[OE-core][dunfell 00/19] Patch review

[OE-core][dunfell 00/19] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1763

The following changes since commit 72431ee8de5e3a53d259cebf420a7713ac9e1f14:

  mobile-broadband-provider-info: upgrade 20190618 ->20201225 (2021-01-08 03:57:37 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Adrian Herrera (1):
  scripts: oe-run-native, fix *-native directories

Andrey Mozzhuhin (1):
  toolchain-shar-extract.sh: Handle special characters in script path

Armin Kuster (2):
  xorg: Security fix for CVE-2020-14345
  glibc: Security fix for CVE-2020-29573

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.87

Chris Laplante (1):
  systemd.bbclass: improve error message when a service unit specified
    in SYSTEMD_SERVICE is not found

Joshua Watt (1):
  classes/waf: Add build and install arguments

Lee Chee Yang (1):
  curl: fix CVE-2020-8231/8284/8285/8286

Mans Rullgard (1):
  boost: drop arm-intrinsics.patch

Marek Vasut (2):
  meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex
  meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup
    script

Michael Ho (1):
  license_image.bbclass: fix missing recipeinfo on self

Mikko Rapeli (1):
  zip: whitelist CVE-2018-13410 and CVE-2018-13684

Robert Joslyn (1):
  ppp: Whitelist CVE-2020-15704

Ross Burton (1):
  waf: don't assume the waf intepretter is good

Sakib Sajal (1):
  buildstats.bbclass: add functionality to collect build system stats

Scott Murray (1):
  glibc: CVE-2019-25013

Thomas Perrot (1):
  go.bbclass: don't stage test data with sources of dependencies

Tomasz Dziendzielski (1):
  lib/oe/utils: Return empty string in parallel_make

 meta/classes/buildstats.bbclass               |   40 +-
 meta/classes/go.bbclass                       |    3 +-
 meta/classes/license_image.bbclass            |    3 +-
 meta/classes/systemd.bbclass                  |    3 +-
 meta/classes/waf.bbclass                      |   18 +-
 meta/files/toolchain-shar-extract.sh          |   12 +-
 meta/files/toolchain-shar-relocate.sh         |    5 +-
 meta/lib/oe/utils.py                          |    2 +-
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |    4 +
 .../glibc/glibc/CVE-2019-25013.patch          |  135 ++
 .../glibc/glibc/CVE-2020-29573.patch          |  128 ++
 meta/recipes-core/glibc/glibc_2.31.bb         |    2 +
 meta/recipes-extended/zip/zip_3.0.bb          |    6 +
 .../xserver-xorg/CVE-2020-14345.patch         |  182 +++
 .../xorg-xserver/xserver-xorg_1.20.8.bb       |    1 +
 .../linux/linux-yocto-rt_5.4.bb               |    6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |    8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |   22 +-
 .../boost/boost/arm-intrinsics.patch          |   55 -
 meta/recipes-support/boost/boost_1.72.0.bb    |    2 +-
 .../curl/curl/CVE-2020-8231.patch             | 1092 +++++++++++++++++
 .../curl/curl/CVE-2020-8284.patch             |  209 ++++
 .../curl/curl/CVE-2020-8285.patch             |  260 ++++
 .../curl/curl/CVE-2020-8286.patch             |  133 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |    4 +
 scripts/oe-run-native                         |    2 +-
 26 files changed, 2244 insertions(+), 93 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
 delete mode 100644 meta/recipes-support/boost/boost/arm-intrinsics.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8231.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8284.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8285.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8286.patch

-- 
2.17.1

[OE-core][dunfell 01/19] go.bbclass: don't stage test data with sources of dependencies

[Steve Sakoman]

From: Thomas Perrot <thomas.perrot@bootlin.com>

As for the sources the dependencies contain test data, ELF files and other
binaries which aren't necessary for building and which lead to unnecessary QA
warnings.

Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7faea9766127fe4e1023c89b140cc98020655155)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/go.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/go.bbclass b/meta/classes/go.bbclass
index a9e31b50ea..e6c3591479 100644
--- a/meta/classes/go.bbclass
+++ b/meta/classes/go.bbclass
@@ -115,7 +115,8 @@ go_do_install() {
 	install -d ${D}${libdir}/go/src/${GO_IMPORT}
 	tar -C ${S}/src/${GO_IMPORT} -cf - --exclude-vcs --exclude '*.test' --exclude 'testdata' . | \
 		tar -C ${D}${libdir}/go/src/${GO_IMPORT} --no-same-owner -xf -
-	tar -C ${B} -cf - --exclude-vcs pkg | tar -C ${D}${libdir}/go --no-same-owner -xf -
+	tar -C ${B} -cf - --exclude-vcs --exclude '*.test' --exclude 'testdata' pkg | \
+		tar -C ${D}${libdir}/go --no-same-owner -xf -
 
 	if [ -n "`ls ${B}/${GO_BUILD_BINDIR}/`" ]; then
 		install -d ${D}${bindir}
-- 
2.17.1

[OE-core][dunfell 02/19] meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex

[Steve Sakoman]

From: Marek Vasut <marex@denx.de>

The $target_sdk_dir path might contain special characters, for example if
the path is /opt/poky/3.2+snapshot . Prevent grep from interpreting those
as part of the regex by using the -F parameter and multiple -e parameters
to specify which strings to filter out. Also note that the previous regex
was using asterisk as wildcard (e.g. environment-setup-*), but that should
have been regex (e.g. environment-setup-.*, with dot) to match correctly,
this is also fixed by this change.

Fixes: 9721378688 ("toolchain-shar-template.sh: Make relocation optional.")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Joshua Watt <JPEWhacker@gmail.com>
Cc: Krzysztof Zawadzki <krzysztof.zawadzki@nokia.com>
Cc: Randy Witt <randy.e.witt@linux.intel.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 19d9fa7ab6c851000bc5d24281739e1b2bb8f057)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/toolchain-shar-relocate.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh
index e3c10018ef..9c358a53e2 100644
--- a/meta/files/toolchain-shar-relocate.sh
+++ b/meta/files/toolchain-shar-relocate.sh
@@ -56,7 +56,9 @@ for replace in "$target_sdk_dir -maxdepth 1" "$native_sysroot"; do
 	$SUDO_EXEC find $replace -type f
 done | xargs -n100 file | grep ":.*\(ASCII\|script\|source\).*text" | \
     awk -F':' '{printf "\"%s\"\n", $1}' | \
-    grep -Ev "$target_sdk_dir/(environment-setup-*|relocate_sdk*|${0##*/})" | \
+    grep -Fv -e "$target_sdk_dir/environment-setup-" \
+             -e "$target_sdk_dir/relocate_sdk" \
+             -e "$target_sdk_dir/${0##*/}" | \
     xargs -n100 $SUDO_EXEC sed -i \
         -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:g" \
         -e "s:^#! */usr/bin/perl.*:#! /usr/bin/env perl:g" \
-- 
2.17.1

[OE-core][dunfell 03/19] meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script

[Steve Sakoman]

From: Marek Vasut <marex@denx.de>

The toolchain-shar-extract.sh script updates the SDK relocation paths in
post-relocate-setup.sh, so avoid doing this twice. This is generally not
a problem, unless the SDK path is a subset of the SDK relocation path, in
which case the resulting path is substituted twice. To trigger the issue,
  $ ./tmp/deploy/sdk/poky-glibc-x86_64-core-image-base-core2-64-qemux86-64-toolchain-3.2+snapshot.sh -y -d /home/oe/.local/opt/poky/3.2+snapshot
which generates relocation path
  /home/oe/.local/home/oe/.local/opt/poky/3.2+snapshot
instead of
  /home/oe/.local/opt/poky/3.2+snapshot

Fixes: 93ec145f42 ("toolchain-shar-extract: Add post-relocate scripts")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Joshua Watt <JPEWhacker@gmail.com>
Cc: Krzysztof Zawadzki <krzysztof.zawadzki@nokia.com>
Cc: Randy Witt <randy.e.witt@linux.intel.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5000aabe6ac336e7b424dafa1bf76271dee6a6f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/toolchain-shar-relocate.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh
index 9c358a53e2..94d288ce05 100644
--- a/meta/files/toolchain-shar-relocate.sh
+++ b/meta/files/toolchain-shar-relocate.sh
@@ -58,6 +58,7 @@ done | xargs -n100 file | grep ":.*\(ASCII\|script\|source\).*text" | \
     awk -F':' '{printf "\"%s\"\n", $1}' | \
     grep -Fv -e "$target_sdk_dir/environment-setup-" \
              -e "$target_sdk_dir/relocate_sdk" \
+             -e "$target_sdk_dir/post-relocate-setup" \
              -e "$target_sdk_dir/${0##*/}" | \
     xargs -n100 $SUDO_EXEC sed -i \
         -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:g" \
-- 
2.17.1

[OE-core][dunfell 04/19] systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found

[Steve Sakoman]

From: Chris Laplante <mostthingsweb@gmail.com>

The previous message was fairly useless without diving into the bbclass.

Signed-off-by: Chris Laplante <mostthingsweb@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ef6117b148be65536e89409a83cbfd22049c652e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/systemd.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/systemd.bbclass b/meta/classes/systemd.bbclass
index 9e8a82c9f1..a4bff732b9 100644
--- a/meta/classes/systemd.bbclass
+++ b/meta/classes/systemd.bbclass
@@ -174,7 +174,8 @@ python systemd_populate_packages() {
                 if path_found != '':
                     systemd_add_files_and_parse(pkg_systemd, path_found, service, keys)
                 else:
-                    bb.fatal("SYSTEMD_SERVICE_%s value %s does not exist" % (pkg_systemd, service))
+                    bb.fatal("Didn't find service unit '{0}', specified in SYSTEMD_SERVICE_{1}. {2}".format(
+                        service, pkg_systemd, "Also looked for service unit '{0}'.".format(base) if base is not None else ""))
 
     def systemd_create_presets(pkg, action):
         presetf = oe.path.join(d.getVar("PKGD"), d.getVar("systemd_unitdir"), "system-preset/98-%s.preset" % pkg)
-- 
2.17.1

[OE-core][dunfell 05/19] license_image.bbclass: fix missing recipeinfo on self

[Steve Sakoman]

From: Michael Ho <Michael.Ho@bmw.de>

Resolve a build bug where image recipes with a do_deploy task will fail.

If the image recipe inheriting license_image.bbclass has a deploy task, then
the function get_deployed_dependencies will add itself to the list of recipes
to get license information for.

However, image recipes don't generally deploy license info so this results in
an error.

File: '/nvme/poky/meta/classes/license_image.bbclass', lineno: 192, function: license_deployed_manifest
...
Exception: FileNotFoundError: [Errno 2] No such file or directory: '/nvme/poky/build/tmp/deploy/licenses/core-image-minimal/recipeinfo'

Add a corner case to exclude the originating image recipe from the list of
dependencies to check.

Signed-off-by: Michael Ho <Michael.Ho@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13fb39e49e55a0bc7c78b0bfdc372163b3f9e70a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/license_image.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/license_image.bbclass b/meta/classes/license_image.bbclass
index acd8126f68..a69cc5f065 100644
--- a/meta/classes/license_image.bbclass
+++ b/meta/classes/license_image.bbclass
@@ -209,9 +209,10 @@ def get_deployed_dependencies(d):
     deploy = {}
     # Get all the dependencies for the current task (rootfs).
     taskdata = d.getVar("BB_TASKDEPDATA", False)
+    pn = d.getVar("PN", True)
     depends = list(set([dep[0] for dep
                     in list(taskdata.values())
-                    if not dep[0].endswith("-native")]))
+                    if not dep[0].endswith("-native") and not dep[0] == pn]))
 
     # To verify what was deployed it checks the rootfs dependencies against
     # the SSTATE_MANIFESTS for "deploy" task.
-- 
2.17.1

