19 files changed, 799 insertions, 344 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22945.patch b/meta/recipes-support/curl/curl/CVE-2021-22945.patch
new file mode 100644
index 0000000000..44c42632ed
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22945.patch
@@ -0,0 +1,35 @@
+From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
+CVE-2021-22945
+Bug: https://curl.se/docs/CVE-2021-22945.html
+Upstream-Status: Backport [https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3d..fcd40b41e 100644
+--- a/lib/mqtt.c
+++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+     mq->sendleftovers = sendleftovers;
+     mq->nsend = nsend;
+   }
+  else {
+    mq->sendleftovers = NULL;
+    mq->nsend = 0;
+  }
+   return result;
+ }
+ 
+-- 
+2.34.1
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22946.patch b/meta/recipes-support/curl/curl/CVE-2021-22946.patch
new file mode 100644
index 0000000000..1cb95f0ea7
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22946.patch
@@ -0,0 +1,333 @@
+From 7c6e072216001fb1280d1868adfdcb54e3372ce7 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Wed, 8 Sep 2021 11:56:22 +0200
+Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd
+In imap and pop3, check if TLS is required even when capabilities
+request has failed.
+In ftp, ignore preauthentication (230 status of server greeting) if TLS
+is required.
+Bug: https://curl.se/docs/CVE-2021-22946.html
+CVE-2021-22946
+Upstream-Status: Backport [https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/ftp.c               |  9 ++++---
+ lib/imap.c              | 24 ++++++++----------
+ lib/pop3.c              | 33 +++++++++++-------------
+ tests/data/Makefile.inc |  2 ++
+ tests/data/test984      | 56 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test985      | 54 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test986      | 53 ++++++++++++++++++++++++++++++++++++++
+ 7 files changed, 195 insertions(+), 36 deletions(-)
+ create mode 100644 tests/data/test984
+ create mode 100644 tests/data/test985
+ create mode 100644 tests/data/test986
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 3818a9e..8b3fe1d 100644
+--- a/lib/ftp.c
+++ b/lib/ftp.c
+@@ -2665,9 +2665,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+     /* we have now received a full FTP server response */
+     switch(ftpc->state) {
+     case FTP_WAIT220:
+-      if(ftpcode == 230)
+-        /* 230 User logged in - already! */
+-        return ftp_state_user_resp(data, ftpcode, ftpc->state);
+      if(ftpcode == 230) {
+        /* 230 User logged in - already! Take as 220 if TLS required. */
+        if(data->set.use_ssl <= CURLUSESSL_TRY ||
+           conn->bits.ftp_use_control_ssl)
+          return ftp_state_user_resp(data, ftpcode, ftpc->state);
+      }
+       else if(ftpcode != 220) {
+         failf(data, "Got a %03d ftp-server response when 220 was expected",
+               ftpcode);
+diff --git a/lib/imap.c b/lib/imap.c
+index 2d80699..b056208 100644
+--- a/lib/imap.c
+++ b/lib/imap.c
+@@ -933,22 +933,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data,
+       line += wordlen;
+     }
+   }
+-  else if(imapcode == IMAP_RESP_OK) {
+-    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+-      /* We don't have a SSL/TLS connection yet, but SSL is requested */
+-      if(imapc->tls_supported)
+-        /* Switch to TLS connection now */
+-        result = imap_perform_starttls(data, conn);
+-      else if(data->set.use_ssl == CURLUSESSL_TRY)
+-        /* Fallback and carry on with authentication */
+-        result = imap_perform_authentication(data, conn);
+-      else {
+-        failf(data, "STARTTLS not supported.");
+-        result = CURLE_USE_SSL_FAILED;
+-      }
+  else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+    /* PREAUTH is not compatible with STARTTLS. */
+    if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) {
+      /* Switch to TLS connection now */
+      result = imap_perform_starttls(data, conn);
+     }
+-    else
+    else if(data->set.use_ssl <= CURLUSESSL_TRY)
+       result = imap_perform_authentication(data, conn);
+    else {
+      failf(data, "STARTTLS not available.");
+      result = CURLE_USE_SSL_FAILED;
+    }
+   }
+   else
+     result = imap_perform_authentication(data, conn);
+diff --git a/lib/pop3.c b/lib/pop3.c
+index 0ed3d3e..018fda1 100644
+--- a/lib/pop3.c
+++ b/lib/pop3.c
+@@ -738,28 +738,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code,
+       }
+     }
+   }
+-  else if(pop3code == '+') {
+-    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+-      /* We don't have a SSL/TLS connection yet, but SSL is requested */
+-      if(pop3c->tls_supported)
+-        /* Switch to TLS connection now */
+-        result = pop3_perform_starttls(data, conn);
