8 to 0.9

Anatol Belski (1):
      iproute2: Make it easier to manipulate SUBDIRS list from bbappend

Andreas Müller (1):
      openssl: re-enable whirlpool

Andrey Mozzhuhin (1):
      toolchain-shar-extract.sh: Handle special characters in script path

Anton Kachalov (1):
      rootfs: add option to allow delayed postinsts on read-only rootfs

Anuj Mittal (45):
      mesa: add more details to elf-tls patch
      mesa: remove patch disabling asm
      linux-yocto: update genericx86 to v5.4.87
      enchant2: upgrade 2.2.14 -> 2.2.15
      gstreamer1.0: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-plugins-base: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-plugins-good: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-plugins-bad: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-libav: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-omx: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-rtsp-server: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-python: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-vaapi: upgrade 1.18.2 -> 1.18.3
      gst-examples: upgrade 1.18.2 -> 1.18.3
      gst-devtools: upgrade 1.18.2 -> 1.18.3
      gstreamer1.0-plugins-ugly: upgrade 1.18.2 -> 1.18.3
      libepoxy: upgrade 1.5.4 -> 1.5.5
      libproxy: upgrade 0.4.15 -> 0.4.17
      stress-ng: upgrade 0.12.00 -> 0.12.01
      vulkan-tools: upgrade 1.2.162.0 -> 1.2.162.1
      harfbuzz: upgrade 2.7.2 -> 2.7.4
      mpg123: upgrade 1.26.3 -> 1.26.4
      piglit: upgrade to latest revision
      vala: upgrade 0.50.2 -> 0.50.3
      gcr: upgrade 3.38.0 -> 3.38.1
      python3-pygments: upgrade 2.7.3 -> 2.7.4
      logrotate: upgrade 3.17.0 -> 3.18.0
      lzip: upgrade 1.21 -> 1.22
      python3-mako: upgrade 1.1.3 -> 1.1.4
      wget: upgrade 1.20.3 -> 1.21.1
      lighttpd: upgrade 1.4.57 -> 1.4.58
      python3-importlib-metadata: upgrade 3.3.0 -> 3.4.0
      python3-git: upgrade 3.1.11 -> 3.1.12
      acpica: upgrade 20201217 -> 20210105
      diffstat: upgrade 1.63 -> 1.64
      python3-dbusmock: upgrade 0.19 -> 0.22.0
      python3-hypothesis: upgrade 5.43.3 -> 6.0.2
      python3-numpy: upgrade 1.19.4 -> 1.19.5
      resolvconf: upgrade 1.83 -> 1.87
      sudo: upgrade 1.9.4p1 -> 1.9.5p1
      git: upgrade 2.29.2 -> 2.30.0
      meson: upgrade 0.56.0 -> 0.56.2
      rt-tests/hwlatdetect: upgrade 1.9 -> 1.10
      gstreamer1.0: fix failing ptest
      python3: fix CVE-2021-3177

Awais Belal (1):
      kernel.bbclass: fix deployment for initramfs images

Bruce Ashfield (38):
      linux-yocto-rt/5.4: update to -rt44
      linux-yocto/5.4: update to v5.4.80
      lttng-modules: fix build against v5.10+
      kern-tools: non-gcc config support and option re-classification
      linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y'
      linux-yocto/5.4: update to v5.4.82
      linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT
      linux-yocto/5.4: update to v5.4.83
      linux-yocto/5.8/cfg: fix -tiny warnings
      linux-yocto/5.4/cfg: fix -tiny warnings
      systemtap: fix on target build for 4.4 and 5.10+
      linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings
      kernel-devsrc: fix 32bit ARM devsrc builds
      linux-yocto/5.4: update to v5.4.85
      linux-yocto-dev: bump to v5.11-rc
      libc-headers: update to v5.10
      machine/qemuarm*: add vmalloc kernel parameter
      linux-yocto: introduce v5.10 reference kernel recipes
      linux-yocto/5.10: update to v5.10.2
      conf/machine: bump qemu preferred versions to 5.10
      poky/poky-tiny: set preferred kernel to 5.10
      yocto-bsp: explicitly set preferred version for reference boards
      poky-alt: don't use conditional assignment for preferred kernel version
      linux-yocto/5.10: update to v5.10.4
      linux-yocto/5.10: update to v5.10.5
      linux-yocto/5.4: update to v5.4.87
      linux-yocto/5.10/cfg: x86 and beaglebone config fixes
      linux-yocto: remove 5.8 recipes
      yocto-bsp: drop 5.8 bbappend
      linux-yocto/5.10: update to v5.10.8
      linux-yocto/5.4: update to v5.4.90
      linux-yocto-rt/5.10: fix 5.10-rt build breakage
      linux-yocto-rt/5.4: fix 5.4-stable caused build breakage
      linux-yocto/5.10: update to v5.10.10
      linux-yocto/5.10: update to v5.10.12
      linux-yocto/5.4: update to v5.4.94
      linux-yocto/5.10: binutils 2.36 fixes
      yocto-bsp: linux-yocto: update to v5.10.12

Changhyeok Bae (1):
      python3-importlib-metadata: Add toml dependency

Changqing Li (4):
      libexif: fix CVE-2020-0198; CVE-2020-0452
      libpam: support usrmerge
      libpam: remove unused code
      qemu: fix do_compile error

Chee Yang Lee (1):
      initrdscripts: init-install-efi.sh install extra files for ESP

Chen Qi (1):
      systemd: change /bin/nologin to /sbin/nologin

Chris Laplante (2):
      contrib/git-hooks: add a sendemail-validate example hook that adds FROM: lines to outgoing patch emails
      systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found

Christophe Priouzeau (1):
      bitbake: fetch2/wget: Update user-agent

Christopher Larson (2):
      grub-efi-cfg: exclude OVERRIDES from build_efi_cfg vardeps
      uboot-extlinux-config: exclude OVERRIDES from do_create_extlinux_config vardeps

Deepak Rawat (1):
      openssl: add support for mingw64 as target

Denys Dmytriyenko (2):
      maintainers: update own email address
      wayland: upgrade 1.18.0 -> 1.19.0

Diego Sueiro (4):
      wic: Introduce empty plugin to create unformatted empty partitions
      modutils-initscripts: Use depmod -a when modules.dep is empty
      staging: Introduce /sysroot-only to SYSROOT_DIRS
      dev-manual: Add usage of /sysroot-only in SYSROOT_DIRS

Dmitry Baryshkov (4):
      perl: fix installation failure because of shell issue
      linux-firmware: upgrade 20201118 -> 20201218
      linux-firmware: package firmware for Lontium lt9611uxc bridge
      mesa,mesa-gl: upgrade to 20.3.2

Dorinda (8):
      sanity: Verify that user isn't building in PSEUDO_IGNORE_PATHS
      sanity.bbclass: sanity check for if bitbake is present in PATH
      sanity.bbclass: check if PSEUDO_IGNORE_PATHS and ${S} overlap
      elfutils: split libdebuginfod into its own package
      elfutils: add PACKAGECONFIG for debuginfod
      elfutils: add support for ipk
      sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap
      oe-pkgdata-util: Check if environment script is initialized

Easwar Hariharan (1):
      classes/kernel-fitimage: make fitimage_emit_section_config more readable

Elvis Stansvik (1):
      ref-manual: terms: Fix poky tarball root folder

Hongxu Jia (1):
      deb: do not insert feed uris if apt not installed

Jack Mitchell (1):
      distutils3: allow setup.py to be run from a different directory to ${S}

Joey Degges (4):
      bitbake: tests/fetch: Organize usehead tests by net requirements
      bitbake: tests/fetch: Document behavior of test_gitfetch_usehead
      bitbake: tests/fetch: Test usehead with a non-default name
      bitbake: fetch/git: Fix usehead for non-default names

Jonathan Richardson (1):
      core-image-tiny-initramfs: Add compatiblity for aarch64

Jose Quaresma (22):
      gstreamer1.0: upgrade 1.18.1 -> 1.18.2
      gstreamer1.0-plugins-bad: v4l2codecs fix typo
      gstreamer1.0-plugins-bad: add support for aom plugin
      gstreamer1.0-plugins-bad: add support for x265 plugin
      gstreamer1.0-plugins-bad: sctp plugin uses the internal usrsctp static lib
      gstreamer1.0-plugins-bad: remove unsupported plugins comment
      gstreamer1.0-plugins-bad: netsim plugin don't have external deps
      gstreamer1.0-plugins-bad: transcode plugin external deps is always present
      gstreamer1.0: use the correct meson option for the capabilities
      shaderc: upgrade 2020.3 -> 2020.4
      spirv-tools: upgrade 2020.5 -> 2020.6
      common-licenses: Add GPL-3.0-with-bison-exception
      glslang: upgrade 8.13.3743 -> 11.1.0
      glslang: enable shared libs
      glslang: disable precompiled header
      shaderc: avoid reproducible issues
      shaderc: fix the build with glslang 11.1.0
      spirv-headers: Add receipe
      spirv-tools: cleanup
      shaderc: add spirv-headers as dependencie
      spirv-tools: fix reproducible
      selftest/reproducible: remove spirv-tools-dev from exclusion list

Joshua Watt (4):
      diffoscope: upgrade 163 -> 164
      ref-manual: Clarify recommended operator for PROVIDES
      bash: Disable bracketed input by default
      bitbake: logging: Make bitbake logger compatible with python logger

Kai Kang (1):
      adwaita-icon-theme: add version 3.34.3 back

Kamel Bouhara (2):
      npm.bbclass: make shrinkwrap file optional
      recipetool: create: only add npmsw url if required

Kevin Hao (2):
      Revert "yocto-bsp: explicitly set preferred version for reference boards"
      meta-yocto-bsp: Bump the kernel to v5.10

Khairul Rohaizzat Jamaluddin (4):
      openssl: Update 1.1.1h -> 1.1.1i
      go: Update 1.15.5 -> 1.15.6
      curl: Update 7.73.0 -> 7.74.0
      ffmpeg: Fix CVE-2020-35964, CVE-2020-35965

Khem Raj (37):
      musl: Update to latest master
      systemd: Fix reallocarray check
      go.bbclass: Use external linker for native packages
      qemuriscv: check serial consoles w.r.t. /proc/consoles
      busybox-inittab: Implement SYSVINIT_ENABLED_GETTYS and USE_VT
      initscripts: use quotes for shell variable comparision
      busybox: Install /etc/default/rcS when used as init system
      busybox: Run mdev as daemon
      rcS: Define identifier for init system used
      initscripts: Use initctl on sysvinit only
      busybox: Sync rcS.default with sysvinit
      ltp: Fix ltp-pan crash on 32bit arches using 64bit time_t
      pulseaudio: Fix build with clang for non-x86 target
      util-linux: Build fixes for 32bit arches with 64bit time_t
      libpam: Drop musl patches
      ccache: Build fixes for clang and riscv32
      shadow: Remove lastlog pam plugin on musl system
      rxvt-unicode: Disable lastlog on musl systems
      openssh: Disable lastlog on musl
      dropbear: Disable lastlog and wtmp on musl
      ccache: Fix build on aarch64/clang
      openssl: Enable rc4/rc2/bf/md4 algorithms
      openssl: Enable psk for qtbase
      libyaml: Enable static lib on native/nativesdk
      musl/glibc: Document assembly file directive fix
      musl: Update to 1.2.2 release
      binutils: Upgrade to 2.36 release
      binutils: Package libdep linker plugins
      binutils: Disable parallel install for target/nativesdk binutils
      musl: Drop adding .file directive in asm files
      glibc: Drop adding .file directive in asm files
      glibc: Upgrade to 2.33
      glibc: Enable cet
      glibc: Require full ISA support for x86-64 level marker
      security_flags.inc: Use -O with -D_FORTIFY_SOURCE
      systemd: Fix build on musl
      autoconf: Fix typo for prefuncs

Lee Chee Yang (8):
      gdk-pixbuf: fix CVE-2020-29385
      wic/direct/kparser: ensure fsuuid for vfat and msdos align with format
      p11-kit: upgrade 0.23.21 -> 0.23.22
      cve-check: replace Looseversion with custom version class
      cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
      openssl: set CVE_VERSION_SUFFIX
      wic/selftest: test_permissions also test bitbake image
      wic: debug mode to keep tmp directory