[OE-core][dunfell 06/19] linux-yocto/5.4: update to v5.4.87

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    b3f656a592f3 Linux 5.4.87
    41ae3e574ccf dm verity: skip verity work if I/O error when system is shutting down
    8b3c00977264 ALSA: pcm: Clear the full allocated memory at hw_params
    480abac78e03 tick/sched: Remove bogus boot "safety" check
    1dab82dd202d um: ubd: Submit all data segments atomically
    d32747bb687d fs/namespace.c: WARN if mnt_count has become negative
    9f4e8026d202 module: delay kobject uevent until after module init call
    86db71810a27 f2fs: avoid race condition for shrinker count
    dbe184f6be1e NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode
    d52faa7fb12f i3c master: fix missing destroy_workqueue() on error in i3c_master_register
    22f815627c64 powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
    a95049c51417 rtc: pl031: fix resource leak in pl031_probe
    e2926630f653 quota: Don't overflow quota file offsets
    1842dde0dd13 module: set MODULE_STATE_GOING state when a module fails to load
    569da7c3d9a3 rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
    642c2d74c365 fcntl: Fix potential deadlock in send_sig{io, urg}()
    5b2f1ad6b12b bfs: don't use WARNING: string when it's just info.
    3a2a5e197a84 ALSA: rawmidi: Access runtime->avail always in spinlock
    8d2204a05391 ALSA: seq: Use bool for snd_seq_queue internal flags
    4250fe65b2e6 f2fs: fix shift-out-of-bounds in sanity_check_raw_super()
    28a29e3a658a media: gp8psk: initialize stats at power control logic
    750627d36f84 misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells()
    01be033cc127 reiserfs: add check for an invalid ih_entry_count
    18e1101b0ee9 Bluetooth: hci_h5: close serdev device and free hu in h5_close
    b726f8602207 scsi: cxgb4i: Fix TLS dependency
    57ba2c7a50bf cgroup: Fix memory leak when parsing multiple source parameters
    8ddf02859c69 of: fix linker-section match-table corruption
    8ec95e308418 null_blk: Fix zone size initialization
    7c3d8d73bafd tools headers UAPI: Sync linux/const.h with the kernel headers
    376c3111413c uapi: move constants from <linux/kernel.h> to <linux/const.h>
    af07e4dd0783 scsi: block: Fix a race in the runtime power management code
    9ce7ac5ed53b jffs2: Fix NULL pointer dereference in rp_size fs option parsing
    3a83e289e4b7 jffs2: Allow setting rp_size to zero during remounting
    ee78e7d93e35 powerpc/bitops: Fix possible undefined behaviour with fls() and fls64()
    7cb6087b4536 KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
    3d4a05894500 KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses
    d77c1ab54c9e KVM: x86: avoid incorrect writes to host MSR_IA32_SPEC_CTRL
    11459136a107 ext4: don't remount read-only with errors=continue on reboot
    6b0a4f603d5b btrfs: fix race when defragmenting leads to unnecessary IO
    30aea96ff142 vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
    29c2d3e91e3d fscrypt: remove kernel-internal constants from UAPI header
    34f000524d33 fscrypt: add fscrypt_is_nokey_name()
    eddc69467e39 f2fs: prevent creating duplicate encrypted filenames
    6fe20a5204a6 ubifs: prevent creating duplicate encrypted filenames
    3ebfed353afd ext4: prevent creating duplicate encrypted filenames
    faa72d97c3e3 thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed
    d3076d054f3e md/raid10: initialize r10_bio->read_slot before use.
    c71c512f4a65 net/sched: sch_taprio: reset child qdiscs before freeing them
    dfce803cd87d Linux 5.4.86
    8302bd9afd4b x86/CPU/AMD: Save AMD NodeId as cpu_die_id
    6001db0272da Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"
    33afcf723a0e rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time
    7e0f7a293608 regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x
    be23b04074b1 PCI: Fix pci_slot_release() NULL pointer dereference
    b1f9419d5e6c platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12
    c16b5849352c libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
    68d139a97415 xenbus/xenbus_backend: Disallow pending watch messages
    d3eaea062b51 xen/xenbus: Count pending messages for each watch
    c45b0a8d2a68 xen/xenbus/xen_bus_type: Support will_handle watch callback
    7da6db982e53 xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
    eac0c12e329d xen/xenbus: Allow watches discard events before queueing
    8f3f6de44f7c xen-blkback: set ring->xenblkd to NULL after kthread_stop()
    383c60c16dd8 dma-buf/dma-resv: Respect num_fences when initializing the shared fence list.
    b16a6a46e0b2 device-dax/core: Fix memory leak when rmmod dax.ko
    f3ede933fbc7 clk: tegra: Do not return 0 on failure
    f133bfbe1201 clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
    ca4fd0284cb3 clk: ingenic: Fix divider calculation with div tables
    13e6b6259e6d pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler
    2fb550de7563 md/cluster: fix deadlock when node is doing resync job
    7523d147087b md/cluster: block reshape with remote resync job
    27b58f6adad8 iio:adc:ti-ads124s08: Fix alignment and data leak issues.
    2d7229c037d1 iio:adc:ti-ads124s08: Fix buffer being too long.
    d6ea1d559027 iio:imu:bmi160: Fix too large a buffer.
    91b7b231f5e7 iio:pressure:mpl3115: Force alignment of buffer
    9607d22e71d1 iio:magnetometer:mag3110: Fix alignment and data leak issues.
    71a326dcd2a8 iio:light:st_uvis25: Fix timestamp alignment and prevent data leak.
    c18fc255187f iio:light:rpr0521: Fix timestamp alignment and prevent data leak.
    860ab67cd81e iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume
    0fa2b43b0a2a iio: buffer: Fix demux update
    82af6e44b7d4 scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
    7ec7630548dc scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
    6822575cf204 scsi: qla2xxx: Fix crash during driver load on big endian machines
    1b26af7e4c7f mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments
    c5f3e5ca8116 mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read
    2aea2b22b6f9 mtd: parser: cmdline: Fix parsing of part-names with colons
    4290a73c9d67 mtd: spinand: Fix OOB read
    b22739509dcb soc: qcom: smp2p: Safely acquire spinlock without IRQs
    ddcb518dee78 spi: atmel-quadspi: Fix AHB memory accesses
    96f7bd39f56f spi: atmel-quadspi: Disable clock in probe error path
    8f295baae53d spi: mt7621: Don't leak SPI master in probe error path
    0818aab8a82b spi: mt7621: Disable clock in probe error path
    cad189512c38 spi: synquacer: Disable clock in probe error path
    4051e5b7741b spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
    3c0e28f2881e spi: sc18is602: Don't leak SPI master in probe error path
    819f9edaaeb9 spi: rb4xx: Don't leak SPI master in probe error path
    c5491ac11559 spi: pic32: Don't leak DMA channels in probe error path
    3ea835ac604b spi: mxic: Don't leak SPI master in probe error path
    0da7709f5ea3 spi: gpio: Don't leak SPI master in probe error path
    ee1d2aef1c13 spi: fsl: fix use of spisel_boot signal on MPC8309
    614f2529c8ea spi: davinci: Fix use-after-free on unbind
    c6b9bfb0c477 spi: atmel-quadspi: Fix use-after-free on unbind
    bd6d736dbf36 spi: spi-sh: Fix use-after-free on unbind
    17360c3af129 spi: pxa2xx: Fix use-after-free on unbind
    c5ae864c148c drm/i915: Fix mismatch between misplaced vma check and vma insert
    1e684ad37047 drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
    e1b1f10c3404 drm/amd/display: Fix memory leaks in S3 resume
    b966771b0d69 platform/x86: mlx-platform: remove an unused variable
    cbeb61258186 jfs: Fix array index bounds check in dbAdjTree
    8ee70b6db882 jffs2: Fix ignoring mounting options problem during remounting
    00e45efaf9ff jffs2: Fix GC exit abnormally
    ea1e4ba032c5 ubifs: wbuf: Don't leak kernel memory to flash
    32825fe72cb3 SMB3: avoid confusing warning message on mount to Azure
    f22f743a2af2 ceph: fix race in concurrent __ceph_remove_cap invocations
    a7b014b54c16 um: Remove use of asprinf in umid.c
    26d72a8460dc ima: Don't modify file descriptor mode on the fly
    a89b91fcb07c powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently
    45bf367c8550 powerpc/powernv/memtrace: Don't leak kernel memory to user space
    59334d821e8a powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU
    c7f66ad880a9 powerpc/mm: Fix verification of MMU_FTR_TYPE_44x
    32e29541b5aa powerpc/8xx: Fix early debug when SMC1 is relocated
    15c9e56b41d0 powerpc/xmon: Change printk() to pr_cont()
    c7b89d0d7186 powerpc/feature: Add CPU_FTR_NOEXECUTE to G2_LE
    0f157acd436c powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter
    30a58a3f7c85 powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
    3ee6a2bc1428 xprtrdma: Fix XDRBUF_SPARSE_PAGES support
    2504e407a39f ARM: dts: at91: sama5d2: fix CAN message ram offset and size
    789246b9afe8 ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES
    6ee6e4e5a4cf KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
    8635f0fe06c5 ext4: fix deadlock with fs freezing and EA inodes
    c90a5f4851a8 ext4: fix a memory leak of ext4_free_data
    e21d630a2c0d btrfs: trim: fix underflow in trim length to prevent access beyond device boundary
    1d11ed122f6f btrfs: do not shorten unpin len for caching block groups
    af7414836d88 USB: serial: keyspan_pda: fix write unthrottling
    7dae22ba62b2 USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
    f99817ab5821 USB: serial: keyspan_pda: fix write-wakeup use-after-free
    a07b690e1976 USB: serial: keyspan_pda: fix stalled writes
    0f13247fabaf USB: serial: keyspan_pda: fix write deadlock
    ebd9857a5bd4 USB: serial: keyspan_pda: fix dropped unthrottle interrupts
    89fb2b91a9da USB: serial: digi_acceleport: fix write-wakeup deadlocks
    08c24438fb10 USB: serial: mos7720: fix parallel-port state restore
    6eab3f646b1a cpuset: fix race between hotplug work and later CPU offline
    066d115fdd29 EDAC/amd64: Fix PCI component registration
    f4ce4a53c4e4 EDAC/i10nm: Use readl() to access MMIO registers
    f9189a3bb5f9 crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
    36a58bda87cd crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
    f26f0e7770a1 powerpc/perf: Exclude kernel samples while counting events in user space.
    8096a2c6b9f6 perf/x86/intel: Fix rtm_abort_event encoding on Ice Lake
    aa3cce9ceff0 perf/x86/intel: Add event constraint for CYCLE_ACTIVITY.STALLS_MEM_ANY
    1e3de428d155 staging: comedi: mf6x4: Fix AI end-of-conversion detection
    ee0bcb1721a5 ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams
    5fbf84689f11 binder: add flag to clear buffer on txn complete
    a7c256a9fd18 s390/dasd: fix list corruption of lcu list
    9c40d69a3be2 s390/dasd: fix list corruption of pavgroup group list
    042683917f4b s390/dasd: prevent inconsistent LCU device data
    c8acd8d55bb9 s390/dasd: fix hanging device offline processing
    3038bbd1bb33 s390/kexec_file: fix diag308 subcode when loading crash kernel
    c185f13918b4 s390/smp: perform initial CPU reset also for SMT siblings
    48d3f12869ef ALSA: core: memalloc: add page alignment for iram
    cd3ff2a46d9c ALSA: usb-audio: Disable sample read check if firmware doesn't give back
    b1e3c2fb0fbe ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices
    58cb166b1f8a ALSA: hda/realtek: Apply jack fixup for Quanta NL3
    b61b2aa91f2b ALSA: hda/realtek: Add quirk for MSI-GP73
    89d429ed2cdf ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G
    0bf907442c5f ALSA: pcm: oss: Fix a few more UBSAN fixes
    11cd11af4058 ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button
    da723248c5f8 ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
    010a784a1a27 ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
    0fc8e6b85680 ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop
    52d09e0cdb78 ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg.
    1ca2437530e5 ALSA: hda: Fix regressions on clear and reconfig sysfs
    2c6c6001d077 ACPI: PNP: compare the string length in the matching_id()
    772dd826a44b Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks"
    b9d93a666656 PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
    670b1b7e0d53 ALSA: hda/ca0132 - Change Input Source enum strings.
    8f827adb9bbc Input: cyapa_gen6 - fix out-of-bounds stack access
    98c956a6d9f7 media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE
    f05ac76139e6 media: ipu3-cio2: Validate mbus format in setting subdev format
    44cb512a020e media: ipu3-cio2: Serialise access to pad format
    a47bc844f436 media: ipu3-cio2: Return actual subdev format
    7dc40e1f8044 media: ipu3-cio2: Remove traces of returned buffers
    d7e6b7b6a7f7 media: netup_unidvb: Don't leak SPI master in probe error path
    0bfbb8393e51 media: sunxi-cir: ensure IR is handled when it is continuous
    124dc7d4f4b6 media: gspca: Fix memory leak in probe
    f97b54c8152d vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU
    df308380cbf3 Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
    070bd3a8ac55 initramfs: fix clang build failure
    f252a9953249 Input: cros_ec_keyb - send 'scancodes' in addition to key events
    2686041cef06 drm/amdkfd: Fix leak in dmabuf import
    dc06432d9304 drm/amd/display: Prevent bandwidth overflow
    ca49d919d79c lwt: Disable BH too in run_lwt_bpf()
    b8dfee234581 fix namespaced fscaps when !CONFIG_SECURITY
    5350b833bb0a cfg80211: initialize rekey_data
    ec15d0700709 ARM: sunxi: Add machine match for the Allwinner V3 SoC
    d629b50f9fdc perf probe: Fix memory leak when synthesizing SDT probes
    cbcb176b6016 kconfig: fix return value of do_error_if()
    6e8beb020d5c clk: sunxi-ng: Make sure divider tables have sentinel
    3cdeedf801b5 clk: s2mps11: Fix a resource leak in error handling paths in the probe function
    ef56621a579a clk: at91: sam9x60: remove atmel,osc-bypass support
    e01dfcc08b55 virtio_ring: Fix two use after free bugs
    2d65ff873d06 virtio_net: Fix error code in probe()
    5f70910832c7 virtio_ring: Cut and paste bugs in vring_create_virtqueue_packed()
    372f06cd6b89 qlcnic: Fix error code in probe
    c16e42c93241 perf record: Fix memory leak when using '--user-regs=?' to list registers
    ceadde18f69a pwm: lp3943: Dynamically allocate PWM chip base
    6bf2ef4bd38d pwm: zx: Add missing cleanup in error path
    d4515a24a802 clk: ti: Fix memleak in ti_fapll_synth_setup
    572eba1ce574 watchdog: coh901327: add COMMON_CLK dependency
    2b1575e28906 watchdog: qcom: Avoid context switch in restart handler
    fad88d462596 libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
    b6c680755d22 net: korina: fix return value
    19e73c9ff0bf net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function
    226bcdbb4a60 net: bcmgenet: Fix a resource leak in an error handling path in the probe functin
    efc570073cbe lan743x: fix rx_napi_poll/interrupt ping-pong
    9f5b56b5a71d checkpatch: fix unescaped left brace
    b32c5e0ae6f7 mm: don't wake kswapd prematurely when watermark boosting is disabled
    c3bf90c6aac5 sparc: fix handling of page table constructor failure
    6ef298e1cebd powerpc/ps3: use dma_mapping_error()
    d864e7e8270a nfc: s3fwrn5: Release the nfc firmware
    7a3d6a5dfc78 RDMA/cma: Don't overwrite sgid_attr after device is released
    2d01f3d75013 sunrpc: fix xs_read_xdr_buf for partial pages receive
    4acbc03e4fed um: chan_xterm: Fix fd leak
    1bbd5678c0b4 um: tty: Fix handling of close in tty lines
    1355bbe3a717 um: Monitor error events in IRQ controller
    a37d283825a4 ubifs: Fix error return code in ubifs_init_authentication()
    d4dbcfb7e158 watchdog: Fix potential dereferencing of null pointer
    4e091ff107be watchdog: sprd: check busy bit before new loading rather than after that
    4c8cffffc926 watchdog: sprd: remove watchdog disable from resume fail path
    4a4b31e8b5a7 watchdog: sirfsoc: Add missing dependency on HAS_IOMEM
    4d5aea30c1cd watchdog: armada_37xx: Add missing dependency on HAS_IOMEM
    849270acd7b6 irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
    aca4d1bd7e19 ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
    297e48ccf166 mac80211: don't set set TDLS STA bandwidth wider than possible
    d07972d764e8 crypto: atmel-i2c - select CONFIG_BITREVERSE
    f71984fc4482 extcon: max77693: Fix modalias string
    a4fd2da3e85e mtd: rawnand: gpmi: Fix the random DMA timeout issue
    86f6e53642fa mtd: rawnand: meson: Fix a resource leak in init
    5e8715b2383a mtd: rawnand: gpmi: fix reference count leak in gpmi ops
    9c5b041ba20a clk: tegra: Fix duplicated SE clock entry
    1ba196a73c45 remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio()
    6f597c451e07 remoteproc: qcom: fix reference leak in adsp_start
    f61bce4bc833 remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable
    9b54e31fd08f RDMA/core: Do not indicate device ready when device enablement fails
    e6323070bdc7 can: m_can: m_can_config_endisable(): remove double clearing of clock stop request bit
    6daf2d466380 erofs: avoid using generic_block_bmap
    35e2bec96488 iwlwifi: mvm: hook up missing RX handlers
    857b1403c3e5 s390/cio: fix use-after-free in ccw_device_destroy_console
    be4d879cb7c4 bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
    9b4f327c0746 platform/chrome: cros_ec_spi: Don't overwrite spi::mode
    070c57885ec3 x86/kprobes: Restore BTF if the single-stepping is cancelled
    353b19562a03 nfs_common: need lock during iterate through the list
    48ed3e57ad58 nfsd: Fix message level for normal termination
    b4ac244716f3 speakup: fix uninitialized flush_lock
    989d52723643 usb: oxu210hp-hcd: Fix memory leak in oxu_create
    2addd726083f usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
    3f72486cecec powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S
    a696ed262e83 ASoC: amd: change clk_get() to devm_clk_get() and add missed checks
    972db497be45 drm/mediatek: avoid dereferencing a null hdmi_phy on an error message
    ef55a3c384cc powerpc/pseries/hibernation: remove redundant cacheinfo update
    c4115721d1f0 powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
    570697132c2c platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems
    a247efe47743 scsi: fnic: Fix error return code in fnic_probe()
    0e724f2e80ba seq_buf: Avoid type mismatch for seq_buf_init
    0b93626d3965 scsi: pm80xx: Fix error return in pm8001_pci_probe()
    79e14f1c323c scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
    172bb906202f arm64: dts: meson: g12a: x96-max: fix PHY deassert timing requirements
    13f4c61d2f5c ARM: dts: meson: fix PHY deassert timing requirements
    154105c0ba56 arm64: dts: meson: fix PHY deassert timing requirements
    62b240d2644e Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware()
    097c4d9921b2 Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware()
    3d3caa8e971d cpufreq: scpi: Add missing MODULE_ALIAS
    6e34c9478fe5 cpufreq: loongson1: Add missing MODULE_ALIAS
    3e3feeb0d2ba cpufreq: sun50i: Add missing MODULE_DEVICE_TABLE
    ef802b5a5e26 cpufreq: st: Add missing MODULE_DEVICE_TABLE
    742697643c94 cpufreq: qcom: Add missing MODULE_DEVICE_TABLE
    c9d204c02825 cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE
    f3754eec127d cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
    e32836221017 cpufreq: ap806: Add missing MODULE_DEVICE_TABLE
    3b6ba2fe6524 clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
    b4219894d154 clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne
    e223cf39b928 phy: renesas: rcar-gen3-usb2: disable runtime pm in case of failure
    675b3ba9cc96 dm ioctl: fix error return code in target_message
    d863d76536df ASoC: jz4740-i2s: add missed checks for clk_get()
    1b760dc9d967 net/mlx5: Properly convey driver version to firmware
    a64822872957 MIPS: Don't round up kernel sections size for memblock_add()
    33eeb395515d memstick: r592: Fix error return in r592_probe()
    e39b37d6a2ce arm64: dts: rockchip: Fix UART pull-ups on rk3328
    33892a3797f1 pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
    08e22710601a bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address()
    e02d218aa63d ARM: dts: at91: sama5d2: map securam as device
    da8890329599 iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt context
    d903b80e1abc clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent()
    742d5de6c2fc clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path
    40f9ac2b0295 powerpc/64: Fix an EMIT_BUG_ENTRY in head_64.S
    4968cc5ed0c0 powerpc/perf: Fix crash with is_sier_available when pmu is not set
    b0483a32d163 media: saa7146: fix array overflow in vidioc_s_audio()
    bfdf000e5dd9 hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable
    a0f07c9ad72d vfio-pci: Use io_remap_pfn_range() for PCI IO memory
    5ac81a4e5fa3 selftests/seccomp: Update kernel config
    0588b8a03469 NFS: switch nfsiod to be an UNBOUND workqueue.
    1094bd2edaa2 lockd: don't use interval-based rebinding over TCP
    cbb0a57326b8 net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs'
    a0842124422e NFSv4: Fix the alignment of page data in the getdeviceinfo reply
    73892eef6d9e SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
    2823b8979375 NFSv4.2: condition READDIR's mask for security label based on LSM state
    04e9c169810c SUNRPC: rpc_wake_up() should wake up tasks in the correct order
    a3ac7dd8b16b ath10k: Release some resources in an error handling path
    6b6edd2c072b ath10k: Fix an error handling path
    e856abba7fca ath10k: Fix the parsing error in service available event
    f4935d3c7b57 platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init
    3d64e8ce592b ARM: dts: at91: at91sam9rl: fix ADC triggers
    09347a537cc7 soc: amlogic: canvas: add missing put_device() call in meson_canvas_get()
    8424a5b661ca arm64: dts: meson-sm1: fix typo in opp table
    f4951cb10668 arm64: dts: meson: fix spi-max-frequency on Khadas VIM2
    49b563bfdd66 PCI: iproc: Fix out-of-bound array accesses
    4ef5a46d2964 PCI: Fix overflow in command-line resource alignment requests
    048b98083c27 PCI: Bounds-check command-line resource alignment requests
    72577f162cae arm64: dts: qcom: c630: Polish i2c-hid devices
    a554b68baf27 arm64: dts: ls1028a: fix ENETC PTP clock input
    a85f3e7cb717 genirq/irqdomain: Don't try to free an interrupt that has no mapping
    2f00dcc6ce7a power: supply: bq24190_charger: fix reference leak
    e230e193c966 power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching
    8e9678d9d131 arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
    11f007a5583d arm64: dts: armada-3720-turris-mox: update ethernet-phy handle name
    5a551ef11669 ARM: dts: Remove non-existent i2c1 from 98dx3236
    15305a5b103d HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
    ec30659ea631 slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI
    76170933d3da media: max2175: fix max2175_set_csm_mode() error code
    5873beee8744 mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
    51795c385f73 media: imx214: Fix stop streaming
    ceff135b9d93 samples: bpf: Fix lwt_len_hist reusing previous BPF map
    4dc1360203c4 platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration
    3432883ae896 platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration
    c14a740743f7 media: siano: fix memory leak of debugfs members in smsdvb_hotplug
    6b93d6c5a888 arm64: tegra: Fix DT binding for IO High Voltage entry
    b0f1878c2d88 dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
    46f8c7961168 cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
    f2e7f608b274 rsi: fix error return code in rsi_reset_card()
    f7a6e378fc17 qtnfmac: fix error return code in qtnf_pcie_probe()
    d2b95947720d orinoco: Move context allocation after processing the skb
    e39908568b40 mmc: pxamci: Fix error return code in pxamci_probe
    65f0d3c81c9f ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
    c2aab53d1be5 ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
    8ce91557023e memstick: fix a double-free bug in memstick_check
    4279ff6deaf3 RDMA/cxgb4: Validate the number of CQEs
    d3ff603c2e38 clk: meson: Kconfig: fix dependency for G12A
    2fbd2b0dd7d1 Input: omap4-keypad - fix runtime PM error handling
    ff3a152243f8 drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
    e16e8cde2bb1 soc: ti: Fix reference imbalance in knav_dma_probe
    475b489b0713 soc: ti: knav_qmss: fix reference leak in knav_queue_probe
    82b9934e1e7a spi: fix resource leak for drivers without .remove callback
    70e19fccf680 crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
    c549355105d9 crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd
    3e08a61b2f94 EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId
    0789349204a6 powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
    90b39366d834 powerpc: Avoid broken GCC __attribute__((optimize))
    8f6e6ec101dd selftests/bpf: Fix broken riscv build
    6f8c6e70738a spi: mxs: fix reference leak in mxs_spi_probe
    5df04553ee8c usb/max3421: fix return error code in max3421_probe()
    e6405aad3592 Input: ads7846 - fix unaligned access on 7845
    920c379029f9 Input: ads7846 - fix integer overflow on Rt calculation
    c7ac50927300 Input: ads7846 - fix race that causes missing releases
    86398df4b283 drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
    e8cd88c3ab00 video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
    953379fb7ba3 media: solo6x10: fix missing snd_card_free in error handling case
    c64d2e159829 scsi: core: Fix VPD LUN ID designator priorities
    efb57c87d8d8 ASoC: meson: fix COMPILE_TEST error
    2c06ac46f81c media: v4l2-fwnode: Return -EINVAL for invalid bus-type
    d8d35c1ea883 media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm()
    c8adf58057b6 media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm()
    c5c403db137f media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm()
    06a3c11c173b media: tm6000: Fix sizeof() mismatches
    1638c7e3985b staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c
    aa1d8b959455 staging: greybus: codecs: Fix reference counter leak in error handling
    5daf659fdf47 crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
    38017f2c06cf MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
    9e779e6fae58 RDMa/mthca: Work around -Wenum-conversion warning
    648b9dd270ff ASoC: arizona: Fix a wrong free in wm8997_probe
    7e8200d44200 spi: sprd: fix reference leak in sprd_spi_remove
    c786bc725d8c ASoC: wm8998: Fix PM disable depth imbalance on error
    06fa588c7921 selftest/bpf: Add missed ip6ip6 test back
    dab5973ada6b mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
    404aadf45c71 spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume
    769c2fecefd1 spi: tegra114: fix reference leak in tegra spi ops
    47595d68cee2 spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
    f9e5e84eb49f spi: tegra20-slink: fix reference leak in slink ops of tegra20
    0a3196271b40 spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe
    a2cf358aacf5 spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
    25b5a48adabf Bluetooth: hci_h5: fix memory leak in h5_close
    5cf3c2e7892e Bluetooth: Fix null pointer dereference in hci_event_packet()
    d92b81fad01c arm64: dts: exynos: Correct psci compatible used on Exynos7
    da8d84637522 arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7
    8f14da44523c brcmfmac: Fix memory leak for unpaired brcmf_{alloc/free}
    5c5b92c1d6ab spi: stm32: fix reference leak in stm32_spi_resume
    c807042f2d58 selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
    ae54a6d99478 ASoC: pcm: DRAIN support reactivation
    009a982ea25b spi: spi-mem: fix reference leak in spi_mem_access_start
    68ad1bd244bd drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
    0a8f14baed8e f2fs: call f2fs_get_meta_page_retry for nat page
    311da238f2f7 spi: img-spfi: fix reference leak in img_spfi_resume
    4e20cee19c2e powerpc/64: Set up a kernel stack for secondaries before cpu_restore()
    3988d96589d9 drm/amdgpu: fix build_coefficients() argument
    a4110e76e550 ARM: dts: aspeed: tiogapass: Remove vuart
    129df833e15c ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode
    9edff753ade7 crypto: inside-secure - Fix sizeof() mismatch
    7044a69699f3 crypto: talitos - Fix return type of current_desc_hdr()
    8a73ee0a0a1e crypto: talitos - Endianess in current_desc_hdr()
    b9b8429042bd drm/amdgpu: fix incorrect enum type
    52f525f2bdc7 sched: Reenable interrupts in do_sched_yield()
    35975f2e83a5 sched/deadline: Fix sched_dl_global_validate()
    a3ec54b95c1a x86/apic: Fix x2apic enablement without interrupt remapping
    b7ec74246c32 ARM: p2v: fix handling of LPAE translation in BE mode
    0a72e7286c67 x86/mm/ident_map: Check for errors from ident_pud_init()
    0fd78ab5ef71 RDMA/rxe: Compute PSN windows correctly
    35f18561616f ARM: dts: aspeed: s2600wf: Fix VGA memory region location
    4aae08a71e68 selinux: fix error initialization in inode_doinit_with_dentry()
    de49a51e7938 rtc: pcf2127: fix pcf2127_nvmem_read/write() returns
    57df1b39d990 RDMA/bnxt_re: Set queue pair state when being queried
    e11c7d39fa7e Revert "i2c: i2c-qcom-geni: Fix DMA transfer race"
    4b3ee79fbe77 soc: qcom: geni: More properly switch to DMA mode
    d3bed198333a soc: mediatek: Check if power domains can be powered on at boot time
    fcb0be5ba2e9 soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains()
    38cded30497a arm64: dts: renesas: cat875: Remove rxc-skew-ps from ethernet-phy node
    14be28959f69 arm64: dts: renesas: hihope-rzg2-ex: Drop rxc-skew-ps from ethernet-phy node
    c2712546a6e0 drm/tve200: Fix handling of platform_get_irq() error
    f61e9dbb56ba drm/mcde: Fix handling of platform_get_irq() error
    29f34feb3860 drm/aspeed: Fix Kconfig warning & subsequent build errors
    37028b8bc53d drm/gma500: fix double free of gma_connector
    de630248e740 md: fix a warning caused by a race between concurrent md_ioctl()s
    054be9aed847 crypto: af_alg - avoid undefined behavior accessing salg_name
    5a225303a68f media: msi2500: assign SPI bus number dynamically
    01182045346a quota: Sanity-check quota file headers on load
    df95ea1228cc Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
    cda2f222e7e4 serial_core: Check for port state when tty is in error state
    863cab3017bc HID: i2c-hid: add Vero K147 to descriptor override
    fd819f54065c scsi: megaraid_sas: Check user-provided offsets
    152631f0273f coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf()
    4c461e8d0e88 coresight: tmc-etr: Fix barrier packet insertion for perf buffer
    e81884d45a70 coresight: tmc-etr: Check if page is valid before dma_map_page()
    ec13738c6ec6 coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf()
    d923c0ec1292 ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
    43598dbdcbf0 ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
    2c6f6cd2cdfb ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
    4202cbbd2c4d usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
    8e19cfae3bb0 USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
    8c124b35a53b usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
    3389281e0e6e USB: gadget: f_midi: setup SuperSpeed Plus descriptors
    0ddb1d96a5db USB: gadget: f_acm: add support for SuperSpeed Plus
    9ad41aa399db USB: serial: option: add interface-number sanity check to flag handling
    57e22590c41b usb: mtu3: fix memory corruption in mtu3_debugfs_regset()
    80cb94507054 soc/tegra: fuse: Fix index bug in get_process_id
    037c65990d76 kbuild: avoid split lines in .mod files
    a803ea15b0dc perf/x86/intel: Check PEBS status correctly
    12db619c91d7 drm/amd/display: Init clock value by current vbios CLKs
    c137a880ae6c iwlwifi: pcie: add one missing entry for AX210
    e124c5afaf88 dm table: Remove BUG_ON(in_interrupt())
    8a89abb26e30 scsi: mpt3sas: Increase IOCInit request timeout to 30s
    cd14a53938e0 vxlan: Copy needed_tailroom from lowerdev
    0b9ce087f75b vxlan: Add needed_headroom for lower device
    230290dca255 arm64: syscall: exit userspace before unmasking exceptions
    34c07547dbe5 habanalabs: put devices before driver removal
    be063ce1004c drm/tegra: sor: Disable clocks on error in tegra_sor_init()
    9b6ebb202bbb kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
    d8baf15b2196 drm/tegra: replace idr_init() by idr_init_base()
    76812738841c net: mvpp2: add mvpp2_phylink_to_port() helper
    6aa270eb2f90 selftests: fix poll error in udpgro.sh
    0e2b048ffe44 ixgbe: avoid premature Rx buffer reuse
    75bbe7bd9003 i40e: avoid premature Rx buffer reuse
    b05fdd74ffb7 i40e: optimise prefetch page refcount
    405bfd36f072 i40e: Refactor rx_bi accesses
    6935f5385f75 RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
    2107658d6d62 selftests/bpf/test_offload.py: Reset ethtool features after failed setting
    3b79aea56dff netfilter: nft_ct: Remove confirmation check for NFT_CT_ID
    0a652b181d75 gpio: eic-sprd: break loop when getting NULL device resource
    2ebb2df149d4 Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()"
    64795af3bdc7 afs: Fix memory leak when mounting with multiple source parameters
    6581512f0afc netfilter: nft_dynset: fix timeouts later than 23 days
    810bc556e347 netfilter: nft_compat: make sure xtables destructors have run
    b17244cebb24 netfilter: x_tables: Switch synchronization to RCU
    22faec182eec pinctrl: aspeed: Fix GPIO requests on pass-through banks
    f7e6636831df blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick
    4f3e3fa6239d block: factor out requeue handling from dispatch code
    9e54ca3d4f9d block: Simplify REQ_OP_ZONE_RESET_ALL handling
    71e0f9c5c3df clk: renesas: r9a06g032: Drop __packed for portability
    43a373488e92 can: softing: softing_netdev_open(): fix error handling
    36f460d51ac5 xsk: Replace datagram_poll by sock_poll_wait
    50ae52e07d2b xsk: Fix xsk_poll()'s return type
    369ed255958f scsi: bnx2i: Requires MMU
    e190d1b3c4d2 gpio: mvebu: fix potential user-after-free on probe
    ec64dea576d5 gpio: zynq: fix reference leak in zynq_gpio functions
    823f42bd6193 PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter
    74e38f86ab53 ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin
    f7fbde0f0b14 ARM: dts: imx6qdl-wandboard-revd1: Remove PAD_GPIO_6 from enetgrp
    4b008707bac4 ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY
    76c475d5d788 ARM: dts: sun8i: v3s: fix GIC node memory range
    9ebc986a2ea5 pinctrl: baytrail: Avoid clearing debounce value when turning it off
    e2556e022897 pinctrl: merrifield: Set default bias in case no particular value given
    2ec85a7a5adf ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node
    9f69f6f85288 ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator
    389033996cec ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b29d1016f2761aefa15e38a86263fb03c46ec1d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 5d2b2d14bf..5fc444bfc9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "baf3ccf7c7cfaf9515d8c8b3b639d7bbb0564594"
-SRCREV_meta ?= "1c358e19696827b594de26a221f110fc2647dfa8"
+SRCREV_machine ?= "b82b3d52ee94caf6165eda89d3294a561bfb4f0b"
+SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.85"
+LINUX_VERSION ?= "5.4.87"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index fea9ae26c1..05edcfa63d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.85"
+LINUX_VERSION ?= "5.4.87"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "f7f4bcebdd599197cde6f1d1985cb1ef1f3e8a54"
-SRCREV_machine ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_meta ?= "1c358e19696827b594de26a221f110fc2647dfa8"
+SRCREV_machine_qemuarm ?= "18b82a8554b25c86cbf31af312765832edca3498"
+SRCREV_machine ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 9ed1811098..6a2d96e8a0 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "888fe3a6f7776f5732c3c4cf4c862447e646c25e"
-SRCREV_machine_qemuarm64 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_machine_qemumips ?= "459ad51fb16465be3d291217a10bcb9d055f5775"
-SRCREV_machine_qemuppc ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_machine_qemuriscv64 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_machine_qemux86 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_machine_qemux86-64 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_machine_qemumips64 ?= "7eff01977ef77715ebc3e5a126534c39fe4ac918"
-SRCREV_machine ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f"
-SRCREV_meta ?= "1c358e19696827b594de26a221f110fc2647dfa8"
+SRCREV_machine_qemuarm ?= "03f94e8a96d027da980f2cc2ad6e95bbb45e22c5"
+SRCREV_machine_qemuarm64 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_machine_qemumips ?= "0b055d3e2e8d41743b00cd84975ff383e35f1ae9"
+SRCREV_machine_qemuppc ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_machine_qemuriscv64 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_machine_qemux86 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_machine_qemux86-64 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_machine_qemumips64 ?= "126e385b2dd8580a266fe15907c3725d2da12458"
+SRCREV_machine ?= "292d752af8e4015e40e7c523641983bac543e2b4"
+SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.85"
+LINUX_VERSION ?= "5.4.87"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.17.1