+-      else if(data->set.use_ssl == CURLUSESSL_TRY)
+-        /* Fallback and carry on with authentication */
+-        result = pop3_perform_authentication(data, conn);
+-      else {
+-        failf(data, "STLS not supported.");
+-        result = CURLE_USE_SSL_FAILED;
+-      }
+-    }
+-    else
+-      result = pop3_perform_authentication(data, conn);
+-  }
+   else {
+     /* Clear text is supported when CAPA isn't recognised */
+-    pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+    if(pop3code != '+')
+      pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+ 
+-    result = pop3_perform_authentication(data, conn);
+    if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use)
+      result = pop3_perform_authentication(data, conn);
+    else if(pop3code == '+' && pop3c->tls_supported)
+      /* Switch to TLS connection now */
+      result = pop3_perform_starttls(data, conn);
+    else if(data->set.use_ssl <= CURLUSESSL_TRY)
+      /* Fallback and carry on with authentication */
+      result = pop3_perform_authentication(data, conn);
+    else {
+      failf(data, "STLS not supported.");
+      result = CURLE_USE_SSL_FAILED;
+    }
+   }
+ 
+   return result;
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e08cfc7..e6e2551 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -115,6 +115,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \
+ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ \
+test984 test985 test986 \
+\
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+ test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \
+diff --git a/tests/data/test984 b/tests/data/test984
+new file mode 100644
+index 0000000..e573f23
+--- /dev/null
+++ b/tests/data/test984
+@@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+IMAP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+REPLY CAPABILITY A001 BAD Not implemented
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+imap
+</server>
+ <name>
+IMAP require STARTTLS with failing capabilities
+ </name>
+ <command>
+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd
+</command>
+<file name="log/upload%TESTNUMBER">
+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
+From: Fred Foobar <foobar@example.COM>
+Subject: afternoon meeting
+To: joe@example.com
+Message-Id: <B27397-0100000@example.COM>
+MIME-Version: 1.0
+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
+
+Hello Joe, do you think we can meet at 3:30 tomorrow?
+</file>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 64 is CURLE_USE_SSL_FAILED
+<errorcode>
+64
+</errorcode>
+<protocol>
+A001 CAPABILITY
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test985 b/tests/data/test985
+new file mode 100644
+index 0000000..d0db4aa
+--- /dev/null
+++ b/tests/data/test985
+@@ -0,0 +1,54 @@
+<testcase>
+<info>
+<keywords>
+POP3
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+REPLY CAPA -ERR Not implemented
+</servercmd>
+<data nocheck="yes">
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+  yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+pop3
+</server>
+ <name>
+POP3 require STARTTLS with failing capabilities
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd
+ </command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 64 is CURLE_USE_SSL_FAILED
+<errorcode>
+64
+</errorcode>
+<protocol>
+CAPA
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test986 b/tests/data/test986
+new file mode 100644
+index 0000000..a709437
+--- /dev/null
+++ b/tests/data/test986
+@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+FTP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+REPLY welcome 230 Welcome
+REPLY AUTH 500 unknown command
+</servercmd>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+ftp
+</server>
+ <name>
+FTP require STARTTLS while preauthenticated
+ </name>
+<file name="log/test%TESTNUMBER.txt">
+data
+    to
+      see
+that FTPS
+works
+  so does it?
+</file>
+ <command>
+--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# 64 is CURLE_USE_SSL_FAILED
+<errorcode>
+64
+</errorcode>
+<protocol>
+AUTH SSL
+AUTH TLS
+</protocol>
+</verify>
+</testcase>
+-- 
+2.34.1
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22947.patch b/meta/recipes-support/curl/curl/CVE-2021-22947.patch
new file mode 100644
index 0000000000..9bd9890d72
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22947.patch
@@ -0,0 +1,357 @@
+From f3f2d2554d09ca0e13039e4915b83faaa55961c4 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Tue, 7 Sep 2021 13:26:42 +0200
+Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response
+ pipelining
+If a server pipelines future responses within the STARTTLS response, the
+former are preserved in the pingpong cache across TLS negotiation and
+used as responses to the encrypted commands.
+This fix detects pipelined STARTTLS responses and rejects them with an
+error.
