subtree updates

poky: 348d9aba33..fc8e5d7c13:
  Adithya Balakumar (1):
        wic: implement reproducible Disk GUID

  Adrian Freihofer (20):
        cmake.bbclass: use --install
        devtool: support plugins with plugins
        devtool: refactor exec_fakeroot
        devtool: refactor deploy to use exec_fakeroot_no_d
        devtool: refactor deploy-target
        recipetool: cleanup imports
        oeqa: replace deprecated assertEquals
        oeqa/selftest/recipetool: fix for python 3.12
        oeqa/selftest/oelib/buildhistory: git default branch
        scripts: python 3.12 regex
        feature-microblaze-versions.inc: python 3.12 regex
        meta/lib/oeqa: python 3.12 regex
        meta/lib/patchtest: python 3.12 regex
        meta/recipes: python 3.12 regex
        bitbake: bitbake/lib/bs4/tests/test_tree.py: python 3.12 regex
        devtool: new ide-sdk plugin
        oe-selftest devtool: ide-sdk tests
        devtool: ide-sdk make deploy-target quicker
        vscode: drop .vscode folder
        oe-init-build-env: generate .vscode from template

  Aleksey Smirnov (2):
        conf/machine: Add Power8 tune to PowerPC architecture
        busybox: Explicitly specify tty device for serial consoles

  Alex Kiernan (1):
        wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23

  Alex Stewart (3):
        opkg: upgrade to 0.6.3
        opkg: add deprecation warning for internal solver
        opkg-arch-config: update recipe HOMEPAGE

  Alexander Kanavin (26):
        sysroot user management postinsts: run with /bin/sh -e to report errors when they happen
        classes/multilib: expand PACKAGE_WRITE_DEPS in addition to DEPENDS
        classes/staging: capture output of sysroot postinsts into logs
        classes/package_rpm: write file permissions and ownership explicitly into .spec
        classes/package_rpm: use weak user/group dependencies
        classes/package_rpm: set bogus locations for passwd/group files
        oeqa/runtime/rpm: fail tests if test rpm file cannot be found
        rpm: update 4.18.1 -> 4.19.1
        classes/package_rpm: correctly escape percent characters
        setftest/cdn tests: check for exceptions also in fetcher diagnostics
        rpm: override curl executable search with just 'curl'
        classes/package_rpm: additionally escape \ and " in filenames
        classes/package_rpm: streamline the logic in one of the condition blocks
        lzlib: add a recipe
        file: enable additional internal compressor support
        selftest/SStateCacheManagement: do not manipulate ERROR_QA
        selftest/SStateCacheManagement: pre-populate the cache
        shadow: add a packageconfig for logind support
        meta/conf/templates/default/conf-notes.txt: remove
        scripts/oe-setup-layers: write a list of layer paths into the checkout's top dir
        meta/conf/templates/default/conf-summary.txt: add a template summary
        meta/lib/bblayers/buildconf.py: add support for configuration summaries
        scripts/oe-setup-builddir: add support for configuration summaries
        oe-setup-build: add a tool for discovering config templates and setting up builds
        meta-poky/conf/templates/default/conf-summary.txt: add a template summary
        bitbake: Revert "bitbake: wget.py: always use the custom user agent"

  Alexis Lothoré (3):
        patchtest-send-results: remove unused variable
        patchtest-send-results: properly parse test status
        testimage: retrieve ptests directory when ptests fail

  André Draszik (4):
        sstate-cache-management: fix regex for 'sigdata' stamp files
        bitbake: fetch/git2: support git's safe.bareRepository
        bitbake: tests/fetch: support git's safe.bareRepository
        bitbake: git-make-shallow: support git's safe.bareRepository

  Anibal Limon (1):
        ptest-runner: Bump to 2.4.3 (92c1b97)

  Anuj Mittal (8):
        enchant2: upgrade 2.6.5 -> 2.6.7
        libproxy: upgrade 0.5.3 -> 0.5.4
        sqlite3: upgrade 3.44.2 -> 3.45.1
        orc: upgrade 0.4.36 -> 0.4.37
        stress-ng: upgrade 0.17.04 -> 0.17.05
        libcap-ng: fix build with swig 4.2.0
        gstreamer1.0: upgrade 1.22.9 -> 1.22.10
        swig: upgrade 4.1.1 -> 4.2.0

