[hardknott 00/18] Patch review

[hardknott 00/18] Patch review

[Armin Kuster]

Please have comments back by Tuesday

The following changes since commit 5a4b2ab29d38c02535f24d5308cc40615739f557:

  python3-urllib3: Upgrade 1.26.4 -> 1.26.5 (2021-07-30 16:20:20 -0700)

are available in the Git repository at:

  git://git.openembedded.org/meta-openembedded-contrib stable/hardknott-nut
  http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/hardknott-nut

Anastasios Kavoukis (1):
  pm-qa: fix paths for shell scripts

Armin Kuster (1):
  wireshark: update to 3.4.7

Changqing Li (1):
  ndpi: fix CVE-2021-36082

Devendra Tewari (1):
  Suppress eol in functionfs setup scripts (#147)

Gianfranco (1):
  vboxguestdrivers: upgrade 6.1.22 -> 6.1.24

Joe Slater (1):
  php: move to version 7.4.21

Kai Kang (1):
  libdbi-perl: fix CVE-2014-10402

Li Wang (1):
  openlldp: fix segfault

Michael Opdenacker (1):
  bigbuckbunny-1080p: fix sample video URL

Mingli Yu (2):
  mariadb: redefine log-error item
  mariadb: Update SRC_URI

Paulo Neves (1):
  htop: Add ncurses-terminfo-base to RDEPENDS

Tony Battersby (3):
  net-snmp: fix QA Issue after LDFLAGS change
  curlpp: fix QA Issue after LDFLAGS change
  ldns: fix QA Issue after LDFLAGS change

Tony Tascioglu (1):
  redis: fix CVE-2021-32625

wangmy (2):
  nghttp2: upgrade 1.43.0 -> 1.44.0
  libtalloc: upgrade 2.3.2 -> 2.3.3

 .../sample-content/bigbuckbunny-1080p.bb      |   2 +-
 .../net-snmp/net-snmp_5.9.1.bb                |   5 +
 .../lldp_head-remove-all-references.patch     | 331 ++++++++++++++++++
 .../openlldp/openlldp_1.0.1.bb                |   1 +
 .../recipes-support/curlpp/curlpp_0.8.1.bb    |   7 +
 ...{libtalloc_2.3.2.bb => libtalloc_2.3.3.bb} |   6 +-
 .../{nghttp2_1.43.0.bb => nghttp2_1.44.0.bb}  |   2 +-
 .../ntopng/files/CVE-2021-36082.patch         | 116 ++++++
 .../recipes-support/ntopng/ndpi_3.4.bb        |   1 +
 ...{wireshark_3.4.6.bb => wireshark_3.4.7.bb} |   2 +-
 meta-oe/recipes-dbs/mysql/mariadb.inc         |   7 +-
 meta-oe/recipes-dbs/mysql/mariadb/my.cnf      |   2 +-
 .../android-gadget-cleanup                    |   2 +-
 .../android-gadget-setup                      |   4 +-
 .../android-gadget-start                      |   2 +-
 meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb   |   7 +
 .../perl/libdbi-perl/CVE-2014-10402.patch     |  56 +++
 .../perl/libdbi-perl_1.643.bb                 |   4 +-
 .../php/{php_7.4.16.bb => php_7.4.21.bb}      |   3 +-
 .../redis/redis/fix-CVE-2021-32625.patch      |  61 ++++
 meta-oe/recipes-extended/redis/redis_6.2.2.bb |   1 +
 meta-oe/recipes-support/htop/htop_3.0.5.bb    |   2 +
 .../40-linux-5.13-support.patch               | 276 ---------------
 ...s_6.1.22.bb => vboxguestdrivers_6.1.26.bb} |   6 +-
 meta-oe/recipes-test/pm-qa/pm-qa_git.bb       |   3 +-
 25 files changed, 610 insertions(+), 299 deletions(-)
 create mode 100644 meta-networking/recipes-protocols/openlldp/files/lldp_head-remove-all-references.patch
 rename meta-networking/recipes-support/libtalloc/{libtalloc_2.3.2.bb => libtalloc_2.3.3.bb} (91%)
 rename meta-networking/recipes-support/nghttp2/{nghttp2_1.43.0.bb => nghttp2_1.44.0.bb} (93%)
 create mode 100644 meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch
 rename meta-networking/recipes-support/wireshark/{wireshark_3.4.6.bb => wireshark_3.4.7.bb} (97%)
 create mode 100644 meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch
 rename meta-oe/recipes-devtools/php/{php_7.4.16.bb => php_7.4.21.bb} (99%)
 create mode 100644 meta-oe/recipes-extended/redis/redis/fix-CVE-2021-32625.patch
 delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
 rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.22.bb => vboxguestdrivers_6.1.26.bb} (94%)

-- 
2.25.1

[hardknott 01/18] wireshark: update to 3.4.7

[Armin Kuster]

Stable branch bug fix update. Includes:
CVE-2021-22235

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b68fe48192f0e029a1ca60a8f72199fbbccd3c1e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../wireshark/{wireshark_3.4.6.bb => wireshark_3.4.7.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/wireshark/{wireshark_3.4.6.bb => wireshark_3.4.7.bb} (97%)

diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.7.bb
similarity index 97%
rename from meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb
rename to meta-networking/recipes-support/wireshark/wireshark_3.4.7.bb
index 6acd849f89..2e0fdae63b 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.7.bb
@@ -19,7 +19,7 @@ SRC_URI += " \
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[sha256sum] = "12a678208f8cb009e6b9d96026e41a6ef03c7ad086b9e1029f42053b249b4628"
+SRC_URI[sha256sum] = "6c4cee51ef997cb9d9aaee84113525a5629157d3c743d7c4e320000de804a09d"
 
 PE = "1"
 
-- 
2.25.1

[hardknott 02/18] nghttp2: upgrade 1.43.0 -> 1.44.0

[Armin Kuster]

From: wangmy <wangmy@fujitsu.com>

v1.44.0 changelog:

lib: Port new ngtcp2 map implementation
doc: Replace master with main
build: Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
build: Add more --with-* configure flags
build: Add LIBTOOL_LDFLAGS configure variable
third-party: Bump llhttp to 6.0.2
src: Replace black-list with block-list
nghttpx: Fix max distance in weight group/address cycle comparison
nghttpx: Set connect_blocker and live_check after shuffling addresses
nghttpx: Replace master with main
nghttpx: Remove trailing white space after $method log variable
(https://github.com/nghttp2/nghttp2/pull/1553)
h2load: Add --rps option
(https://github.com/nghttp2/nghttp2/pull/1559)
h2load: Allow unit in -D option
asio: fix some typos (Patch from Jan Kundrát)
(https://github.com/nghttp2/nghttp2/pull/1550)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b767b37e3aabc3c9e95adb7eb469bd6d32979fb8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../nghttp2/{nghttp2_1.43.0.bb => nghttp2_1.44.0.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/nghttp2/{nghttp2_1.43.0.bb => nghttp2_1.44.0.bb} (93%)

diff --git a/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb b/meta-networking/recipes-support/nghttp2/nghttp2_1.44.0.bb
similarity index 93%
rename from meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
rename to meta-networking/recipes-support/nghttp2/nghttp2_1.44.0.bb
index 959cccf357..32a9307c3f 100644
--- a/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
+++ b/meta-networking/recipes-support/nghttp2/nghttp2_1.44.0.bb
@@ -11,7 +11,7 @@ SRC_URI = "\
     https://github.com/nghttp2/nghttp2/releases/download/v${PV}/nghttp2-${PV}.tar.xz \
     file://0001-fetch-ocsp-response-use-python3.patch \
 "
-SRC_URI[sha256sum] = "f7d54fa6f8aed29f695ca44612136fa2359013547394d5dffeffca9e01a26b0f"
+SRC_URI[sha256sum] = "5699473b29941e8dafed10de5c8cb37a3581edf62ba7d04b911ca247d4de3c5d"
 
 inherit cmake manpages python3native
 PACKAGECONFIG[manpages] = ""
-- 
2.25.1

[hardknott 03/18] libtalloc: upgrade 2.3.2 -> 2.3.3

[Armin Kuster]

From: wangmy <wangmy@fujitsu.com>

License-Update:
 add note:
     ** NOTE! The following LGPL license applies to the talloc
     ** library. This does NOT imply that all of Samba is released
     ** under the LGPL
 "GNU General Public License" changed to "GNU Lesser General Public License"