+CVE-2021-22947
+Bug: https://curl.se/docs/CVE-2021-22947.html
+Upstream-Status: Backport [https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/ftp.c               |  3 +++
+ lib/imap.c              |  4 +++
+ lib/pop3.c              |  4 +++
+ lib/smtp.c              |  4 +++
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test980      | 52 ++++++++++++++++++++++++++++++++++++
+ tests/data/test981      | 59 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test982      | 57 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test983      | 52 ++++++++++++++++++++++++++++++++++++
+ 9 files changed, 236 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test980
+ create mode 100644 tests/data/test981
+ create mode 100644 tests/data/test982
+ create mode 100644 tests/data/test983
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 8b3fe1d..a55566a 100644
+--- a/lib/ftp.c
+++ b/lib/ftp.c
+@@ -2727,6 +2727,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+     case FTP_AUTH:
+       /* we have gotten the response to a previous AUTH command */
+ 
+      if(pp->cache_size)
+        return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
+
+       /* RFC2228 (page 5) says:
+        *
+        * If the server is willing to accept the named security mechanism,
+diff --git a/lib/imap.c b/lib/imap.c
+index b056208..9230f17 100644
+--- a/lib/imap.c
+++ b/lib/imap.c
+@@ -962,6 +962,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data,
+ 
+   (void)instate; /* no use for this yet */
+ 
+  /* Pipelining in response is forbidden. */
+  if(data->conn->proto.imapc.pp.cache_size)
+    return CURLE_WEIRD_SERVER_REPLY;
+
+   if(imapcode != IMAP_RESP_OK) {
+     if(data->set.use_ssl != CURLUSESSL_TRY) {
+       failf(data, "STARTTLS denied");
+diff --git a/lib/pop3.c b/lib/pop3.c
+index 018fda1..4f953f7 100644
+--- a/lib/pop3.c
+++ b/lib/pop3.c
+@@ -769,6 +769,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
+   CURLcode result = CURLE_OK;
+   (void)instate; /* no use for this yet */
+ 
+  /* Pipelining in response is forbidden. */
+  if(data->conn->proto.pop3c.pp.cache_size)
+    return CURLE_WEIRD_SERVER_REPLY;
+
+   if(pop3code != '+') {
+     if(data->set.use_ssl != CURLUSESSL_TRY) {
+       failf(data, "STARTTLS denied");
+diff --git a/lib/smtp.c b/lib/smtp.c
+index 1fc8800..51445f6 100644
+--- a/lib/smtp.c
+++ b/lib/smtp.c
+@@ -832,6 +832,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data,
+   CURLcode result = CURLE_OK;
+   (void)instate; /* no use for this yet */
+ 
+  /* Pipelining in response is forbidden. */
+  if(data->conn->proto.smtpc.pp.cache_size)
+    return CURLE_WEIRD_SERVER_REPLY;
+
+   if(smtpcode != 220) {
+     if(data->set.use_ssl != CURLUSESSL_TRY) {
+       failf(data, "STARTTLS denied, code %d", smtpcode);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e6e2551..22d7a0b 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -115,7 +115,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \
+ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ \
+-test984 test985 test986 \
+test980 test981 test982 test983 test984 test985 test986 \
+ \
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+diff --git a/tests/data/test980 b/tests/data/test980
+new file mode 100644
+index 0000000..97567f8
+--- /dev/null
+++ b/tests/data/test980
+@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+SMTP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+CAPA STARTTLS
+AUTH PLAIN
+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
+REPLY AUTH 535 5.7.8 Authentication credentials invalid
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+smtp
+</server>
+ <name>
+SMTP STARTTLS pipelined server response
+ </name>
+<stdin>
+mail body
+</stdin>
+ <command>
+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+EHLO %TESTNUMBER
+STARTTLS
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test981 b/tests/data/test981
+new file mode 100644
+index 0000000..2b98ce4
+--- /dev/null
+++ b/tests/data/test981
+@@ -0,0 +1,59 @@
+<testcase>
+<info>
+<keywords>
+IMAP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+CAPA STARTTLS
+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
+REPLY LOGIN A003 BAD Authentication credentials invalid
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+imap
+</server>
+ <name>
+IMAP STARTTLS pipelined server response
+ </name>
+ <command>
+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
+</command>
+<file name="log/upload%TESTNUMBER">
+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
+From: Fred Foobar <foobar@example.COM>
+Subject: afternoon meeting
+To: joe@example.com
+Message-Id: <B27397-0100000@example.COM>
+MIME-Version: 1.0
+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
+
+Hello Joe, do you think we can meet at 3:30 tomorrow?