Leon Anavi (1):
      common-tasks.rst: Fix GNU_HASH in hello.bb

Li Wang (2):
      qemu: CVE-2020-25723
      qemu: CVE-2020-28916

Luca Boccassi (7):
      classes/kernel-fitimage: add ability to sign individual images
      systemd: update 246 -> 247
      systemd: add package config for systemd-oomd
      systemd: ship new systemd-dissect in -extra-utils
      systemd: set -Dmode=release as recommended by NEWS
      systemd: add RRECOMMENDS for weak dependencies, if enabled
      systemd: update to v247.3

Mans Rullgard (1):
      boost: drop arm-intrinsics.patch

Marek Vasut (2):
      meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex
      meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script

Mark Jonas (1):
      parted: Make readline dependency optional

Martin Jansa (3):
      license.bbclass: Add COMMON_LICENSE_DIR and LICENSE_PATH dirs to PSEUDO_IGNORE_PATHS
      busybox.inc: install rcS, rcK and rcS.default only with busybox in VIRTUAL-RUNTIME_init_manager
      image_types.bbclass: tar: use posix format instead of gnu

Matt Hoosier (1):
      bitbake: fetch/git: download LFS content too during do_fetch

Maxime Roussin-Bélanger (1):
      meta: add missing descriptions in some support recipes

Michael Halstead (4):
      releases: conf: add link to 3.2.1, update to include 3.2.1
      releases: conf: add link to 3.1.5, update to include 3.2.1 & 3.1.5
      uninative: Upgrade to 2.10
      yocto-uninative.inc: version 2.11 updates glibc to 2.33

Michael Ho (2):
      rootfs_ipk: allow do_populate_sdk in parallel to do_rootfs
      license_image.bbclass: fix missing recipeinfo on self

Mike Looijmans (1):
      license_image.bbclass: Don't attempt to symlink to the same file

Mikko Rapeli (1):
      zip: whitelist CVE-2018-13410 and CVE-2018-13684

Milan Shah (2):
      oe-pkgdata-util: Added a test to verify oe-pkgdata-util without parameters
      bitbake: utils: add docstrings to functions

Mingli Yu (4):
      kbd: fix transaction conflict
      systemd: resolve executable path if it is relative
      libpam: add ptest support
      qemu: make ptest rework

Nathan Rossi (8):
      gcc: Add patch to resolve i*86 tune configuration overrides
      qemu.inc: Add seccomp PACKAGECONFIG option
      ncurses: Prevent LDFLAGS being emitted in .pc files
      which: add nativesdk to BBCLASSEXTEND
      sed: add nativesdk to BBCLASSEXTEND
      grep: add nativesdk to BBCLASSEXTEND
      coreutils: enable xattrs by default for nativesdk
      gcc: Backport patch to resolve i*86 tune configuration overrides

Naveen Saini (1):
      gstreamer1.0-plugins-bad: fix msdk pkgconfig build failure

Oleksandr Kravchuk (4):
      python3-smmap: update to 4.0.0
      python3-numpy: update to 0.20.0
      inetutils: update to 2.0
      ell: update to 0.37

Oleksiy Obitotskyy (2):
      flex: Fix --noline option behavior
      dtc: improve reproducibility

Oleksiy Obitotskyy yIEf0zt.mo (1):
      toolchain-shar-relocate.sh: Fix handling files with colons

Ovidiu Panait (5):
      timezone: upgrade to 2020e
      timezone: upgrade to 2020f
      variables: Add documentation for KERNEL_DTC_FLAGS
      kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags
      timezone: upgrade to 2021a

Paul Barker (22):
      bitbake.conf: Prevent pyc file generation in pseudo context
      documentation: Simplify oe_wiki and oe_home links
      documentation: Simplify layerindex and layer links
      documentation: Simplify remaining yocto_home links
      profile-manual: Simplify yocto_bugs link
      ref-manual: Simplify oe_lists link
      documentation: Use https links where possible
      selftest: Add argument to keep build dir
      wic: Add workdir argument
      wic: Allow exec_native_cmd to run HOSTTOOLS
      wic: Ensure internal workdir is not reused
      image_types_wic: Move wic working directory
      wic: Update pseudo db when excluding content from rootfs
      wic: Copy rootfs dir if fstab needs updating
      wic: Optimise fstab modification for ext2/3/4 and msdos partitions
      bitbake: bitbake-hashclient: Remove obsolete call to client.connect
      bitbake: hashserv: client: Fix handling of null responses
      bitbake: hashserv: Support read-only server
      bitbake: hashserv: Support upstream command line argument
      bitbake: hashserv: Add short forms of remaining command line arguments
      bitbake: hashserv: server: Support searching upstream for outhash
      bitbake: hashserv: Add get-outhash message

Paul Eggleton (11):
      classes/kernel-fitimage: add variable for description
      classes/kernel-fitimage: allow substituting mkimage command
      classes/kernel-fitimage: add ability to add additional signing options
      oe-selftest: move FIT image tests to their own module
      oe-selftest: fitimage: Test for FIT_DESC
      oe-selftest: fitimage: add test for signing FIT images
      classes: minor corrections to kernel-fitimage section
      variables: clarify KERNEL_ALT_IMAGETYPE reference
      variables: explicitly state that UBOOT_MKIMAGE_DTCOPTS is optional
      variables: Add documentation for new kernel-fitimage vars
      ref-manual: use consistent capitalisation of U-Boot

Paul Gortmaker (1):
      systemd: dont spew hidepid mount errors for kernels < v5.8

Peter Bergin (1):
      buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable

Peter Kjellerstedt (7):
      lib/oe/path: Add canonicalize()
      bitbake.conf: Canonicalize paths in PSEUDO_IGNORE_PATHS
      wic: Pass canonicalized paths in PSEUDO_IGNORE_PATHS
      glibc: Make adjtime() for 32 bit support being called with delta == NULL
      bitbake: cache: Make CoreRecipeInfo include rprovides_pkg for skipped recipes
      bitbake: cooker: Include all packages a recipe provides in SkippedPackage.rprovides
      apr-util: Only specify --with-dbm=gdbm if gdbm support is enabled

Quentin Schulz (1):
      docs: fix missing & and ; surrounding references from poky.yaml

Randy Li (2):
      meson: Add sysroot property to nativesdk-meson
      meson: Don't turn string into a list in nativesdk

Richard Purdie (69):
      pseudo: Drop patches merged into upstream branch
      bitbake: data_smart: Ensure hash reflects vardepvalue flags correctly
      linuxloader: Avoid confusing string concat errors
      systemd: Ensure uid/gid ranges are set deterministically
      grub: Fix build reproducibility issue
      u-boot-tools: Fix reproducibility issue
      grub: Add second fix for determinism issue
      oeqa/commands: Ensure sync can be found regardless of PATH
      cups: Mark CVE-2009-0032 as a non-issue
      cups: Mark CVE-2008-1033 as a non-issue
      groff: Fix reproducibility issue
      man-db: Avoid reproducibility failures after fixing groff-native
      meta-selftest/staticids: Add ids for other recipes
      selftest/reproducible: Add useradd-staticids to reproducible builds tests
      grub: Further reproducibility fix
      man-db: Fix reproducibility issue
      bitbake.conf: Add mkfifo to HOSTTOOLS
      bitbake.conf: Add /run/ to PSEUDO_IGNORE_PATHS
      ppp: Update 2.4.8 -> 2.4.9
      ppp: Fix reproducibility issue
      sanity: Bump min python version to 3.6
      pseudo: Add lchmod wrapper
      qemu: Upgrade 5.1.0->5.2.0
      qemu: Drop vm reservation changes to resolve build issues
      qemu: Fix mingw builds
      qemu: Add some user space mmap tweaks to address musl 32 bit build issues
      ppp: Fix patch typo
      pseudo: Update for arm host and memleak fixes/cleanup
      vulkan-samples: Fix reproducibility issue
      vulkan-samples: Disable PCH for reproducibility
      lttng-modules: Upgrade 2.12.3->2.12.4
      lttng-modules: Drop gcc7 related patch
      bash: Set HEREDOC_PIPESIZE deterministically
      bash: Add makefile race workaround
      build-appliance-image: Update to master head revision
      bitbake: fetch2/perforce: Fix localfile to include ud.module
      ncurses: Don't put terminfo into the sysroot
      python3: Avoid installing test data into recipe-sysroot
      staging: Clean up files installed into the sysroot
      gobject-introspection: Fix variable override order
      nativesdk-buildtools-perl-dummy: Add missing entries for nativesdk-automake
      package_rpm: Clean up unset runtime package variable handling
      bitbake.conf/python: Drop setting RDEPENDS/RPROVIDES default
      native: Stop clearing PACKAGES
      meta: Clean up various class-native* RDEPENDS overrides
      gtk-doc: Disable dependencies in native case
      pseudo: Update to include passwd and file renaming fixes
      at: Upgrade 3.1.23 -> 3.2.1
      msmtp: Fix to work with autoconf 2.70
      ruby: Fix to work with autoconf 2.70
      lrzsz: Fix to work with autoconf 2.70
      Revert "sanity.bbclass: check if PSEUDO_IGNORE_PATHS and ${S} overlap"
      image_types: Ensure tar archives are reproducible
      qemu.inc: Should depend on qemu-system-native, not qemu-native
      python3-setuptools: Add back accidentally dropped RDEPENDS
      opkg: Fix build reproducibility issue
      Revert "msmtp: Fix to work with autoconf 2.70"
      grub: Backport fix to work with new binutils
      package: Ensure do_packagedata is cleaned correctly
      openssh: Backport a fix to fix with glibc 2.33 on some platforms
      pseudo: Update to work with glibc 2.33
      bitbake: bitbake-worker: Try and avoid potential short write events issues
      apr: Fix to work with autoconf 2.70
      bitbake: cooker: Ensure reparsing is handled correctly
      bitbake: bblayers/action: When adding layers, catch BBHandledException
      bitbake: bitbake: Bump release to 1.49.1
      sanity.conf: Increase minimum bitbake version due to logging function change
      Fix up bitbake logging compatibility
      opkg: Fix patch glitches

Robert Rosengren (1):
      mpg123: Add support for FPU-less targets

Robert Yang (10):
      buildtools-tarball.bb: Fix PATH for environment setup script
      ncurses: Make ncurses-tools depend on ncurses-terminfo-base
      minicom: RDEPENDS on ncurses-terminfo-base
      archiver.bbclass: Fix --runall=deploy_archives for images
      ccache: Extend to nativesdk
      ccache.bbclass: Set CCACHE_TEMPDIR
      Revert "ccache.bbclass: use ccache from host distribution"
      ccache.bbclass: Use ccache-native and disable ccache for native recipes
      apt: Fix do_compile error when enable ccache
      oeqa/selftest: binutils-cross-x86_64 -> libgcc-initial

Ross Burton (28):
      wic-image-minimal: only depend on syslinux on x86 targets
      syslinux: rewrite recipe so only target code is x86-specific
      wic-tools: don't build syslinux-native for targets without syslinux
      image-uefi.conf: add EFI arch variable
      systemd-boot: build the EFI stub
      systemd-boot: allow building for Arm targets
      wic-tools: add grub-efi and systemd-boot on arm64
      lib/oe/qa: handle the 'no specific instruction set' ELF e_machine value
      local.conf: add aarch64 to the SDKMACHINE example values
      kernel: set COMPATIBLE_HOST to *-linux
      bitbake.conf: default SDKMACHINE to the build host architecture
      diffstat: point the license checksum at the license
      ruby: remove tcl DEPENDS
      base: use URI instead of decodeurl when detecting unpack dependencies
      lib/oe/package_manager: ensure repodata is wiped
      core-image-sato-sdk-ptest: these images need ptest
      ovmf-shell-image: image is only buildable on x86-64
      bitbake: fetch2: handle empty elements in _param_str_split
      bitbake: tests/fetch: add test for empty query parameters
      Revert "lrzsz: Fix to work with autoconf 2.70"
      unfs3: fix build with new autoconf
      gnu-config: update to latest commit
      autoconf: merge .bb and .inc files
      autotools: don't warn about obsolete usage
      autoconf: upgrade to 2.71
      autotools: disable gtkdocize for now
      autotools: remove intltoolize logic
      autotools: no need to depend on gnu-config