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 173cf5fd6b3fa2b0ee74ccb5fc11a96319943821)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../libtalloc/{libtalloc_2.3.2.bb => libtalloc_2.3.3.bb}    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta-networking/recipes-support/libtalloc/{libtalloc_2.3.2.bb => libtalloc_2.3.3.bb} (91%)

diff --git a/meta-networking/recipes-support/libtalloc/libtalloc_2.3.2.bb b/meta-networking/recipes-support/libtalloc/libtalloc_2.3.3.bb
similarity index 91%
rename from meta-networking/recipes-support/libtalloc/libtalloc_2.3.2.bb
rename to meta-networking/recipes-support/libtalloc/libtalloc_2.3.3.bb
index ae92de2db3..1d227dac6c 100644
--- a/meta-networking/recipes-support/libtalloc/libtalloc_2.3.2.bb
+++ b/meta-networking/recipes-support/libtalloc/libtalloc_2.3.3.bb
@@ -3,14 +3,14 @@ HOMEPAGE = "http://talloc.samba.org"
 SECTION = "libs"
 LICENSE = "LGPL-3.0+ & GPL-3.0+"
 LIC_FILES_CHKSUM = "file://talloc.h;beginline=3;endline=27;md5=a301712782cad6dd6d5228bfa7825249 \
-                    file://pytalloc.h;beginline=1;endline=18;md5=2c498cc6f2263672483237b20f46b43d"
+                    file://pytalloc.h;beginline=1;endline=18;md5=21ab13bd853679d7d47a1739cb3b7db6 \
+                    "
 
 
 SRC_URI = "https://www.samba.org/ftp/talloc/talloc-${PV}.tar.gz \
            file://options-2.2.0.patch \
 "
-SRC_URI[md5sum] = "3376a86bdf9dd4abc6b8d8d645390902"
-SRC_URI[sha256sum] = "27a03ef99e384d779124df755deb229cd1761f945eca6d200e8cfd9bf5297bd7"
+SRC_URI[sha256sum] = "6be95b2368bd0af1c4cd7a88146eb6ceea18e46c3ffc9330bf6262b40d1d8aaa"
 
 inherit waf-samba
 
-- 
2.25.1

[hardknott 04/18] openlldp: fix segfault

[Armin Kuster]

From: Li Wang <li.wang@windriver.com>

~ lldpad -d
~ 8021q: 802.1Q VLAN Support v1.8
~ 8021q: adding VLAN 0 to HW filter on device eth0
~ lldpad[xxx]: segfault at 0 ip xxx sp xxx error 4 in lldpad[xxx+xxx]
~ Code: xxx

the issue is introduced by:
0002-lldp_head-rename-and-make-extern.patch

Upstream patches:
https://github.com/intel/openlldp/commit/ed6a8e5a75f56b7034a46294a0bf2a9a7fd14fbc

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 145f59ba75c992c4ce1f808308c041c1f7519244)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../lldp_head-remove-all-references.patch     | 331 ++++++++++++++++++
 .../openlldp/openlldp_1.0.1.bb                |   1 +
 2 files changed, 332 insertions(+)
 create mode 100644 meta-networking/recipes-protocols/openlldp/files/lldp_head-remove-all-references.patch