+</file>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+A001 CAPABILITY
+A002 STARTTLS
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test982 b/tests/data/test982
+new file mode 100644
+index 0000000..9e07cc0
+--- /dev/null
+++ b/tests/data/test982
+@@ -0,0 +1,57 @@
+<testcase>
+<info>
+<keywords>
+POP3
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+CAPA STLS USER
+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
+REPLY PASS -ERR Authentication credentials invalid
+</servercmd>
+<data nocheck="yes">
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+  yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+pop3
+</server>
+ <name>
+POP3 STARTTLS pipelined server response
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
+ </command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+CAPA
+STLS
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test983 b/tests/data/test983
+new file mode 100644
+index 0000000..300ec45
+--- /dev/null
+++ b/tests/data/test983
+@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+FTP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
+REPLY PASS 530 Login incorrect
+</servercmd>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+ftp
+</server>
+ <name>
+FTP STARTTLS pipelined server response
+ </name>
+<file name="log/test%TESTNUMBER.txt">
+data
+    to
+      see
+that FTPS
+works
+  so does it?
+</file>
+ <command>
+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+AUTH SSL
+</protocol>
+</verify>
+</testcase>
+-- 
+2.34.1
diff --git a/meta/recipes-support/curl/curl_7.75.0.bb b/meta/recipes-support/curl/curl_7.75.0.bb
index d64e5e1f79..accede604c 100644
--- a/meta/recipes-support/curl/curl_7.75.0.bb
+++ b/meta/recipes-support/curl/curl_7.75.0.bb
@@ -21,6 +21,9 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://CVE-2021-22901.patch \
           file://CVE-2021-22924.patch \
           file://CVE-2021-22926.patch \
+           file://CVE-2021-22945.patch \
+           file://CVE-2021-22946.patch \
+           file://CVE-2021-22947.patch \
 "
 SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026"
@@ -28,6 +31,10 @@ SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb3
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+# These only apply when using --with-libmetalink, but --without-libmetalink is
+# set below.
+CVE_CHECK_WHITELIST += "CVE-2021-22922 CVE-2021-22923"
 inherit autotools pkgconfig binconfig multilib_header
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
@@ -65,6 +72,7 @@ PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threade
 PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
 PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
+# Keep --without-libmetalink to mitigate CVE-2021-22922 and CVE-2021-22923
 EXTRA_OECONF = " \
    --disable-libcurl-option \
    --disable-ntlm-wb \
diff --git a/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch
new file mode 100644
index 0000000000..095fb21eaa
--- /dev/null
+++ b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch
@@ -0,0 +1,27 @@
+CVE: CVE-2021-43618
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c     Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c     Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
+  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+    return 0; /* Bit size overflows */
+
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb b/meta/recipes-support/gmp/gmp_6.2.1.bb
index 3c50f928ab..f97c588c31 100644
--- a/meta/recipes-support/gmp/gmp_6.2.1.bb
+++ b/meta/recipes-support/gmp/gmp_6.2.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
           file://use-includedir.patch \
           file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
           file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \
+           file://cve-2021-43618.patch \
           "
 SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"
 SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c"
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
index fd3d8e09f2..c212d02651 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
@@ -27,7 +27,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
           file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
           file://0001-Makefile.am-add-a-missing-space.patch \
           "
-SRC_URI[sha256sum] = "97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd"
+SRC_URI[sha256sum] = "ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7"
 # Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
 CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
diff --git a/meta/recipes-support/libpcre/libpcre2_10.36.bb b/meta/recipes-support/libpcre/libpcre2_10.36.bb
index d8077a1224..d64822be30 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.36.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.36.bb
@@ -10,7 +10,9 @@ SECTION = "devel"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=60c08fab1357bfe9084b333bc33362d6"
-SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2"
+SRC_URI = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${PV}/pcre2-${PV}.tar.bz2"
+UPSTREAM_CHECK_URI = "https://github.com/PhilipHazel/pcre2/releases"
 SRC_URI[sha256sum] = "a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c"
diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb b/meta/recipes-support/libpcre/libpcre_8.44.bb
index cd80dc7345..3267c5ad72 100644
--- a/meta/recipes-support/libpcre/libpcre_8.44.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.44.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://www.pcre.org"
 SECTION = "devel"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=3bb381a66a5385b246d4877922e7511e"
-SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
+SRC_URI = "${SOURCEFORGE_MIRROR}/pcre/pcre-${PV}.tar.bz2 \
           file://run-ptest \
           file://Makefile \
           "
diff --git a/meta/recipes-support/libusb/libusb1_1.0.24.bb b/meta/recipes-support/libusb/libusb1_1.0.24.bb
index 92e66b1b16..76a707b70f 100644
--- a/meta/recipes-support/libusb/libusb1_1.0.24.bb
+++ b/meta/recipes-support/libusb/libusb1_1.0.24.bb
@@ -1,7 +1,7 @@
 SUMMARY = "Userspace library to access USB (version 1.0)"
 DESCRIPTION = "A cross-platform library to access USB devices from Linux, \
 macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace."