[OE-core][dunfell 07/19] scripts: oe-run-native, fix *-native directories

[Steve Sakoman]

From: Adrian Herrera <adrian.herrera@arm.com>

This fixes a crash with "find" when running a native tool and *-native
directories do not exist under the binary directory in the sysroot.
This happened because the directory wildcard was passed as part of the
root directory.
The directory wildcard is now passed by "-name", which returns an empty
result if no matching directory.

Signed-off-by: Adrian Herrera <adrian.herrera@arm.com>
Change-Id: Iba7acd8bbd7e0beb4d25c984f6af7a4fd21486e6
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6c90ed0ad24b7d4f892e22e088b1578824eb1d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/oe-run-native | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/oe-run-native b/scripts/oe-run-native
index 4e63e69cc4..22958d97e7 100755
--- a/scripts/oe-run-native
+++ b/scripts/oe-run-native
@@ -43,7 +43,7 @@ fi
 OLD_PATH=$PATH
 
 # look for a tool only in native sysroot
-PATH=$OECORE_NATIVE_SYSROOT/usr/bin:$OECORE_NATIVE_SYSROOT/bin:$OECORE_NATIVE_SYSROOT/usr/sbin:$OECORE_NATIVE_SYSROOT/sbin$(find $OECORE_NATIVE_SYSROOT/usr/bin/*-native -maxdepth 1 -type d -printf ":%p")
+PATH=$OECORE_NATIVE_SYSROOT/usr/bin:$OECORE_NATIVE_SYSROOT/bin:$OECORE_NATIVE_SYSROOT/usr/sbin:$OECORE_NATIVE_SYSROOT/sbin$(find $OECORE_NATIVE_SYSROOT/usr/bin -maxdepth 1 -name "*-native" -type d -printf ":%p")
 tool_find=`/usr/bin/which $tool 2>/dev/null`
 
 if [ -n "$tool_find" ] ; then
-- 
2.17.1

[OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats

[Steve Sakoman]

From: Sakib Sajal <sakib.sajal@windriver.com>

There are a number of timeout and hang defects where
it would be useful to collect statistics about what
is running on a build host when that condition occurs.

This adds functionality to collect build system stats
on a regular interval and/or on task failure. Both
features are disabled by default.

To enable logging on a regular interval, set:
BB_HEARTBEAT_EVENT = "<interval>"
BB_LOG_HOST_STAT_ON_INTERVAL = <boolean>
Logs are stored in ${BUILDSTATS_BASE}/<build_name>/host_stats

To enable logging on a task failure, set:
BB_LOG_HOST_STAT_ON_FAILURE = "<boolean>"
Logs are stored in ${BUILDSTATS_BASE}/<build_name>/build_stats

The list of commands, along with the desired options, need
to be specified in the BB_LOG_HOST_STAT_CMDS variable
delimited by ; as such:
BB_LOG_HOST_STAT_CMDS = "command1 ; command2 ;... ;"

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edb7098e9e0a8978568a45057c1c3ad2c6cacd67)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/buildstats.bbclass | 40 ++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/meta/classes/buildstats.bbclass b/meta/classes/buildstats.bbclass
index 2590c60c63..43472f1988 100644
--- a/meta/classes/buildstats.bbclass
+++ b/meta/classes/buildstats.bbclass
@@ -106,14 +106,46 @@ def write_task_data(status, logfile, e, d):
             f.write("Status: FAILED \n")
         f.write("Ended: %0.2f \n" % e.time)
 
+def write_host_data(logfile, e, d):
+    import subprocess, os, datetime
+    cmds = d.getVar('BB_LOG_HOST_STAT_CMDS')
+    if cmds is None:
+        d.setVar("BB_LOG_HOST_STAT_ON_INTERVAL", "0")
+        d.setVar("BB_LOG_HOST_STAT_ON_FAILURE", "0")
+        bb.warn("buildstats: Collecting host data failed. Set BB_LOG_HOST_STAT_CMDS=\"command1 ; command2 ; ... \" in conf\/local.conf\n")
+        return
+    path = d.getVar("PATH")
+    opath = d.getVar("BB_ORIGENV", False).getVar("PATH")
+    ospath = os.environ['PATH']
+    os.environ['PATH'] = path + ":" + opath + ":" + ospath
+    with open(logfile, "a") as f:
+        f.write("Event Time: %f\nDate: %s\n" % (e.time, datetime.datetime.now()))
+        for cmd in cmds.split(";"):
+            if len(cmd) == 0:
+                continue
+            try:
+                output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT, timeout=1).decode('utf-8')
+            except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as err:
+                output = "Error running command: %s\n%s\n" % (cmd, err)
+            f.write("%s\n%s\n" % (cmd, output))
+    os.environ['PATH'] = ospath
+
 python run_buildstats () {
     import bb.build
     import bb.event
     import time, subprocess, platform
 
     bn = d.getVar('BUILDNAME')
-    bsdir = os.path.join(d.getVar('BUILDSTATS_BASE'), bn)
-    taskdir = os.path.join(bsdir, d.getVar('PF'))
+    ########################################################################
+    # bitbake fires HeartbeatEvent even before a build has been
+    # triggered, causing BUILDNAME to be None
+    ########################################################################
+    if bn is not None:
+        bsdir = os.path.join(d.getVar('BUILDSTATS_BASE'), bn)
+        taskdir = os.path.join(bsdir, d.getVar('PF'))
+        if isinstance(e, bb.event.HeartbeatEvent) and bb.utils.to_boolean(d.getVar("BB_LOG_HOST_STAT_ON_INTERVAL")):
+            bb.utils.mkdirhier(bsdir)
+            write_host_data(os.path.join(bsdir, "host_stats"), e, d)
 
     if isinstance(e, bb.event.BuildStarted):
         ########################################################################
@@ -188,10 +220,12 @@ python run_buildstats () {
         build_status = os.path.join(bsdir, "build_stats")
         with open(build_status, "a") as f:
             f.write(d.expand("Failed at: ${PF} at task: %s \n" % e.task))
+            if bb.utils.to_boolean(d.getVar("BB_LOG_HOST_STAT_ON_FAILURE")):
+                write_host_data(build_status, e, d)
 }
 
 addhandler run_buildstats
-run_buildstats[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskStarted bb.build.TaskSucceeded bb.build.TaskFailed"
+run_buildstats[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.event.HeartbeatEvent bb.build.TaskStarted bb.build.TaskSucceeded bb.build.TaskFailed"
 
 python runqueue_stats () {
     import buildstats
-- 
2.17.1

Re: [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats

[Richard Purdie]

On Mon, 2021-01-18 at 12:36 -1000, Steve Sakoman wrote:
> From: Sakib Sajal <sakib.sajal@windriver.com>
> 
> There are a number of timeout and hang defects where
> it would be useful to collect statistics about what
> is running on a build host when that condition occurs.
> 
> This adds functionality to collect build system stats
> on a regular interval and/or on task failure. Both
> features are disabled by default.
> 
> To enable logging on a regular interval, set:
> BB_HEARTBEAT_EVENT = "<interval>"
> BB_LOG_HOST_STAT_ON_INTERVAL = <boolean>
> Logs are stored in ${BUILDSTATS_BASE}/<build_name>/host_stats
> 
> To enable logging on a task failure, set:
> BB_LOG_HOST_STAT_ON_FAILURE = "<boolean>"
> Logs are stored in ${BUILDSTATS_BASE}/<build_name>/build_stats
> 
> The list of commands, along with the desired options, need
> to be specified in the BB_LOG_HOST_STAT_CMDS variable
> delimited by ; as such:
> BB_LOG_HOST_STAT_CMDS = "command1 ; command2 ;... ;"
> 
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit edb7098e9e0a8978568a45057c1c3ad2c6cacd67)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  meta/classes/buildstats.bbclass | 40 ++++++++++++++++++++++++++++++---
>  1 file changed, 37 insertions(+), 3 deletions(-)

Not sure this is backport material. We should probably see how it goes
in master and try using it there first?