diff --git a/meta-networking/recipes-protocols/openlldp/files/lldp_head-remove-all-references.patch b/meta-networking/recipes-protocols/openlldp/files/lldp_head-remove-all-references.patch
new file mode 100644
index 0000000000..bb3400cfa6
--- /dev/null
+++ b/meta-networking/recipes-protocols/openlldp/files/lldp_head-remove-all-references.patch
@@ -0,0 +1,331 @@
+From ed6a8e5a75f56b7034a46294a0bf2a9a7fd14fbc Mon Sep 17 00:00:00 2001
+From: Aaron Conole <aconole@redhat.com>
+Date: Fri, 23 Oct 2020 14:40:32 -0400
+Subject: [PATCH] lldp_head: remove all references
+
+There were a number of references missed during the module cleanup.  This hits the remaining
+ones.
+
+Fixes: 07a83c583b9d ("lldp_head: rename and make extern")
+Signed-off-by: Aaron Conole <aconole@redhat.com>
+
+Reference to upstream patch:
+https://github.com/intel/openlldp/commit/ed6a8e5a75f56b7034a46294a0bf2a9a7fd14fbc
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ ctrl_iface.c   |  4 +---
+ lldp_8021qaz.c | 11 +++++------
+ lldp_8023.c    |  6 ++----
+ lldp_basman.c  |  6 ++----
+ lldp_evb.c     |  6 ++----
+ lldp_evb22.c   |  6 ++----
+ lldp_mand.c    | 10 ++++------
+ lldp_med.c     |  6 ++----
+ qbg_utils.c    |  3 +--
+ 9 files changed, 21 insertions(+), 37 deletions(-)
+
+diff --git a/ctrl_iface.c b/ctrl_iface.c
+index 1734f49..666f7c8 100644
+--- a/ctrl_iface.c
++++ b/ctrl_iface.c
+@@ -53,8 +53,6 @@
+ #include "lldp_util.h"
+ #include "messages.h"
+ 
+-extern struct lldp_head lldp_head;
+-
+ struct ctrl_dst {
+ 	struct ctrl_dst *next;
+ 	struct sockaddr_un addr;
+@@ -116,7 +114,7 @@ int clif_iface_module(struct clif_data *clifd,
+ 		return cmd_invalid;
+ 	}
+ 
+-	mod = find_module_by_id(&lldp_head, module_id);
++	mod = find_module_by_id(&lldp_mod_head, module_id);
+ 	if (mod && mod->ops && mod->ops->client_cmd)
+ 		return  (mod->ops->client_cmd)(clifd, from, fromlen,
+ 			 cmd_start, cmd_len, rbuf+strlen(rbuf), rlen);
+diff --git a/lldp_8021qaz.c b/lldp_8021qaz.c
+index 16ae167..e747710 100644
+--- a/lldp_8021qaz.c
++++ b/lldp_8021qaz.c
+@@ -48,7 +48,6 @@
+ #include "lldp_dcbx.h"
+ 
+ 
+-struct lldp_head lldp_head;
+ extern config_t lldpad_cfg;
+ extern bool read_only_8021qaz;
+ 
+@@ -84,7 +83,7 @@ static int ieee8021qaz_check_pending(struct port *port,
+ 	if (!port->portEnabled)
+ 		return 0;
+ 
+-	iud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8021QAZ);
++	iud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8021QAZ);
+ 	if (iud) {
+ 		LIST_FOREACH(tlv, &iud->head, entry) {
+ 			if (!strncmp(port->ifname, tlv->ifname, IFNAMSIZ)) {
+@@ -143,7 +142,7 @@ struct ieee8021qaz_tlvs *ieee8021qaz_data(const char *ifname)
+ 	struct ieee8021qaz_user_data *iud;
+ 	struct ieee8021qaz_tlvs *tlv = NULL;
+ 
+-	iud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8021QAZ);
++	iud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8021QAZ);
+ 	if (iud) {
+ 		LIST_FOREACH(tlv, &iud->head, entry) {
+ 			if (!strncmp(tlv->ifname, ifname, IFNAMSIZ))
+@@ -629,7 +628,7 @@ void ieee8021qaz_ifup(char *ifname, struct lldp_agent *agent)
+ 	LIST_INIT(&tlvs->app_head);
+ 	read_cfg_file(port->ifname, agent, tlvs);
+ 
+-	iud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8021QAZ);
++	iud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8021QAZ);
+ 	LIST_INSERT_HEAD(&iud->head, tlvs, entry);
+ 
+ initialized:
+@@ -2179,7 +2178,7 @@ int ieee8021qaz_tlvs_rxed(const char *ifname)
+ 	struct ieee8021qaz_user_data *iud;
+ 	struct ieee8021qaz_tlvs *tlv = NULL;
+ 
+-	iud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8021QAZ);
++	iud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8021QAZ);
+ 	if (iud) {
+ 		LIST_FOREACH(tlv, &iud->head, entry) {
+ 			if (!strncmp(tlv->ifname, ifname, IFNAMSIZ))
+@@ -2198,7 +2197,7 @@ int ieee8021qaz_check_active(const char *ifname)
+ 	struct ieee8021qaz_user_data *iud;
+ 	struct ieee8021qaz_tlvs *tlv = NULL;
+ 
+-	iud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8021QAZ);
++	iud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8021QAZ);
+ 	if (iud) {
+ 		LIST_FOREACH(tlv, &iud->head, entry) {
+ 			if (!strncmp(tlv->ifname, ifname, IFNAMSIZ))
+diff --git a/lldp_8023.c b/lldp_8023.c
+index 422026e..8a03211 100644
+--- a/lldp_8023.c
++++ b/lldp_8023.c
+@@ -39,8 +39,6 @@
+ #include "lldp_8023_clif.h"
+ #include "lldp_8023_cmds.h"
+ 
+-extern struct lldp_head lldp_head;
+-
+ struct tlv_info_8023_maccfg {
+ 	u8 oui[3];
+ 	u8 sub;
+@@ -84,7 +82,7 @@ static struct ieee8023_data *ieee8023_data(const char *ifname, enum agent_type t
+ 	struct ieee8023_user_data *ud;
+ 	struct ieee8023_data *bd = NULL;
+ 
+-	ud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8023);
++	ud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8023);
+ 	if (ud) {
+ 		LIST_FOREACH(bd, &ud->head, entry) {
+ 			if (!strncmp(ifname, bd->ifname, IFNAMSIZ) &&
+@@ -456,7 +454,7 @@ void ieee8023_ifup(char *ifname, struct lldp_agent *agent)
+ 		goto out_err;
+ 	}
+ 
+-	ud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_8023);
++	ud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_8023);
+ 	LIST_INSERT_HEAD(&ud->head, bd, entry);
+ 	LLDPAD_INFO("%s:port %s added\n", __func__, ifname);
+ 	return;
+diff --git a/lldp_basman.c b/lldp_basman.c
+index a4f69c1..614e2a2 100644
+--- a/lldp_basman.c
++++ b/lldp_basman.c
+@@ -75,8 +75,6 @@ struct tlv_info_manaddr {
+ 	struct tlv_info_maoid o;
+ } __attribute__ ((__packed__));
+ 
+-extern struct lldp_head lldp_head;
+-
+ static const struct lldp_mod_ops basman_ops =  {
+ 	.lldp_mod_register 	= basman_register,
+ 	.lldp_mod_unregister 	= basman_unregister,
+@@ -91,7 +89,7 @@ static struct basman_data *basman_data(const char *ifname, enum agent_type type)
+ 	struct basman_user_data *bud;
+ 	struct basman_data *bd = NULL;
+ 
+-	bud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_BASIC);
++	bud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_BASIC);
+ 	if (bud) {
+ 		LIST_FOREACH(bd, &bud->head, entry) {
+ 			if (!strncmp(ifname, bd->ifname, IFNAMSIZ) &&
+@@ -688,7 +686,7 @@ void basman_ifup(char *ifname, struct lldp_agent *agent)
+ 		goto out_err;
+ 	}
+ 
+-	bud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_BASIC);
++	bud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_BASIC);
+ 	LIST_INSERT_HEAD(&bud->head, bd, entry);
+ 	LLDPAD_DBG("%s:port %s added\n", __func__, ifname);
+ 	return;
+diff --git a/lldp_evb.c b/lldp_evb.c
+index dcdcc7e..a8f3965 100644
+--- a/lldp_evb.c
++++ b/lldp_evb.c
+@@ -36,14 +36,12 @@
+ #include "messages.h"
+ #include "config.h"
+ 
+-extern struct lldp_head lldp_head;
+-
+ struct evb_data *evb_data(char *ifname, enum agent_type type)
+ {
+ 	struct evb_user_data *ud;
+ 	struct evb_data *ed = NULL;
+ 
+-	ud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_EVB);
++	ud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_EVB);
+ 	if (ud) {
+ 		LIST_FOREACH(ed, &ud->head, entry) {
+ 			if (!strncmp(ifname, ed->ifname, IFNAMSIZ) &&
+@@ -347,7 +345,7 @@ static void evb_ifup(char *ifname, struct lldp_agent *agent)
+ 
+ 	evb_init_tlv(ed, agent);
+ 
+-	ud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_EVB);
++	ud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_EVB);
+ 	LIST_INSERT_HEAD(&ud->head, ed, entry);
+ 	LLDPAD_DBG("%s:%s agent %d added\n", __func__, ifname, agent->type);
+ }
+diff --git a/lldp_evb22.c b/lldp_evb22.c
+index 76ba883..6e92d9d 100644
+--- a/lldp_evb22.c
++++ b/lldp_evb22.c
+@@ -37,14 +37,12 @@
+ #include "messages.h"
+ #include "config.h"
+ 
+-extern struct lldp_head lldp_head;
+-
+ struct evb22_data *evb22_data(char *ifname, enum agent_type type)
+ {
+ 	struct evb22_user_data *ud;
+ 	struct evb22_data *ed = NULL;
+ 
+-	ud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_EVB22);
++	ud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_EVB22);
+ 	if (ud) {
+ 		LIST_FOREACH(ed, &ud->head, entry) {
+ 			if (!strncmp(ifname, ed->ifname, IFNAMSIZ) &&
+@@ -453,7 +451,7 @@ static void evb22_ifup(char *ifname, struct lldp_agent *agent)
+ 	STRNCPY_TERMINATED(ed->ifname, ifname, IFNAMSIZ);
+ 	ed->agenttype = agent->type;
+ 	evb22_init_tlv(ed, agent);
+-	ud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_EVB22);
++	ud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_EVB22);
+ 	LIST_INSERT_HEAD(&ud->head, ed, entry);
+ 	LLDPAD_DBG("%s:%s agent %d added\n", __func__, ifname, agent->type);
+ }
+diff --git a/lldp_mand.c b/lldp_mand.c
+index 0db63cb..b857a88 100644
+--- a/lldp_mand.c
++++ b/lldp_mand.c
+@@ -42,8 +42,6 @@
+ #include "lldp/l2_packet.h"
+ #include "lldp_tlv.h"
+ 
+-extern struct lldp_head lldp_head;
+-
+ static const struct lldp_mod_ops mand_ops = {
+ 	.lldp_mod_register 	= mand_register,
+ 	.lldp_mod_unregister 	= mand_unregister,
+@@ -59,7 +57,7 @@ struct mand_data *mand_data(const char *ifname, enum agent_type type)
+ 	struct mand_user_data *mud;
+ 	struct mand_data *md = NULL;
+ 
+-	mud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_MAND);
++	mud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_MAND);
+ 	if (mud) {
+ 		LIST_FOREACH(md, &mud->head, entry) {
+ 			if (!strncmp(ifname, md->ifname, IFNAMSIZ) &&
+@@ -608,7 +606,7 @@ void mand_ifup(char *ifname, struct lldp_agent *agent)
+ 		STRNCPY_TERMINATED(md->ifname, ifname, IFNAMSIZ);
+ 		md->agenttype = agent->type;
+ 
+-		mud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_MAND);
++		mud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_MAND);
+ 		LIST_INSERT_HEAD(&mud->head, md, entry);
+ 	}
+ 
+@@ -636,7 +634,7 @@ struct lldp_module *mand_register(void)
+ 		LLDPAD_ERR("failed to malloc LLDP Mandatory module data\n");
+ 		goto out_err;
+ 	}
+-	mud = malloc(sizeof(struct mand_user_data));
++    mud = malloc(sizeof(struct mand_user_data));
+ 	if (!mud) {
+ 		free(mod);
+ 		LLDPAD_ERR("failed to malloc LLDP Mandatory module user data\n");
+@@ -644,8 +642,8 @@ struct lldp_module *mand_register(void)
+ 	}
+ 	LIST_INIT(&mud->head);
+  	mod->id = LLDP_MOD_MAND;
++    mod->data = mud;
+ 	mod->ops = &mand_ops;
+-	mod->data = mud;
+ 	LLDPAD_INFO("%s:done\n", __func__);
+ 	return mod;
+ out_err:
+diff --git a/lldp_med.c b/lldp_med.c
+index f6c373e..7b6996e 100644
+--- a/lldp_med.c
++++ b/lldp_med.c
+@@ -40,8 +40,6 @@
+ #include "lldp_mand_clif.h"
+ #include "lldp_med_cmds.h"
+ 
+-extern struct lldp_head lldp_head;
+-
+ struct tlv_info_medcaps {
+ 	u8 oui[OUI_SIZE];
+ 	u8 subtype;
+@@ -95,7 +93,7 @@ static struct med_data *med_data(const char *ifname, enum agent_type type)
+ 	struct med_user_data *mud;
+ 	struct med_data *md = NULL;
+ 
+-	mud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_MED);
++	mud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_MED);
+ 	if (mud) {
+ 		LIST_FOREACH(md, &mud->head, entry) {
+ 			if (!strncmp(ifname, md->ifname, IFNAMSIZ) &&
+@@ -914,7 +912,7 @@ void med_ifup(char *ifname, struct lldp_agent *agent)
+ 		free(md);
+ 		goto out_err;
+ 	}
+-	mud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_MED);
++	mud = find_module_user_data_by_id(&lldp_mod_head, LLDP_MOD_MED);
+ 	LIST_INSERT_HEAD(&mud->head, md, entry);
+ 	LLDPAD_INFO("%s:port %s added\n", __func__, ifname);
+ 	return;
+diff --git a/qbg_utils.c b/qbg_utils.c
+index 9daeade..0d40c5b 100644
+--- a/qbg_utils.c
++++ b/qbg_utils.c
+@@ -36,7 +36,6 @@
+ #include "qbg_utils.h"
+ 
+ extern int loglvl;			/* Global lldpad log level */
+-extern struct lldp_head lldp_head;
+ 
+ /*
+  * hexdump_frame - print raw evb/ecp/vdp frame
+@@ -73,7 +72,7 @@ void hexdump_frame(const char *ifname, char *txt, const unsigned char *buf,
+  */
+ int modules_notify(int id, int sender_id, char *ifname, void *data)
+ {
+-	struct lldp_module *mp = find_module_by_id(&lldp_head, id);
++	struct lldp_module *mp = find_module_by_id(&lldp_mod_head, id);
+ 	int rc = 0;
+ 
+ 	if (mp && mp->ops->lldp_mod_notify)
+-- 
+2.18.1
+
diff --git a/meta-networking/recipes-protocols/openlldp/openlldp_1.0.1.bb b/meta-networking/recipes-protocols/openlldp/openlldp_1.0.1.bb
index d8a0d6913a..ec3e557ad9 100644
--- a/meta-networking/recipes-protocols/openlldp/openlldp_1.0.1.bb
+++ b/meta-networking/recipes-protocols/openlldp/openlldp_1.0.1.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/intel/openlldp.git;protocol=https;branch=master \
            file://0007-lldp_8021qaz-extern-config-object.patch \
            file://0008-stringops-fix-some-string-copy-errors.patch \
            file://0009-8021qaz-mark-prio-map-functions-static.patch \
+           file://lldp_head-remove-all-references.patch \
            "
 