  Bruce Ashfield (13):
        lttng-modules: fix v6.8+ build
        linux-yocto-dev: update to v6.8
        linux-yocto/6.6: features/qat/qat.cfg: enable CONFIG_PCIEAER
        linux-yocto/6.6: beaglebone: drop nonassignable kernel options
        linux-yocto/6.6: update to v6.6.13
        linux-yocto/6.6: update CVE exclusions
        linux-yocto/6.6: can: drop obsolete CONFIG_PCH_CAN
        linux-yocto/6.6: update to v6.6.15
        linux-yocto/6.6: update CVE exclusions
        yocto-bsp: update reference boards to v6.6.15
        linux-yocto/6.6: update to v6.6.16
        linux-yocto/6.6: update CVE exclusions
        linux-yocto/6.6: qemuriscv: enable goldfish RTC

  Chen Qi (5):
        multilib_global.bbclass: fix parsing error with no kernel module split
        gnupg: disable tests to avoid running target binaries at build time
        bitbake: fetch2/git.py: fix a corner case in try_premirror
        bitbake: tests/fetch.py: add test case for using premirror in restricted network
        bitbake: fetch2/git.py: add comment in try_premirrors

  Chi Xu (1):
        xz: Add ptest support

  Claus Stovgaard (2):
        kernel-devsrc: fix RDEPENDS for make
        kernel-devsrc: RDEPENDS on gawk

  Clément Péron (1):
        libpcap: extend with nativesdk

  Colin McAllister (1):
        initscripts: Add custom mount args for /var/lib

  David Reyna (1):
        bitbake: taskexp_ncurses: ncurses version of taskexp.py

  Denys Dmytriyenko (3):
        lttng-modules: upgrade 2.13.10 -> 2.13.11
        zlib: upgrade 1.3 -> 1.3.1
        xz: upgrade 5.4.5 -> 5.4.6

  Enguerrand de Ribaucourt (3):
        devtool: ide_sdk: Use bitbake's python3 for generated scripts
        devtool: ide: vscode: Configure read-only files
        meson: use absolute cross-compiler paths

  Enrico Jörns (1):
        rootfs-postcommands: remove make_zimage_symlink_relative()

  Etienne Cordonnier (1):
        dropbear: remove unnecessary line

  Fabien Mahot (1):
        ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an ELF file

  Fabio Estevam (3):
        piglit: Update to latest revision
        mesa: Upgrade 23.3.3 -> 23.3.4
        mesa: Upgrade 23.3.4 -> 23.3.5

  Jamin Lin (3):
        uboot-sign: set load address and entrypoint
        uboot-sign: Fix to install nonexistent dtb file
        u-boot-sign:uboot-config: support to verify signed FIT image

  Jermain Horsman (2):
        bitbake-layers: Add ability to update the reference of repositories
        bitbake-layers: Add test case layers setup for custom references

  Joe Slater (1):
        eudev: allow for predictable network interface names

  Johannes Schneider (2):
        initramfs-framework: overlayroot: fix kernel commandline clash
        initramfs-framework: overlayroot: align bootparams with module name

  Jon Mason (2):
        tunes/sve: Add support for sve2 instructions
        arm/armv*: add all the Arm tunes in GCC 13.2.0

  Jonathan GUILLOT (3):
        lib/oe/package: replace in place PN-locale-* packages in PACKAGES
        lib/oe/package: add LOCALE_PATHS to add define all locations for locales
        cups: use LOCALE_PATHS to split localized HTML templates

  Jose Quaresma (3):
        go: update 1.20.12 -> 1.20.13
        systemd: pack pre-defined pcrlock files installed with tpm2
        qemu: disbale AF_XDP network backend support