-HOMEPAGE = "http://libusb.sf.net"
+HOMEPAGE = "https://libusb.info"
 BUGTRACKER = "http://www.libusb.org/report"
 SECTION = "libs"
@@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
 BBCLASSEXTEND = "native nativesdk"
-SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \
+SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \
           file://run-ptest \
          "
+UPSTREAM_CHECK_URI = "https://github.com/libusb/libusb/releases"
 SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a"
 S = "${WORKDIR}/libusb-${PV}"
diff --git a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
index 63a7b78f12..2fc11dbdc2 100644
--- a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
+++ b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
@@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
 src/Makefile | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)
-diff --git a/src/Makefile b/src/Makefile
+Index: git/src/Makefile
-index f2fafa4dc..7148d4bd9 100644
+===================================================================
--- a/src/Makefile
+--- git.orig/src/Makefile
-+++ b/src/Makefile
+++ git/src/Makefile
-@@ -2845,16 +2845,10 @@ auto/pathdef.c: Makefile auto/config.mk
+@@ -3101,16 +3101,10 @@ auto/pathdef.c: Makefile auto/config.mk
        -@echo '#include "vim.h"' >> $@
        -@echo 'char_u *default_vim_dir = (char_u *)"$(VIMRCLOC)";' | $(QUOTESED) >> $@
        -@echo 'char_u *default_vimruntime_dir = (char_u *)"$(VIMRUNTIMEDIR)";' | $(QUOTESED) >> $@
@@ -41,6 +41,3 @@ index f2fafa4dc..7148d4bd9 100644
        -@sh $(srcdir)/pathdef.sh
 
 GUI_GTK_RES_INPUTS = \
-- 
-2.17.1
diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch b/meta/recipes-support/vim/files/CVE-2021-3778.patch
deleted file mode 100644
index 04ac413e56..0000000000
--- a/meta/recipes-support/vim/files/CVE-2021-3778.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9ba62f1042513fcadcc4e8fdcee171db66ef1d69 Mon Sep 17 00:00:00 2001
-From: Bram Moolenaar <Bram@vim.org>
-Date: Fri, 24 Sep 2021 15:15:24 +0800
-Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8
- character
-Problem:    Reading beyond end of line with invalid utf-8 character.
-Solution:   Check for NUL when advancing.
-Upstream-Status: Backport [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f]
-CVE: CVE-2021-3778
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
- src/regexp_nfa.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
-index fb512f961..2806408de 100644
--- a/src/regexp_nfa.c
-+++ b/src/regexp_nfa.c
-@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text)
-                match = FALSE;
-                break;
-            }
-           len2 += MB_CHAR2LEN(c2);
-+           len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
-+                                                            : MB_CHAR2LEN(c2);
-        }
-        if (match
-                // check that no composing char follows
-- 
-2.17.1
diff --git a/meta/recipes-support/vim/files/CVE-2021-3872.patch b/meta/recipes-support/vim/files/CVE-2021-3872.patch
deleted file mode 100644
index f0f30933fa..0000000000
--- a/meta/recipes-support/vim/files/CVE-2021-3872.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 132d060ffbb9651f0d79bd0b6d80cab460235a99 Mon Sep 17 00:00:00 2001
-From: Bram Moolenaar <Bram@vim.org>
-Date: Fri, 12 Nov 2021 02:56:51 +0000
-Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very
- long
-Problem:    Illegal memory access if buffer name is very long.
-Solution:   Make sure not to go over the end of the buffer.