 # Makefile.am adds -Werror to AM_CFLAGS. There are warnings so disable it.
-- 
2.25.1

[hardknott 05/18] htop: Add ncurses-terminfo-base to RDEPENDS

[Armin Kuster]

From: Paulo Neves <ptsneves@gmail.com>

Without it there are no terminal configurations on the target
and htop refuses to run.

(cherry picked from commit b5d74f8a6bd33e8468dd04d990f08d89d1e6928a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-support/htop/htop_3.0.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-support/htop/htop_3.0.5.bb b/meta-oe/recipes-support/htop/htop_3.0.5.bb
index 8e9b95d91d..c757f7fb59 100644
--- a/meta-oe/recipes-support/htop/htop_3.0.5.bb
+++ b/meta-oe/recipes-support/htop/htop_3.0.5.bb
@@ -31,3 +31,5 @@ PACKAGECONFIG[delayacct] = "--enable-delayacct,--disable-delayacct,libnl"
 PACKAGECONFIG[sensors] = "--with-sensors,--without-sensors,lmsensors,lmsensors-libsensors"
 
 FILES_${PN} += "${datadir}/icons/hicolor/scalable/apps/htop.svg"
+
+RDEPENDS_${PN} += "ncurses-terminfo-base"
-- 
2.25.1

[hardknott 06/18] php: move to version 7.4.21

[Armin Kuster]

From: Joe Slater <joe.slater@windriver.com>

Lots of bug fixes.

CVE: CVE-2021-21704 CVE-2021-21705

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93045c3db744a9f1cd0a9b0ce992d44d9c44c309)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-devtools/php/{php_7.4.16.bb => php_7.4.21.bb} | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/php/{php_7.4.16.bb => php_7.4.21.bb} (99%)

diff --git a/meta-oe/recipes-devtools/php/php_7.4.16.bb b/meta-oe/recipes-devtools/php/php_7.4.21.bb
similarity index 99%
rename from meta-oe/recipes-devtools/php/php_7.4.16.bb
rename to meta-oe/recipes-devtools/php/php_7.4.21.bb
index 821d9cd046..4d427252f1 100644
--- a/meta-oe/recipes-devtools/php/php_7.4.16.bb
+++ b/meta-oe/recipes-devtools/php/php_7.4.21.bb
@@ -33,7 +33,8 @@ SRC_URI_append_class-target = " \
           "
 
 S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = "85710f007cfd0fae94e13a02a3a036f4e81ef43693260cae8a2e1ca93659ce3e"
+SRC_URI[sha256sum] = "36ec6102e757e2c2b7742057a700bbff77c76fa0ccbe9c860398c3d24e32822a"
+
 
 inherit autotools pkgconfig python3native gettext
 
-- 
2.25.1

[hardknott 07/18] net-snmp: fix QA Issue after LDFLAGS change

[Armin Kuster]

From: Tony Battersby <tonyb@cybernetics.com>

Adding -f*-prefix-map to LDFLAGS caused the following issue:

QA Issue: netsnmp-agent.pc failed sanity test (tmpdir)

Fix by filtering out -f*-prefix-map from *.pc files.

[YOCTO #14481]

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5e042ac2079bffa3ae3d9839a50bf6a3d3f1930a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
index 7c3d5babd8..0150d3e38a 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
@@ -131,6 +131,11 @@ do_install_append() {
         -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \
         -i ${D}${bindir}/net-snmp-config
 
+    sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \
+        -i ${D}${libdir}/pkgconfig/netsnmp*.pc
+
     # ${STAGING_DIR_HOST} is empty for native builds, and the sed command below
     # will result in errors if run for native.
     if [ "${STAGING_DIR_HOST}" ]; then
-- 
2.25.1

[hardknott 08/18] Suppress eol in functionfs setup scripts (#147)

[Armin Kuster]

From: Devendra Tewari <devendra.tewari@gmail.com>

Stray newline character causes errors in functionfs setup scripts
used by android-tools-adbd.service, when using musl libc and/or toybox.

Signed-off-by: Devendra Tewari <devendra.tewari@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit db5f48734404a52ee5323659082f1d6baa225ca7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../android-tools-conf-configfs/android-gadget-cleanup        | 2 +-
 .../android-tools-conf-configfs/android-gadget-setup          | 4 ++--
 .../android-tools-conf-configfs/android-gadget-start          | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup b/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup
index 517227d4a6..f27d77df51 100644
--- a/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup
+++ b/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup
@@ -6,7 +6,7 @@ cd /sys/kernel/config/usb_gadget
 
 cd adb
 
-echo "" > UDC || true
+echo -n "" > UDC || true
 
 killall adbd || true
 
diff --git a/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup b/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup
index e44d1bacbe..dbd7115151 100644
--- a/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup
+++ b/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup
@@ -23,8 +23,8 @@ mkdir configs/c.1
 mkdir functions/ffs.usb0
 mkdir strings/0x409
 mkdir configs/c.1/strings/0x409
-echo 0x18d1 > idVendor
-echo 0xd002 > idProduct
+echo -n 0x18d1 > idVendor
+echo -n 0xd002 > idProduct
 echo "$serial" > strings/0x409/serialnumber
 echo "$manufacturer" > strings/0x409/manufacturer
 echo "$model" > strings/0x409/product
diff --git a/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start b/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start
index ca6c3df275..d67878fef9 100644
--- a/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start
+++ b/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start
@@ -4,4 +4,4 @@ set -e
 
 sleep 3
 
-ls /sys/class/udc/ > /sys/kernel/config/usb_gadget/adb/UDC
+ls /sys/class/udc/ | xargs echo -n > /sys/kernel/config/usb_gadget/adb/UDC
-- 
2.25.1

[hardknott 09/18] pm-qa: fix paths for shell scripts

[Armin Kuster]

From: Anastasios Kavoukis <anastasios.kavoukis@arm.com>

A commit in the repo of pm-qa:

"adf9df9 Fix path to library files and change shebang line"

Changed the text that sed was using to replace relative to
absolute paths.

As a result sed was not effectively finding the text
"source ../include" to replace it, as the sed should be now
searching for ". ../include".