  Joshua Watt (8):
        bitbake: hashserv: Add Unihash Garbage Collection
        bitbake: hashserv: sqlalchemy: Use _execute() helper
        bitbake: hashserv: Add unihash-exists API
        bitbake: asyncrpc: Add Client Pool object
        bitbake: hashserv: Add Client Pool
        bitbake: siggen: Add parallel query API
        bitbake: siggen: Add parallel unihash exist API
        sstatesig: Implement new siggen API

  Kai Kang (2):
        rpm: fix dependency for package config imaevm
        ghostscript: correct LICENSE with AGPLv3

  Khem Raj (27):
        elfutils: Fix build with gcc trunk
        python3: Initialize struct termios before calling tcgetattr()
        qemu: Replace the basename patch with backport
        xwayland: Upgrade 23.2.3 -> 23.2.4
        armv8/armv9: Avoid using -march when -mcpu is chosen
        kexec-tools: Fix build with gas 2.42
        systemtap: Backport GCC-14 related calloc fixes
        sdk/assimp.py: Fix build on 32bit arches with 64bit time_t
        binutils: Upgrade to binutils 2.42
        qemu-native: Use inherit_defer for including native class
        syslinux: Disable error on implicit-function-declaration
        glibc: Upgrade to 2.39
        strace: Upgrade to 6.7
        rust/cargo: Build fixes to rust for rv32 target
        buildcpio.py: Switch to using cpio-2.15
        ptest.bbclass: Handle the case when Makefile does not exist in do_install_ptest_base
        kernel-devsrc: Add needed fixes for 6.1+ kernel build on target on RISCV
        python3: Fix ptests with expat 2.6+
        expat: Upgrade to 2.6.0
        gcc-runtime: Move gdb pretty printer file to auto-load location
        core-image-ptest: Increase disk size to 1.5G for strace ptest image
        tcmode-default: Do not define LLVMVERSION
        glibc: Update to latest on 2.39
        glibc: Update to bring mips32/clone3 fix
        piglit: Fix build with musl
        llvm: Upgrade to LLVM-18 RC2
        binutils: Update to tip of 2.42 release branch

  Konrad Weihmann (1):
        python3-yamllint: add missing dependency

  Lee Chee Yang (1):
        migration-guide: add release notes for 4.0.16

  Maanya Goenka (2):
        toolchain-shar-relocate: allow 'find' access to libraries in symlinked directories
        bash: nativesdk-bash does not provide /bin/bash so don't claim to

  Marek Vasut (1):
        Revert "lzop: remove recipe from oe-core"

  Mark Hatle (5):
        qemu: Allow native and nativesdk versions on Linux older then 4.17
        tune-cortexa78.inc: Add cortexa78 tune, based on cortexa77
        feature-arm-vfp.inc: Allow hard-float on newer simd targets
        tune-cortexr5: Add hard-float variant
        tune-cortexr52: Add hard-float variant

  Markus Volk (6):
        gtk4: update 4.12.4 -> 4.12.5
        mesa: update 23.3.5 -> 24.0.0
        mesa: update 24.0.0 -> 24.0.1
        libadwaita: update 1.4.2 -> 1.4.3
        wayland-protocols: update 1.32 -> 1.33
        ell: update 0.61 -> 0.62

  Martin Jansa (5):
        qemu: fix target build with ccache enabled
        package_manager: ipk: add OPKG_MAKE_INDEX_EXTRA_PARAMS variable
        package_rpm: add RPMBUILD_EXTRA_PARAMS variable
        bitbake: bitbake-diffsigs: fix walking the task dependencies and show better error
        bitbake: tests: fetch.py: use real subversion repository

  Michael Opdenacker (9):
        dev-manual: start: remove idle line
        docs: remove support for mickledore (4.2) release
        release-notes-4.3: fix spacing
        alsa-lib: upgrade 1.2.10 -> 1.2.11
        alsa-tools: upgrade 1.2.5 -> 1.2.11
        alsa-ucm-conf: upgrade 1.2.10 -> 1.2.11
        alsa-utils: upgrade 1.2.10 -> 1.2.11
        oeqa/runtime/cases: fix typo in information message
        bitbake: doc: README: simpler link to contributor guide