-CVE: CVE-2021-3872
-Upstream-Status: Backport [https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b]
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
- src/drawscreen.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-diff --git a/src/drawscreen.c b/src/drawscreen.c
-index 3a88ee979..9acb70552 100644
--- a/src/drawscreen.c
-+++ b/src/drawscreen.c
-@@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
-            *(p + len++) = ' ';
-        if (bt_help(wp->w_buffer))
-        {
-           STRCPY(p + len, _("[Help]"));
-+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
-            len += (int)STRLEN(p + len);
-        }
- #ifdef FEAT_QUICKFIX
-        if (wp->w_p_pvw)
-        {
-           STRCPY(p + len, _("[Preview]"));
-+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
-            len += (int)STRLEN(p + len);
-        }
- #endif
-@@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
- #endif
-                )
-        {
-           STRCPY(p + len, "[+]");
-           len += 3;
-+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
-+           len += (int)STRLEN(p + len);
-        }
-        if (wp->w_buffer->b_p_ro)
-        {
-           STRCPY(p + len, _("[RO]"));
-+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
-            len += (int)STRLEN(p + len);
-        }
- 
-- 
-2.31.1
diff --git a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
deleted file mode 100644
index 1cee759502..0000000000
--- a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001
-From: Bram Moolenaar <Bram@vim.org>
-Date: Sat, 4 Sep 2021 18:47:28 +0200
-Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with
- large value
-Problem:    Invalid memory access when using :retab with large value.
-Solution:   Check the number is positive.
-CVE: CVE-2021-3770
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9]
---
- src/indent.c               | 34 +++++++++++++++++++++-------------
- src/option.c               | 12 ++++++------
- src/optionstr.c            |  4 ++--
- src/testdir/test_retab.vim |  3 +++
- src/version.c              |  2 ++
- 5 files changed, 34 insertions(+), 21 deletions(-)
-Index: git/src/indent.c
-===================================================================
--- git.orig/src/indent.c
-+++ git/src/indent.c
-@@ -18,18 +18,19 @@
- /*
-  * Set the integer values corresponding to the string setting of 'vartabstop'.
-  * "array" will be set, caller must free it if needed.
-+ * Return FAIL for an error.
-  */
-     int
- tabstop_set(char_u *var, int **array)
- {
-    int valcount = 1;
-    int t;
-    char_u *cp;
-+    int            valcount = 1;
-+    int            t;
-+    char_u  *cp;
- 
-     if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
-     {
-        *array = NULL;
-       return TRUE;
-+       return OK;
-     }
- 
-     for (cp = var; *cp != NUL; ++cp)
-@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array)
-                if (cp != end)
-                    emsg(_(e_positive));
-                else
-                   emsg(_(e_invarg));
-               return FALSE;
-+                   semsg(_(e_invarg2), cp);
-+               return FAIL;
-            }
-        }
- 
-@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array)
-            ++valcount;
-            continue;
-        }
-       emsg(_(e_invarg));
-       return FALSE;
-+       semsg(_(e_invarg2), var);
-+       return FAIL;
-     }
- 
-     *array = ALLOC_MULT(int, valcount + 1);
-     if (*array == NULL)
-       return FALSE;
-+       return FAIL;
-     (*array)[0] = valcount;
- 
-     t = 1;
-     for (cp = var; *cp != NUL;)
-     {
-       (*array)[t++] = atoi((char *)cp);
-       while (*cp  != NUL && *cp != ',')
-+       int n = atoi((char *)cp);
-+
-+       if (n < 0 || n > 9999)
-+       {
-+           semsg(_(e_invarg2), cp);
-+           return FAIL;
-+       }
-+       (*array)[t++] = n;
-+       while (*cp != NUL && *cp != ',')
-            ++cp;
-        if (*cp != NUL)
-            ++cp;
-     }
- 
-    return TRUE;
-+    return OK;
- }
- 
- /*
-@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap)
- 
- #ifdef FEAT_VARTABS
-     new_ts_str = eap->arg;
-    if (!tabstop_set(eap->arg, &new_vts_array))
-+    if (tabstop_set(eap->arg, &new_vts_array) == FAIL)
-        return;
-     while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
-        ++(eap->arg);
-Index: git/src/option.c
-===================================================================
--- git.orig/src/option.c
-+++ git/src/option.c
-@@ -2292,9 +2292,9 @@ didset_options2(void)
- #endif