Similarly for "../Switches"

Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 06a93a04efe2c2cbae6de93d07962be4dfa35019)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-test/pm-qa/pm-qa_git.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-test/pm-qa/pm-qa_git.bb b/meta-oe/recipes-test/pm-qa/pm-qa_git.bb
index 7e9971ea4c..bb641437c9 100644
--- a/meta-oe/recipes-test/pm-qa/pm-qa_git.bb
+++ b/meta-oe/recipes-test/pm-qa/pm-qa_git.bb
@@ -42,6 +42,7 @@ do_install () {
     do
         # Remove hardcoded relative paths
         sed -i -e 's#..\/utils\/##' ${script}
+        sed -i -e 's#. ..\/Switches#${bindir}#g' ${script}
 
         script_basename=`basename ${script}`
         install -m 0755 $script ${D}${libdir}/${BPN}/${script_basename}
@@ -54,7 +55,7 @@ do_install () {
         # if the script includes any helper scripts from the $libdir
         # directory then change the source path to the absolute path
         # to reflect the install location of the helper scripts.
-        sed -i -e "s#source ../include#source ${libdir}/${BPN}#g" ${script}
+        sed -i -e "s#. ../include#. ${libdir}/${BPN}#g" ${script}
         # Remove hardcoded relative paths
         sed -i -e 's#..\/utils\/##' ${script}
 
-- 
2.25.1

[hardknott 10/18] vboxguestdrivers: upgrade 6.1.22 -> 6.1.24

[Armin Kuster]

From: Gianfranco <costamagna.gianfranco@gmail.com>

Drop patch to fix build failure with kernel 5.13, now part of upstream codebase

Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66b5131e266a6e4a82b467d58cb657a28a2e4b7e)
[stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../40-linux-5.13-support.patch               | 276 ------------------
 ...s_6.1.22.bb => vboxguestdrivers_6.1.26.bb} |   6 +-
 2 files changed, 3 insertions(+), 279 deletions(-)
 delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
 rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.22.bb => vboxguestdrivers_6.1.26.bb} (94%)

diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
deleted file mode 100644
index e95e240492..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
+++ /dev/null
@@ -1,276 +0,0 @@
-Subject: Fix build errors with linux 5.13
-Origin: upstream, https://www.virtualbox.org/browser/vbox/trunk
-Bug: https://bugs.launchpad.net/bugs/1929193
-
-diff -urpN virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_drv.h virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_drv.h
---- virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_drv.h	2021-04-28 16:24:47.000000000 +0000
-+++ virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_drv.h	2021-06-23 10:08:44.431714404 +0000
-@@ -46,20 +41,20 @@
-  * Evaluates to true if the linux kernel version is equal or higher to the
-  * one specfied. */
- #define RTLNX_VER_MIN(a_Major, a_Minor, a_Patch) \
--    (LINUX_VERSION_CODE >= KERNEL_VERSION(a_Major, a_Minor, a_Patch))
-+	(LINUX_VERSION_CODE >= KERNEL_VERSION(a_Major, a_Minor, a_Patch))
- 
- /** @def RTLNX_VER_MAX
-  * Evaluates to true if the linux kernel version is less to the one specfied
-  * (exclusive). */
- #define RTLNX_VER_MAX(a_Major, a_Minor, a_Patch) \
--    (LINUX_VERSION_CODE < KERNEL_VERSION(a_Major, a_Minor, a_Patch))
-+	(LINUX_VERSION_CODE < KERNEL_VERSION(a_Major, a_Minor, a_Patch))
- 
- /** @def RTLNX_VER_RANGE
-  * Evaluates to true if the linux kernel version is equal or higher to the given
-  * minimum version and less (but not equal) to the maximum version (exclusive). */
- #define RTLNX_VER_RANGE(a_MajorMin, a_MinorMin, a_PatchMin,  a_MajorMax, a_MinorMax, a_PatchMax) \
--    (   LINUX_VERSION_CODE >= KERNEL_VERSION(a_MajorMin, a_MinorMin, a_PatchMin) \
--     && LINUX_VERSION_CODE <  KERNEL_VERSION(a_MajorMax, a_MinorMax, a_PatchMax) )
-+	(   LINUX_VERSION_CODE >= KERNEL_VERSION(a_MajorMin, a_MinorMin, a_PatchMin) \
-+	 && LINUX_VERSION_CODE <  KERNEL_VERSION(a_MajorMax, a_MinorMax, a_PatchMax) )
- 
- 
- /** @def RTLNX_RHEL_MIN
-@@ -70,7 +65,7 @@
-  */
- #if defined(RHEL_MAJOR) && defined(RHEL_MINOR)
- # define RTLNX_RHEL_MIN(a_iMajor, a_iMinor) \
--     ((RHEL_MAJOR) > (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) >= (a_iMinor)))
-+	 ((RHEL_MAJOR) > (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) >= (a_iMinor)))
- #else
- # define RTLNX_RHEL_MIN(a_iMajor, a_iMinor) (0)
- #endif
-@@ -83,7 +78,7 @@
-  */
- #if defined(RHEL_MAJOR) && defined(RHEL_MINOR)
- # define RTLNX_RHEL_MAX(a_iMajor, a_iMinor) \
--     ((RHEL_MAJOR) < (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) < (a_iMinor)))
-+	 ((RHEL_MAJOR) < (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) < (a_iMinor)))
- #else
- # define RTLNX_RHEL_MAX(a_iMajor, a_iMinor) (0)
- #endif
-@@ -95,7 +90,7 @@
-  */
- #if defined(RHEL_MAJOR) && defined(RHEL_MINOR)
- # define RTLNX_RHEL_RANGE(a_iMajorMin, a_iMinorMin,  a_iMajorMax, a_iMinorMax) \
--     (RTLNX_RHEL_MIN(a_iMajorMin, a_iMinorMin) && RTLNX_RHEL_MAX(a_iMajorMax, a_iMinorMax))
-+	 (RTLNX_RHEL_MIN(a_iMajorMin, a_iMinorMin) && RTLNX_RHEL_MAX(a_iMajorMax, a_iMinorMax))
- #else
- # define RTLNX_RHEL_RANGE(a_iMajorMin, a_iMinorMin,  a_iMajorMax, a_iMinorMax)  (0)
- #endif
-@@ -173,7 +168,9 @@
- #include <drm/ttm/ttm_bo_api.h>
- #include <drm/ttm/ttm_bo_driver.h>
- #include <drm/ttm/ttm_placement.h>
-+#if RTLNX_VER_MAX(5,13,0)
- #include <drm/ttm/ttm_memory.h>
-+#endif
- #if RTLNX_VER_MAX(5,12,0)
- # include <drm/ttm/ttm_module.h>
- #endif
-@@ -222,7 +219,7 @@ static inline void drm_gem_object_put(st
- 				 VBVA_ADAPTER_INFORMATION_SIZE)
- #define GUEST_HEAP_SIZE   VBVA_ADAPTER_INFORMATION_SIZE
- #define GUEST_HEAP_USABLE_SIZE (VBVA_ADAPTER_INFORMATION_SIZE - \
--				sizeof(HGSMIHOSTFLAGS))
-+				sizeof(struct hgsmi_host_flags))
- #define HOST_FLAGS_OFFSET GUEST_HEAP_USABLE_SIZE
- 
- /** How frequently we refresh if the guest is not providing dirty rectangles. */
-@@ -232,7 +229,7 @@ static inline void drm_gem_object_put(st
- static inline void *devm_kcalloc(struct device *dev, size_t n, size_t size,
- 				 gfp_t flags)
- {
--    return devm_kzalloc(dev, n * size, flags);
-+	return devm_kzalloc(dev, n * size, flags);
- }
- #endif
- 
-@@ -244,7 +241,7 @@ struct vbox_private {
- 	u8 __iomem *guest_heap;
- 	u8 __iomem *vbva_buffers;
- 	struct gen_pool *guest_pool;
--	struct VBVABUFFERCONTEXT *vbva_info;
-+	struct vbva_buf_context *vbva_info;
- 	bool any_pitch;
- 	u32 num_crtcs;
- 	/** Amount of available VRAM, including space used for buffers. */
-@@ -252,7 +249,7 @@ struct vbox_private {
- 	/** Amount of available VRAM, not including space used for buffers. */
- 	u32 available_vram_size;
- 	/** Array of structures for receiving mode hints. */
--	VBVAMODEHINT *last_mode_hints;
-+	struct vbva_modehint *last_mode_hints;
- 
- 	struct vbox_fbdev *fbdev;
- 
-@@ -263,7 +260,11 @@ struct vbox_private {
- 		struct drm_global_reference mem_global_ref;
- 		struct ttm_bo_global_ref bo_global_ref;
- #endif
-+#if RTLNX_VER_MIN(5,13,0) 
-+		struct ttm_device bdev; 
-+#else
- 		struct ttm_bo_device bdev;
-+#endif
- 		bool mm_initialised;
- 	} ttm;
- 
-diff -urpN virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_ttm.c virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_ttm.c
---- virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_ttm.c	2021-04-28 16:24:47.000000000 +0000
-+++ virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_ttm.c	2021-06-23 10:08:07.164057918 +0000
-@@ -48,7 +43,11 @@
- #endif
- 
- 
-+#if RTLNX_VER_MIN(5,13,0)
-+static inline struct vbox_private *vbox_bdev(struct ttm_device *bd)
-+#else
- static inline struct vbox_private *vbox_bdev(struct ttm_bo_device *bd)
-+#endif
- {
- 	return container_of(bd, struct vbox_private, ttm.bdev);
- }
-@@ -188,7 +187,7 @@ static int vbox_ttm_io_mem_reserve(struc
- 	mem->bus.size = mem->num_pages << PAGE_SHIFT;
- 	mem->bus.base = 0;
- 	mem->bus.is_iomem = false;
--	if (!(man->flags & TTM_MEMTYPE_FLAG_MAPPABLE))
-+	 if (!(man->flags & TTM_MEMTYPE_FLAG_MAPPABLE))
- 		return -EINVAL;
- 	switch (mem->mem_type) {
- 	case TTM_PL_SYSTEM:
-@@ -205,8 +204,13 @@ static int vbox_ttm_io_mem_reserve(struc
- 	return 0;
- }
- #else
-+# if RTLNX_VER_MAX(5,13,0)
- static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
- 				   struct ttm_resource *mem)
-+# else /* > 5.13.0 */
-+static int vbox_ttm_io_mem_reserve(struct ttm_device *bdev,
-+				   struct ttm_resource *mem)
-+# endif /* > 5.13.0 */
- {
- 	struct vbox_private *vbox = vbox_bdev(bdev);
- 	mem->bus.addr = NULL;
-@@ -241,7 +245,12 @@ static int vbox_ttm_io_mem_reserve(struc
- 
- 
- 
--#if RTLNX_VER_MIN(5,10,0)
-+#if RTLNX_VER_MIN(5,13,0)
-+static void vbox_ttm_io_mem_free(struct ttm_device *bdev,
-+				 struct ttm_resource *mem)
-+{
-+}
-+#elif RTLNX_VER_MIN(5,10,0)
- static void vbox_ttm_io_mem_free(struct ttm_bo_device *bdev,
- 				 struct ttm_resource *mem)
- {
-@@ -253,7 +262,13 @@ static void vbox_ttm_io_mem_free(struct
- }
- #endif
- 
--#if RTLNX_VER_MIN(5,10,0)
-+#if RTLNX_VER_MIN(5,13,0)
-+static void vbox_ttm_tt_destroy(struct ttm_device *bdev, struct ttm_tt *tt)
-+{
-+	ttm_tt_fini(tt);
-+	kfree(tt);
-+}
-+#elif RTLNX_VER_MIN(5,10,0)
- static void vbox_ttm_tt_destroy(struct ttm_bo_device *bdev, struct ttm_tt *tt)
- {
- 	ttm_tt_fini(tt);
-@@ -333,7 +348,11 @@ static int vbox_bo_move(struct ttm_buffe
- }
- #endif
- 
-+#if RTLNX_VER_MIN(5,13,0)
-+static struct ttm_device_funcs vbox_bo_driver = {
-+#else /* < 5.13.0 */
- static struct ttm_bo_driver vbox_bo_driver = {
-+#endif /* < 5.13.0 */
- 	.ttm_tt_create = vbox_ttm_tt_create,
- #if RTLNX_VER_MIN(5,10,0)
- 	.ttm_tt_destroy = vbox_ttm_tt_destroy,
-@@ -370,14 +389,22 @@ int vbox_mm_init(struct vbox_private *vb
- {
- 	int ret;
- 	struct drm_device *dev = vbox->dev;
-+#if RTLNX_VER_MIN(5,13,0)
-+	struct ttm_device *bdev = &vbox->ttm.bdev;
-+#else
- 	struct ttm_bo_device *bdev = &vbox->ttm.bdev;
-+#endif
- 
- #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
- 	ret = vbox_ttm_global_init(vbox);
- 	if (ret)
- 		return ret;
- #endif
-+#if RTLNX_VER_MIN(5,13,0)
-+	ret = ttm_device_init(&vbox->ttm.bdev,
-+#else
- 	ret = ttm_bo_device_init(&vbox->ttm.bdev,
-+#endif
- #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
- 				 vbox->ttm.bo_global_ref.ref.object,
- #endif
-@@ -429,7 +456,11 @@ int vbox_mm_init(struct vbox_private *vb
- 	return 0;
- 
- err_device_release:
-+#if RTLNX_VER_MIN(5,13,0)
-+	ttm_device_fini(&vbox->ttm.bdev);
-+#else
- 	ttm_bo_device_release(&vbox->ttm.bdev);
-+#endif
- #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
- err_ttm_global_release:
- 	vbox_ttm_global_release(vbox);
-@@ -446,7 +477,11 @@ void vbox_mm_fini(struct vbox_private *v
- #else
- 	arch_phys_wc_del(vbox->fb_mtrr);
- #endif
-+#if RTLNX_VER_MIN(5,13,0)
-+        ttm_device_fini(&vbox->ttm.bdev);
-+#else
- 	ttm_bo_device_release(&vbox->ttm.bdev);
-+#endif
- #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
- 	vbox_ttm_global_release(vbox);
- #endif
-@@ -528,7 +563,9 @@ int vbox_bo_create(struct drm_device *de
- {
- 	struct vbox_private *vbox = dev->dev_private;
- 	struct vbox_bo *vboxbo;
-+#if RTLNX_VER_MAX(5,13,0)
- 	size_t acc_size;
-+#endif
- 	int ret;
- 
- 	vboxbo = kzalloc(sizeof(*vboxbo), GFP_KERNEL);
-@@ -551,16 +588,20 @@ int vbox_bo_create(struct drm_device *de
- 
- 	vbox_ttm_placement(vboxbo, VBOX_MEM_TYPE_VRAM | VBOX_MEM_TYPE_SYSTEM);
- 
-+#if RTLNX_VER_MAX(5,13,0)
- 	acc_size = ttm_bo_dma_acc_size(&vbox->ttm.bdev, size,
- 				       sizeof(struct vbox_bo));
-+#endif
- 
- 	ret = ttm_bo_init(&vbox->ttm.bdev, &vboxbo->bo, size,
- 			  ttm_bo_type_device, &vboxbo->placement,
- #if RTLNX_VER_MAX(4,17,0) && !RTLNX_RHEL_MAJ_PREREQ(7,6) && !RTLNX_SUSE_MAJ_PREREQ(15,1) && !RTLNX_SUSE_MAJ_PREREQ(12,5)
- 			  align >> PAGE_SHIFT, false, NULL, acc_size,
--#else
-+#elif RTLNX_VER_MAX(5,13,0) /* < 5.13.0 */
- 			  align >> PAGE_SHIFT, false, acc_size,
--#endif
-+#else /* > 5.13.0 */
-+			  align >> PAGE_SHIFT, false,
-+#endif /* > 5.13.0 */
- #if RTLNX_VER_MIN(3,18,0) || RTLNX_RHEL_MAJ_PREREQ(7,2)
- 			  NULL, NULL, vbox_bo_ttm_destroy);
- #else
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.26.bb
similarity index 94%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.26.bb
index 19b8f8f46e..1b2fb44036 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.26.bb
@@ -13,11 +13,11 @@ VBOX_NAME = "VirtualBox-${PV}"
 
 SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
     file://Makefile.utils \
-    file://40-linux-5.13-support.patch \
     file://add__divmoddi4.patch \
 "
-SRC_URI[md5sum] = "abb1a20021e5915fe38c666e8c11cf80"
-SRC_URI[sha256sum] = "99816d2a15205d49362a31e8ffeb8262d2fa0678c751dfd0a7c43b2faca8be49"
+
+SRC_URI[md5sum] = "fce04bbef244b4df1a50e53d132d3e6f"
+SRC_URI[sha256sum] = "0212602eea878d6c9fd7f4a3e0182da3e4505f31d25f5539fb8f7b1fbe366195"
 
 S ?= "${WORKDIR}/vbox_module"
 S_task-patch = "${WORKDIR}/${VBOX_NAME}"
-- 
2.25.1

[hardknott 11/18] mariadb: redefine log-error item

[Armin Kuster]

From: Mingli Yu <mingli.yu@windriver.com>

The log-error item which defined in my.cnf is "/var/log/mysqld.err"
previouly and it's not consistent with which created in install_db
service file which will call mysql-systemd-start to create the file
"/var/log/mysqld.log".