  Michal Sieron (1):
        sanity.bbclass: raise_sanity_error if /tmp is noexec

  Nick Owens (1):
        systemd: recommend libelf, libdw for elfutils flag

  Ola x Nilsson (1):
        python3-numpy: Use Large File Support version of fallocate

  Paul Gortmaker (1):
        bitbake: hashserv: improve the loglevel error message to be more helpful

  Pavel Zhukov (3):
        systemd.bbclass: Check for existence of the symlink too
        bitbake: fetch2/git.py: Fetch mirror into HEAD
        bitbake: tests/fetch.py: add multiple fetches test

  Peter Kjellerstedt (12):
        devtool: modify: Correct appending of type=git-dependency to URIs
        devtool: standard: Add some missing whitespace
        devtool: _extract_source: Correct the removal of an old backup directory
        bitbake: tests/fetch: Make test_git_latest_versionstring support a max version
        bitbake: fetch2/git: A bit of clean-up of latest_versionstring()
        bitbake: fetch2/git: Make latest_versionstring extract tags with slashes correctly
        lib/oe/patch: Make extractPatches() not extract ignored commits
        lib/oe/patch: Add GitApplyTree.commitIgnored()
        devtool: Make use of oe.patch.GitApplyTree.commitIgnored()
        patch.bbclass: Make use of oe.patch.GitApplyTree.commitIgnored()
        lib/oe/patch: Use git notes to store the filenames for the patches
        insane.bbclass: Allow the warning about virtual/ to be disabled

  Peter Marko (2):
        openssl: Upgrade 3.2.0 -> 3.2.1
        util-linux: add alternative link for scriptreplay

  Petr Vorel (1):
        ltp: Update to 20240129

  Philip Lorenz (1):
        ipk: Remove temporary package lists during SDK creation

  Priyal Doshi (1):
        tzdata : Upgrade to 2024a

  Quentin Schulz (1):
        u-boot: add missing dependency on pyelftools-native

  Randolph Sapp (1):
        mirrors.bbclass: add infraroot as an https mirror

  Randy MacLeod (4):
        valgrind: make ptest depend on all components
        valgrind: update from 3.21.0 to 3.22.0
        valgrind: skip 14 ptests in 3.22
        valgrind: Skip 22 arm64 ptests

  Richard Purdie (34):
        oeqa/qemurunner: Handle rare shutdown race
        pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
        numactl: upgrade 2.0.16 -> 2.0.17
        conf: Move selftest config to dedicated inc file
        oeqa/selftest/bbtests: Tweak to use no-gplv3 inc file
        python3-markupsafe: upgrade 2.1.3 -> 2.1.5
        python3-markupsafe: Switch to python_setuptools_build_meta
        qemu: Upgrade 8.2.0 -> 8.2.1
        ltp: Enable extra test groups
        ltp: Try re-enabling problematic test
        meta-yocto-bsp: Remove accidentally added files
        oeqa/runtime: Move files from oe-core to bsp layer
        mirrors: Allow shallow glibc to work correctly
        ptest-packagelists: Mark python3 as problematic on riscv64
        kernel-devsrc: Clean up whitespace
        selftest/recipetool: Factor tomllib test to a function
        selftest/recipetool: Improve test failure output
        layer.conf: Update for the scarthgap release series
        layer.conf: Update for the scarthgap release series
        bitbake: process: Add profile logging for main loop
        bitbake: process/server: Fix typo
        kernel-arch: Simplify strip support
        insane: Clarify runtime/ warning
        bitbake: runqueue: Improve performance for executing tasks
        bitbake: runqueue: Optimise taskname lookups in next_buildable_task
        bitbake: runqueue: Improve setcene performance when encoutering many 'hard' dependencies
        openssh: Add a work around for ICE on mips/mips64
        kernel-devsrc: Improve vdso-offsets handling for qemuriscv64
        u-boot: Pass in prefix mapping variables to the compiler
        testsdk: Avoid PATH contamination
        oeqa/selftest/rust: Exclude failing riscv tests
        bitbake: bitbake: Bump version to 2.7.3 for hashserv changes
        sanity.conf: Require bitbake 2.7.3
        python: Drop ${PYTHON_PN}