Cheers,

Richard

Re: [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats

[Steve Sakoman]

On Mon, Jan 18, 2021 at 1:34 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Mon, 2021-01-18 at 12:36 -1000, Steve Sakoman wrote:
> > From: Sakib Sajal <sakib.sajal@windriver.com>
> >
> > There are a number of timeout and hang defects where
> > it would be useful to collect statistics about what
> > is running on a build host when that condition occurs.
> >
> > This adds functionality to collect build system stats
> > on a regular interval and/or on task failure. Both
> > features are disabled by default.
> >
> > To enable logging on a regular interval, set:
> > BB_HEARTBEAT_EVENT = "<interval>"
> > BB_LOG_HOST_STAT_ON_INTERVAL = <boolean>
> > Logs are stored in ${BUILDSTATS_BASE}/<build_name>/host_stats
> >
> > To enable logging on a task failure, set:
> > BB_LOG_HOST_STAT_ON_FAILURE = "<boolean>"
> > Logs are stored in ${BUILDSTATS_BASE}/<build_name>/build_stats
> >
> > The list of commands, along with the desired options, need
> > to be specified in the BB_LOG_HOST_STAT_CMDS variable
> > delimited by ; as such:
> > BB_LOG_HOST_STAT_CMDS = "command1 ; command2 ;... ;"
> >
> > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit edb7098e9e0a8978568a45057c1c3ad2c6cacd67)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> >  meta/classes/buildstats.bbclass | 40 ++++++++++++++++++++++++++++++---
> >  1 file changed, 37 insertions(+), 3 deletions(-)
>
> Not sure this is backport material. We should probably see how it goes
> in master and try using it there first?

OK, I thought it was safe since the features are disabled by default.
Seemed like something good to have if needed, but I'll remove this
from the pull request and revisit later.

Steve

[OE-core][dunfell 09/19] toolchain-shar-extract.sh: Handle special characters in script path

[Steve Sakoman]

From: Andrey Mozzhuhin <amozzhuhin@yandex.ru>

Extracting SDK archive may fail if the script is run using a path with
special characters such as space or asterisk. This is because the shell
interprets such characters after expanding the $0 variable.

Added quotes to all uses of the shell variable $0 to fix this.

Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0453acbbd45604537090ec7a3295b34309e6eecb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/toolchain-shar-extract.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index bea6d4189a..dd9342758b 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -95,7 +95,7 @@ while getopts ":yd:npDRSl" OPT; do
 		listcontents=1
 		;;
 	*)
-		echo "Usage: $(basename $0) [-y] [-d <dir>]"
+		echo "Usage: $(basename "$0") [-y] [-d <dir>]"
 		echo "  -y         Automatic yes to all prompts"
 		echo "  -d <dir>   Install the SDK to <dir>"
 		echo "======== Extensible SDK only options ============"
@@ -111,17 +111,17 @@ while getopts ":yd:npDRSl" OPT; do
 	esac
 done
 
-payload_offset=$(($(grep -na -m1 "^MARKER:$" $0|cut -d':' -f1) + 1))
+payload_offset=$(($(grep -na -m1 "^MARKER:$" "$0"|cut -d':' -f1) + 1))
 if [ "$listcontents" = "1" ] ; then
     if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
-        tail -n +$payload_offset $0 > sdk.zip
+        tail -n +$payload_offset "$0" > sdk.zip
         if unzip -l sdk.zip;then
             rm sdk.zip
         else
             rm sdk.zip && exit 1
         fi
     else
-        tail -n +$payload_offset $0| tar tvJ || exit 1
+        tail -n +$payload_offset "$0"| tar tvJ || exit 1
     fi
     exit
 fi
@@ -242,14 +242,14 @@ fi
 
 printf "Extracting SDK..."
 if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
-    tail -n +$payload_offset $0 > sdk.zip
+    tail -n +$payload_offset "$0" > sdk.zip
     if $SUDO_EXEC unzip $EXTRA_TAR_OPTIONS sdk.zip -d $target_sdk_dir;then
         rm sdk.zip
     else
         rm sdk.zip && exit 1
     fi
 else
-    tail -n +$payload_offset $0| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
+    tail -n +$payload_offset "$0"| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
 fi
 echo "done"
 
-- 
2.17.1

[OE-core][dunfell 10/19] lib/oe/utils: Return empty string in parallel_make

[Steve Sakoman]

From: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>

In cmake.bbclass we set CMAKE_BUILD_PARALLEL_LEVEL using parallel_make
function and if PARALLEL_MAKE is set to empty string then this variable
is exported as "None" causing cmake to fail with:
"'CMAKE_BUILD_PARALLEL_LEVEL' environment variable
invalid number 'None' given."

Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2f790ded554a52ac18d1c28002142f9c62abec8b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index 13f4271da0..83d298906b 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -193,7 +193,7 @@ def parallel_make(d, makeinst=False):
 
         return int(v)
 
-    return None
+    return ''
 
 def parallel_make_argument(d, fmt, limit=None, makeinst=False):
     """
-- 
2.17.1

[OE-core][dunfell 11/19] boost: drop arm-intrinsics.patch

[Steve Sakoman]

From: Mans Rullgard <mans@mansr.com>

This patch makes gcc produce broken code.  It is unclear why it is there
in the first place.  Drop it.

Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5f3cace37496fe1dc4fd045f688f7d441505c437)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../boost/boost/arm-intrinsics.patch          | 55 -------------------
 meta/recipes-support/boost/boost_1.72.0.bb    |  2 +-
 2 files changed, 1 insertion(+), 56 deletions(-)
 delete mode 100644 meta/recipes-support/boost/boost/arm-intrinsics.patch

diff --git a/meta/recipes-support/boost/boost/arm-intrinsics.patch b/meta/recipes-support/boost/boost/arm-intrinsics.patch
deleted file mode 100644
index fe85c69a82..0000000000
--- a/meta/recipes-support/boost/boost/arm-intrinsics.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Upstream-Status: Backport
-
-8/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com>
-
-diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp
-index b6359b5..78b1cc2 100644
---- a/boost/smart_ptr/detail/atomic_count_sync.hpp
-+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp
-@@ -33,17 +33,46 @@ public:
- 
-     long operator++()
-     {
-+#ifdef __ARM_ARCH_7A__
-+       int v1, tmp;
-+       asm volatile ("1:                 \n\t"
-+                     "ldrex   %0, %1     \n\t"
-+                     "add     %0 ,%0, #1 \n\t"
-+                     "strex   %2, %0, %1 \n\t"
-+                     "cmp     %2, #0     \n\t"
-+                     "bne     1b         \n\t"
-+                     : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+                    );
-+#else
-         return __sync_add_and_fetch( &value_, 1 );
-+#endif
-     }
- 
-     long operator--()
-     {
-+#ifdef __ARM_ARCH_7A__
-+       int v1, tmp;
-+       asm volatile ("1:                 \n\t"
-+                     "ldrex   %0, %1     \n\t"
-+                     "sub     %0 ,%0, #1 \n\t"
-+                     "strex   %2, %0, %1 \n\t"
-+                     "cmp     %2, #0     \n\t"
-+                     "bne     1b         \n\t"
-+                     : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+                    );
-+       return value_;
-+#else
-         return __sync_add_and_fetch( &value_, -1 );
-+#endif
-     }
- 
-     operator long() const
-     {
-+#if __ARM_ARCH_7A__
-+        return value_;
-+#else
-         return __sync_fetch_and_add( &value_, 0 );
-+#endif
-     }
- 
- private:
diff --git a/meta/recipes-support/boost/boost_1.72.0.bb b/meta/recipes-support/boost/boost_1.72.0.bb
index 51c84bc935..df1cc16937 100644
--- a/meta/recipes-support/boost/boost_1.72.0.bb
+++ b/meta/recipes-support/boost/boost_1.72.0.bb
@@ -1,7 +1,7 @@
 require boost-${PV}.inc
 require boost.inc
 
-SRC_URI += "file://arm-intrinsics.patch \
+SRC_URI += " \
            file://boost-CVE-2012-2677.patch \
            file://boost-math-disable-pch-for-gcc.patch \
            file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
-- 
2.17.1

[OE-core][dunfell 12/19] classes/waf: Add build and install arguments

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

Adds variables that can be used to allow a recipe to pass extra
arguments to `waf build` and `waf install`. In most cases, you want to
pass the same arguments to `build` and `install` (since install is a
superset of `build`), so by default setting EXTRA_OEWAF_BUILD also
affects `waf install`, but this can be overridded.

(From OE-Core rev: 493e17a2f5cbbbe3b1e435dadb281b007bca2cbf)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 633652284b13dc78206f4cc8e81f29de44777b75)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/waf.bbclass | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass
index 900244004e..309f625a40 100644
--- a/meta/classes/waf.bbclass
+++ b/meta/classes/waf.bbclass
@@ -5,6 +5,11 @@ B = "${WORKDIR}/build"
 
 EXTRA_OECONF_append = " ${PACKAGECONFIG_CONFARGS}"
 
+EXTRA_OEWAF_BUILD ??= ""
+# In most cases, you want to pass the same arguments to `waf build` and `waf
+# install`, but you can override it if necessary
+EXTRA_OEWAF_INSTALL ??= "${EXTRA_OEWAF_BUILD}"
+
 def waflock_hash(d):
     # Calculates the hash used for the waf lock file. This should include
     # all of the user controllable inputs passed to waf configure. Note
@@ -55,11 +60,11 @@ waf_do_configure() {
 
 do_compile[progress] = "outof:^\[\s*(\d+)/\s*(\d+)\]\s+"
 waf_do_compile()  {
-	(cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)})
+	(cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD})
 }
 
 waf_do_install() {
-	(cd ${S} && ./waf install --destdir=${D})
+	(cd ${S} && ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL})
 }
 
 EXPORT_FUNCTIONS do_configure do_compile do_install
-- 
2.17.1

[OE-core][dunfell 13/19] waf: don't assume the waf intepretter is good

[Steve Sakoman]

From: Ross Burton <ross@burtonini.com>

Waf typically uses `python` as the intepretter but inside a task this
does not exist.  Typically this is solved by patching waf (see the
glmark2 recipe) but not all versionf of Waf support Python 3 so we can't
assume a specific interpretter.

Instead, create a new variable WAF_PYTHON for the correct interpretter,
and default this to `python3`.  If the user has a recipe that needs
Python 2 then this can be changed in the recipe.

(From OE-Core rev: 802e80d35e6374b9b80f89068d00b84fe2d04ca1)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85b6301c6190a1d1823de9bfe7285f7a7d15a46f)
[Fixes build issue on Ubuntu 20 with mvp
https://github.com/openembedded/meta-openembedded/issues/304 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/waf.bbclass | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass
index 309f625a40..8fa5063645 100644
--- a/meta/classes/waf.bbclass
+++ b/meta/classes/waf.bbclass
@@ -1,6 +1,10 @@
 # avoids build breaks when using no-static-libs.inc
 DISABLE_STATIC = ""
 
+# What Python interpretter to use.  Defaults to Python 3 but can be
+# overridden if required.
+WAF_PYTHON ?= "python3"
+
 B = "${WORKDIR}/build"
 
 EXTRA_OECONF_append = " ${PACKAGECONFIG_CONFARGS}"
@@ -40,9 +44,10 @@ python waf_preconfigure() {
     import subprocess
     from distutils.version import StrictVersion
     subsrcdir = d.getVar('S')
+    python = d.getVar('WAF_PYTHON')
     wafbin = os.path.join(subsrcdir, 'waf')
     try:
-        result = subprocess.check_output([wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT)
+        result = subprocess.check_output([python, wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT)
         version = result.decode('utf-8').split()[1]
         if StrictVersion(version) >= StrictVersion("1.8.7"):
             d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}")
@@ -55,16 +60,16 @@ python waf_preconfigure() {
 do_configure[prefuncs] += "waf_preconfigure"
 
 waf_do_configure() {
-	(cd ${S} && ./waf configure -o ${B} --prefix=${prefix} ${WAF_EXTRA_CONF} ${EXTRA_OECONF})
+	(cd ${S} && ${WAF_PYTHON} ./waf configure -o ${B} --prefix=${prefix} ${WAF_EXTRA_CONF} ${EXTRA_OECONF})
 }
 
 do_compile[progress] = "outof:^\[\s*(\d+)/\s*(\d+)\]\s+"
 waf_do_compile()  {
-	(cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD})
+	(cd ${S} && ${WAF_PYTHON} ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD})
 }
 
 waf_do_install() {
-	(cd ${S} && ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL})
+	(cd ${S} && ${WAF_PYTHON} ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL})
 }
 
 EXPORT_FUNCTIONS do_configure do_compile do_install
-- 
2.17.1

[OE-core][dunfell 14/19] curl: fix CVE-2020-8231/8284/8285/8286

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

backport CVE-2020-8284 fixes from upstream, but drop
binary file tests/data/test1465.

upstream fixes for CVE-2020-8231, CVE-2020-8285 and CVE-2020-8286
does not applies cleanly to 7.69.1, fedora have working patch
hence import patch from Fedora.
https://koji.fedoraproject.org/koji/rpminfo?rpmID=24270817