And it fails when boot with sysvinit as below:
 $ service mysqld start
 Starting MariaDB.210727 04:05:03 mysqld_safe Logging to '/var/log/mysqld.err'.
 210727 04:05:03 mysqld_safe Starting mariadbd daemon with databases from /var/lib/mysql
 /usr/bin/mysqld_safe_helper: Can't create/write to file '/var/log/mysqld.err' (Errcode: 13 "Permission denied")

So make the log-error item consistent to fix the above failure
and also remove the related workaround when boot with systemd.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a4144d954692ad68121d16adae09dc990e8ab1f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-dbs/mysql/mariadb.inc    | 5 -----
 meta-oe/recipes-dbs/mysql/mariadb/my.cnf | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index 5787ae4bd7..7cf08f4719 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -168,11 +168,6 @@ do_install() {
     sed -i -e 's,@BINDIR@,${bindir},g' -e 's,@PREFIX@,${prefix},g' ${D}${systemd_unitdir}/system/mysqld.service \
                                                                    ${D}${systemd_unitdir}/system/install_db.service
 
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        install -d ${D}${sysconfdir}/tmpfiles.d
-        echo "f /var/log/mysqld.err 0640 mysql mysql -" \
-            > ${D}${sysconfdir}/tmpfiles.d/99-mysqld.conf
-    fi
     install -d ${D}${bindir}
     install -m 755 ${WORKDIR}/mysql-systemd-start ${D}${bindir}
     install -d ${D}${datadir}/doc/${PN}
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/my.cnf b/meta-oe/recipes-dbs/mysql/mariadb/my.cnf
index dc4c172e54..75db46a559 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb/my.cnf
+++ b/meta-oe/recipes-dbs/mysql/mariadb/my.cnf
@@ -10,7 +10,7 @@ user 						= mysql
 port 						= 3306
 socket 						= /var/lib/mysql/mysql.sock
 pid-file 					= /var/lib/mysql/mysqld.pid
-log-error 					= /var/log/mysqld.err
+log-error 					= /var/log/mysqld.log
 basedir 					= /usr
 datadir 					= /var/lib/mysql
 skip-external-locking
-- 
2.25.1

[hardknott 12/18] mariadb: Update SRC_URI

[Armin Kuster]

From: Mingli Yu <mingli.yu@windriver.com>

The previous SRC_URI only stores the latest source tarball and we
will meet do_fetch issue if not upgrade timely.

Update the SRC_URI which stores all versions to fix some warning
like below:
WARNING: mariadb-10.5.9-r0 do_fetch: Failed to fetch URL https://downloads.mariadb.org/interstitial/mariadb-10.5.9/source/mariadb-10.5.9.tar.gz, attempting MIRRORS if available

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit da798f15ffd93759e1ba3f21bd1ba80c73e962af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-dbs/mysql/mariadb.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index 7cf08f4719..63ab940928 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -4,7 +4,7 @@ SECTION = "libs"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b1becf0cfa3366e0f4d854d1d264f311"
 
-SRC_URI = "https://downloads.mariadb.org/interstitial/${BP}/source/${BP}.tar.gz \
+SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
            file://my.cnf \
            file://mysqld.service \
            file://install_db.service \
-- 
2.25.1

[hardknott 13/18] ndpi: fix CVE-2021-36082

[Armin Kuster]

From: Changqing Li <changqing.li@windriver.com>

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../ntopng/files/CVE-2021-36082.patch         | 116 ++++++++++++++++++
 .../recipes-support/ntopng/ndpi_3.4.bb        |   1 +
 2 files changed, 117 insertions(+)
 create mode 100644 meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch

diff --git a/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch b/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch
new file mode 100644
index 0000000000..8fdd62d186
--- /dev/null
+++ b/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch
@@ -0,0 +1,116 @@
+From 1ec621c85b9411cc611652fd57a892cfef478af3 Mon Sep 17 00:00:00 2001
+From: Luca Deri <deri@ntop.org>
+Date: Sat, 15 May 2021 19:53:46 +0200
+Subject: [PATCH] Added further checks
+
+Upstream-Status: Backport [https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3]
+CVE: CVE-2021-36082
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ src/lib/protocols/netbios.c |  2 +-
+ src/lib/protocols/tls.c     | 32 +++++++++++++++++---------------
+ 2 files changed, 18 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
+index 1f3850cb..0d3b705f 100644
+--- a/src/lib/protocols/netbios.c
++++ b/src/lib/protocols/netbios.c
+@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len
+   int ret = 0, len, idx = inlen;
+   char *b;
+ 
+-  len = (*in++)/2;
++  len = (*in++)/2, inlen--;
+   b  = out;
+   *out = 0;
+ 
+diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
+index 5b572cae..c115ac08 100644
+--- a/src/lib/protocols/tls.c
++++ b/src/lib/protocols/tls.c
+@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
+ 	i += 4 + extension_len, offset += 4 + extension_len;
+       }
+ 
+-      ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
++      ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
+ 
+-      for(i=0; i<ja3.num_cipher; i++) {
+-	rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
++      for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) {
++	rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
+ 
+ 	if(rc <= 0) break; else ja3_str_len += rc;
+       }
+ 
+-      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
+-      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
++      if(JA3_STR_LEN > ja3_str_len) {
++          rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
++          if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
++      }
+ 
+       /* ********** */
+ 
+-      for(i=0; i<ja3.num_tls_extension; i++) {
+-	int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
++      for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN-ja3_str_len); i++) {
++	int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
+ 
+ 	if(rc <= 0) break; else ja3_str_len += rc;
+       }
+@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
+ 	      int rc;
+ 
+ 	    compute_ja3c:
+-	      ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
++	      ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
+ 
+ 	      for(i=0; i<ja3.num_cipher; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
++		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.cipher[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+ 
+-	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
++	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+ 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+ 
+ 	      /* ********** */
+ 
+ 	      for(i=0; i<ja3.num_tls_extension; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
++		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.tls_extension[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+ 
+-	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
++	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+ 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+ 
+ 	      /* ********** */
+ 
+ 	      for(i=0; i<ja3.num_elliptic_curve; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
++		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.elliptic_curve[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+ 
+-	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
++	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
+ 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
+ 
+ 	      for(i=0; i<ja3.num_elliptic_curve_point_format; i++) {
+-		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
++		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
+ 			      (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]);
+ 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
+ 	      }
+-- 
+2.17.1
+
diff --git a/meta-networking/recipes-support/ntopng/ndpi_3.4.bb b/meta-networking/recipes-support/ntopng/ndpi_3.4.bb
index 22e4d8e9ae..b90f575b93 100644
--- a/meta-networking/recipes-support/ntopng/ndpi_3.4.bb
+++ b/meta-networking/recipes-support/ntopng/ndpi_3.4.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b52f2d57d10c4f7ee67a7eb9615d5d24"
 SRCREV = "64929a75e0a7a60d864bd25a9fd97fdf9ac892a2"
 SRC_URI = "git://github.com/ntop/nDPI.git;branch=3.4-stable \
            file://0001-autogen.sh-not-generate-configure.patch \
+           file://CVE-2021-36082.patch \
 "
 
 S = "${WORKDIR}/git"
-- 
2.25.1

[hardknott 14/18] libdbi-perl: fix CVE-2014-10402

[Armin Kuster]

From: Kai Kang <kai.kang@windriver.com>

Backport patch to fix CVE-2014-10402.