Sakib Sajal (2):
      buildstats.bbclass: add functionality to collect build system stats
      linux-yocto*: add features/gpio/mockup.scc to KERNEL_FEATURES

Scott Branden (1):
      kmod: update 27 -> 28

Scott Murray (3):
      grub: fix "CVE:" line in one of the patches
      patch: fix CVE-2019-20633
      glibc: CVE-2019-25013

Shachar Menashe (1):
      openssl: drop support for deprecated algorithms

Sinan Kaya (8):
      gcsections: add more suppressions for SDK builds
      sudo: split sudo binary into its own package
      iproute2: split ip to individual package
      procps: split ps and sysctl into individual packages
      net-tools: split mii-tool into its own package
      runqemu: Add support for VHD/VHDX rootfs
      meta/classes: Add supprot for WIC<>VHD/VHDX conversion
      appliance: Add VHD/VHDX generation

Steve Sakoman (2):
      oeqa/selftest/cases/devtool.py: fix typo in ignore_patterns call
      glibc: update to latest release/2.32/master branch

Tanu Kaskinen (6):
      maintainers.inc: remove myself from maintainers
      pulseaudio: Remove OE_LT_RPATH_ALLOW
      pulseaudio: disable EsounD support
      pulseaudio: disable GConf support
      pulseaudio: switch build system from Autotools to Meson
      pulseaudio: fix client.conf location

Teoh Jay Shen (4):
      oeqa/terminal : improve the test case
      oeqa/suspend : add test for suspend state
      oeqa/ethernet_ip_connman : add test for network connections
      oeqa/usb_hid.py : add test to check the usb/human interface device status after suspend state

Thomas Perrot (1):
      go.bbclass: don't stage test data with sources of dependencies

Tim Orling (6):
      python3-hypothesis: upgrade 5.41.4 -> 5.41.5
      python3-importlib-metadata: upgrade 3.1.0 -> 3.1.1
      python3-pygments: upgrade v2.7.2 -> v2.7.3
      python3-setuptools: upgrade 50.3.2 -> 51.0.0
      python3-setuptools-scm: add python3-toml dep
      python3-packaging: upgrade 20.4 -> 20.8

Tomasz Dziendzielski (18):
      populate_sdk_base: Fix condition syntax if SDK_RELOCATE_AFTER_INSTALL is disabled
      lib/oe/utils: Return empty string in parallel_make
      devtool: Fix source extraction for gcc shared source
      externalsrc: Fix parsing error with devtool non-git sources
      devtool: Fix file:// fetcher symlink directory structure
      selftest/devtool: Add modify_localfiles_only test checking symlink path
      meta: Fix native inheritance order in recipes
      insane: Add test for native/nativesdk inherit order
      lib/oe/package_manager: Do not pass stderr to package manager as an argument
      externalsrc: Detect code changes in submodules
      insane: Add missing INSANE_SKIP mechanism for native-last QA check
      insane: native-last: Only print classes inherited after native/nativesdk
      lib/oe/patch.py: Don't return command stderr from runcmd function
      python3: Use addtask statement instead of task dependencies
      lib/oe/patch.py: Ignore scissors line on applying patch
      sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid not found" KeyError
      bitbake: lib/bb: Don't treat mc recipe (Midnight Commander) as a multiconfig target
      bitbake: BBHandler: Don't classify shell functions that names start with "python*" as python function

Trevor Woerner (7):
      mesa.inc: switch true/enabled false/disabled
      mesa: update 20.2.4 -> 20.3.1
      insane.bbclass: allow fifos
      selftest-chown: add test for fifos
      PSPLASH_FIFO_DIR: refactor
      psplash: fix working on first boot (sysvinit)
      psplash (sysvinit): add textual updates

Vinícius Ossanes Aquino (1):
      cmake: Upgrade 3.19.2 -> 3.19.3

Vivien Didelot (4):
      README.hardware: prettify headline
      README.hardware: fix the dd command
      meta-yocto-bsp: use provided variables
      meta-yocto-bsp: use mmcblk0 for root partition

Vyacheslav Yurkov (1):
      npm.bbclass: use python3 for npm config

Wang Mingyu (33):
      libaio: upgrade 0.3.111 -> 0.3.112
      readline: upgrade 8.0 -> 8.1
      man-pages: upgrade 5.09 ->5.10
      mobile-broadband-provider-info: upgrade 20190618 ->20201225
      shared-mime-info: upgrade 2.0 -> 2.1
      tiff: upgrade 4.1.0 -> 4.2.0
      tcl: upgrade 8.6.10 -> 8.6.11
      sysstat: upgrade 12.4.1 -> 12.4.2
      nettle: upgrade 3.6 ->3.7
      binutils: upgrade 2.35 -> 2.35.1
      ed: upgrade 1.16 -> 1.17
      ell: upgrade 0.35 -> 0.36
      findutils: upgrade 4.7.0 -> 4.8.0
      iproute2: upgrade 5.9.0 -> 5.10.0
      gnupg: upgrade 2.2.26 -> 2.2.27
      libpcap: upgrade 1.9.1 -> 1.10.0
      libmodulemd: upgrade 2.11.1 -> 2.11.2
      pulseaudio: upgrade 14.0 -> 14.2
      btrfs-tools: upgrade 5.9 -> 5.10
      gpgme: upgrade 1.15.0 -> 1.15.1
      iptables: upgrade 1.8.6 -> 1.8.7
      socat: upgrade 1.7.3.4 ->1.7.4.1
      libcap: upgrade 2.46 -> 2.47
      libjitterentropy: upgrade 3.0.0 -> 3.0.1
      libsolv: upgrade 0.7.16 -> 0.7.17
      ltp: upgrade 20200930 -> 20210121
      stress-ng: upgrade 0.12.01 -> 0.12.02
      util-macros: upgrade 1.19.2 -> 1.19.3
      gtk-doc: upgrade 1.33.1 -> 1.33.2
      e2fsprogs: upgrade 1.45.6 -> 1.45.7
      bind: upgrade 9.16.10 -> 9.16.11
      libdrm: upgrade 2.4.103 -> 2.4.104
      parted: upgrade 3.3 -> 3.4

Yann Dirson (1):
      libsdl2: upgrade to 2.0.14

Yi Fan Yu (6):
      binutils: Fix CVE-2020-35448
      oeqa/selftest/cases/tinfoil.py: increase timeout 10->60s test_wait_event
      strace: increase ptest timeout duration 120->240s
      sudo: upgrade 1.9.5p1 -> 1.9.5p2
      glibc: fix CVE-2020-27618
      glib-2.0: add workaround to fix codegen.py.test failing

Yi Zhao (7):
      dhcpcd: upgrade 9.3.2 -> 9.3.4
      dhcpcd: fix SECCOMP for i386
      inetutils: add dnsdomainname to ALTERNATIVE
      libcap: update 2.45 -> 2.46
      libcap-ng: upgrade 0.8.1 -> 0.8.2
      dhcpcd: upgrade 9.3.4 -> 9.4.0
      rng-tools: upgrade 6.10 -> 6.11

Yoann Congal (2):
      documentation: Fix a Concpets -> Concepts typo
      documentation: Prevent building documentation with an outdated version of sphinx

Zhixiong Chi (1):
      glibc: CVE-2020-29562 and CVE-2020-29573

akuster (4):
      openssl: Enable srp algorithm
      cve-check.bbclass: add layer to cve log
      cve-check: add include/exclude layers
      documentation.conf: add both CVE_CHECK_LAYER_*

hongxu (2):
      apt: add nativesdk support
      dpkg: add nativesdk support

saloni (2):
      libgcrypt: Whitelisted CVEs
      libcroco: Added CVE

zangrc (3):
      bash: Rename patch name
      systemtap: upgrade 4.3 -> 4.4
      msmtp: upgrade 1.8.13 -> 1.8.14

zhengruoqin (11):
      cantarell-fonts: upgrade 0.201 -> 0.301
      gdbm: upgrade 1.18.1 -> 1.19
      libarchive: upgrade 3.4.3 -> 3.5.1
      libevdev: upgrade 1.10.0 -> 1.10.1
      libgpg-error: upgrade 1.39 -> 1.41
      libmodulemd: upgrade 2.11.2 -> 2.12.0
      bison: upgrade 3.7.4 -> 3.7.5
      ca-certificates: upgrade 20200601 -> 20210119
      mc: upgrade 4.8.25 -> 4.8.26
      sqlite3: upgrade 3.34.0 -> 3.34.1
      python3-packaging: upgrade 20.8 -> 20.9

Revert "libpam: update 1.3.1 -> 1.5.1"

This reverts commit b0384720a46fb25c4ad180e3f256ffdeb53dc8a6.

OpenBMC is not ready for the removal of pam_cracklib and pam_tally2.
Until code is ready to move to new libs in libpam_1.5, carry a revert
in OpenBMC to stay at libpam_1.3.

openbmc/openbmc#3750 tracks this work

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I69357e370d7cf5c5d6dfedde11b88a4f797f7e95
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
index 0dd8f02..f7d827a 100644
--- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
@@ -19,10 +19,9 @@
 SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
 SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
 
-EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ 
+EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
 		--without-odbc \
 		--without-pgsql \
-		--with-dbm=gdbm \
 		--without-sqlite2 \
 		--with-expat=${STAGING_DIR_HOST}${prefix}"
 
@@ -69,7 +68,7 @@
 PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
 PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl"
 PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3"
-PACKAGECONFIG[gdbm] = "--with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
+PACKAGECONFIG[gdbm] = "--with-dbm=gdbm --with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
 
 #files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN}
 FILES_${PN}     += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}"
diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch
new file mode 100644
index 0000000..9f7b5c6
--- /dev/null
+++ b/poky/meta/recipes-support/apr/apr/autoconf270.patch
@@ -0,0 +1,22 @@
+With autoconf 2.70 confdefs.h is already included. Including it twice generates
+compiler warnings and since this macros is to error on warnings, it breaks.
+
+Fix by not including the file.
+
+Upstream-Status: Pending
+RP - 2021/1/28
+
+Index: apr-1.7.0/build/apr_common.m4
+===================================================================
+--- apr-1.7.0.orig/build/apr_common.m4
++++ apr-1.7.0/build/apr_common.m4
+@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
+  fi
+  AC_COMPILE_IFELSE(
+   [AC_LANG_SOURCE(
+-   [#include "confdefs.h"
+-   ]
++   []
+    [[$1]]
+    [int main(int argc, const char *const *argv) {]
+    [[$2]]
diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb
index 7073af8..f879e28 100644
--- a/poky/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb
@@ -1,4 +1,8 @@
 SUMMARY = "Apache Portable Runtime (APR) library"
+DESCRIPTION = "The Apache Portable Runtime (APR) is a supporting library for the \
+Apache web server. It provides a set of APIs that map to the underlying \
+operating system (OS). Where the OS does not support a particular function, \
+APR will provide an emulation."
 HOMEPAGE = "http://apr.apache.org/"
 SECTION = "libs"
 DEPENDS = "util-linux"
@@ -19,6 +23,7 @@
            file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
            file://libtoolize_check.patch \
            file://0001-Add-option-to-disable-timed-dependant-tests.patch \
+           file://autoconf270.patch \
            "
 
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
diff --git a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
index 6299878..f1d931b 100644
--- a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
+++ b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
@@ -1,4 +1,8 @@
 SUMMARY = "GNU Aspell spell-checker"
+DESCRIPTION = "GNU Aspell is a spell-checker which can be used either as a \
+standalone application or embedded in other programs. Its main feature is that \
+it does a much better job of suggesting possible spellings than just about any \
+other spell-checker available for the English language"
 SECTION = "console/utils"
 