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2020-8231.patch             | 1092 +++++++++++++++++
 .../curl/curl/CVE-2020-8284.patch             |  209 ++++
 .../curl/curl/CVE-2020-8285.patch             |  260 ++++
 .../curl/curl/CVE-2020-8286.patch             |  133 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |    4 +
 5 files changed, 1698 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8231.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8284.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8285.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8286.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2020-8231.patch b/meta/recipes-support/curl/curl/CVE-2020-8231.patch
new file mode 100644
index 0000000000..51f40047f1
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8231.patch
@@ -0,0 +1,1092 @@
+From c3359693e17fccdf2a04f0b908bc8f51cdc38133 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 27 Apr 2020 00:33:21 +0200
+Subject: [PATCH 1/3] conncache: various concept cleanups
+
+More connection cache accesses are protected by locks.
+
+CONNCACHE_* is a beter prefix for the connection cache lock macros.
+
+Curl_attach_connnection: now called as soon as there's a connection
+struct available and before the connection is added to the connection
+cache.
+
+Curl_disconnect: now assumes that the connection is already removed from
+the connection cache.
+
+Ref: #4915
+Closes #5009
+
+Upstream-commit: c06902713998d68202c5a764de910ba8d0e8f54d
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+
+Upstream-Status: Backport [import from fedora https://koji.fedoraproject.org/koji/fileinfo?rpmID=24270817&filename=0004-curl-7.69.1-CVE-2020-8231.patch ]
+CVE: CVE-2020-8286
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/conncache.c       | 87 ++++++++++++++++++++-----------------------
+ lib/conncache.h       |  9 ++---
+ lib/hostip.c          | 12 +++---
+ lib/http_negotiate.h  |  6 ++-
+ lib/http_ntlm.h       |  6 ++-
+ lib/multi.c           | 56 ++++++++++++++--------------
+ lib/multiif.h         |  1 +
+ lib/url.c             | 69 ++++++++++++++++++----------------
+ tests/data/test1554   | 14 +++++++
+ tests/unit/unit1620.c |  6 +--
+ 10 files changed, 139 insertions(+), 127 deletions(-)
+
+diff --git a/lib/conncache.c b/lib/conncache.c
+index cbd3bb1..95fcea6 100644
+--- a/lib/conncache.c
++++ b/lib/conncache.c
+@@ -49,53 +49,51 @@ static void conn_llist_dtor(void *user, void *element)
+   conn->bundle = NULL;
+ }
+ 
+-static CURLcode bundle_create(struct Curl_easy *data,
+-                              struct connectbundle **cb_ptr)
++static CURLcode bundle_create(struct connectbundle **bundlep)
+ {
+-  (void)data;
+-  DEBUGASSERT(*cb_ptr == NULL);
+-  *cb_ptr = malloc(sizeof(struct connectbundle));
+-  if(!*cb_ptr)
++  DEBUGASSERT(*bundlep == NULL);
++  *bundlep = malloc(sizeof(struct connectbundle));
++  if(!*bundlep)
+     return CURLE_OUT_OF_MEMORY;
+ 
+-  (*cb_ptr)->num_connections = 0;
+-  (*cb_ptr)->multiuse = BUNDLE_UNKNOWN;
++  (*bundlep)->num_connections = 0;
++  (*bundlep)->multiuse = BUNDLE_UNKNOWN;
+ 
+-  Curl_llist_init(&(*cb_ptr)->conn_list, (curl_llist_dtor) conn_llist_dtor);
++  Curl_llist_init(&(*bundlep)->conn_list, (curl_llist_dtor) conn_llist_dtor);
+   return CURLE_OK;
+ }
+ 
+-static void bundle_destroy(struct connectbundle *cb_ptr)
++static void bundle_destroy(struct connectbundle *bundle)
+ {
+-  if(!cb_ptr)
++  if(!bundle)
+     return;
+ 
+-  Curl_llist_destroy(&cb_ptr->conn_list, NULL);
++  Curl_llist_destroy(&bundle->conn_list, NULL);
+ 
+-  free(cb_ptr);
++  free(bundle);
+ }
+ 
+ /* Add a connection to a bundle */
+-static void bundle_add_conn(struct connectbundle *cb_ptr,
++static void bundle_add_conn(struct connectbundle *bundle,
+                             struct connectdata *conn)
+ {
+-  Curl_llist_insert_next(&cb_ptr->conn_list, cb_ptr->conn_list.tail, conn,
++  Curl_llist_insert_next(&bundle->conn_list, bundle->conn_list.tail, conn,
+                          &conn->bundle_node);
+-  conn->bundle = cb_ptr;
+-  cb_ptr->num_connections++;
++  conn->bundle = bundle;
++  bundle->num_connections++;
+ }
+ 
+ /* Remove a connection from a bundle */
+-static int bundle_remove_conn(struct connectbundle *cb_ptr,
++static int bundle_remove_conn(struct connectbundle *bundle,
+                               struct connectdata *conn)
+ {
+   struct curl_llist_element *curr;
+ 
+-  curr = cb_ptr->conn_list.head;
++  curr = bundle->conn_list.head;
+   while(curr) {
+     if(curr->ptr == conn) {
+-      Curl_llist_remove(&cb_ptr->conn_list, curr, NULL);
+-      cb_ptr->num_connections--;
++      Curl_llist_remove(&bundle->conn_list, curr, NULL);
++      bundle->num_connections--;
+       conn->bundle = NULL;
+       return 1; /* we removed a handle */
+     }
+@@ -162,20 +160,15 @@ static void hashkey(struct connectdata *conn, char *buf,
+   msnprintf(buf, len, "%ld%s", port, hostname);
+ }
+ 
+-void Curl_conncache_unlock(struct Curl_easy *data)
+-{
+-  CONN_UNLOCK(data);
+-}
+-
+ /* Returns number of connections currently held in the connection cache.
+    Locks/unlocks the cache itself!
+ */
+ size_t Curl_conncache_size(struct Curl_easy *data)
+ {
+   size_t num;
+-  CONN_LOCK(data);
++  CONNCACHE_LOCK(data);
+   num = data->state.conn_cache->num_conn;
+-  CONN_UNLOCK(data);
++  CONNCACHE_UNLOCK(data);
+   return num;
+ }
+ 
+@@ -188,7 +181,7 @@ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
+                                                  const char **hostp)
+ {
+   struct connectbundle *bundle = NULL;
+-  CONN_LOCK(conn->data);
++  CONNCACHE_LOCK(conn->data);
+   if(connc) {
+     char key[HASHKEY_SIZE];
+     hashkey(conn, key, sizeof(key), hostp);
+@@ -235,8 +228,7 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
+                                  struct connectdata *conn)
+ {
+   CURLcode result = CURLE_OK;
+-  struct connectbundle *bundle;
+-  struct connectbundle *new_bundle = NULL;
++  struct connectbundle *bundle = NULL;
+   struct Curl_easy *data = conn->data;
+ 
+   /* *find_bundle() locks the connection cache */
+@@ -245,20 +237,19 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
+     int rc;
+     char key[HASHKEY_SIZE];
+ 
+-    result = bundle_create(data, &new_bundle);
++    result = bundle_create(&bundle);
+     if(result) {
+       goto unlock;
+     }
+ 
+     hashkey(conn, key, sizeof(key), NULL);
+-    rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle);
++    rc = conncache_add_bundle(data->state.conn_cache, key, bundle);
+ 
+     if(!rc) {
+-      bundle_destroy(new_bundle);
++      bundle_destroy(bundle);
+       result = CURLE_OUT_OF_MEMORY;
+       goto unlock;
+     }
+-    bundle = new_bundle;
+   }
+ 
+   bundle_add_conn(bundle, conn);
+@@ -270,15 +261,17 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
+                conn->connection_id, connc->num_conn));
+ 
+   unlock:
+-  CONN_UNLOCK(data);
++  CONNCACHE_UNLOCK(data);
+ 
+   return result;
+ }
+ 
+ /*
+- * Removes the connectdata object from the connection cache *and* clears the
+- * ->data pointer association. Pass TRUE/FALSE in the 'lock' argument
+- * depending on if the parent function already holds the lock or not.
++ * Removes the connectdata object from the connection cache, but does *not*
++ * clear the conn->data association. The transfer still owns this connection.
++ *
++ * Pass TRUE/FALSE in the 'lock' argument depending on if the parent function
++ * already holds the lock or not.
+  */
+ void Curl_conncache_remove_conn(struct Curl_easy *data,
+                                 struct connectdata *conn, bool lock)
+@@ -290,7 +283,7 @@ void Curl_conncache_remove_conn(struct Curl_easy *data,
+      due to a failed connection attempt, before being added to a bundle */
+   if(bundle) {
+     if(lock) {
+-      CONN_LOCK(data);
++      CONNCACHE_LOCK(data);
+     }
+     bundle_remove_conn(bundle, conn);
+     if(bundle->num_connections == 0)
+@@ -301,9 +294,8 @@ void Curl_conncache_remove_conn(struct Curl_easy *data,
+       DEBUGF(infof(data, "The cache now contains %zu members\n",
+                    connc->num_conn));
+     }
+-    conn->data = NULL; /* clear the association */
+     if(lock) {
+-      CONN_UNLOCK(data);
++      CONNCACHE_UNLOCK(data);
+     }
+   }
+ }
+@@ -332,7 +324,7 @@ bool Curl_conncache_foreach(struct Curl_easy *data,
+   if(!connc)
+     return FALSE;
+ 
+-  CONN_LOCK(data);
++  CONNCACHE_LOCK(data);
+   Curl_hash_start_iterate(&connc->hash, &iter);
+ 
+   he = Curl_hash_next_element(&iter);
+@@ -350,12 +342,12 @@ bool Curl_conncache_foreach(struct Curl_easy *data,
+       curr = curr->next;
+ 
+       if(1 == func(conn, param)) {
+-        CONN_UNLOCK(data);
++        CONNCACHE_UNLOCK(data);
+         return TRUE;
+       }
+     }
+   }
+-  CONN_UNLOCK(data);
++  CONNCACHE_UNLOCK(data);
+   return FALSE;
+ }
+ 
+@@ -494,7 +486,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data)
+ 
+   now = Curl_now();
+ 
+-  CONN_LOCK(data);
++  CONNCACHE_LOCK(data);
+   Curl_hash_start_iterate(&connc->hash, &iter);
+ 
+   he = Curl_hash_next_element(&iter);
+@@ -531,7 +523,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data)
+                  connc->num_conn));
+     conn_candidate->data = data; /* associate! */
+   }
+-  CONN_UNLOCK(data);
++  CONNCACHE_UNLOCK(data);
+ 
+   return conn_candidate;
+ }
+@@ -548,6 +540,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc)
+     sigpipe_ignore(conn->data, &pipe_st);
+     /* This will remove the connection from the cache */
+     connclose(conn, "kill all");
++    Curl_conncache_remove_conn(conn->data, conn, TRUE);
+     (void)Curl_disconnect(connc->closure_handle, conn, FALSE);
+     sigpipe_restore(&pipe_st);
+ 
+diff --git a/lib/conncache.h b/lib/conncache.h
+index e3e4c9c..3dda21c 100644
+--- a/lib/conncache.h
++++ b/lib/conncache.h
+@@ -45,21 +45,21 @@ struct conncache {
+ #ifdef CURLDEBUG
+ /* the debug versions of these macros make extra certain that the lock is
+    never doubly locked or unlocked */
+-#define CONN_LOCK(x) if((x)->share) {                                   \
++#define CONNCACHE_LOCK(x) if((x)->share) {                              \
+     Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE); \
+     DEBUGASSERT(!(x)->state.conncache_lock);                            \
+     (x)->state.conncache_lock = TRUE;                                   \
+   }
+ 
+-#define CONN_UNLOCK(x) if((x)->share) {                                 \
++#define CONNCACHE_UNLOCK(x) if((x)->share) {                            \
+     DEBUGASSERT((x)->state.conncache_lock);                             \
+     (x)->state.conncache_lock = FALSE;                                  \
+     Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT);                     \
+   }
+ #else
+-#define CONN_LOCK(x) if((x)->share)                                     \
++#define CONNCACHE_LOCK(x) if((x)->share)                                \
+     Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE)
+-#define CONN_UNLOCK(x) if((x)->share)                   \
++#define CONNCACHE_UNLOCK(x) if((x)->share)              \
+     Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT)
+ #endif
+ 
+@@ -77,7 +77,6 @@ void Curl_conncache_destroy(struct conncache *connc);
+ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
+                                                  struct conncache *connc,
+                                                  const char **hostp);
+-void Curl_conncache_unlock(struct Curl_easy *data);
+ /* returns number of connections currently held in the connection cache */
+ size_t Curl_conncache_size(struct Curl_easy *data);
+ 
+diff --git a/lib/hostip.c b/lib/hostip.c
+index c0feb79..f5bb634 100644
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -1085,10 +1085,12 @@ CURLcode Curl_once_resolved(struct connectdata *conn,
+ 
+   result = Curl_setup_conn(conn, protocol_done);
+ 
+-  if(result)
+-    /* We're not allowed to return failure with memory left allocated
+-       in the connectdata struct, free those here */
+-    Curl_disconnect(conn->data, conn, TRUE); /* close the connection */
+-
++  if(result) {
++    struct Curl_easy *data = conn->data;
++    DEBUGASSERT(data);
++    Curl_detach_connnection(data);
++    Curl_conncache_remove_conn(data, conn, TRUE);
++    Curl_disconnect(data, conn, TRUE);
++  }
+   return result;
+ }
+diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h
+index 4f0ac16..a737f6f 100644
+--- a/lib/http_negotiate.h
++++ b/lib/http_negotiate.h
+@@ -7,7 +7,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -33,6 +33,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy);
+ 
+ void Curl_http_auth_cleanup_negotiate(struct connectdata *conn);
+ 
+-#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
++#else /* !CURL_DISABLE_HTTP && USE_SPNEGO */
++#define Curl_http_auth_cleanup_negotiate(x)
++#endif
+ 
+ #endif /* HEADER_CURL_HTTP_NEGOTIATE_H */
+diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h
+index 003714d..3ebdf97 100644
+--- a/lib/http_ntlm.h
++++ b/lib/http_ntlm.h
+@@ -7,7 +7,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -35,6 +35,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+ 
+ void Curl_http_auth_cleanup_ntlm(struct connectdata *conn);
+ 
+-#endif /* !CURL_DISABLE_HTTP && USE_NTLM */
++#else /* !CURL_DISABLE_HTTP && USE_NTLM */
++#define Curl_http_auth_cleanup_ntlm(x)
++#endif
+ 
+ #endif /* HEADER_CURL_HTTP_NTLM_H */
+diff --git a/lib/multi.c b/lib/multi.c
+index e10e752..273653d 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -79,7 +79,6 @@ static CURLMcode add_next_timeout(struct curltime now,
+ static CURLMcode multi_timeout(struct Curl_multi *multi,
+                                long *timeout_ms);
+ static void process_pending_handles(struct Curl_multi *multi);
+-static void detach_connnection(struct Curl_easy *data);
+ 
+ #ifdef DEBUGBUILD
+ static const char * const statename[]={
+@@ -112,7 +111,7 @@ static void Curl_init_completed(struct Curl_easy *data)
+ 
+   /* Important: reset the conn pointer so that we don't point to memory
+      that could be freed anytime */
+-  detach_connnection(data);
++  Curl_detach_connnection(data);
+   Curl_expire_clear(data); /* stop all timers */
+ }
+ 
+@@ -506,6 +505,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+      easy handle is added */
+   memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall));
+ 
++  CONNCACHE_LOCK(data);
+   /* The closure handle only ever has default timeouts set. To improve the
+      state somewhat we clone the timeouts from each added handle so that the
+      closure handle always has the same timeouts as the most recently added
+@@ -515,6 +515,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+     data->set.server_response_timeout;
+   data->state.conn_cache->closure_handle->set.no_signal =
+     data->set.no_signal;
++  CONNCACHE_UNLOCK(data);
+ 
+   Curl_update_timer(multi);
+   return CURLM_OK;
+@@ -589,14 +590,14 @@ static CURLcode multi_done(struct Curl_easy *data,
+ 
+   process_pending_handles(data->multi); /* connection / multiplex */
+ 
+-  CONN_LOCK(data);
+-  detach_connnection(data);
++  CONNCACHE_LOCK(data);
++  Curl_detach_connnection(data);
+   if(CONN_INUSE(conn)) {
+     /* Stop if still used. */
+     /* conn->data must not remain pointing to this transfer since it is going
+        away! Find another to own it! */
+     conn->data = conn->easyq.head->ptr;
+-    CONN_UNLOCK(data);
++    CONNCACHE_UNLOCK(data);
+     DEBUGF(infof(data, "Connection still in use %zu, "
+                  "no more multi_done now!\n",
+                  conn->easyq.size));
+@@ -647,7 +648,8 @@ static CURLcode multi_done(struct Curl_easy *data,
+        || (premature && !(conn->handler->flags & PROTOPT_STREAM))) {
+     CURLcode res2;
+     connclose(conn, "disconnecting");
+-    CONN_UNLOCK(data);
++    Curl_conncache_remove_conn(data, conn, FALSE);
++    CONNCACHE_UNLOCK(data);
+     res2 = Curl_disconnect(data, conn, premature);
+ 
+     /* If we had an error already, make sure we return that one. But
+@@ -666,7 +668,7 @@ static CURLcode multi_done(struct Curl_easy *data,
+               conn->bits.conn_to_host ? conn->conn_to_host.dispname :
+               conn->host.dispname);
+     /* the connection is no longer in use by this transfer */
+-    CONN_UNLOCK(data);
++    CONNCACHE_UNLOCK(data);
+     if(Curl_conncache_return_conn(data, conn)) {
+       /* remember the most recently used connection */
+       data->state.lastconnect = conn;
+@@ -774,8 +776,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
+                                 vanish with this handle */
+ 
+   /* Remove the association between the connection and the handle */
+-  if(data->conn)
+-    detach_connnection(data);
++  Curl_detach_connnection(data);
+ 
+ #ifdef USE_LIBPSL
+   /* Remove the PSL association. */
+@@ -824,9 +825,13 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi)
+   return (multi && (multi->multiplexing));
+ }
+ 
+-/* This is the only function that should clear data->conn. This will
+-   occasionally be called with the pointer already cleared. */
+-static void detach_connnection(struct Curl_easy *data)
++/*
++ * Curl_detach_connnection() removes the given transfer from the connection.
++ *
++ * This is the only function that should clear data->conn. This will
++ * occasionally be called with the data->conn pointer already cleared.
++ */
++void Curl_detach_connnection(struct Curl_easy *data)
+ {
+   struct connectdata *conn = data->conn;
+   if(conn)
+@@ -834,7 +839,11 @@ static void detach_connnection(struct Curl_easy *data)
+   data->conn = NULL;
+ }
+ 
+-/* This is the only function that should assign data->conn */
++/*
++ * Curl_attach_connnection() attaches this transfer to this connection.
++ *
++ * This is the only function that should assign data->conn
++ */
+ void Curl_attach_connnection(struct Curl_easy *data,
+                              struct connectdata *conn)
+ {
+@@ -1536,19 +1545,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+     bool stream_error = FALSE;
+     rc = CURLM_OK;
+ 
+-    DEBUGASSERT((data->mstate <= CURLM_STATE_CONNECT) ||
+-                (data->mstate >= CURLM_STATE_DONE) ||
+-                data->conn);
+-    if(!data->conn &&
+-       data->mstate > CURLM_STATE_CONNECT &&
+-       data->mstate < CURLM_STATE_DONE) {
+-      /* In all these states, the code will blindly access 'data->conn'
+-         so this is precaution that it isn't NULL. And it silences static
+-         analyzers. */
+-      failf(data, "In state %d with no conn, bail out!\n", data->mstate);
+-      return CURLM_INTERNAL_ERROR;
+-    }
+-
+     if(multi_ischanged(multi, TRUE)) {
+       DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n"));
+       process_pending_handles(multi); /* multiplexed */
+@@ -2231,8 +2227,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+          * access free'd data, if the connection is free'd and the handle
+          * removed before we perform the processing in CURLM_STATE_COMPLETED
+          */
+-        if(data->conn)
+-          detach_connnection(data);
++        Curl_detach_connnection(data);
+       }
+ 
+ #ifndef CURL_DISABLE_FTP
+@@ -2284,7 +2279,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+             /* This is where we make sure that the conn pointer is reset.
+                We don't have to do this in every case block above where a