CVE: CVE-2014-10402

Ref:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c80b3757ffc762a1577bcf7d0da41ebf1954b3f1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../perl/libdbi-perl/CVE-2014-10402.patch     | 56 +++++++++++++++++++
 .../perl/libdbi-perl_1.643.bb                 |  4 +-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch

diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch b/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch
new file mode 100644
index 0000000000..b41bbe0a50
--- /dev/null
+++ b/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch
@@ -0,0 +1,56 @@
+Backport patch to fix CVE-2014-10402.
+
+CVE: CVE-2014-10402
+Upstream-Status: Backport [https://github.com/rehsack/dbi/commit/19d0fb1]
+
+Ref:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+
+From 19d0fb169eed475e1c053e99036b8668625cfa94 Mon Sep 17 00:00:00 2001
+From: Jens Rehsack <sno@netbsd.org>
+Date: Tue, 6 Oct 2020 10:22:17 +0200
+Subject: [PATCH] lib/DBD/File.pm: fix CVE-2014-10401
+
+Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and
+figure out that DBI->parse_dsn is the wrong helper to parse our attributes in
+DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes
+parse_dsn to bailout.
+
+Parsing on our own similar to parse_dsn shows the way out.
+
+Signed-off-by: Jens Rehsack <sno@netbsd.org>
+---
+ lib/DBD/File.pm | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm
+index fb14e9a..f55076f 100644
+--- a/lib/DBD/File.pm
++++ b/lib/DBD/File.pm
+@@ -109,7 +109,11 @@ sub connect
+     # We do not (yet) care about conflicting attributes here
+     # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" });
+     # will test here that both test and text should exist
+-    if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) {
++    #
++    # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter.
++    if ($dbname) {
++	my @attrs = split /;/ => $dbname;
++	my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs };
+ 	if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) {
+ 	    my $msg = "No such directory '$attr_hash->{f_dir}";
+ 	    $drh->set_err (2, $msg);
+@@ -120,7 +124,6 @@ sub connect
+     if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) {
+ 	my $msg = "No such directory '$attr->{f_dir}";
+ 	$drh->set_err (2, $msg);
+-	$attr->{RaiseError} and croak $msg;
+ 	return;
+ 	}
+ 
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb b/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb
index 75fad46bfd..c8abae628f 100644
--- a/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb
+++ b/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb
@@ -9,7 +9,9 @@ SECTION = "libs"
 LICENSE = "Artistic-1.0 | GPL-1.0+"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=10982c7148e0a012c0fd80534522f5c5"
 
-SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz"
+SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz \
+           file://CVE-2014-10402.patch \
+           "
 SRC_URI[md5sum] = "352f80b1e23769c116082a90905d7398"
 SRC_URI[sha256sum] = "8a2b993db560a2c373c174ee976a51027dd780ec766ae17620c20393d2e836fa"
 
-- 
2.25.1

[hardknott 15/18] curlpp: fix QA Issue after LDFLAGS change

[Armin Kuster]

From: Tony Battersby <tonyb@cybernetics.com>

Adding -f*-prefix-map to LDFLAGS caused the following issue:

QA Issue: curlpp.pc failed sanity test (tmpdir)

Fix by filtering out -f*-prefix-map from *.pc files.

[YOCTO #14481]

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c40e01b0fce73bc289d9499b204350359afc7884)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb b/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb
index 799cf8611c..5df9238a67 100644
--- a/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb
+++ b/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb
@@ -16,3 +16,10 @@ S = "${WORKDIR}/git"
 inherit cmake pkgconfig binconfig
 
 BBCLASSEXTEND = "native nativesdk"
+
+do_install:append() {
+    sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \
+        -i ${D}${libdir}/pkgconfig/*.pc
+}
-- 
2.25.1

[hardknott 16/18] ldns: fix QA Issue after LDFLAGS change

[Armin Kuster]

From: Tony Battersby <tonyb@cybernetics.com>

Adding -f*-prefix-map to LDFLAGS caused the following issue:

QA Issue: ldns.pc failed sanity test (tmpdir)

Fix by filtering out -f*-prefix-map from *.pc files.

[YOCTO #14481]

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a4791bf2f37de55dd51971d34ac2252d3cf68f30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb b/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb
index 2a52dd688a..2ce669154a 100644
--- a/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb
+++ b/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb
@@ -16,3 +16,10 @@ PACKAGECONFIG[drill] = "--with-drill,--without-drill"
 
 EXTRA_OECONF = "--with-ssl=${STAGING_EXECPREFIXDIR} \
                 libtool=${TARGET_PREFIX}libtool"
+
+do_install:append() {
+    sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \
+        -i ${D}${libdir}/pkgconfig/*.pc
+}
-- 
2.25.1

[hardknott 17/18] bigbuckbunny-1080p: fix sample video URL

[Armin Kuster]

From: Michael Opdenacker <michael.opdenacker@bootlin.com>

Replace a link that's now broken.

The original download link on blender.org still works
(https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_1080p_surround.avi)
but is still extremely slow.

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 223243d649b623db398d2f39f067b4c72b54e710)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-multimedia/sample-content/bigbuckbunny-1080p.bb     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
index 70eb6e4be7..c651d8113d 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
@@ -3,7 +3,7 @@ LICENSE = "CC-BY-3.0"
 # http://www.bigbuckbunny.org/index.php/about/
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7"
 
-SRC_URI = "http://themazzone.com/big_buck_bunny_1080p_surround.avi"
+SRC_URI = "https://www.mediaspip.net/IMG/avi/big_buck_bunny_1080p_surround.avi"
 SRC_URI[md5sum] = "223991c8b33564eb77988a4c13c1c76a"
 SRC_URI[sha256sum] = "69fe2cfe7154a6e752688e3a0d7d6b07b1605bbaf75b56f6470dc7b4c20c06ea"
 
-- 
2.25.1

[hardknott 18/18] redis: fix CVE-2021-32625

[Armin Kuster]

From: Tony Tascioglu <tony.tascioglu@windriver.com>

CVE: CVE-2021-32625
Upstream-Status: Backport [e9a1438ac4c52aa68dfa2a8324b6419356842116]

Fix integer overflow in STRALGO LCS (CVE-2021-32625) (#9011)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.

Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../redis/redis/fix-CVE-2021-32625.patch      | 61 +++++++++++++++++++
 meta-oe/recipes-extended/redis/redis_6.2.2.bb |  1 +
 2 files changed, 62 insertions(+)
 create mode 100644 meta-oe/recipes-extended/redis/redis/fix-CVE-2021-32625.patch

diff --git a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-32625.patch b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-32625.patch
new file mode 100644
index 0000000000..6311a5db10
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-32625.patch
@@ -0,0 +1,61 @@
+From e9a1438ac4c52aa68dfa2a8324b6419356842116 Mon Sep 17 00:00:00 2001
+From: Oran Agra <oran@redislabs.com>
+Date: Tue, 1 Jun 2021 09:12:45 +0300
+Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-32625) (#9011)
+
+An integer overflow bug in Redis version 6.0 or newer can be exploited using the
+STRALGO LCS command to corrupt the heap and potentially result with remote code
+execution. This is a result of an incomplete fix by CVE-2021-29477.
+
+(cherry picked from commit 1ddecf1958924b178b76a31d989ef1e05af81964)
+
+
+CVE: CVE-2021-32625
+Upstream-Status: Backport [e9a1438ac4c52aa68dfa2a8324b6419356842116]
+
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ src/t_string.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/t_string.c b/src/t_string.c
+index 490d5983a..587d3aeb8 100644
+--- a/src/t_string.c
++++ b/src/t_string.c
+@@ -797,6 +797,12 @@ void stralgoLCS(client *c) {
+         goto cleanup;
+     }
+ 
++    /* Detect string truncation or later overflows. */
++    if (sdslen(a) >= UINT32_MAX-1 || sdslen(b) >= UINT32_MAX-1) {
++        addReplyError(c, "String too long for LCS");
++        goto cleanup;
++    }
++
+     /* Compute the LCS using the vanilla dynamic programming technique of
+      * building a table of LCS(x,y) substrings. */
+     uint32_t alen = sdslen(a);
+@@ -805,9 +811,19 @@ void stralgoLCS(client *c) {
+     /* Setup an uint32_t array to store at LCS[i,j] the length of the
+      * LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
+      * we index it as LCS[j+(blen+1)*j] */
+-    uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
+     #define LCS(A,B) lcs[(B)+((A)*(blen+1))]
+ 
++    /* Try to allocate the LCS table, and abort on overflow or insufficient memory. */
++    unsigned long long lcssize = (unsigned long long)(alen+1)*(blen+1); /* Can't overflow due to the size limits above. */
++    unsigned long long lcsalloc = lcssize * sizeof(uint32_t);
++    uint32_t *lcs = NULL;
++    if (lcsalloc < SIZE_MAX && lcsalloc / lcssize == sizeof(uint32_t))
++        lcs = ztrymalloc(lcsalloc);
++    if (!lcs) {
++        addReplyError(c, "Insufficient memory");
++        goto cleanup;
++    }
++
+     /* Start building the LCS table. */
+     for (uint32_t i = 0; i <= alen; i++) {
+         for (uint32_t j = 0; j <= blen; j++) {
+-- 
+2.32.0
+
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.2.bb b/meta-oe/recipes-extended/redis/redis_6.2.2.bb
index a36c190af3..a9e6eaffaa 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.2.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.2.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            file://fix-CVE-2021-29477.patch \
            file://fix-CVE-2021-29478.patch \
+           file://fix-CVE-2021-32625.patch \
            "
 SRC_URI[sha256sum] = "7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535"
 
-- 
2.25.1