- #ifdef FEAT_VARTABS
-     vim_free(curbuf->b_p_vsts_array);
-    tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
-+    (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
-     vim_free(curbuf->b_p_vts_array);
-    tabstop_set(curbuf->b_p_vts,  &curbuf->b_p_vts_array);
-+    (void)tabstop_set(curbuf->b_p_vts,  &curbuf->b_p_vts_array);
- #endif
- }
- 
-@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags)
-            buf->b_p_vsts = vim_strsave(p_vsts);
-            COPY_OPT_SCTX(buf, BV_VSTS);
-            if (p_vsts && p_vsts != empty_option)
-               tabstop_set(p_vsts, &buf->b_p_vsts_array);
-+               (void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
-            else
-                buf->b_p_vsts_array = 0;
-            buf->b_p_vsts_nopaste = p_vsts_nopaste
-@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags)
-                buf->b_p_isk = save_p_isk;
- #ifdef FEAT_VARTABS
-                if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
-                   tabstop_set(p_vts, &buf->b_p_vts_array);
-+                   (void)tabstop_set(p_vts, &buf->b_p_vts_array);
-                else
-                    buf->b_p_vts_array = NULL;
- #endif
-@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags)
-                buf->b_p_vts = vim_strsave(p_vts);
-                COPY_OPT_SCTX(buf, BV_VTS);
-                if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
-                   tabstop_set(p_vts, &buf->b_p_vts_array);
-+                   (void)tabstop_set(p_vts, &buf->b_p_vts_array);
-                else
-                    buf->b_p_vts_array = NULL;
- #endif
-@@ -6634,7 +6634,7 @@ paste_option_changed(void)
-            if (buf->b_p_vsts_array)
-                vim_free(buf->b_p_vsts_array);
-            if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
-               tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
-+               (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
-            else
-                buf->b_p_vsts_array = 0;
- #endif
-Index: git/src/optionstr.c
-===================================================================
--- git.orig/src/optionstr.c
-+++ git/src/optionstr.c
-@@ -2166,7 +2166,7 @@ did_set_string_option(
-            if (errmsg == NULL)
-            {
-                int *oldarray = curbuf->b_p_vsts_array;
-               if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)))
-+               if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK)
-                {
-                    if (oldarray)
-                        vim_free(oldarray);
-@@ -2205,7 +2205,7 @@ did_set_string_option(
-            {
-                int *oldarray = curbuf->b_p_vts_array;
- 
-               if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
-+               if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK)
-                {
-                    vim_free(oldarray);
- #ifdef FEAT_FOLDING
-Index: git/src/testdir/test_retab.vim
-===================================================================
--- git.orig/src/testdir/test_retab.vim
-+++ git/src/testdir/test_retab.vim
-@@ -74,4 +74,7 @@ endfunc
- func Test_retab_error()
-   call assert_fails('retab -1',  'E487:')
-   call assert_fails('retab! -1', 'E487:')
-+  call assert_fails('ret -1000', 'E487:')
-+  call assert_fails('ret 10000', 'E475:')
-+  call assert_fails('ret 80000000000000000000', 'E475:')
- endfunc
-Index: git/src/version.c
-===================================================================
--- git.orig/src/version.c
-+++ git/src/version.c
-@@ -743,6 +743,8 @@ static char *(features[]) =
- static int included_patches[] =
- {   /* Add new patch number below this line */
- /**/
-+    3402,
-+/**/
-     0
- };
- 
diff --git a/meta/recipes-support/vim/files/disable_acl_header_check.patch b/meta/recipes-support/vim/files/disable_acl_header_check.patch
index 33089162b4..533138245d 100644
--- a/meta/recipes-support/vim/files/disable_acl_header_check.patch
+++ b/meta/recipes-support/vim/files/disable_acl_header_check.patch
@@ -13,11 +13,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
 src/configure.ac | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/src/configure.ac b/src/configure.ac
+Index: git/src/configure.ac
-index 2d409b3ca06a..dbcaf6140263 100644
+===================================================================
--- a/src/configure.ac
+--- git.orig/src/configure.ac
-+++ b/src/configure.ac
+++ git/src/configure.ac
-@@ -3257,7 +3257,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h string.h \