  Robert Joslyn (2):
        curl: Update to 8.6.0
        gtk: Set CVE_PRODUCT

  Robert Yang (1):
        gnu-config: Update to latest version

  Ross Burton (13):
        grub2: ignore CVE-2023-4001, this is Red Hat-specific
        openssl: backport fix for CVE-2023-6129
        lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex
        oeqa/selftest/recipetool: downgrade meson version to not use pyproject.toml
        recipetool: don't dump stack traces if a toml parser can't be found
        xz: remove redundant PTEST_ENABLED conditional
        libpam: remove redundant PTEST_ENABLED conditional
        glib-2.0: backport memory monitor test fixes
        python3: move dataclasses to python3-core
        python3-unittest-automake-output: upgrade to 0.2
        meson: remove TMPDIR workaround
        meson: set the sysroot in the cross files
        libffi: upgrade to 3.4.5

  Simone Weiß (12):
        gnutls: Upgrade 3.8.2 -> 3.8.3
        maintainers.inc: Add self for libseccomp and gnutls
        bsp-guide: correct formfactor recipe name
        dev-manual: gen-tapdevs need iptables installed
        gnutls: print log if ptest fails
        patchtest: log errors and failures at end
        grub2: ignore CVE-2024-1048, Redhat only issue
        libgit2: update 1.7.1 -> 1.7.2
        libuv: Upgrade 1.47.0 -> 1.48.0
        qemu: Set CVE_STATUS for wrong CVEs
        patchtest: Add selftest for test cve_check_ignore
        patchtest: add stronger indication for failed tests

  Siong W.LIM (1):
        useradd.bbclass: Fix missing space when appending vardeps.

  Thomas Perrot (2):
        opensbi: append LDFLAGS to TARGET_CC_ARCH
        bitbake: wget.py: always use the custom user agent

  Tim Orling (13):
        libxml-parser-perl: upgrade 2.46 -> 2.47
        python3-pyyaml: add PACKAGECONFIG for libyaml
        python3-pyyaml: enable ptest
        python3-cryptography: upgrade 41.0.7 to 42.0.2
        openssh: upgrade 9.5p1 -> 9.6p1
        python3-poetry-core: upgrade 1.8.1 -> 1.9.0
        python3-attrs: skip test failing with pytest-8
        vim: upgrade from 9.0.2130 -> 9.1.0114
        python3-pyproject-metadata: move from meta-python
        python3-pyproject-metadata: HOMEPAGE; DESCRIPTION
        python3-meson-python: move from meta-python
        python_mesonpy.bbclass: move from meta-python
        recipetool; add support for python_mesonpy class

  Tobias Hagelborn (2):
        sstate.bbclass: Only sign packages at the time of their creation
        bitbake: bitbake: hashserv: Postgres adaptations for ignoring duplicate inserts

  Toni Lammi (1):
        bitbake: support temporary AWS credentials

  Trevor Gamblin (7):
        patchtest.README: update mailing list
        cmake: upgrade 3.27.7 -> 3.28.3
        python3-numpy: upgrade 1.26.3 -> 1.26.4
        patchtest-send-results: Add 'References' header
        patchtest-send-results: use Message-ID directly
        patchtest: Fix grammar in log output
        patchtest-send-results: add --debug option