 LICENSE = "LGPLv2 | LGPLv2.1"
diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
index 88add83..a065795 100644
--- a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
+++ b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
@@ -1,4 +1,6 @@
 SUMMARY = "Assistive Technology Service Provider Interface (dbus core)"
+DESCRIPTION = "At-Spi2 is a protocol over DBus, toolkit widgets use it to \
+provide their content to screen readers such as Orca."
 HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus"
 LICENSE = "LGPL-2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
diff --git a/poky/meta/recipes-support/attr/acl_2.2.53.bb b/poky/meta/recipes-support/attr/acl_2.2.53.bb
index 5bb50f7..b120c1f 100644
--- a/poky/meta/recipes-support/attr/acl_2.2.53.bb
+++ b/poky/meta/recipes-support/attr/acl_2.2.53.bb
@@ -1,5 +1,7 @@
 SUMMARY = "Utilities for managing POSIX Access Control Lists"
 HOMEPAGE = "http://savannah.nongnu.org/projects/acl/"
+DESCRIPTION = "ACL allows you to provide different levels of access to files \
+and folders for different users."
 SECTION = "libs"
 
 LICENSE = "LGPLv2.1+ & GPLv2+"
diff --git a/poky/meta/recipes-support/attr/attr.inc b/poky/meta/recipes-support/attr/attr.inc
index 0c3330a..97bca46 100644
--- a/poky/meta/recipes-support/attr/attr.inc
+++ b/poky/meta/recipes-support/attr/attr.inc
@@ -1,4 +1,8 @@
 SUMMARY = "Utilities for manipulating filesystem extended attributes"
+DESCRIPTION = "A set of tools for manipulating extended attributes on filesystem \
+objects, in particular getfattr(1) and setfattr(1). An attr(1) command \
+is also provided which is largely compatible with the SGI IRIX tool of \
+the same name."
 HOMEPAGE = "http://savannah.nongnu.org/projects/attr/"
 SECTION = "libs"
 
diff --git a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
index bab8a01..f00e0fc 100644
--- a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
+++ b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
@@ -1,4 +1,6 @@
 SUMMARY = "Programmable Completion for Bash 4"
+DESCRIPTION = "bash completion extends bash's standard completion behavior to \
+achieve complex command lines with just a few keystrokes."
 HOMEPAGE = "https://github.com/scop/bash-completion"
 BUGTRACKER = "https://github.com/scop/bash-completion/issues"
 
diff --git a/poky/meta/recipes-support/boost/boost-1.74.0.inc b/poky/meta/recipes-support/boost/boost-1.75.0.inc
similarity index 90%
rename from poky/meta/recipes-support/boost/boost-1.74.0.inc
rename to poky/meta/recipes-support/boost/boost-1.75.0.inc
index b47fdaf..e5a8488 100644
--- a/poky/meta/recipes-support/boost/boost-1.74.0.inc
+++ b/poky/meta/recipes-support/boost/boost-1.75.0.inc
@@ -12,7 +12,7 @@
 BOOST_P = "boost_${BOOST_VER}"
 
 SRC_URI = "https://dl.bintray.com/boostorg/release/${PV}/source/${BOOST_P}.tar.bz2"
-SRC_URI[sha256sum] = "83bfc1507731a0906e387fc28b7ef5417d591429e51e788417fe9ff025e116b1"
+SRC_URI[sha256sum] = "953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb"
 
 UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
 UPSTREAM_CHECK_REGEX = "boostorg/release/(?P<pver>.*)/source/"
diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc
index cbf9cad..c9bb178 100644
--- a/poky/meta/recipes-support/boost/boost.inc
+++ b/poky/meta/recipes-support/boost/boost.inc
@@ -59,10 +59,13 @@
 python __anonymous () {
     packages = []
     extras = []
+    pn = d.getVar("PN")
     mlprefix = d.getVar("MLPREFIX")
     for lib in d.getVar('BOOST_LIBS').split():
         extras.append("--with-%s" % lib)
         pkg = "boost-%s" % (lib.replace("_", "-"))
+        if "-native" in pn:
+            pkg = pkg + "-native"
         packages.append(mlprefix + pkg)
         if not d.getVar("FILES_%s" % pkg):
                 d.setVar("FILES_%s%s" % (mlprefix, pkg), "${libdir}/libboost_%s*.so.*" % lib)
diff --git a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch b/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch
deleted file mode 100644
index 1699063..0000000
--- a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 8845a786598f1d9e83aa1b7d2966b0d1eb765ba0 Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Tue, 13 Dec 2016 10:14:31 -0700
-Subject: [PATCH 1/3] Apply boost-1.62.0-no-forced-flags.patch
-
-Upstream-Status: Inappropriate
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
----
- libs/log/build/Jamfile.v2           |  4 ++--
- libs/log/config/x86-ext/Jamfile.jam | 16 ++++++++--------
- libs/log/src/dump_avx2.cpp          |  4 ++++
- libs/log/src/dump_ssse3.cpp         |  4 ++++
- 4 files changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libs/log/build/Jamfile.v2 b/libs/log/build/Jamfile.v2
-index 4abbdbc..b3016fc 100644
---- a/libs/log/build/Jamfile.v2
-+++ b/libs/log/build/Jamfile.v2
-@@ -373,7 +373,7 @@ rule avx2-targets-cond ( properties * )
-             }
-             else if <toolset>clang in $(properties)
-             {
--                result = <cxxflags>"-mavx -mavx2" ;
-+                result = <cxxflags> ;
-             }
-             else if <toolset>intel in $(properties)
-             {
-@@ -383,7 +383,7 @@ rule avx2-targets-cond ( properties * )
-                 }
-                 else
-                 {
--                    result = <cxxflags>"-xCORE-AVX2 -fabi-version=0" ;
-+                    result = <cxxflags>"-fabi-version=0" ;
-                 }
-             }
-             else if <toolset>msvc in $(properties)
-diff --git a/libs/log/config/x86-ext/Jamfile.jam b/libs/log/config/x86-ext/Jamfile.jam
-index 0e9695a..dcc394d 100644
---- a/libs/log/config/x86-ext/Jamfile.jam
-+++ b/libs/log/config/x86-ext/Jamfile.jam
-@@ -15,19 +15,19 @@ project /boost/log/x86-extensions
- 
- obj ssse3 : ssse3.cpp
-     :
--        <toolset>gcc:<cxxflags>"-msse -msse2 -msse3 -mssse3"
--        <toolset>clang:<cxxflags>"-msse -msse2 -msse3 -mssse3"
--        <toolset>intel-linux:<cxxflags>"-xSSSE3"
--        <toolset>intel-darwin:<cxxflags>"-xSSSE3"
-+        <toolset>gcc:<cxxflags>
-+        <toolset>clang:<cxxflags>
-+        <toolset>intel-linux:<cxxflags>
-+        <toolset>intel-darwin:<cxxflags>
-         <toolset>intel-win:<cxxflags>"/QxSSSE3"
-     ;
- 
- obj avx2 : avx2.cpp
-     :
--        <toolset>gcc:<cxxflags>"-mavx -mavx2 -fabi-version=0"
--        <toolset>clang:<cxxflags>"-mavx -mavx2"
--        <toolset>intel-linux:<cxxflags>"-xCORE-AVX2 -fabi-version=0"
--        <toolset>intel-darwin:<cxxflags>"-xCORE-AVX2 -fabi-version=0"
-+        <toolset>gcc:<cxxflags>"-fabi-version=0"
-+        <toolset>clang:<cxxflags>
-+        <toolset>intel-linux:<cxxflags>"-fabi-version=0"
-+        <toolset>intel-darwin:<cxxflags>"-fabi-version=0"
-         <toolset>intel-win:<cxxflags>"/arch:CORE-AVX2"
-         <toolset>msvc:<cxxflags>"/arch:AVX"
-     ;
-diff --git a/libs/log/src/dump_avx2.cpp b/libs/log/src/dump_avx2.cpp
-index 4ab1250..610fc6d 100644
---- a/libs/log/src/dump_avx2.cpp
-+++ b/libs/log/src/dump_avx2.cpp
-@@ -22,6 +22,10 @@
- #include <boost/cstdint.hpp>
- #include <boost/log/detail/header.hpp>
- 
-+#if !defined(__AVX2__)
-+#error "AVX2 Unsupported!"
-+#endif
-+
- #if defined(__x86_64) || defined(__x86_64__) || \
-     defined(__amd64__) || defined(__amd64) || \
-     defined(_M_X64)
-diff --git a/libs/log/src/dump_ssse3.cpp b/libs/log/src/dump_ssse3.cpp
-index 1325b49..60d4112 100644
---- a/libs/log/src/dump_ssse3.cpp
-+++ b/libs/log/src/dump_ssse3.cpp
-@@ -22,6 +22,10 @@
- #include <boost/cstdint.hpp>
- #include <boost/log/detail/header.hpp>
- 
-+#if !defined(__SSSE3__)
-+#error "SSSE3 Unsupported!"
-+#endif
-+
- #if defined(__x86_64) || defined(__x86_64__) || \
-     defined(__amd64__) || defined(__amd64) || \
-     defined(_M_X64)
--- 
-2.8.0
diff --git a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch b/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch
deleted file mode 100644
index fe85c69..0000000
--- a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Upstream-Status: Backport
-
-8/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com>
-
-diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp
-index b6359b5..78b1cc2 100644
---- a/boost/smart_ptr/detail/atomic_count_sync.hpp
-+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp
-@@ -33,17 +33,46 @@ public:
- 
-     long operator++()
-     {
-+#ifdef __ARM_ARCH_7A__
-+       int v1, tmp;
-+       asm volatile ("1:                 \n\t"
-+                     "ldrex   %0, %1     \n\t"
-+                     "add     %0 ,%0, #1 \n\t"
-+                     "strex   %2, %0, %1 \n\t"
-+                     "cmp     %2, #0     \n\t"
-+                     "bne     1b         \n\t"
-+                     : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+                    );
-+#else
-         return __sync_add_and_fetch( &value_, 1 );
-+#endif
-     }
- 
-     long operator--()
-     {
-+#ifdef __ARM_ARCH_7A__
-+       int v1, tmp;
-+       asm volatile ("1:                 \n\t"
-+                     "ldrex   %0, %1     \n\t"
-+                     "sub     %0 ,%0, #1 \n\t"
-+                     "strex   %2, %0, %1 \n\t"
-+                     "cmp     %2, #0     \n\t"
-+                     "bne     1b         \n\t"
-+                     : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+                    );
-+       return value_;
-+#else
-         return __sync_add_and_fetch( &value_, -1 );
-+#endif
-     }
- 
-     operator long() const
-     {
-+#if __ARM_ARCH_7A__
-+        return value_;
-+#else
-         return __sync_fetch_and_add( &value_, 0 );
-+#endif
-     }
- 
- private:
diff --git a/poky/meta/recipes-support/boost/boost_1.74.0.bb b/poky/meta/recipes-support/boost/boost_1.75.0.bb
similarity index 77%
rename from poky/meta/recipes-support/boost/boost_1.74.0.bb
rename to poky/meta/recipes-support/boost/boost_1.75.0.bb
index b01b390..23b0ffc 100644
--- a/poky/meta/recipes-support/boost/boost_1.74.0.bb
+++ b/poky/meta/recipes-support/boost/boost_1.75.0.bb
@@ -1,10 +1,9 @@
 require boost-${PV}.inc
 require boost.inc
 
-SRC_URI += "file://arm-intrinsics.patch \
+SRC_URI += " \
            file://boost-CVE-2012-2677.patch \
            file://boost-math-disable-pch-for-gcc.patch \
-           file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
            file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
            file://0001-dont-setup-compiler-flags-m32-m64.patch \
            file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
deleted file mode 100644
index aa2c85f..0000000
--- a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 28 Aug 2019 19:18:14 +0200
-Subject: [PATCH] certdata2pem.py: use python3
-
-Comments in that file imply it is already py3 compatible.
-
-Upstream-Status: Pending
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- mozilla/Makefile        | 2 +-
- mozilla/certdata2pem.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mozilla/Makefile b/mozilla/Makefile
-index 6f46118..f98877c 100644
---- a/mozilla/Makefile
-+++ b/mozilla/Makefile
-@@ -3,7 +3,7 @@
- #
- 
- all:
--	python certdata2pem.py
-+	python3 certdata2pem.py
- 
- clean:
- 	-rm -f *.crt
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index 0b02b2a..7d796f1 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
- # vim:set et sw=4:
- #
- # certdata2pem.py - splits certdata.txt into multiple files
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
similarity index 96%
rename from poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
rename to poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
index 6f39df7..888a235 100644
--- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
+++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
@@ -14,7 +14,7 @@
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b"
+SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
 
 SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
@@ -23,7 +23,6 @@
            file://default-sysroot.patch \
            file://sbindir.patch \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
-           file://0001-certdata2pem.py-use-python3.patch \
            "
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
 
diff --git a/poky/meta/recipes-support/curl/curl_7.73.0.bb b/poky/meta/recipes-support/curl/curl_7.74.0.bb
similarity index 97%
rename from poky/meta/recipes-support/curl/curl_7.73.0.bb
rename to poky/meta/recipes-support/curl/curl_7.74.0.bb
index 0f26b0f..873bbe8 100644
--- a/poky/meta/recipes-support/curl/curl_7.73.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.74.0.bb
@@ -9,7 +9,7 @@
            file://0001-replace-krb5-config-with-pkg-config.patch \
 "
 
-SRC_URI[sha256sum] = "cf34fe0b07b800f1c01a499a6e8b2af548f6d0e044dca4a29d88a4bee146d131"
+SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb
similarity index 82%
rename from poky/meta/recipes-support/diffoscope/diffoscope_161.bb
rename to poky/meta/recipes-support/diffoscope/diffoscope_164.bb
index 0f566a3..7707c44 100644
--- a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb
+++ b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb
@@ -7,7 +7,7 @@
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "9c27d60a7bf3984b53c8af3fee86eb3d3e2292c4ddb9449c38b6cba068b8e22c"
+SRC_URI[sha256sum] = "bc269a39ec72261d9fead55bd951f6cbbe3d2ccce1481f974665999a5b141fff"
 
 RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic"
 
diff --git a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
similarity index 89%
rename from poky/meta/recipes-support/enchant/enchant2_2.2.13.bb
rename to poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
index 3b890e7..05e84fc 100644
--- a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb
+++ b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
@@ -9,7 +9,7 @@
 inherit autotools pkgconfig
 
 SRC_URI = "https://github.com/AbiWord/enchant/releases/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = "eab9f90d79039133660029616e2a684644bd524be5dc43340d4cfc3fb3c68a20"
+SRC_URI[sha256sum] = "3b0f2215578115f28e2a6aa549b35128600394304bd79d6f28b0d3b3d6f46c03"
 
 UPSTREAM_CHECK_URI = "https://github.com/AbiWord/enchant/releases"
 
diff --git a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch b/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch
deleted file mode 100644
index c158041..0000000
--- a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From f993697af81c37df9c55e0ebedeb1b8b880506ae Mon Sep 17 00:00:00 2001
-From: Richard Leitner <richard.leitner@skidata.com>
-Date: Tue, 5 May 2020 11:59:42 +0200
-Subject: [PATCH] gdbm: fix link failure against gcc-10
-
-Copied from gentoo's solution at https://bugs.gentoo.org/show_bug.cgi?id=705898
-Original patch by Sergei Trofimovich <slyfox@gentoo.org>
-
-Original description:
-
-Before the change on gcc-10 link failed as:
-```
-  CCLD     gdbmtool
-ld: ./libgdbmapp.a(parseopt.o):(.bss+0x8): multiple definition of `parseopt_program_args';
-  gdbmtool.o:(.data.rel.local+0x260): first defined here
-ld: ./libgdbmapp.a(parseopt.o):(.bss+0x10): multiple definition of `parseopt_program_doc';
-  gdbmtool.o:(.data.rel.local+0x268): first defined here
-```
-
-gcc-10 will change the default from -fcommon to fno-common:
-    https://gcc.gnu.org/PR85678.
-
-The fix is to avoid multiple definition and rely on
-declarations only.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
----
- src/parseopt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/src/parseopt.c b/src/parseopt.c
-index 268e080..a4c8576 100644
---- a/src/parseopt.c
-+++ b/src/parseopt.c
-@@ -255,8 +255,6 @@ print_option_descr (const char *descr, size_t lmargin, size_t rmargin)
- }
- 
- char *parseopt_program_name;
--char *parseopt_program_doc;
--char *parseopt_program_args;
- const char *program_bug_address = "<" PACKAGE_BUGREPORT ">";
- void (*parseopt_help_hook) (FILE *stream);
- 
--- 
-2.26.2
-
diff --git a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb
similarity index 84%
rename from poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb
rename to poky/meta/recipes-support/gdbm/gdbm_1.19.bb
index fbb1fe7..1f390a4 100644
--- a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb
+++ b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb
@@ -8,11 +8,10 @@
 SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \
            file://run-ptest \
            file://ptest.patch \
-           file://gdbm-fix-link-failure-against-gcc-10.patch \
           "
 
-SRC_URI[md5sum] = "988dc82182121c7570e0cb8b4fcd5415"
-SRC_URI[sha256sum] = "86e613527e5dba544e73208f42b78b7c022d4fa5a6d5498bf18c8d6f745b91dc"
+SRC_URI[md5sum] = "aeb29c6a90350a4c959cd1df38cd0a7e"
+SRC_URI[sha256sum] = "37ed12214122b972e18a0d94995039e57748191939ef74115b1d41d8811364bc"
 
 inherit autotools gettext texinfo lib_package ptest
 
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index c641a19..a0af2d4 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 56343af532389c31eab32c096c9a989c53c78ce0 Mon Sep 17 00:00:00 2001
+From abc5c396aaddaef2e6811362e3e0cc0da28c2b34 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 22 Jan 2018 18:00:21 +0200
 Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index 1d05d39..eaaf33c 100644
+index 64cb8c6..3fe9027 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1858,7 +1858,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1824,7 +1824,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
  
  AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
  
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
index 607a09f..a13b4d5 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
@@ -1,4 +1,4 @@
-From 9a901dbb1c48685f2db6d7b55916c9484e871f16 Mon Sep 17 00:00:00 2001
+From 6c75656b68cb6e38b039ae532bd39437cd6daec5 Mon Sep 17 00:00:00 2001
 From: Saul Wold <sgw@linux.intel.com>
 Date: Wed, 16 Aug 2017 11:18:01 +0800
 Subject: [PATCH] dirmngr uses libgpg error
@@ -11,20 +11,18 @@
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 
 ---
- dirmngr/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ dirmngr/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
 
 diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 208a813..292c036 100644
+index 00d3c42..450d873 100644
 --- a/dirmngr/Makefile.am
 +++ b/dirmngr/Makefile.am
-@@ -90,7 +90,8 @@ endif
- dirmngr_LDADD = $(libcommonpth) \
+@@ -101,6 +101,7 @@ dirmngr_LDADD = $(libcommonpth) \
          $(DNSLIBS) $(LIBASSUAN_LIBS) \
  	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
--	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
-+	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
-+	$(GPG_ERROR_LIBS)
+ 	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
++	$(GPG_ERROR_LIBS) \
+         $(dirmngr_robj)
  if USE_LDAP
  dirmngr_LDADD += $(ldaplibs)
- endif
diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
index aa8d1e3..7f7812c 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 4005b3342db06749453835720b5a5c2392a90810 Mon Sep 17 00:00:00 2001
+From bd66af2ac7bb6d9294ac8055a55462ba7c4f9c9b Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Wed, 19 Sep 2018 14:44:40 +0100
 Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
similarity index 96%
rename from poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb
rename to poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
index c624b67..8b5fc99 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
@@ -20,7 +20,7 @@
                                 file://relocate.patch"
 SRC_URI_append_class-nativesdk = " file://relocate.patch"
 
-SRC_URI[sha256sum] = "10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c"
+SRC_URI[sha256sum] = "34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399"
 
 EXTRA_OECONF = "--disable-ldap \
 		--disable-ccid-driver \
diff --git a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
index 34c8985..6eb1edb 100644
--- a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
+++ b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -1,3 +1,8 @@
+From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001
+From: Joe Slater <jslater@windriver.com>
+Date: Wed, 25 Jan 2017 13:52:59 -0800
+Subject: [PATCH] gnutls: account for ARM_EABI
+
 Certain syscall's are not availabe for arm-eabi, so we eliminate
 reference to them.
 
@@ -5,12 +10,18 @@
 
 Signed-off-by: Joe Slater <jslater@windriver.com>
 
+---
+ tests/seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/seccomp.c b/tests/seccomp.c
+index ed14d00..3c5b726 100644
 --- a/tests/seccomp.c
 +++ b/tests/seccomp.c
-@@ -49,7 +49,9 @@ int disable_system_calls(void)
- 	}
+@@ -53,7 +53,9 @@ int disable_system_calls(void)
  
  	ADD_SYSCALL(nanosleep, 0);
+ 	ADD_SYSCALL(clock_nanosleep, 0);
 +#if ! defined(__ARM_EABI__)
  	ADD_SYSCALL(time, 0);
 +#endif
diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
similarity index 95%
rename from poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb
rename to poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
index b936db5..e3ca86b 100644
--- a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb
+++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
@@ -21,7 +21,7 @@
            file://arm_eabi.patch \
            "
 
-SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558"
+SRC_URI[sha256sum] = "49e2a22691d252c9f24a9829b293a8f359095bc5a818351f05f1c0a5188a1df8"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
 
diff --git a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
index 0ed4eb6..0c15cc7 100644
--- a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
+++ b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
@@ -11,11 +11,11 @@
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
- src/gpgme.m4 | 58 ++++++++++------------------------------------------------
+ src/gpgme.m4 | 58 +++++++++-------------------------------------------
  1 file changed, 10 insertions(+), 48 deletions(-)
 
 diff --git a/src/gpgme.m4 b/src/gpgme.m4
-index 2a72f18..6c2be44 100644
+index c749a5d..8579146 100644
 --- a/src/gpgme.m4
 +++ b/src/gpgme.m4
 @@ -1,5 +1,5 @@
@@ -29,7 +29,7 @@
  # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  #
--# Last-changed: 2018-11-12
+-# Last-changed: 2020-11-20
 +# Last-changed: 2014-10-02
  
  
@@ -130,5 +130,5 @@
      ifelse([$2], , :, [$2])
      _AM_PATH_GPGME_CONFIG_HOST_CHECK
 -- 
-2.7.4
+2.25.1
 
diff --git a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
similarity index 97%
rename from poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb
rename to poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
index 9264af8..dc38aa8 100644
--- a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb
+++ b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
@@ -22,7 +22,7 @@
            file://0008-do-not-auto-check-var-PYTHON.patch \
           "
 
-SRC_URI[sha256sum] = "0b472bc12c7d455906c8a539ec56da0a6480ef1c3a87aa5b74d7125df68d0e5b"
+SRC_URI[sha256sum] = "eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad"
 
 DEPENDS = "libgpg-error libassuan"
 RDEPENDS_${PN}-cpp += "libstdc++"
diff --git a/poky/meta/recipes-support/icu/icu_68.1.bb b/poky/meta/recipes-support/icu/icu_68.2.bb
similarity index 96%
rename from poky/meta/recipes-support/icu/icu_68.1.bb
rename to poky/meta/recipes-support/icu/icu_68.2.bb
index 98aa6b7..1ca87fe 100644
--- a/poky/meta/recipes-support/icu/icu_68.1.bb
+++ b/poky/meta/recipes-support/icu/icu_68.2.bb
@@ -112,8 +112,8 @@
 SRC_URI_append_class-target = "\
            file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \
           "
-SRC_URI[code.sha256sum] = "a9f2e3d8b4434b8e53878b4308bd1e6ee51c9c7042e2b1a376abefb6fbb29f2d"
-SRC_URI[data.sha256sum] = "03ea8b4694155620548c8c0ba20444f1e7db246cc79e3b9c4fc7a960b160d510"
+SRC_URI[code.sha256sum] = "c79193dee3907a2199b8296a93b52c5cb74332c26f3d167269487680d479d625"
+SRC_URI[data.sha256sum] = "2989b466fa010edc41297e12fdd5ae47c2610ad68b63af1a0bd2a1acfaf497f3"
 