+@@ -3292,7 +3292,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h strin
        sys/systeminfo.h locale.h sys/stream.h termios.h \
        libc.h sys/statfs.h poll.h sys/poll.h pwd.h \
        utime.h sys/param.h sys/ptms.h libintl.h libgen.h \
@@ -26,7 +26,7 @@ index 2d409b3ca06a..dbcaf6140263 100644
        sys/access.h sys/sysinfo.h wchar.h wctype.h)
 
 dnl sys/ptem.h depends on sys/stream.h on Solaris
-@@ -3886,6 +3886,7 @@ AC_ARG_ENABLE(acl,
+@@ -3974,6 +3974,7 @@ AC_ARG_ENABLE(acl,
        , [enable_acl="yes"])
 if test "$enable_acl" = "yes"; then
   AC_MSG_RESULT(no)
@@ -34,6 +34,3 @@ index 2d409b3ca06a..dbcaf6140263 100644
   AC_CHECK_LIB(posix1e, acl_get_file, [LIBS="$LIBS -lposix1e"],
        AC_CHECK_LIB(acl, acl_get_file, [LIBS="$LIBS -lacl"
                  AC_CHECK_LIB(attr, fgetxattr, LIBS="$LIBS -lattr",,)],,),)
-- 
-2.7.4
diff --git a/meta/recipes-support/vim/files/no-path-adjust.patch b/meta/recipes-support/vim/files/no-path-adjust.patch
index 05c2d803f6..9d6da80913 100644
--- a/meta/recipes-support/vim/files/no-path-adjust.patch
+++ b/meta/recipes-support/vim/files/no-path-adjust.patch
@@ -7,9 +7,11 @@ Upstream-Status: Pending
 Signed-off-by: Joe Slater <joe.slater@windriver.com>
--- a/src/Makefile
+Index: git/src/Makefile
-+++ b/src/Makefile
+===================================================================
-@@ -2507,11 +2507,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_
+--- git.orig/src/Makefile
+++ git/src/Makefile
+@@ -2565,11 +2565,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_
                 rm -rf $$cvs; \
              fi
        -chmod $(FILEMOD) $(DEST_TOOLS)/*
diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch
index 48dca44cad..1cb8fb442f 100644
--- a/meta/recipes-support/vim/files/racefix.patch
+++ b/meta/recipes-support/vim/files/racefix.patch
@@ -9,9 +9,9 @@ Index: git/src/po/Makefile
 ===================================================================
 --- git.orig/src/po/Makefile
 +++ git/src/po/Makefile
-@@ -165,17 +165,16 @@ $(PACKAGE).pot: ../*.c ../if_perl.xs ../
+@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM
-                po/gvim.desktop.in po/vim.desktop.in
+        # Delete the temporary files
-        mv -f ../$(PACKAGE).po $(PACKAGE).pot
+        rm *.js
 
 -vim.desktop: vim.desktop.in $(POFILES)
 +LINGUAS:
diff --git a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
index 37914d4cd9..5284ba45b6 100644
--- a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
+++ b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
@@ -14,11 +14,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
 src/configure.ac | 7 +++++++
 1 file changed, 7 insertions(+)
-diff --git a/src/configure.ac b/src/configure.ac
+Index: git/src/configure.ac
-index 0ee86ad..64736f0 100644
+===================================================================
--- a/src/configure.ac
+--- git.orig/src/configure.ac
-+++ b/src/configure.ac
+++ git/src/configure.ac
-@@ -3192,11 +3192,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [int x __attribute__((unused));],
+@@ -3264,11 +3264,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [in
        AC_MSG_RESULT(no))
 
 dnl Checks for header files.
@@ -37,6 +37,3 @@ index 0ee86ad..64736f0 100644
 
 AC_HEADER_DIRENT
 
-- 
-2.7.4
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 864006192b..c124596e8d 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -8,8 +8,10 @@ BUGTRACKER = "https://github.com/vim/vim/issues"
 DEPENDS = "ncurses gettext-native"
 # vimdiff doesn't like busybox diff
 RSUGGESTS_${PN} = "diffutils"
 LICENSE = "vim"
-LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \
+                    file://runtime/doc/uganda.txt;md5=a3f193c20c6faff93c69185d5d070535"
 SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
           file://disable_acl_header_check.patch \
@@ -17,17 +19,10 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
           file://0001-src-Makefile-improve-reproducibility.patch \
           file://no-path-adjust.patch \
           file://racefix.patch \
-           file://CVE-2021-3778.patch \
-           file://CVE-2021-3796.patch \
-           file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \
-           file://CVE-2021-3903.patch \
-           file://CVE-2021-3872.patch \
-           file://CVE-2021-3875.patch \
-           file://CVE-2021-3927.patch \
-           file://CVE-2021-3928.patch \
 "
-SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
+PV .= ".4524"
+SRCREV = "d8f8629b1bf566e1dada7515e9b146c69e5d9757"
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"