  Valek Andrej (1):
        glibc: Refresh CVE status w.r.t 2.39 release

  Vikas Katariya (1):
        bmap-tools: Add missing runtime dependency

  Wang Mingyu (36):
        at-spi2-core: upgrade 2.50.0 -> 2.50.1
        cpio: upgrade 2.14 -> 2.15
        ethtool: upgrade 6.6 -> 6.7
        iso-codes: upgrade 4.15.0 -> 4.16.0
        libinput: upgrade 1.24.0 -> 1.25.0
        libtest-warnings-perl: upgrade 0.032 -> 0.033
        libwpe: upgrade 1.14.1 -> 1.14.2
        lzip: upgrade 1.23 -> 1.24
        createrepo-c: upgrade 1.0.2 -> 1.0.3
        diffstat: upgrade 1.65 -> 1.66
        dos2unix: upgrade 7.5.1 -> 7.5.2
        ed: upgrade 1.19 -> 1.20
        gnupg: upgrade 2.4.3 -> 2.4.4
        gstreamer: upgrade 1.22.8 -> 1.22.9
        libidn2: upgrade 2.3.4 -> 2.3.7
        libpng: upgrade 1.6.40 -> 1.6.41
        libsolv: upgrade 0.7.27 -> 0.7.28
        liburi-perl: upgrade 5.21 -> 5.25
        nghttp2: upgrade 1.58.0 -> 1.59.0
        repo: upgrade 2.40 -> 2.41
        orc: upgrade 0.4.34 -> 0.4.36
        pkgconf: upgrade 2.0.3 -> 2.1.0
        python3-sphinxcontrib-applehelp: upgrade 1.0.7 -> 1.0.8
        python3-sphinxcontrib-devhelp: upgrade 1.0.5 -> 1.0.6
        python3-sphinxcontrib-htmlhelp: upgrade 2.0.4 -> 2.0.5
        python3-sphinxcontrib-qthelp: upgrade 1.0.6 -> 1.0.7
        python3-sphinxcontrib-serializinghtml: upgrade 1.1.9 -> 1.1.10
        python3-beartype: upgrade 0.16.4 -> 0.17.0
        python3-mako: upgrade 1.3.0 -> 1.3.2
        python3-hatchling: upgrade 1.21.0 -> 1.21.1
        python3-hypothesis: upgrade 6.92.9 -> 6.97.3
        python3-pluggy: upgrade 1.3.0 -> 1.4.0
        python3-psutil: upgrade 5.9.7 -> 5.9.8
        python3-pyopenssl: upgrade 23.3.0 -> 24.0.0
        python3-pytz: upgrade 2023.3 -> 2023.4
        python3-pytest: upgrade 7.4.4 -> 8.0.0

  Xiangyu Chen (1):
        bash: rebase the patch to fix ptest failure

  Yi Zhao (2):
        rpm: add missing dependencies for packageconfig
        libsdl2: upgrade 2.28.5 -> 2.30.0

  Yoann Congal (2):
        kexec-tools: Replace a submitted patch by the backported one
        waf.bbclass: Print waf output on unparsable version

  Yogita Urade (1):
        tiff: fix CVE-2023-52355 and CVE-2023-52356

  baruch@tkos.co.il (3):
        contributor-guide: fix lore URL
        overlayfs: add missing closing parenthesis in selftest
        overlayfs-etc: add option to skip creation of mount dirs

meta-arm: 6bb1fc8d8c..025f76a14f:
  Ali Can Ozaslan (1):
        arm-bsp/u-boot:corstone1000: Fix deployment of capsule files

  Drew Reed (4):
        bsp: Move Corstone-1000 U-Boot configuration entries
        bsp: Move machine settings
        bsp,ci: Switch to poky distro
        bsp: Rename corstone1000-image

  Harsimran Singh Tungal (2):
        n1sdp:arm arm-bsp: fix tftf tests for n1sdp
        arm-bsp/optee: upgrade optee to 4.1.0 for N1SDP

  Jon Mason (3):
        arm/opencsd: update to v1.5.1
        arm/optee: update to 4.1
        arm-bsp/optee: remove unused v3.22.0 recipes

  Khem Raj (1):
        layer.conf: Update for the scarthgap release series

  Ross Burton (5):
        CI: support extra kas files from environment
        CI/cve.yml: add a CVE-checking Kas fragment
        CI: add explanatory comments to variables
        CI: allow the runner to set a NVD API key
        CI: use https: to fetch meta-virtualization

  Vincent Stehlé (1):
        arm-bsp/documentation: corstone1000: fix typo

meta-security: b2e1511338..30e755c592:
  Armin Kuster (3):
        python3-pyinotify: do not rely on smtpd module
        python3-fail2ban: remove unused distutils dependency
        scap-security-guide: update to 0.1.71