 UPSTREAM_CHECK_REGEX = "icu4c-(?P<pver>\d+(_\d+)+)-src"
 UPSTREAM_CHECK_URI = "https://github.com/unicode-org/icu/releases"
diff --git a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
index 5f358f4..c52aa79 100644
--- a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
+++ b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
@@ -18,4 +18,3 @@
 BBCLASSEXTEND = "native nativesdk"
 
 RDEPENDS_${PN} += "libxml2-python"
-RDEPENDS_${PN}_class-native = ""
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb
similarity index 100%
rename from poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb
rename to poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
index a312b60..8c52b5d 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
@@ -7,10 +7,10 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
 		    file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
 
-SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
+SRC_URI = "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
            file://python.patch \
 "
 
-SRC_URI[sha256sum] = "f06b17aaca029e245c9a26c698c6cc8a1cf42b58483d93e94ee02b478bdc1055"
+SRC_URI[sha256sum] = "52c083b77c2b0d8449dee141f9c3eba76e6d4c5ad44ef05df25891126cb85ae9"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb
similarity index 100%
rename from poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb
rename to poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb
diff --git a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
index 3c737b8..d2653af 100644
--- a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
+++ b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
@@ -1,4 +1,4 @@
-From c22c6c16362c7dbc8d6faea06edee5e07759c5fa Mon Sep 17 00:00:00 2001
+From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 15 Jan 2020 17:16:28 +0100
 Subject: [PATCH] tests: do not statically link a test
@@ -7,7 +7,6 @@
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
 ---
  progs/Makefile | 2 +-
  tests/Makefile | 4 ++--
@@ -27,7 +26,7 @@
  sudotest: test tcapsh-static
  	sudo $(LDPATH) ./quicktest.sh
 diff --git a/tests/Makefile b/tests/Makefile
-index 3431df9..727fb86 100644
+index 01f7589..094ec57 100644
 --- a/tests/Makefile
 +++ b/tests/Makefile
 @@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes)
@@ -36,7 +35,7 @@
  else
 -LDFLAGS += --static
 +LDFLAGS +=
- DEPS=../libcap/libcap.a ../progs/tcapsh-static
+ DEPS=../libcap/libcap.a
  ifeq ($(PTHREADS),yes)
  DEPS +=  ../libcap/libpsx.a
 @@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS)
@@ -48,3 +47,6 @@
  
  clean:
  	rm -f psx_test libcap_psx_test libcap_launch_test *~
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/libcap/libcap_2.45.bb b/poky/meta/recipes-support/libcap/libcap_2.47.bb
similarity index 95%
rename from poky/meta/recipes-support/libcap/libcap_2.45.bb
rename to poky/meta/recipes-support/libcap/libcap_2.47.bb
index 067ba32..bc4754e 100644
--- a/poky/meta/recipes-support/libcap/libcap_2.45.bb
+++ b/poky/meta/recipes-support/libcap/libcap_2.47.bb
@@ -12,7 +12,7 @@
            file://0002-tests-do-not-run-target-executables.patch \
            file://0001-tests-do-not-statically-link-a-test.patch \
            "
-SRC_URI[sha256sum] = "d66639f765c0e10557666b00f519caf0bd07a95f867dddaee131cd284fac3286"
+SRC_URI[sha256sum] = "af165df45f9fe8b315164ec7143740947489f36ccbe6999b6cdf86e7a8dca04b"
 
 UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
 
diff --git a/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 0000000..42f92e3
--- /dev/null
+++ b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,192 @@
+From fdf78a4877afa987ba646a8779b513f258e6d04c Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Fri, 31 Jul 2020 15:21:53 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+Fixes #8
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+
+CVE: CVE-2020-12825
+Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
+Comment: No refreshing changes done.
+Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
+
+---
+ src/cr-parser.c | 44 +++++++++++++++++++++++++++++---------------
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..f4a62e3 100644
+--- a/src/cr-parser.c
++++ b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+ 
+ #define CHARS_TAB_SIZE 12
+ 
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+  * IS_NUM:
+  *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
+ 
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+ 
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++                                               guint      n_calls);
+ 
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++                                                 guint      n_calls);
+ 
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+ 
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+         cr_parser_try_to_skip_spaces_and_comments (a_this);
+ 
+         do {
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, 0);
+         } while (status == CR_OK);
+ 
+         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, 
+                                       token);
+                 token = NULL;
+-                status = cr_parser_parse_block_core (a_this);
++                status = cr_parser_parse_block_core (a_this, 0);
+                 CHECK_PARSING_STATUS (status,
+                                       FALSE);
+                 goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+ 
+         RECORD_INITIAL_POS (a_this, &init_pos);
+ 
+-        status = cr_parser_parse_any_core (a_this);
++        status = cr_parser_parse_any_core (a_this, 0);
+         CHECK_PARSING_STATUS (status, FALSE);
+ 
+         do {
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, 0);
+ 
+         } while (status == CR_OK);
+ 
+@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+  *in chapter 4.1 of the css2 spec.
+  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *FIXME: code this function.
+  */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++                            guint      n_calls)
+ {
+         CRToken *token = NULL;
+         CRInputPos init_pos;
+@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+ 
+         g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+ 
++        if (n_calls > RECURSIVE_CALLERS_LIMIT)
++                return CR_ERROR;
++
+         RECORD_INITIAL_POS (a_this, &init_pos);
+ 
+         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
+@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+         } else if (token->type == CBO_TK) {
+                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+                 token = NULL;
+-                status = cr_parser_parse_block_core (a_this);
++                status = cr_parser_parse_block_core (a_this, n_calls + 1);
+                 CHECK_PARSING_STATUS (status, FALSE);
+                 goto parse_block_content;
+         } else {
+                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+                 token = NULL;
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 CHECK_PARSING_STATUS (status, FALSE);
+                 goto parse_block_content;
+         }
+@@ -1109,7 +1118,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+                 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+                                                token);
+                 token = NULL;
+-                status = cr_parser_parse_block_core (a_this);
++                status = cr_parser_parse_block_core (a_this, 0);
+                 CHECK_PARSING_STATUS (status, FALSE);
+                 ref++;
+                 goto continue_parsing;
+@@ -1123,7 +1132,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+                 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+                                                token);
+                 token = NULL;
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, 0);
+                 if (status == CR_OK) {
+                         ref++;
+                         goto continue_parsing;
+@@ -1162,10 +1171,12 @@ cr_parser_parse_value_core (CRParser * a_this)
+  *        | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
+  *
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *@return CR_OK upon successfull completion, an error code otherwise.
+  */
+ static enum CRStatus
+-cr_parser_parse_any_core (CRParser * a_this)
++cr_parser_parse_any_core (CRParser * a_this,
++                          guint      n_calls)
+ {
+         CRToken *token1 = NULL,
+                 *token2 = NULL;
+@@ -1174,6 +1185,9 @@ cr_parser_parse_any_core (CRParser * a_this)
+ 
+         g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
+ 
++        if (n_calls > RECURSIVE_CALLERS_LIMIT)
++                return CR_ERROR;
++
+         RECORD_INITIAL_POS (a_this, &init_pos);
+ 
+         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
+@@ -1212,7 +1226,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+                  *We consider parameter as being an "any*" production.
+                  */
+                 do {
+-                        status = cr_parser_parse_any_core (a_this);
++                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 } while (status == CR_OK);
+ 
+                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1237,7 +1251,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+                 }
+ 
+                 do {
+-                        status = cr_parser_parse_any_core (a_this);
++                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 } while (status == CR_OK);
+ 
+                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1265,7 +1279,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+                 }
+ 
+                 do {
+-                        status = cr_parser_parse_any_core (a_this);
++                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 } while (status == CR_OK);
+ 
+                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
diff --git a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
index 9171a9d..a443ff2 100644
--- a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
+++ b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
@@ -18,3 +18,6 @@
 
 SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce"
 SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4"
+
+SRC_URI +="file://CVE-2020-12825.patch \
+"
diff --git a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
similarity index 85%
rename from poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb
rename to poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
index 2620cbe..353ded6 100644
--- a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb
+++ b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
@@ -8,7 +8,7 @@
 
 SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \
            file://determinism.patch"
-SRC_URI[sha256sum] = "3522c26e2c148be0ad68ce26fbced408a4185dea90bfe8079dc82b8ace962d4a"
+SRC_URI[sha256sum] = "0330fe8357ece915db9366c1b9a6648941aea6f724b73ad6e71401127aa08932"
 
 inherit autotools pkgconfig
 
diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch
new file mode 100644
index 0000000..2a48844
--- /dev/null
+++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch
@@ -0,0 +1,66 @@
+From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 30 Dec 2020 10:22:47 +0800
+Subject: [PATCH] fixed another unsigned integer overflow
+
+first fixed by google in android fork,
+https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
+
+(use a more generic overflow check method, also check second overflow instance.)
+
+https://security-tracker.debian.org/tracker/CVE-2020-0198
+
+Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c]
+CVE: CVE-2020-0198
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libexif/exif-data.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 8b280d3..34d58fc 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -47,6 +47,8 @@
+ #undef JPEG_MARKER_APP1
+ #define JPEG_MARKER_APP1 0xe1
+ 
++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
++
+ static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
+ 
+ struct _ExifDataPrivate
+@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
+ 		return;
+ 	}
+-	if (s > ds - o) {
++	if (CHECKOVERFLOW(o,ds,s)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
+ 		return;
+ 	}
+@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	}
+ 
+ 	/* Read the number of entries */
+-	if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
++	if (CHECKOVERFLOW(offset, ds, 2)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Tag data past end of buffer (%u > %u)", offset+2, ds);
++			  "Tag data past end of buffer (%u+2 > %u)", offset, ds);
+ 		return;
+ 	}
+ 	n = exif_get_short (d + offset, data->priv->order);
+@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	offset += 2;
+ 
+ 	/* Check if we have enough data. */
+-	if (offset + 12 * n > ds) {
++	if (CHECKOVERFLOW(offset, ds, 12*n)) {
+ 		n = (ds - offset) / 12;
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ 				  "Short data; only loading %hu entries...", n);
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch
new file mode 100644
index 0000000..a117b8b
--- /dev/null
+++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch
@@ -0,0 +1,39 @@
+From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 30 Dec 2020 10:18:51 +0800
+Subject: [PATCH] fixed a incorrect overflow check that could be optimized
+ away.
+
+inspired by:
+https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b
+
+https://source.android.com/security/bulletin/2020-11-01
+
+CVE-2020-0452
+
+Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06]
+CVE: CVE-2020-0452
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libexif/exif-entry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
+index 5de215f..3a6ce84 100644
+--- a/libexif/exif-entry.c
++++ b/libexif/exif-entry.c
+@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ 	{
+ 		unsigned char *utf16;
+ 
+-		/* Sanity check the size to prevent overflow */
+-		if (e->size+sizeof(uint16_t)+1 < e->size) break;
++		/* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
++		if (e->size >= 65536 - sizeof(uint16_t)*2) break;
+ 
+ 		/* The tag may not be U+0000-terminated , so make a local
+ 		   U+0000-terminated copy before converting it */
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
index 2478ba0..dc30926 100644
--- a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
+++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
@@ -8,6 +8,8 @@
     return "_".join(v.split("."))
 
 SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \
+           file://CVE-2020-0198.patch \
+           file://CVE-2020-0452.patch \
            "
 
 SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56"
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
index 0cad41d..7db624a 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
@@ -28,6 +28,9 @@
 "
 SRC_URI[sha256sum] = "03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748"
 
+# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
 BINCONFIG = "${bindir}/libgcrypt-config"
 
 inherit autotools texinfo binconfig-disabled pkgconfig
diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
index ca5f6b5..83054a9 100644
--- a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
+++ b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
@@ -11,18 +11,16 @@
 
 Refactored for 1.33
 Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
+Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
 ---
- configure.ac        |  1 +
- src/gpg-error.m4    | 71 +++--------------------------------------------------
- 4 files changed, 18 insertions(+), 69 deletions(-)
- create mode 100644 src/gpg-error.pc.in
+ src/gpg-error.m4 | 142 +----------------------------------------------
+ 1 file changed, 3 insertions(+), 139 deletions(-)
 
-Index: libgpg-error-1.33/src/gpg-error.m4
-===================================================================
---- libgpg-error-1.33.orig/src/gpg-error.m4
-+++ libgpg-error-1.33/src/gpg-error.m4
-@@ -26,139 +26,13 @@ dnl is added to the gpg_config_script_wa
+diff --git a/src/gpg-error.m4 b/src/gpg-error.m4
+index c9b235f..176bd6a 100644
+--- a/src/gpg-error.m4
++++ b/src/gpg-error.m4
+@@ -26,139 +26,12 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_GPG_ERROR],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -31,12 +29,10 @@
 -  dnl since that is consistent with how our three siblings use the directory/
 -  dnl package name in --with-$dir_name-prefix=PFX.
 -  AC_ARG_WITH(libgpg-error-prefix,
--              AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
+-              AS_HELP_STRING([--with-libgpg-error-prefix=PFX],
 -                             [prefix where GPG Error is installed (optional)]),
 -              [gpg_error_config_prefix="$withval"])
-+  min_gpg_error_version=ifelse([$1], ,0.0,$1)
-+  PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no])
- 
+-
 -  dnl Accept --with-gpg-error-prefix and make it work the same as
 -  dnl --with-libgpg-error-prefix above, for backwards compatibility,
 -  dnl but do not document this old, inconsistently-named option.
@@ -143,6 +139,8 @@
 -    fi
 -  fi
 -  AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
++  min_gpg_error_version=ifelse([$1], ,0.0,$1)
++  PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no])
    if test $ok = yes; then
 -    GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG --cflags`
 -    GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG --libs`
@@ -165,7 +163,7 @@
      fi
      if test x"$gpg_error_config_host" != xnone ; then
        if test x"$gpg_error_config_host" != x"$host" ; then
-@@ -174,15 +48,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
+@@ -174,15 +47,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
        fi
      fi
    else
@@ -181,3 +179,6 @@
 -  AC_SUBST(GPG_ERROR_MT_CFLAGS)
 -  AC_SUBST(GPG_ERROR_MT_LIBS)
  ])
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
similarity index 93%
rename from poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb
rename to poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
index f53056f..8205cb4 100644
--- a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb
+++ b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
@@ -18,7 +18,7 @@
            file://0001-Do-not-fail-when-testing-config-scripts.patch \
            "
 
-SRC_URI[sha256sum] = "4a836edcae592094ef1c5a4834908f44986ab2b82e0824a0344b49df8cdb298f"
+SRC_URI[sha256sum] = "64b078b45ac3c3003d7e352a5e05318880a5778c42331ce1ef33d1a0d9922742"
 
 BINCONFIG = "${bindir}/gpg-error-config"
 
diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch
deleted file mode 100644
index 57b336c..0000000
--- a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From ce091718716400119d6be6bd637c0e3f4f6ca315 Mon Sep 17 00:00:00 2001
-From: Joshua Watt <JPEWhacker@gmail.com>
-Date: Thu, 21 Nov 2019 08:07:41 -0600
-Subject: [PATCH] Make man pages reproducible
-
-Instructs the man page to be gzip'ed without the file name or timestamp
-so that it builds reproducibly.
-
-Upstream-Status: Backport [https://github.com/smuellerDD/jitterentropy-library/pull/14]
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 2e78607..860b720 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,7 +60,7 @@ cppcheck:
- install:
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- 	install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
--	gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+	gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- 	$(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
--- 
-2.23.0
-
diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch
deleted file mode 100644
index 9af334c..0000000
--- a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 060b9b4147f6e5ff386a8b017796118d783e59fa Mon Sep 17 00:00:00 2001
-From: Matt Weber <matthew.weber@rockwellcollins.com>
-Date: Tue, 22 Oct 2019 12:44:30 -0500
-Subject: [PATCH] Makefile: cleanup install for rebuilds
-
-Support the ability to rebuild and redeploy without a clean. This
-required some force linking and man archive creation.
-
-Provide the ability to override the stripping of the shared lib for
-cases where a embedded target build may want to control stripping
-or provide cross arch tools.
-
-Upstream-Status: Backport [060b9b4147f6e5ff386a8b017796118d783e59fa]
-Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
-Signed-off-by: Stephan Mueller <smueller@chronox.de>
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 4ff069b..2e78607 100644
---- a/Makefile
-+++ b/Makefile
-@@ -14,6 +14,8 @@ LIBDIR := lib
- # include target directory
- INCDIR := include
- 
-+INSTALL_STRIP ?= install -s
-+
- NAME := jitterentropy
- LIBMAJOR=$(shell cat jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}')
- LIBMINOR=$(shell cat jitterentropy-base.c | grep define | grep MINVERSION | awk '{print $$3}')
-@@ -58,15 +60,15 @@ cppcheck:
- install:
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- 	install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
--	gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+	gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
--	install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
-+	$(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- 	install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- 	install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- 	$(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
--	ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
--	ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-+	ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
-+	ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
- 
- clean:
- 	@- $(RM) $(NAME)
--- 
-2.23.0
-
diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
similarity index 79%
rename from poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb
rename to poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
index 710ef01..197bb78 100644
--- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb
+++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
@@ -5,14 +5,12 @@
 all environments and on a lot of CPU architectures."
 HOMEPAGE = "http://www.chronox.de/jent.html"
 LICENSE = "GPLv2+ | BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a95aadbdfae7ed812bb2b7b86eb5981c \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \
                     file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \
                     file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
                     "
-SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \
-           file://0001-Makefile-cleanup-install-for-rebuilds.patch \
-           file://0001-Make-man-pages-reproducible.patch"
-SRCREV = "933a44f33ed3d6612f7cfaa7ad1207c8da4886ba"
+SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git"
+SRCREV = "747bf030b0ea9c44548b4e29bcfab7ae416675fc"
 S = "${WORKDIR}/git"
 
 do_configure[noexec] = "1"
diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
index ebb7fa5..af96bd5 100644
--- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
+++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
@@ -1,4 +1,4 @@
-From 7bd2b060e9ea3e2ff11e67d1e98ab882819b28b7 Mon Sep 17 00:00:00 2001
+From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 3 Dec 2012 18:17:31 +0800
 Subject: [PATCH] libksba: add pkgconfig support
@@ -11,11 +11,15 @@
 
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 
+---
+ src/ksba.m4 | 90 +++--------------------------------------------------
+ 1 file changed, 4 insertions(+), 86 deletions(-)
+
 diff --git a/src/ksba.m4 b/src/ksba.m4
-index ad8de4f..af903ad 100644
+index 6b55bb8..6e7336f 100644
 --- a/src/ksba.m4
 +++ b/src/ksba.m4
-@@ -22,37 +22,6 @@ dnl with a changed API.
+@@ -23,37 +23,6 @@ dnl with a changed API.
  dnl
  AC_DEFUN([AM_PATH_KSBA],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -23,7 +27,7 @@
 -  dnl since that is consistent with how our three siblings use the directory/
 -  dnl package name in --with-$dir_name-prefix=PFX.
 -  AC_ARG_WITH(libksba-prefix,
--              AC_HELP_STRING([--with-libksba-prefix=PFX],
+-              AS_HELP_STRING([--with-libksba-prefix=PFX],
 -                             [prefix where KSBA is installed (optional)]),
 -     ksba_config_prefix="$withval", ksba_config_prefix="")
 -
@@ -53,7 +57,7 @@
  
    tmp=ifelse([$1], ,1:1.0.0,$1)
    if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-@@ -63,56 +32,13 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -64,56 +33,13 @@ AC_DEFUN([AM_PATH_KSBA],
       min_ksba_version="$tmp"
    fi
  
@@ -113,7 +117,7 @@
          if test "$tmp" -gt 0 ; then
             AC_MSG_CHECKING([KSBA API version])
             if test "$req_ksba_api" -eq "$tmp" ; then
-@@ -125,14 +51,8 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -126,14 +52,8 @@ AC_DEFUN([AM_PATH_KSBA],
       fi
    fi
    if test $ok = yes; then
@@ -129,7 +133,7 @@
      if test x"$libksba_config_host" != xnone ; then
        if test x"$libksba_config_host" != x"$host" ; then
    AC_MSG_WARN([[
-@@ -146,8 +66,6 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -147,8 +67,6 @@ AC_DEFUN([AM_PATH_KSBA],
        fi
      fi
    else
diff --git a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb
similarity index 91%
rename from poky/meta/recipes-support/libksba/libksba_1.4.0.bb
rename to poky/meta/recipes-support/libksba/libksba_1.5.0.bb
index a9daf22..005389e 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb
@@ -19,7 +19,7 @@
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://ksba-add-pkgconfig-support.patch"
 
-SRC_URI[sha256sum] = "bfe6a8e91ff0f54d8a329514db406667000cb207238eded49b599761bfca41b6"
+SRC_URI[sha256sum] = "ae4af129216b2d7fdea0b5bf2a788cd458a79c983bb09a43f4d525cc87aba0ba"
 
 do_configure_prepend () {
 	# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
similarity index 91%
rename from poky/meta/recipes-support/libpcre/libpcre2_10.35.bb
rename to poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
index 35c019c..d8077a1 100644
--- a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb
+++ b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
@@ -8,11 +8,11 @@
 HOMEPAGE = "http://www.pcre.org"
 SECTION = "devel"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=a06590e9bd4c229532364727aaeaf084"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=60c08fab1357bfe9084b333bc33362d6"
 
 SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2"
 
-SRC_URI[sha256sum] = "9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613"
+SRC_URI[sha256sum] = "a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c"
 
 CVE_PRODUCT = "pcre2"
 