+                failure is detected */
+-            detach_connnection(data);
++            Curl_detach_connnection(data);
++
++            /* remove connection from cache */
++            Curl_conncache_remove_conn(data, conn, TRUE);
+ 
+             /* disconnect properly */
+             Curl_disconnect(data, conn, dead_connection);
+diff --git a/lib/multiif.h b/lib/multiif.h
+index bde755e..c07587b 100644
+--- a/lib/multiif.h
++++ b/lib/multiif.h
+@@ -33,6 +33,7 @@ void Curl_expire_done(struct Curl_easy *data, expire_id id);
+ void Curl_update_timer(struct Curl_multi *multi);
+ void Curl_attach_connnection(struct Curl_easy *data,
+                              struct connectdata *conn);
++void Curl_detach_connnection(struct Curl_easy *data);
+ bool Curl_multiplex_wanted(const struct Curl_multi *multi);
+ void Curl_set_in_callback(struct Curl_easy *data, bool value);
+ bool Curl_is_in_callback(struct Curl_easy *easy);
+diff --git a/lib/url.c b/lib/url.c
+index a826f8a..4ed0623 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -679,9 +679,7 @@ static void conn_reset_all_postponed_data(struct connectdata *conn)
+ 
+ static void conn_shutdown(struct connectdata *conn)
+ {
+-  if(!conn)
+-    return;
+-
++  DEBUGASSERT(conn);
+   infof(conn->data, "Closing connection %ld\n", conn->connection_id);
+   DEBUGASSERT(conn->data);
+ 
+@@ -702,16 +700,11 @@ static void conn_shutdown(struct connectdata *conn)
+     Curl_closesocket(conn, conn->tempsock[0]);
+   if(CURL_SOCKET_BAD != conn->tempsock[1])
+     Curl_closesocket(conn, conn->tempsock[1]);
+-
+-  /* unlink ourselves. this should be called last since other shutdown
+-     procedures need a valid conn->data and this may clear it. */
+-  Curl_conncache_remove_conn(conn->data, conn, TRUE);
+ }
+ 
+ static void conn_free(struct connectdata *conn)
+ {
+-  if(!conn)
+-    return;
++  DEBUGASSERT(conn);
+ 
+   Curl_free_idnconverted_hostname(&conn->host);
+   Curl_free_idnconverted_hostname(&conn->conn_to_host);
+@@ -778,13 +771,17 @@ static void conn_free(struct connectdata *conn)
+ CURLcode Curl_disconnect(struct Curl_easy *data,
+                          struct connectdata *conn, bool dead_connection)
+ {
+-  if(!conn)
+-    return CURLE_OK; /* this is closed and fine already */
++  /* there must be a connection to close */
++  DEBUGASSERT(conn);
+ 
+-  if(!data) {
+-    DEBUGF(infof(data, "DISCONNECT without easy handle, ignoring\n"));
+-    return CURLE_OK;
+-  }
++  /* it must be removed from the connection cache */
++  DEBUGASSERT(!conn->bundle);
++
++  /* there must be an associated transfer */
++  DEBUGASSERT(data);
++
++  /* the transfer must be detached from the connection */
++  DEBUGASSERT(!data->conn);
+ 
+   /*
+    * If this connection isn't marked to force-close, leave it open if there
+@@ -800,16 +797,11 @@ CURLcode Curl_disconnect(struct Curl_easy *data,
+     conn->dns_entry = NULL;
+   }
+ 
+-  Curl_hostcache_prune(data); /* kill old DNS cache entries */
+-
+-#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
+   /* Cleanup NTLM connection-related data */
+   Curl_http_auth_cleanup_ntlm(conn);
+-#endif
+-#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
++
+   /* Cleanup NEGOTIATE connection-related data */
+   Curl_http_auth_cleanup_negotiate(conn);
+-#endif
+ 
+   /* the protocol specific disconnect handler and conn_shutdown need a transfer
+      for the connection! */
+@@ -1006,8 +998,12 @@ static int call_extract_if_dead(struct connectdata *conn, void *param)
+ static void prune_dead_connections(struct Curl_easy *data)
+ {
+   struct curltime now = Curl_now();
+-  timediff_t elapsed =
++  timediff_t elapsed;
++
++  CONNCACHE_LOCK(data);
++  elapsed =
+     Curl_timediff(now, data->state.conn_cache->last_cleanup);
++  CONNCACHE_UNLOCK(data);
+ 
+   if(elapsed >= 1000L) {
+     struct prunedead prune;
+@@ -1015,10 +1011,17 @@ static void prune_dead_connections(struct Curl_easy *data)
+     prune.extracted = NULL;
+     while(Curl_conncache_foreach(data, data->state.conn_cache, &prune,
+                                  call_extract_if_dead)) {
++      /* unlocked */
++
++      /* remove connection from cache */
++      Curl_conncache_remove_conn(data, prune.extracted, TRUE);
++
+       /* disconnect it */
+       (void)Curl_disconnect(data, prune.extracted, /* dead_connection */TRUE);
+     }
++    CONNCACHE_LOCK(data);
+     data->state.conn_cache->last_cleanup = now;
++    CONNCACHE_UNLOCK(data);
+   }
+ }
+ 
+@@ -1078,7 +1081,7 @@ ConnectionExists(struct Curl_easy *data,
+         if(data->set.pipewait) {
+           infof(data, "Server doesn't support multiplex yet, wait\n");
+           *waitpipe = TRUE;
+-          Curl_conncache_unlock(data);
++          CONNCACHE_UNLOCK(data);
+           return FALSE; /* no re-use */
+         }
+ 
+@@ -1402,11 +1405,12 @@ ConnectionExists(struct Curl_easy *data,
+   if(chosen) {
+     /* mark it as used before releasing the lock */
+     chosen->data = data; /* own it! */
+-    Curl_conncache_unlock(data);
++    Curl_attach_connnection(data, chosen);
++    CONNCACHE_UNLOCK(data);
+     *usethis = chosen;
+     return TRUE; /* yes, we found one to use! */
+   }
+-  Curl_conncache_unlock(data);
++  CONNCACHE_UNLOCK(data);
+ 
+   if(foundPendingCandidate && data->set.pipewait) {
+     infof(data,
+@@ -3519,6 +3523,7 @@ static CURLcode create_conn(struct Curl_easy *data,
+     if(!result) {
+       conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */
+ 
++      Curl_attach_connnection(data, conn);
+       result = Curl_conncache_add_conn(data->state.conn_cache, conn);
+       if(result)
+         goto out;
+@@ -3533,7 +3538,6 @@ static CURLcode create_conn(struct Curl_easy *data,
+         (void)conn->handler->done(conn, result, FALSE);
+         goto out;
+       }
+-      Curl_attach_connnection(data, conn);
+       Curl_setup_transfer(data, -1, -1, FALSE, -1);
+     }
+ 
+@@ -3683,7 +3687,7 @@ static CURLcode create_conn(struct Curl_easy *data,
+ 
+         /* The bundle is full. Extract the oldest connection. */
+         conn_candidate = Curl_conncache_extract_bundle(data, bundle);
+-        Curl_conncache_unlock(data);
++        CONNCACHE_UNLOCK(data);
+ 
+         if(conn_candidate)
+           (void)Curl_disconnect(data, conn_candidate,
+@@ -3695,7 +3699,7 @@ static CURLcode create_conn(struct Curl_easy *data,
+         }
+       }
+       else
+-        Curl_conncache_unlock(data);
++        CONNCACHE_UNLOCK(data);
+ 
+     }
+ 
+@@ -3729,6 +3733,8 @@ static CURLcode create_conn(struct Curl_easy *data,
+        * This is a brand new connection, so let's store it in the connection
+        * cache of ours!
+        */
++      Curl_attach_connnection(data, conn);
++
+       result = Curl_conncache_add_conn(data->state.conn_cache, conn);
+       if(result)
+         goto out;
+@@ -3883,7 +3889,7 @@ CURLcode Curl_connect(struct Curl_easy *data,
+   result = create_conn(data, &conn, asyncp);
+ 
+   if(!result) {
+-    if(CONN_INUSE(conn))
++    if(CONN_INUSE(conn) > 1)
+       /* multiplexed */
+       *protocol_done = TRUE;
+     else if(!*asyncp) {
+@@ -3900,11 +3906,10 @@ CURLcode Curl_connect(struct Curl_easy *data,
+   else if(result && conn) {
+     /* We're not allowed to return failure with memory left allocated in the
+        connectdata struct, free those here */
++    Curl_detach_connnection(data);
++    Curl_conncache_remove_conn(data, conn, TRUE);
+     Curl_disconnect(data, conn, TRUE);
+   }
+-  else if(!result && !data->conn)
+-    /* FILE: transfers already have the connection attached */
+-    Curl_attach_connnection(data, conn);
+ 
+   return result;
+ }
+diff --git a/tests/data/test1554 b/tests/data/test1554
+index 06f1897..d3926d9 100644
+--- a/tests/data/test1554
++++ b/tests/data/test1554
+@@ -29,6 +29,12 @@ run 1: foobar and so on fun!
+ <- Mutex unlock
+ -> Mutex lock
+ <- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
+ run 1: foobar and so on fun!
+ -> Mutex lock
+ <- Mutex unlock
+@@ -40,6 +46,10 @@ run 1: foobar and so on fun!
+ <- Mutex unlock
+ -> Mutex lock
+ <- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
+ run 1: foobar and so on fun!
+ -> Mutex lock
+ <- Mutex unlock
+@@ -51,6 +61,10 @@ run 1: foobar and so on fun!
+ <- Mutex unlock
+ -> Mutex lock
+ <- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
+ run 1: foobar and so on fun!
+ -> Mutex lock
+ <- Mutex unlock
+diff --git a/tests/unit/unit1620.c b/tests/unit/unit1620.c
+index 6e572c6..b23e5b9 100644
+--- a/tests/unit/unit1620.c
++++ b/tests/unit/unit1620.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -73,10 +73,6 @@ UNITTEST_START
+   fail_unless(rc == CURLE_OK,
+               "Curl_parse_login_details() failed");
+ 
+-  rc = Curl_disconnect(empty, empty->conn, FALSE);
+-  fail_unless(rc == CURLE_OK,
+-              "Curl_disconnect() with dead_connection set FALSE failed");
+-
+   Curl_freeset(empty);
+   for(i = (enum dupstring)0; i < STRING_LAST; i++) {
+     fail_unless(empty->set.str[i] == NULL,
+-- 
+2.25.4
+
+
+From 6830828c9eecd9ab14404f2f49f19b56dec62130 Mon Sep 17 00:00:00 2001
+From: Marc Aldorasi <marc@groundctl.com>
+Date: Thu, 30 Jul 2020 14:16:17 -0400
+Subject: [PATCH 2/3] multi_remove_handle: close unused connect-only
+ connections
+
+Previously any connect-only connections in a multi handle would be kept
+alive until the multi handle was closed.  Since these connections cannot
+be re-used, they can be marked for closure when the associated easy
+handle is removed from the multi handle.
+
+Closes #5749
+
+Upstream-commit: d5bb459ccf1fc5980ae4b95c05b4ecf6454a7599
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/multi.c         | 34 ++++++++++++++++++++++++++++++----
+ tests/data/test1554 |  6 ++++++
+ 2 files changed, 36 insertions(+), 4 deletions(-)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index 249e360..f1371bd 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -682,6 +682,26 @@ static CURLcode multi_done(struct Curl_easy *data,
+   return result;
+ }
+ 
++static int close_connect_only(struct connectdata *conn, void *param)
++{
++  struct Curl_easy *data = param;
++
++  if(data->state.lastconnect != conn)
++    return 0;
++
++  if(conn->data != data)
++    return 1;
++  conn->data = NULL;
++
++  if(!conn->bits.connect_only)
++    return 1;
++
++  connclose(conn, "Removing connect-only easy handle");
++  conn->bits.connect_only = FALSE;
++
++  return 1;
++}
++
+ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
+                                    struct Curl_easy *data)
+ {
+@@ -765,10 +785,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
+      multi_done() as that may actually call Curl_expire that uses this */
+   Curl_llist_destroy(&data->state.timeoutlist, NULL);
+ 
+-  /* as this was using a shared connection cache we clear the pointer to that
+-     since we're not part of that multi handle anymore */
+-  data->state.conn_cache = NULL;
+-
+   /* change state without using multistate(), only to make singlesocket() do
+      what we want */
+   data->mstate = CURLM_STATE_COMPLETED;
+@@ -778,12 +794,22 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
+   /* Remove the association between the connection and the handle */
+   Curl_detach_connnection(data);
+ 
++  if(data->state.lastconnect) {
++    /* Mark any connect-only connection for closure */
++    Curl_conncache_foreach(data, data->state.conn_cache,
++                           data, &close_connect_only);
++  }
++
+ #ifdef USE_LIBPSL
+   /* Remove the PSL association. */
+   if(data->psl == &multi->psl)
+     data->psl = NULL;
+ #endif
+ 
++  /* as this was using a shared connection cache we clear the pointer to that
++     since we're not part of that multi handle anymore */
++  data->state.conn_cache = NULL;
++
+   data->multi = NULL; /* clear the association to this multi handle */
+ 
+   /* make sure there's no pending message in the queue sent from this easy
+diff --git a/tests/data/test1554 b/tests/data/test1554
+index d3926d9..fffa6ad 100644
+--- a/tests/data/test1554
++++ b/tests/data/test1554
+@@ -50,6 +50,8 @@ run 1: foobar and so on fun!
+ <- Mutex unlock
+ -> Mutex lock
+ <- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
+ run 1: foobar and so on fun!
+ -> Mutex lock
+ <- Mutex unlock
+@@ -65,6 +67,8 @@ run 1: foobar and so on fun!
+ <- Mutex unlock
+ -> Mutex lock
+ <- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
+ run 1: foobar and so on fun!
+ -> Mutex lock
+ <- Mutex unlock
+@@ -74,6 +78,8 @@ run 1: foobar and so on fun!
+ <- Mutex unlock
+ -> Mutex lock
+ <- Mutex unlock
++-> Mutex lock
++<- Mutex unlock
+ </datacheck>
+ </reply>
+ 
+-- 
+2.25.4
+
+
+From 01148ee40dd913a169435b0f9ea90e6393821e70 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 16 Aug 2020 11:34:35 +0200
+Subject: [PATCH 3/3] Curl_easy: remember last connection by id, not by pointer
+
+CVE-2020-8231
+
+Bug: https://curl.haxx.se/docs/CVE-2020-8231.html
+
+Reported-by: Marc Aldorasi
+Closes #5824
+
+Upstream-commit: 3c9e021f86872baae412a427e807fbfa2f3e8a22
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/connect.c | 19 ++++++++++---------
+ lib/easy.c    |  3 +--
+ lib/multi.c   |  9 +++++----
+ lib/url.c     |  2 +-
+ lib/urldata.h |  2 +-
+ 5 files changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 29293f0..e1c5662 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
+ }
+ 
+ struct connfind {
+-  struct connectdata *tofind;
+-  bool found;
++  long id_tofind;
++  struct connectdata *found;
+ };
+ 
+ static int conn_is_conn(struct connectdata *conn, void *param)
+ {
+   struct connfind *f = (struct connfind *)param;
+-  if(conn == f->tofind) {
+-    f->found = TRUE;
++  if(conn->connection_id == f->id_tofind) {
++    f->found = conn;
+     return 1;
+   }
+   return 0;
+@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+    * - that is associated with a multi handle, and whose connection
+    *   was detached with CURLOPT_CONNECT_ONLY
+    */
+-  if(data->state.lastconnect && (data->multi_easy || data->multi)) {
+-    struct connectdata *c = data->state.lastconnect;
++  if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
++    struct connectdata *c;
+     struct connfind find;
+-    find.tofind = data->state.lastconnect;
+-    find.found = FALSE;
++    find.id_tofind = data->state.lastconnect_id;
++    find.found = NULL;
+ 
+     Curl_conncache_foreach(data, data->multi_easy?
+                            &data->multi_easy->conn_cache:
+                            &data->multi->conn_cache, &find, conn_is_conn);
+ 
+     if(!find.found) {
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+       return CURL_SOCKET_BAD;
+     }
+ 
++    c = find.found;
+     if(connp) {
+       /* only store this if the caller cares for it */
+       *connp = c;
+diff --git a/lib/easy.c b/lib/easy.c
+index 292cca7..a69eb9e 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+ 
+   /* the connection cache is setup on demand */
+   outcurl->state.conn_cache = NULL;
+-
+-  outcurl->state.lastconnect = NULL;
++  outcurl->state.lastconnect_id = -1;
+ 
+   outcurl->progress.flags    = data->progress.flags;
+   outcurl->progress.callback = data->progress.callback;
+diff --git a/lib/multi.c b/lib/multi.c
+index f1371bd..778c537 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -453,6 +453,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+     data->state.conn_cache = &data->share->conn_cache;
+   else
+     data->state.conn_cache = &multi->conn_cache;
++  data->state.lastconnect_id = -1;
+ 
+ #ifdef USE_LIBPSL
+   /* Do the same for PSL. */
+@@ -671,11 +672,11 @@ static CURLcode multi_done(struct Curl_easy *data,
+     CONNCACHE_UNLOCK(data);
+     if(Curl_conncache_return_conn(data, conn)) {
+       /* remember the most recently used connection */
+-      data->state.lastconnect = conn;
++      data->state.lastconnect_id = conn->connection_id;
+       infof(data, "%s\n", buffer);
+     }
+     else
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+   }
+ 
+   Curl_free_request_state(data);
+@@ -686,7 +687,7 @@ static int close_connect_only(struct connectdata *conn, void *param)
+ {
+   struct Curl_easy *data = param;
+ 
+-  if(data->state.lastconnect != conn)
++  if(data->state.lastconnect_id != conn->connection_id)
+     return 0;
+ 
+   if(conn->data != data)
+@@ -794,7 +795,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
+   /* Remove the association between the connection and the handle */
+   Curl_detach_connnection(data);
+ 
+-  if(data->state.lastconnect) {
++  if(data->state.lastconnect_id != -1) {
+     /* Mark any connect-only connection for closure */
+     Curl_conncache_foreach(data, data->state.conn_cache,
+                            data, &close_connect_only);
+diff --git a/lib/url.c b/lib/url.c
+index a1a6b69..2919a3d 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl)
+       Curl_initinfo(data);
+ 
+       /* most recent connection is not yet defined */
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+ 
+       data->progress.flags |= PGRS_HIDE;
+       data->state.current_speed = -1; /* init to negative == impossible */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index f80a02d..6d8eb69 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1332,7 +1332,7 @@ struct UrlState {
+   /* buffers to store authentication data in, as parsed from input options */
+   struct curltime keeps_speed; /* for the progress meter really */
+ 
+-  struct connectdata *lastconnect; /* The last connection, NULL if undefined */
++  long lastconnect_id; /* The last connection, -1 if undefined */
+ 
+   char *headerbuff; /* allocated buffer to store headers in */
+   size_t headersize;   /* size of the allocation */
+-- 
+2.25.4
+
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8284.patch b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
new file mode 100644
index 0000000000..ed6e8049a6
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
@@ -0,0 +1,209 @@
+From ec9cc725d598ac77de7b6df8afeec292b3c8ad46 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 24 Nov 2020 14:56:57 +0100
+Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default
+
+The command line tool also independently sets --ftp-skip-pasv-ip by
+default.
+
+Ten test cases updated to adapt the modified --libcurl output.
+
+Bug: https://curl.se/docs/CVE-2020-8284.html
+CVE-2020-8284
+
+Reported-by: Varnavas Papaioannou
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/ec9cc725d598ac]
+CVE: CVE-2020-8284
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ docs/cmdline-opts/ftp-skip-pasv-ip.d         |   2 ++
+ docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 |   8 +++++---
+ lib/url.c                                    |   1 +
+ src/tool_cfgable.c                           |   1 +
+ tests/data/test1400                          |   1 +
+ tests/data/test1401                          |   1 +
+ tests/data/test1402                          |   1 +
+ tests/data/test1403                          |   1 +
+ tests/data/test1404                          |   1 +
+ tests/data/test1405                          |   1 +
+ tests/data/test1406                          |   1 +
+ tests/data/test1407                          |   1 +
+ tests/data/test1420                          |   1 +
+ 14 files changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d
+index d6fd4589b1e..bcf4e7e62f2 100644
+--- a/docs/cmdline-opts/ftp-skip-pasv-ip.d
++++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d
+@@ -10,4 +10,6 @@ to curl's PASV command when curl connects the data connection. Instead curl
+ will re-use the same IP address it already uses for the control
+ connection.
+ 
++Since curl 7.74.0 this option is enabled by default.
++
+ This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
+diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
+index d6217d0d8ca..fa87ddce769 100644
+--- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
++++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
+@@ -5,7 +5,7 @@
+ .\" *                            | (__| |_| |  _ <| |___
+ .\" *                             \___|\___/|_| \_\_____|
+ .\" *
+-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
++.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ .\" *
+ .\" * This software is licensed as described in the file COPYING, which
+ .\" * you should have received as part of this distribution. The terms
+@@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port
+ number from the 227-response.
+ 
+ This option thus allows libcurl to work around broken server installations
+-that due to NATs, firewalls or incompetence report the wrong IP address back.
++that due to NATs, firewalls or incompetence report the wrong IP address
++back. Setting the option also reduces the risk for various sorts of client
++abuse by malicious servers.
+ 
+ This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
+ .SH DEFAULT
+-0
++1 since 7.74.0, was 0 before then.
+ .SH PROTOCOLS
+ FTP
+ .SH EXAMPLE
+diff --git a/lib/url.c b/lib/url.c
+index f8b2a0030de..2b0ba87ba87 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -497,6 +497,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
+   set->ftp_use_eprt = TRUE;   /* FTP defaults to EPRT operations */
+   set->ftp_use_pret = FALSE;  /* mainly useful for drftpd servers */
+   set->ftp_filemethod = FTPFILE_MULTICWD;
++  set->ftp_skip_ip = TRUE;    /* skip PASV IP by default */
+ #endif
+   set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
+ 
+diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
+index c52d8e1c6bb..4c06d3557b7 100644
+--- a/src/tool_cfgable.c
++++ b/src/tool_cfgable.c
+@@ -44,6 +44,7 @@ void config_init(struct OperationConfig *config)
+   config->tcp_nodelay = TRUE; /* enabled by default */
+   config->happy_eyeballs_timeout_ms = CURL_HET_DEFAULT;
+   config->http09_allowed = FALSE;
++  config->ftp_skip_ip = TRUE;
+ }
+ 
+ static void free_config_fields(struct OperationConfig *config)
+diff --git a/tests/data/test1400 b/tests/data/test1400
+index 812ad0b88d9..b7060eca58e 100644
+--- a/tests/data/test1400
++++ b/tests/data/test1400
+@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1401 b/tests/data/test1401
+index f93b3d637de..a2629683aff 100644
+--- a/tests/data/test1401
++++ b/tests/data/test1401
+@@ -87,6 +87,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip");
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+   curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE |
+                                            (long)CURLPROTO_FTP |
+diff --git a/tests/data/test1402 b/tests/data/test1402
+index 7593c516da1..1bd55cb4e3b 100644
+--- a/tests/data/test1402
++++ b/tests/data/test1402
+@@ -78,6 +78,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1403 b/tests/data/test1403
+index ecb4dd3dcab..a7c9fcca322 100644
+--- a/tests/data/test1403
++++ b/tests/data/test1403
+@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1404 b/tests/data/test1404
+index 97622b63948..1d8e8cf7779 100644
+--- a/tests/data/test1404
++++ b/tests/data/test1404
+@@ -147,6 +147,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1405 b/tests/data/test1405
+index 2bac79eda74..b4087704f7b 100644
+--- a/tests/data/test1405
++++ b/tests/data/test1405
+@@ -89,6 +89,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2);
+   curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1406 b/tests/data/test1406
+index 51a166adff2..38f68d11ee1 100644
+--- a/tests/data/test1406
++++ b/tests/data/test1406
+@@ -79,6 +79,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_URL, "smtp://%HOSTIP:%SMTPPORT/1406");
+   curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+   curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "sender@example.com");
+   curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1);
+diff --git a/tests/data/test1407 b/tests/data/test1407
+index f6879008fb2..a7e13ba7585 100644
+--- a/tests/data/test1407
++++ b/tests/data/test1407
+@@ -62,6 +62,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 1L);
+   curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1420 b/tests/data/test1420
+index 057ecc4773a..4b8d7bbf418 100644
+--- a/tests/data/test1420
++++ b/tests/data/test1420
+@@ -67,6 +67,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_URL, "imap://%HOSTIP:%IMAPPORT/1420/;MAILINDEX=1");
+   curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
++  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+
+
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8285.patch b/meta/recipes-support/curl/curl/CVE-2020-8285.patch
new file mode 100644
index 0000000000..a66729b180
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8285.patch
@@ -0,0 +1,260 @@
+From 6fda045b19a9066701b5e09cfa657a13a3accbf3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 28 Nov 2020 00:27:21 +0100
+Subject: [PATCH] ftp: make wc_statemach loop instead of recurse
+
+CVE-2020-8285
+
+Fixes #6255
+Bug: https://curl.se/docs/CVE-2020-8285.html
+Reported-by: xnynx on github
+
+Upstream-commit: 69a358f2186e04cf44698b5100332cbf1ee7f01d
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+
+Upstream-Status: Backport [import from fedora https://koji.fedoraproject.org/koji/fileinfo?rpmID=24270817&filename=0006-curl-7.69.1-CVE-2020-8285.patch]
+CVE: CVE-2020-8285
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/ftp.c | 202 +++++++++++++++++++++++++++---------------------------
+ 1 file changed, 102 insertions(+), 100 deletions(-)
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 57b22ad..3382772 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -3763,129 +3763,131 @@ static CURLcode init_wc_data(struct connectdata *conn)
+   return result;
+ }
+ 
+-/* This is called recursively */
+ static CURLcode wc_statemach(struct connectdata *conn)
+ {
+   struct WildcardData * const wildcard = &(conn->data->wildcard);
+   CURLcode result = CURLE_OK;
+ 
+-  switch(wildcard->state) {
+-  case CURLWC_INIT:
+-    result = init_wc_data(conn);
+-    if(wildcard->state == CURLWC_CLEAN)
+-      /* only listing! */
+-      break;
+-    wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING;
+-    break;
++  for(;;) {
++    switch(wildcard->state) {
++    case CURLWC_INIT:
++      result = init_wc_data(conn);
++      if(wildcard->state == CURLWC_CLEAN)
++        /* only listing! */
++        return result;
++      wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING;
++      return result;
+ 
+-  case CURLWC_MATCHING: {
+-    /* In this state is LIST response successfully parsed, so lets restore
+-       previous WRITEFUNCTION callback and WRITEDATA pointer */
+-    struct ftp_wc *ftpwc = wildcard->protdata;
+-    conn->data->set.fwrite_func = ftpwc->backup.write_function;
+-    conn->data->set.out = ftpwc->backup.file_descriptor;
+-    ftpwc->backup.write_function = ZERO_NULL;
+-    ftpwc->backup.file_descriptor = NULL;
+-    wildcard->state = CURLWC_DOWNLOADING;
+-
+-    if(Curl_ftp_parselist_geterror(ftpwc->parser)) {
+-      /* error found in LIST parsing */
+-      wildcard->state = CURLWC_CLEAN;
+-      return wc_statemach(conn);
+-    }
+-    if(wildcard->filelist.size == 0) {
+-      /* no corresponding file */
+-      wildcard->state = CURLWC_CLEAN;
+-      return CURLE_REMOTE_FILE_NOT_FOUND;
++    case CURLWC_MATCHING: {
++      /* In this state is LIST response successfully parsed, so lets restore
++         previous WRITEFUNCTION callback and WRITEDATA pointer */
++      struct ftp_wc *ftpwc = wildcard->protdata;
++      conn->data->set.fwrite_func = ftpwc->backup.write_function;
++      conn->data->set.out = ftpwc->backup.file_descriptor;
++      ftpwc->backup.write_function = ZERO_NULL;
++      ftpwc->backup.file_descriptor = NULL;
++      wildcard->state = CURLWC_DOWNLOADING;
++
++      if(Curl_ftp_parselist_geterror(ftpwc->parser)) {
++        /* error found in LIST parsing */
++        wildcard->state = CURLWC_CLEAN;
++        continue;
++      }
++      if(wildcard->filelist.size == 0) {
++        /* no corresponding file */
++        wildcard->state = CURLWC_CLEAN;
++        return CURLE_REMOTE_FILE_NOT_FOUND;
++      }
++      continue;
+     }
+-    return wc_statemach(conn);
+-  }
+ 
+-  case CURLWC_DOWNLOADING: {
+-    /* filelist has at least one file, lets get first one */
+-    struct ftp_conn *ftpc = &conn->proto.ftpc;
+-    struct curl_fileinfo *finfo = wildcard->filelist.head->ptr;
+-    struct FTP *ftp = conn->data->req.protop;
++    case CURLWC_DOWNLOADING: {
++      /* filelist has at least one file, lets get first one */
++      struct ftp_conn *ftpc = &conn->proto.ftpc;
++      struct curl_fileinfo *finfo = wildcard->filelist.head->ptr;
++      struct FTP *ftp = conn->data->req.protop;
+ 
+-    char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
+-    if(!tmp_path)
+-      return CURLE_OUT_OF_MEMORY;
++      char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
++      if(!tmp_path)
++        return CURLE_OUT_OF_MEMORY;
+ 
+-    /* switch default ftp->path and tmp_path */
+-    free(ftp->pathalloc);
+-    ftp->pathalloc = ftp->path = tmp_path;
+-
+-    infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename);
+-    if(conn->data->set.chunk_bgn) {
+-      long userresponse;
+-      Curl_set_in_callback(conn->data, true);
+-      userresponse = conn->data->set.chunk_bgn(
+-        finfo, wildcard->customptr, (int)wildcard->filelist.size);
+-      Curl_set_in_callback(conn->data, false);
+-      switch(userresponse) {
+-      case CURL_CHUNK_BGN_FUNC_SKIP:
+-        infof(conn->data, "Wildcard - \"%s\" skipped by user\n",
+-              finfo->filename);
+-        wildcard->state = CURLWC_SKIP;
+-        return wc_statemach(conn);
+-      case CURL_CHUNK_BGN_FUNC_FAIL:
+-        return CURLE_CHUNK_FAILED;
++      /* switch default ftp->path and tmp_path */
++      free(ftp->pathalloc);
++      ftp->pathalloc = ftp->path = tmp_path;
++
++      infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename);
++      if(conn->data->set.chunk_bgn) {
++        long userresponse;
++        Curl_set_in_callback(conn->data, true);
++        userresponse = conn->data->set.chunk_bgn(
++          finfo, wildcard->customptr, (int)wildcard->filelist.size);
++        Curl_set_in_callback(conn->data, false);
++        switch(userresponse) {
++        case CURL_CHUNK_BGN_FUNC_SKIP:
++          infof(conn->data, "Wildcard - \"%s\" skipped by user\n",
++                finfo->filename);
++          wildcard->state = CURLWC_SKIP;
++          continue;
++        case CURL_CHUNK_BGN_FUNC_FAIL:
++          return CURLE_CHUNK_FAILED;
++        }
+       }
+-    }
+ 
+-    if(finfo->filetype != CURLFILETYPE_FILE) {
+-      wildcard->state = CURLWC_SKIP;
+-      return wc_statemach(conn);
+-    }
++      if(finfo->filetype != CURLFILETYPE_FILE) {
++        wildcard->state = CURLWC_SKIP;
++        continue;
++      }
+ 
+-    if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE)
+-      ftpc->known_filesize = finfo->size;
++      if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE)
++        ftpc->known_filesize = finfo->size;
+ 
+-    result = ftp_parse_url_path(conn);
+-    if(result)
+-      return result;
++      result = ftp_parse_url_path(conn);
++      if(result)
++        return result;
+ 
+-    /* we don't need the Curl_fileinfo of first file anymore */
+-    Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
++      /* we don't need the Curl_fileinfo of first file anymore */
++      Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
+ 
+-    if(wildcard->filelist.size == 0) { /* remains only one file to down. */
+-      wildcard->state = CURLWC_CLEAN;
+-      /* after that will be ftp_do called once again and no transfer
+-         will be done because of CURLWC_CLEAN state */
+-      return CURLE_OK;
++      if(wildcard->filelist.size == 0) { /* remains only one file to down. */
++        wildcard->state = CURLWC_CLEAN;
++        /* after that will be ftp_do called once again and no transfer
++           will be done because of CURLWC_CLEAN state */
++        return CURLE_OK;
++      }
++      return result;
+     }
+-  } break;
+ 
+-  case CURLWC_SKIP: {
+-    if(conn->data->set.chunk_end) {
+-      Curl_set_in_callback(conn->data, true);
+-      conn->data->set.chunk_end(conn->data->wildcard.customptr);
+-      Curl_set_in_callback(conn->data, false);
++    case CURLWC_SKIP: {
++      if(conn->data->set.chunk_end) {
++        Curl_set_in_callback(conn->data, true);
++        conn->data->set.chunk_end(conn->data->wildcard.customptr);
++        Curl_set_in_callback(conn->data, false);
++      }
++      Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
++      wildcard->state = (wildcard->filelist.size == 0) ?
++        CURLWC_CLEAN : CURLWC_DOWNLOADING;
++      continue;
+     }
+-    Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
+-    wildcard->state = (wildcard->filelist.size == 0) ?
+-                      CURLWC_CLEAN : CURLWC_DOWNLOADING;
+-    return wc_statemach(conn);
+-  }
+ 
+-  case CURLWC_CLEAN: {
+-    struct ftp_wc *ftpwc = wildcard->protdata;
+-    result = CURLE_OK;
+-    if(ftpwc)
+-      result = Curl_ftp_parselist_geterror(ftpwc->parser);
++    case CURLWC_CLEAN: {
++      struct ftp_wc *ftpwc = wildcard->protdata;
++      result = CURLE_OK;
++      if(ftpwc)
++        result = Curl_ftp_parselist_geterror(ftpwc->parser);
+ 
+-    wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE;
+-  } break;
++      wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE;
++      return result;
++    }
+ 
+-  case CURLWC_DONE:
+-  case CURLWC_ERROR:
+-  case CURLWC_CLEAR:
+-    if(wildcard->dtor)
+-      wildcard->dtor(wildcard->protdata);
+-    break;
++    case CURLWC_DONE:
++    case CURLWC_ERROR:
++    case CURLWC_CLEAR:
++      if(wildcard->dtor)
++        wildcard->dtor(wildcard->protdata);
++      return result;
++    }
+   }
+-
+-  return result;
++  /* UNREACHABLE */
+ }
+ 
+ /***********************************************************************
+-- 
+2.26.2
+
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8286.patch b/meta/recipes-support/curl/curl/CVE-2020-8286.patch
new file mode 100644
index 0000000000..093562fe01
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8286.patch
@@ -0,0 +1,133 @@
+From 43d1163b3730f715704240f7f6d31af289246873 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 2 Dec 2020 23:01:11 +0100
+Subject: [PATCH] openssl: make the OCSP verification verify the certificate id
+
+CVE-2020-8286
+
+Reported by anonymous
+
+Bug: https://curl.se/docs/CVE-2020-8286.html
+
+Upstream-commit: d9d01672785b8ac04aab1abb6de95fe3072ae199
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+
+Upstream-Status: Backport [import from fedora https://koji.fedoraproject.org/koji/fileinfo?rpmID=24270817&filename=0007-curl-7.71.1-CVE-2020-8286.patch ]
+CVE: CVE-2020-8286
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/vtls/openssl.c | 83 ++++++++++++++++++++++++++++++----------------
+ 1 file changed, 54 insertions(+), 29 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 1d09cad..bcfd83b 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -1717,6 +1717,11 @@ static CURLcode verifystatus(struct connectdata *conn,
+   OCSP_BASICRESP *br = NULL;
+   X509_STORE     *st = NULL;
+   STACK_OF(X509) *ch = NULL;
++  X509 *cert;
++  OCSP_CERTID *id = NULL;
++  int cert_status, crl_reason;
++  ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
++  int ret;
+ 
+   long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
+ 
+@@ -1785,43 +1790,63 @@ static CURLcode verifystatus(struct connectdata *conn,
+     goto end;
+   }
+ 
+-  for(i = 0; i < OCSP_resp_count(br); i++) {
+-    int cert_status, crl_reason;
+-    OCSP_SINGLERESP *single = NULL;
+-
+-    ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
++  /* Compute the certificate's ID */
++  cert = SSL_get_peer_certificate(BACKEND->handle);
++  if(!cert) {
++    failf(data, "Error getting peer certficate");
++    result = CURLE_SSL_INVALIDCERTSTATUS;
++    goto end;
++  }
+ 
+-    single = OCSP_resp_get0(br, i);
+-    if(!single)
+-      continue;
++  for(i = 0; i < sk_X509_num(ch); i++) {
++    X509 *issuer = sk_X509_value(ch, i);
++    if(X509_check_issued(issuer, cert) == X509_V_OK) {
++      id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
++      break;
++    }
++  }
++  X509_free(cert);
+ 
+-    cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
+-                                          &thisupd, &nextupd);
++  if(!id) {
++    failf(data, "Error computing OCSP ID");
++    result = CURLE_SSL_INVALIDCERTSTATUS;
++    goto end;
++  }
+ 
+-    if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
+-      failf(data, "OCSP response has expired");
+-      result = CURLE_SSL_INVALIDCERTSTATUS;
+-      goto end;
+-    }
++  /* Find the single OCSP response corresponding to the certificate ID */
++  ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev,
++                              &thisupd, &nextupd);
++  OCSP_CERTID_free(id);
++  if(ret != 1) {
++    failf(data, "Could not find certificate ID in OCSP response");
++    result = CURLE_SSL_INVALIDCERTSTATUS;
++    goto end;
++  }
+ 
+-    infof(data, "SSL certificate status: %s (%d)\n",
+-          OCSP_cert_status_str(cert_status), cert_status);
++  /* Validate the corresponding single OCSP response */
++  if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
++    failf(data, "OCSP response has expired");
++    result = CURLE_SSL_INVALIDCERTSTATUS;
++    goto end;
++  }
+ 
+-    switch(cert_status) {
+-      case V_OCSP_CERTSTATUS_GOOD:
+-        break;
++  infof(data, "SSL certificate status: %s (%d)\n",
++        OCSP_cert_status_str(cert_status), cert_status);
+ 
+-      case V_OCSP_CERTSTATUS_REVOKED:
+-        result = CURLE_SSL_INVALIDCERTSTATUS;
++  switch(cert_status) {
++  case V_OCSP_CERTSTATUS_GOOD:
++    break;
+ 
+-        failf(data, "SSL certificate revocation reason: %s (%d)",
+-              OCSP_crl_reason_str(crl_reason), crl_reason);
+-        goto end;
++  case V_OCSP_CERTSTATUS_REVOKED:
++    result = CURLE_SSL_INVALIDCERTSTATUS;
++    failf(data, "SSL certificate revocation reason: %s (%d)",
++          OCSP_crl_reason_str(crl_reason), crl_reason);
++    goto end;
+ 
+-      case V_OCSP_CERTSTATUS_UNKNOWN:
+-        result = CURLE_SSL_INVALIDCERTSTATUS;
+-        goto end;
+-    }
++  case V_OCSP_CERTSTATUS_UNKNOWN:
++  default:
++    result = CURLE_SSL_INVALIDCERTSTATUS;
++    goto end;
+   }
+ 
+ end:
+-- 
+2.26.2
+
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 239852db09..c3d629108a 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -9,6 +9,10 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0001-replace-krb5-config-with-pkg-config.patch \
            file://CVE-2020-8169.patch \
            file://CVE-2020-8177.patch \
+           file://CVE-2020-8231.patch \
+           file://CVE-2020-8284.patch \
+           file://CVE-2020-8285.patch \
+           file://CVE-2020-8286.patch \
 "
 