diff --git a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch b/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
deleted file mode 100644
index fedda9d..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2d73469c7a17ebfe4330ac6643b0c8abdc125d05 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 30 Jan 2019 09:29:44 -0800
-Subject: [PATCH] get-pac-test: Fix build with clang/libc++
-
-get-pac-test.cpp:55:10: error: assigning to 'int' from incompatible type '__bind<int &, sockaddr *, unsigned int>'
-                        ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Upstream-Status: Submitted [https://github.com/libproxy/libproxy/pull/97]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libproxy/test/get-pac-test.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libproxy/test/get-pac-test.cpp b/libproxy/test/get-pac-test.cpp
-index 0059dfb..911f296 100644
---- a/libproxy/test/get-pac-test.cpp
-+++ b/libproxy/test/get-pac-test.cpp
-@@ -52,7 +52,7 @@ class TestServer {
- 
- 			setsockopt(m_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
- 
--			ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
-+			ret = ::bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
- 			assert(!ret);
- 
- 			ret = listen(m_sock, 1);
--- 
-2.20.1
-
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 3ef7f85..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-
-Fixes #134
-
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
-CVE: CVE-2020-25219
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
- 	return m_orig;
- }
- 
--static inline string recvline(int fd) {
--	// Read a character.
--	// If we don't get a character, return empty string.
--	// If we are at the end of the line, return empty string.
--	char c = '\0';
--	
--	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
--		return "";
--
--	return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+	string line;
-+	int ret;
-+
-+	// Reserve arbitrary amount of space to avoid small memory reallocations.
-+	line.reserve(128);
-+
-+	do {
-+		char c;
-+		ret = recv(fd, &c, 1, 0);
-+		if (ret == 1) {
-+			if (c == '\n')
-+				return line;
-+			line += c;
-+		}
-+	} while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+	return line;
- }
- 
- char* url::get_pac() {
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
deleted file mode 100644
index 0ccb99d..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
-From: Fei Li <lifeibiren@gmail.com>
-Date: Fri, 17 Jul 2020 02:18:37 +0800
-Subject: [PATCH] Fix buffer overflow when PAC is enabled
-
-The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
-out to be the large PAC file (more than 102400 bytes) returned by a
-local proxy program with no content-length present.
-
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8]
-CVE: CVE-2020-26154
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
-
----
- libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..8684086 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -54,7 +54,7 @@ using namespace std;
- #define PAC_MIME_TYPE_FB "text/plain"
- 
- // This is the maximum pac size (to avoid memory attacks)
--#define PAC_MAX_SIZE 102400
-+#define PAC_MAX_SIZE 0x800000
- // This is the default block size to use when receiving via HTTP
- #define PAC_HTTP_BLOCK_SIZE 512
- 
-@@ -478,15 +478,13 @@ char* url::get_pac() {
- 		}
- 
- 		// Get content
--		unsigned int recvd = 0;
--		buffer = new char[PAC_MAX_SIZE];
--		memset(buffer, 0, PAC_MAX_SIZE);
-+		std::vector<char> dynamic_buffer;
- 		do {
- 			unsigned int chunk_length;
- 
- 			if (chunked) {
- 				// Discard the empty line if we received a previous chunk
--				if (recvd > 0) recvline(sock);
-+				if (!dynamic_buffer.empty()) recvline(sock);
- 
- 				// Get the chunk-length line as an integer
- 				if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
-@@ -498,21 +496,41 @@ char* url::get_pac() {
- 
- 			if (content_length >= PAC_MAX_SIZE) break;
- 
--			while (content_length == 0 || recvd != content_length) {
--				int r = recv(sock, buffer + recvd,
--				             content_length == 0 ? PAC_HTTP_BLOCK_SIZE
--				                                 : content_length - recvd, 0);
-+			while (content_length == 0 || dynamic_buffer.size() != content_length) {
-+				// Calculate length to recv
-+				unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
-+				if (content_length > 0)
-+					length_to_read = content_length - dynamic_buffer.size();
-+
-+				// Prepare buffer
-+				dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
-+
-+				int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
-+
-+				// Shrink buffer to fit
-+				if (r >= 0)
-+					dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
-+
-+				// PAC size too large, discard
-+				if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
-+					chunked = false;
-+					dynamic_buffer.clear();
-+					break;
-+				}
-+
- 				if (r <= 0) {
- 					chunked = false;
- 					break;
- 				}
--				recvd += r;
- 			}
- 		} while (chunked);
- 
--		if (content_length != 0 && string(buffer).size() != content_length) {
--			delete[] buffer;
--			buffer = NULL;
-+		if (content_length == 0 || content_length == dynamic_buffer.size()) {
-+			buffer = new char[dynamic_buffer.size() + 1];
-+			if (!dynamic_buffer.empty()) {
-+				memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
-+			}
-+			buffer[dynamic_buffer.size()] = '\0';
- 		}
- 	}
- 
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
similarity index 78%
rename from poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
rename to poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
index 6f704d7..ad81ccc 100644
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
@@ -8,13 +8,8 @@
 
 DEPENDS = "glib-2.0"
 
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
-           file://0001-get-pac-test-Fix-build-with-clang-libc.patch \
-           file://CVE-2020-25219.patch \
-           file://CVE-2020-26154.patch \
-          "
-SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
-SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"
+SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
+SRC_URI[sha256sum] = "bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05"
 
 UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"
 UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"
diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
similarity index 90%
rename from poky/meta/recipes-support/libusb/libusb1_1.0.23.bb
rename to poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
index 2fd658b..4c552ae 100644
--- a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb
+++ b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
@@ -12,8 +12,7 @@
            file://run-ptest \
           "
 
-SRC_URI[md5sum] = "be79ed4a4a440169deec8beaac6aae33"
-SRC_URI[sha256sum] = "4fc17b2ef3502757641bf8fe2c14ad86ec86302a2b785abcb0806fd03aa1201f"
+SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a"
 
 S = "${WORKDIR}/libusb-${PV}"
 
diff --git a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index e39a7b9..778e091 100644
--- a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -15,4 +15,7 @@
 
 inherit autotools
 
+DISABLE_STATIC_class-nativesdk = ""
+DISABLE_STATIC_class-native = ""
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch b/poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch
rename to poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch b/poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch
rename to poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch b/poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch
rename to poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/run-ptest b/poky/meta/recipes-support/nettle/nettle-3.7/run-ptest
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/run-ptest
rename to poky/meta/recipes-support/nettle/nettle-3.7/run-ptest
diff --git a/poky/meta/recipes-support/nettle/nettle_3.6.bb b/poky/meta/recipes-support/nettle/nettle_3.7.bb
similarity index 84%
rename from poky/meta/recipes-support/nettle/nettle_3.6.bb
rename to poky/meta/recipes-support/nettle/nettle_3.7.bb
index 90f8625..2c219c2 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.6.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.7.bb
@@ -1,5 +1,8 @@
 SUMMARY = "A low level cryptographic library"
 HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
+DESCRIPTION = "It tries to solve a problem of providing a common set of \
+cryptographic algorithms for higher-level applications by implementing a \
+context-independent set of cryptographic algorithms"
 SECTION = "libs"
 LICENSE = "LGPLv3+ | GPLv2+"
 
@@ -20,8 +23,7 @@
             file://dlopen-test.patch \
             "
 
-SRC_URI[md5sum] = "c45ee24ed7361dcda152a035d396fe8a"
-SRC_URI[sha256sum] = "d24c0d0f2abffbc8f4f34dcf114b0f131ec3774895f3555922fe2f40f3d5e3f1"
+SRC_URI[sha256sum] = "f001f64eb444bf13dd91bceccbc20acbc60c4311d6e2b20878452eb9a9cec75a"
 
 UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
similarity index 75%
rename from poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
rename to poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
index b1fd233..c539ecd 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
@@ -2,17 +2,18 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50"
 
-inherit meson gettext pkgconfig gtk-doc bash-completion
+inherit meson gettext pkgconfig gtk-doc bash-completion manpages
 
 DEPENDS = "libtasn1 libtasn1-native libffi"
 
 DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
 
-SRC_URI = "git://github.com/p11-glue/p11-kit"
-SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab"
+SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23"
+SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= ""
+PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native"
 PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates"
 
 GTKDOC_MESON_OPTION = 'gtk_doc'
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch b/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch
deleted file mode 100644
index 0733378..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 213a869e8315ead2c739acfcbde712358a842dee Mon Sep 17 00:00:00 2001
-From: Yann Dirson <yann@blade-group.com>
-Date: Fri, 9 Oct 2020 15:12:26 +0200
-Subject: [PATCH] rngd: fix --debug to also filter syslog() calls
-
-Debug logs were only controlled by --debug flag while in --foreground
-mode.  In --daemon mode /var/log/message got stuffed with details of
-entropy pool refilling, which is useless in production, and hamful
-when log rotation then gets rid of the more useful logs.  This is
-especially true for embedded systems.
-
-This change makes the two modes consistently only produce debug logs when
---debug is specified.
-
-Upstream-Status: Backport [213a869e8315ead2c739acfcbde712358a842dee]
-
-Signed-off-by: Yann Dirson <yann@blade-group.com>
----
- rngd.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/rngd.h b/rngd.h
-index 901b6f1..a79ea0f 100644
---- a/rngd.h
-+++ b/rngd.h
-@@ -166,13 +166,13 @@ extern bool quiet;
- #define message(priority,fmt,args...) do { \
- 	if (quiet) \
- 		break;\
-+	if (arguments->debug == false && LOG_PRI(priority) == LOG_DEBUG) \
-+		break;\
- 	if (am_daemon) { \
- 		syslog((priority), fmt, ##args); \
- 	} else if (!msg_squash) { \
--		if ((LOG_PRI(priority) != LOG_DEBUG) || (arguments->debug == true)) {\
--			fprintf(stderr, fmt, ##args); \
--			fflush(stderr); \
--		} \
-+		fprintf(stderr, fmt, ##args); \
-+		fflush(stderr); \
- 	} \
- } while (0)
- 
--- 
-2.28.0
-
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch
deleted file mode 100644
index 9630161..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a4b6d9ce64f132e463b9091d0536913ddaf11516 Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@tuxdriver.com>
-Date: Thu, 30 Apr 2020 16:57:35 -0400
-Subject: [PATCH] Remove name conflict with libc encrypt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Forgot to fixup the funciton name conflict with libcs encrypt() function
-on power systems
-
-Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/a4b6d9ce64f132e463b9091d0536913ddaf11516]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
-Reported-by: Natanael Copa <ncopa@alpinelinux.org>
-Reported-by: "Milan P. Stanić" <mps@arvanta.net>
----
- rngd_darn.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_darn.c b/rngd_darn.c
-index 35df7a1..9345895 100644
---- a/rngd_darn.c
-+++ b/rngd_darn.c
-@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src)
- 	return 0;
- }
- 
--int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-             unsigned char *iv, unsigned char *ciphertext)
- {
-         int len;
-@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
-         unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
- 
-         /* Encrypt the plaintext */
--        ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+        ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
-                               ciphertext);
-         printf("Calling mangle with len %d\n", ciphertext_len);
-         if (!ciphertext_len)
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch
deleted file mode 100644
index 93103ef..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From dab16a5fd4efde8ef569b358e19b1fcbc7d0d938 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Mon, 30 Mar 2020 00:10:46 +0200
-Subject: [PATCH] rngd_jitter: disambiguate call to encrypt
-
-Commit 0f184ea7e792427fb20afe81d471b565aee96f0b disambiguate the call to
-encrypt in rngd_rdrand.c but did not update rngd_jitter.c.
-
-This raise the following build failure:
-
-rngd_jitter.c:75:12: error: conflicting types for 'encrypt'
- static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-            ^~~~~~~
-In file included from rngd_jitter.c:27:
-/home/dawncrow/buildroot-test/scripts/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/unistd.h:1132:13: note: previous declaration of 'encrypt' was here
- extern void encrypt (char *__block, int __edflag) __THROW __nonnull ((1));
-             ^~~~~~~
-Makefile:770: recipe for target 'rngd-rngd_jitter.o' failed
-
-Fixes:
- - http://autobuild.buildroot.org/results/0ca6bf16e3acbc94065b88c4442d6595424b77cb
-
-Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- rngd_jitter.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_jitter.c b/rngd_jitter.c
-index c1b1aca..49a3825 100644
---- a/rngd_jitter.c
-+++ b/rngd_jitter.c
-@@ -72,7 +72,7 @@ unsigned char *aes_buf;
- char key[AES_BLOCK];
- static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
- 
--static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-             unsigned char *iv, unsigned char *ciphertext)
- {
-         EVP_CIPHER_CTX *ctx;
-@@ -122,7 +122,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
-         unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
- 
-         /* Encrypt the plaintext */
--        ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+        ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
-                               ciphertext);
-         if (!ciphertext_len)
-                 return -1;
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
similarity index 89%
rename from poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb
rename to poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
index 40ec5ad..61a0cef 100644
--- a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb
+++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
@@ -10,14 +10,11 @@
 
 SRC_URI = "\
     git://github.com/nhorman/rng-tools.git \
-    file://a4b6d9ce64f132e463b9091d0536913ddaf11516.patch \
-    file://dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch \
-    file://0001-rngd-fix-debug-to-also-filter-syslog-calls.patch \
     file://init \
     file://default \
     file://rngd.service \
 "
-SRCREV = "0be82200a66d9321451e0a0785bfae350b9cffdc"
+SRCREV = "2ea13473fd5bfea3c861dc0e23bd65e2afe8007b"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index e82c818..5509c99 100644
--- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -8,8 +8,8 @@
 DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native"
 
 SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https"
-SRCREV = "ef58b2b2f7ad4070171c6e45e3b3764daa3ff2c1"
-PV = "2.0"
+SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70"
+PV = "2.1"
 S = "${WORKDIR}/git"
 
 inherit meson pkgconfig gettext python3native mime
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
similarity index 70%
rename from poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
rename to poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
index 33f041a..fe5adb2 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
@@ -3,8 +3,8 @@
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
-SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "106a2c48c7f75a298a7557bcc0d5f4f454e5b43811cc738b7ca294d6956bbb15"
+SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI[sha256sum] = "2a3bca581117b3b88e5361d0ef3803ba6d8da604b1c1a47d902ef785c1b53e89"
 
 # -19242 is only an issue in specific development branch commits
 CVE_CHECK_WHITELIST += "CVE-2019-19242"