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
-- 
2.17.1

[OE-core][dunfell 15/19] xorg: Security fix for CVE-2020-14345

[Steve Sakoman]

From: Armin Kuster <akuster@mvista.com>

Source: freedesktop.org
MR: 105894
Type: Security Fix
Disposition: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
ChangeID: 2c6b7553d8e5bc152258ad1794d95cb7d8b215eb
Description:

CVE-2020-14345 fix

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2020-14345.patch         | 182 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_1.20.8.bb       |   1 +
 2 files changed, 183 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
new file mode 100644
index 0000000000..fb3a37c474
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
@@ -0,0 +1,182 @@
+From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 18 Aug 2020 14:46:32 +0200
+Subject: [PATCH] Correct bounds checking in XkbSetNames()
+
+CVE-2020-14345 / ZDI 11428
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14345
+Affects < 1.20.9
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 48 insertions(+)
+
+Index: xorg-server-1.20.8/xkb/xkb.c
+===================================================================
+--- xorg-server-1.20.8.orig/xkb/xkb.c
++++ xorg-server-1.20.8/xkb/xkb.c
+@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT;
+ #define	CHK_REQ_KEY_RANGE(err,first,num,r)  \
+ 	CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue)
+ 
++static Bool
++_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) {
++    char *cstuff = (char *)stuff;
++    char *cfrom = (char *)from;
++    char *cto = (char *)to;
++
++    return cfrom < cto &&
++           cfrom >= cstuff &&
++           cfrom < cstuff + ((size_t)client->req_len << 2) &&
++           cto >= cstuff &&
++           cto <= cstuff + ((size_t)client->req_len << 2);
++}
++
+ /***====================================================================***/
+ 
+ int
+@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+             client->errorValue = _XkbErrCode2(0x04, stuff->firstType);
+             return BadAccess;
+         }
++        if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes))
++            return BadLength;
+         old = tmp;
+         tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad);
+         if (!tmp) {
+@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+         }
+         width = (CARD8 *) tmp;
+         tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels));
++        if (!_XkbCheckRequestBounds(client, stuff, width, tmp))
++            return BadLength;
+         type = &xkb->map->types[stuff->firstKTLevel];
+         for (i = 0; i < stuff->nKTLevels; i++, type++) {
+             if (width[i] == 0)
+@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+                                                   type->num_levels, width[i]);
+                 return BadMatch;
+             }
++            if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i]))
++                return BadLength;
+             tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad);
+             if (!tmp) {
+                 client->errorValue = bad;
+@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+             client->errorValue = 0x08;
+             return BadMatch;
+         }
++        if (!_XkbCheckRequestBounds(client, stuff, tmp,
++                                    tmp + Ones(stuff->indicators)))
++            return BadLength;
+         tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators,
+                                    client->swapped, &bad);
+         if (!tmp) {
+@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+             client->errorValue = 0x09;
+             return BadMatch;
+         }
++        if (!_XkbCheckRequestBounds(client, stuff, tmp,
++                                    tmp + Ones(stuff->virtualMods)))
++            return BadLength;
+         tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods,
+                                    (CARD32) stuff->virtualMods,
+                                    client->swapped, &bad);
+@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+             client->errorValue = 0x0a;
+             return BadMatch;
+         }
++        if (!_XkbCheckRequestBounds(client, stuff, tmp,
++                                    tmp + Ones(stuff->groupNames)))
++            return BadLength;
+         tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups,
+                                    (CARD32) stuff->groupNames,
+                                    client->swapped, &bad);
+@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+                              stuff->nKeys);
+             return BadValue;
+         }
++        if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys))
++            return BadLength;
+         tmp += stuff->nKeys;
+     }
+     if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) {
++        if (!_XkbCheckRequestBounds(client, stuff, tmp,
++                                    tmp + (stuff->nKeyAliases * 2)))
++            return BadLength;
+         tmp += stuff->nKeyAliases * 2;
+     }
+     if (stuff->which & XkbRGNamesMask) {
+@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+             client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups);
+             return BadValue;
+         }
++        if (!_XkbCheckRequestBounds(client, stuff, tmp,
++                                    tmp + stuff->nRadioGroups))
++            return BadLength;
+         tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad);
+         if (!tmp) {
+             client->errorValue = bad;
+@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client)
+     /* check device-independent stuff */
+     tmp = (CARD32 *) &stuff[1];
+ 
++    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++        return BadLength;
+     if (stuff->which & XkbKeycodesNameMask) {
+         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+         if (!tmp) {
+@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client)
+             return BadAtom;
+         }
+     }
++    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++        return BadLength;
+     if (stuff->which & XkbGeometryNameMask) {
+         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+         if (!tmp) {
+@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client)
+             return BadAtom;
+         }
+     }
++    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++        return BadLength;
+     if (stuff->which & XkbSymbolsNameMask) {
+         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+         if (!tmp) {
+@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client)
+             return BadAtom;
+         }
+     }
++    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++        return BadLength;
+     if (stuff->which & XkbPhysSymbolsNameMask) {
+         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+         if (!tmp) {
+@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client)
+             return BadAtom;
+         }
+     }
++    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++        return BadLength;
+     if (stuff->which & XkbTypesNameMask) {
+         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+         if (!tmp) {
+@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client)
+             return BadAtom;
+         }
+     }
++    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++        return BadLength;
+     if (stuff->which & XkbCompatNameMask) {
+         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+         if (!tmp) {
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
index 51d959f86c..2af1b6f307 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
@@ -9,6 +9,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2020-14346.patch \
            file://CVE-2020-14361.patch \
            file://CVE-2020-14362.patch \
+           file://CVE-2020-14345.patch \
            "
 SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839"
 SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146"
-- 
2.17.1

[OE-core][dunfell 16/19] glibc: Security fix for CVE-2020-29573

[Steve Sakoman]

From: Armin Kuster <akuster@mvista.com>

Source: glibc.org
MR: 107580
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61

ChangeID: 7bc5edb2e1947ac0774a453000a1568bbe3bb7d2
Description:

Fixedup to match 2.31 context. ldbl2mpn.c is in i386 for this version

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../glibc/glibc/CVE-2020-29573.patch          | 128 ++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.31.bb         |   1 +
 2 files changed, 129 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-29573.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
new file mode 100644
index 0000000000..1e75f2d29d
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
@@ -0,0 +1,128 @@
+From 681900d29683722b1cb0a8e565a0585846ec5a61 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 22 Sep 2020 19:07:48 +0200
+Subject: [PATCH] x86: Harden printf against non-normal long double values (bug
+ 26649)
+
+The behavior of isnan/__builtin_isnan on bit patterns that do not
+correspond to something that the CPU would produce from valid inputs
+is currently under-defined in the toolchain. (The GCC built-in and
+glibc disagree.)
+
+The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c
+assumes the GCC behavior that returns true for non-normal numbers
+which are not specified as NaN. (The glibc implementation returns
+false for such numbers.)
+
+At present, passing non-normal numbers to __mpn_extract_long_double
+causes this function to produce irregularly shaped multi-precision
+integers, triggering undefined behavior in __printf_fp_l.
+
+With GCC 10 and glibc 2.32, this behavior is not visible because
+__builtin_isnan is used, which avoids calling
+__mpn_extract_long_double in this case.  This commit updates the
+implementation of __mpn_extract_long_double so that regularly shaped
+multi-precision integers are produced in this case, avoiding
+undefined behavior in __printf_fp_l.
+
+Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
+CVE: CVE-2020-29573
+Signed-off-By: Armin Kuster <akuster@mvista.com>
+
+---
+ sysdeps/x86/Makefile                    |  4 ++
+ sysdeps/x86/ldbl2mpn.c                  |  8 ++++
+ sysdeps/x86/tst-ldbl-nonnormal-printf.c | 52 +++++++++++++++++++++++++
+ 3 files changed, 64 insertions(+)
+ create mode 100644 sysdeps/x86/tst-ldbl-nonnormal-printf.c
+
+Index: git/sysdeps/x86/Makefile
+===================================================================
+--- git.orig/sysdeps/x86/Makefile
++++ git/sysdeps/x86/Makefile
+@@ -9,6 +9,10 @@ tests += tst-get-cpu-features tst-get-cp
+ tests-static += tst-get-cpu-features-static
+ endif
+ 
++ifeq ($(subdir),math)
++tests += tst-ldbl-nonnormal-printf
++endif # $(subdir) == math
++
+ ifeq ($(subdir),setjmp)
+ gen-as-const-headers += jmp_buf-ssp.sym
+ sysdep_routines += __longjmp_cancel
+Index: git/sysdeps/x86/tst-ldbl-nonnormal-printf.c
+===================================================================
+--- /dev/null
++++ git/sysdeps/x86/tst-ldbl-nonnormal-printf.c
+@@ -0,0 +1,52 @@
++/* Test printf with x86-specific non-normal long double value.
++   Copyright (C) 2020 Free Software Foundation, Inc.
++
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <stdio.h>
++#include <string.h>
++#include <support/check.h>
++
++/* Fill the stack with non-zero values.  This makes a crash in
++   snprintf more likely.  */
++static void __attribute__ ((noinline, noclone))
++fill_stack (void)
++{
++  char buffer[65536];
++  memset (buffer, 0xc0, sizeof (buffer));
++  asm ("" ::: "memory");
++}
++
++static int
++do_test (void)
++{
++  fill_stack ();
++
++  long double value;
++  memcpy (&value, "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04", 10);
++
++  char buf[30];
++  int ret = snprintf (buf, sizeof (buf), "%Lg", value);
++  TEST_COMPARE (ret, strlen (buf));
++  if (strcmp (buf, "nan") != 0)
++    /* If snprintf does not recognize the non-normal number as a NaN,
++       it has added the missing explicit MSB.  */
++    TEST_COMPARE_STRING (buf, "3.02201e-4624");
++  return 0;
++}
++
++#include <support/test-driver.c>
+Index: git/sysdeps/i386/ldbl2mpn.c
+===================================================================
+--- git.orig/sysdeps/i386/ldbl2mpn.c
++++ git/sysdeps/i386/ldbl2mpn.c
+@@ -115,6 +115,12 @@ __mpn_extract_long_double (mp_ptr res_pt
+ 	   && res_ptr[N - 1] == 0)
+     /* Pseudo zero.  */
+     *expt = 0;
+-
++  else
++    /* The sign bit is explicit, but add it in case it is missing in
++       the input.  Otherwise, callers will not be able to produce the
++       expected multi-precision integer layout by shifting the sign
++       bit into the MSB.  */
++    res_ptr[N - 1] |= (mp_limb_t) 1 << (LDBL_MANT_DIG - 1
++                   - ((N - 1) * BITS_PER_MP_LIMB));
+   return N;
+ }
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 3a0d60abf8..067d4de64a 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -42,6 +42,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0028-inject-file-assembly-directives.patch \
            file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
            file://CVE-2020-29562.patch \
+           file://CVE-2020-29573.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
-- 
2.17.1

[OE-core][dunfell 17/19] glibc: CVE-2019-25013

[Steve Sakoman]

From: Scott Murray <scott.murray@konsulko.com>

Source: openembedded.org
MR: 107928
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=53d149df4d8832e34ace2470c31ddc688176faf7
ChangeID: 462441a4a91cb481401e170876c25dcdbd00f1e0
Description:

* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-25013

* upstream tracking: https://sourceware.org/bugzilla/show_bug.cgi?id=24973

* patch from upstream:
    https://sourceware.org/git/?p=glibc.git;a=patch;
    h=ee7a3144c9922808181009b7b3e50e852fb4999b

(From OE-Core rev: 53d149df4d8832e34ace2470c31ddc688176faf7)

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 164b3e63612b40e984aec19c5a54c8ae408725ec)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../glibc/glibc/CVE-2019-25013.patch          | 135 ++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.31.bb         |   1 +
 2 files changed, 136 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-25013.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
new file mode 100644
index 0000000000..73df1da868
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
@@ -0,0 +1,135 @@
+From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Mon, 21 Dec 2020 08:56:43 +0530
+Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
+
+The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
+area and is not allowed.  The from_euc_kr function used to skip two bytes
+when told to skip over the unknown designation, potentially running over
+the buffer end.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
+CVE: CVE-2019-25013
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+[Refreshed for Dundell context; Makefile changes]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ iconvdata/Makefile      |  3 ++-
+ iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
+ iconvdata/euc-kr.c      |  6 +----
+ iconvdata/ksc5601.h     |  6 ++---
+ 4 files changed, 59 insertions(+), 9 deletions(-)
+ create mode 100644 iconvdata/bug-iconv13.c
+
+Index: git/iconvdata/Makefile
+===================================================================
+--- git.orig/iconvdata/Makefile
++++ git/iconvdata/Makefile
+@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules
+ ifeq (yes,$(build-shared))
+ tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
+ 	tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
+-	bug-iconv10 bug-iconv11 bug-iconv12
++	bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13
+ ifeq ($(have-thread-library),yes)
+ tests += bug-iconv3
+ endif
+Index: git/iconvdata/bug-iconv13.c
+===================================================================
+--- /dev/null
++++ git/iconvdata/bug-iconv13.c
+@@ -0,0 +1,53 @@
++/* bug 24973: Test EUC-KR module
++   Copyright (C) 2020 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <errno.h>
++#include <iconv.h>
++#include <stdio.h>
++#include <support/check.h>
++
++static int
++do_test (void)
++{
++  iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
++  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
++
++  /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
++     areas, which are not allowed and should be skipped over due to
++     //IGNORE.  The trailing 0xfe also is an incomplete sequence, which
++     should be checked first.  */
++  char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
++  char *inptr = input;
++  size_t insize = sizeof (input);
++  char output[4];
++  char *outptr = output;
++  size_t outsize = sizeof (output);
++
++  /* This used to crash due to buffer overrun.  */
++  TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
++  TEST_VERIFY (errno == EINVAL);
++  /* The conversion should produce one character, the converted null
++     character.  */
++  TEST_VERIFY (sizeof (output) - outsize == 1);
++
++  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
++
++  return 0;
++}
++
++#include <support/test-driver.c>
+Index: git/iconvdata/euc-kr.c
+===================================================================
+--- git.orig/iconvdata/euc-kr.c
++++ git/iconvdata/euc-kr.c
+@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c
+ 									      \
+     if (ch <= 0x9f)							      \
+       ++inptr;								      \
+-    /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are		      \
+-       user-defined areas.  */						      \
+-    else if (__builtin_expect (ch == 0xa0, 0)				      \
+-	     || __builtin_expect (ch > 0xfe, 0)				      \
+-	     || __builtin_expect (ch == 0xc9, 0))			      \
++    else if (__glibc_unlikely (ch == 0xa0))				      \
+       {									      \
+ 	/* This is illegal.  */						      \
+ 	STANDARD_FROM_LOOP_ERR_HANDLER (1);				      \
+Index: git/iconvdata/ksc5601.h
+===================================================================
+--- git.orig/iconvdata/ksc5601.h
++++ git/iconvdata/ksc5601.h
+@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s
+   unsigned char ch2;
+   int idx;
+ 
++  if (avail < 2)
++    return 0;
++
+   /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
+ 
+   if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
+       || (ch - offset) == 0x49)
+     return __UNKNOWN_10646_CHAR;
+ 
+-  if (avail < 2)
+-    return 0;
+-
+   ch2 = (*s)[1];
+   if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
+     return __UNKNOWN_10646_CHAR;
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 067d4de64a..b75bbb4196 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -43,6 +43,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
            file://CVE-2020-29562.patch \
            file://CVE-2020-29573.patch \
+           file://CVE-2019-25013.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
-- 
2.17.1

[OE-core][dunfell 18/19] zip: whitelist CVE-2018-13410 and CVE-2018-13684

[Steve Sakoman]

From: Mikko Rapeli <mikko.rapeli@bmw.de>

https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:

https://security-tracker.debian.org/tracker/CVE-2018-13410

http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."

https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:

https://security-tracker.debian.org/tracker/CVE-2018-13684

"NOT-FOR-US: smart contract implementation for ZIP"

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 06b72a91b6dcf63fed437fd2105c59e922ba6525)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/zip/zip_3.0.bb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb
index c00a932763..97e5e57533 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -19,6 +19,12 @@ UPSTREAM_VERSION_UNKNOWN = "1"
 SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
 SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"
 
+# Disputed and also Debian doesn't consider a vulnerability
+CVE_CHECK_WHITELIST += "CVE-2018-13410"
+
+# Not for zip but for smart contract implementation for it
+CVE_CHECK_WHITELIST += "CVE-2018-13684"
+
 # zip.inc sets CFLAGS, but what Makefile actually uses is
 # CFLAGS_NOOPT.  It will also force -O3 optimization, overriding
 # whatever we set.
-- 
2.17.1

[OE-core][dunfell 19/19] ppp: Whitelist CVE-2020-15704

[Steve Sakoman]

From: Robert Joslyn <robert.joslyn@redrectangle.org>

This CVE only applies to the load_ppp_generic_if_needed patch applied by
Ubuntu. This patch is not used by OpenEmbedded, so the CVE does not
apply.

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 60c56dd0bd..76c1cc62a7 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -42,6 +42,10 @@ SRC_URI_append_libc-musl = "\
 SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a"
 SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30"
 
+# This CVE is specific to a patch applied by Ubuntu that is not used by
+# OpenEmbedded.
+CVE_CHECK_WHITELIST += "CVE-2020-15704"
+
 inherit autotools-brokensep systemd
 
 TARGET_CC_ARCH += " ${LDFLAGS}"
-- 
2.17.1