  BELOUARGA Mohamed (2):
        checksec: Add more runtime dependencies to checksec tool
        lynis: Add missing runtime dependencies

  Leon Anavi (2):
        linux-yocto%.bbappend: Add audit.cfg
        integrity-image-minimal: Fix IMAGE_INSTALL

  Mikko Rapeli (1):
        parsec-tool: fix serialNumber check

  Yi Zhao (1):
        openscap: fix build with python 3.12

  Yushi Sun (1):
        meta-security: libhoth: SRCREV bump e520f8f...e482716

meta-raspberrypi: 9c901bf170..dbf1113a82:
  Kevin Hao (1):
        rpidistro-ffmpeg: Fix old override syntax

  Khem Raj (3):
        linux-raspberrypi_6.1.bb: Upgrade to 6.1.74
        linux-raspberrypi: Upgrade to 6.1.77
        layer.conf: Update for the scarthgap release series

  Martin Jansa (1):
        libcamera-apps: fix build with libcamera-0.2.0

  Matthew Draws (1):
        rpi-eeprom_git: v.2024.01.05-2712 Update recipe to latest rpi-eeprom repo This follows the current latest release of rpi-eeprom: https://github.com/raspberrypi/rpi-eeprom

  Pascal Huerst (1):
        rpi-base: Add missing hifiberry overlay

meta-openembedded: 9953ca1ac0..528f273006:
  Alex Kiernan (3):
        mdns: Fix SIGSEGV during DumpStateLog()
        mdns: Upgrade 2200.60.25.0.4 -> 2200.80.16
        c-ares: Upgrade 1.24.0 -> 1.26.0

  Angelo Ribeiro (1):
        flatcc: Add tool recipe

  Angelo.Ribeiro (1):
        e2tools: Add tool recipe

  Archana Polampalli (1):
        nodejs: update to latest v20 version 20.11.0

  Beniamin Sandu (3):
        mbedtls: upgrade 3.5.1 -> 3.5.2
        mbedtls: upgrade 2.28.4 -> 2.28.7
        opencv: upgrade 4.8.0 -> 4.9.0

  Changqing Li (1):
        cpuid: fix do_install

  Chirag Shilwant (1):
        kernel-selftest: Add few more testcases

  Christophe Vu-Brugier (4):
        dropwatch: add new recipe
        switchtec-user: upgrade 4.1 -> 4.2
        libnvme: upgrade 1.7.1 -> 1.8
        nvme-cli: upgrade 2.7.1 -> 2.8

  Clément Péron (2):
        proj: extend class to native and nativesdk
        proj: upgrade 9.3.0 -> 9.3.1

  Denys Dmytriyenko (1):
        libcamera: update 0.1.0 -> 0.2.0

  Derek Straka (36):
        python3-bandit: update to version 1.7.7
        python3-web3: update to version 6.15.0
        python3-argcomplete: update to version 3.2.2
        python3-cytoolz: update to version 0.12.3
        python3-pdm: update to version 2.12.2
        python3-google-api-python-client: update to version 2.115.0
        python3-coverage: update to version 7.4.1
        python3-gmqtt: update to version 0.6.14
        python3-colorlog: update to version 6.8.2
        python3-argh: update to version 0.31.2
        python3-luma-core: update to version 2.4.2
        python-pdm: update to version 2.12.3
        python3-parse: update to version 1.20.1
        python3-grpcio: update to version 1.60.1
        python3-dill: update to version 0.3.8
        python3-types-setuptools: update to version 69.0.0.20240125
        python3-pymisp: update to version 2.4.184
        python3-cbor2: update to version 5.6.1
        python3-sentry-sdk: update to version 1.40.0
        python3-pytest-asyncio: update to version 0.23.4
        python3-google-api-core: update to version 2.16.1
        python3-google-api-python-client: update to version 2.116.0
        python3-google-auth: update to version 2.27.0
        python3-jsonrpcclient: update to version 4.0.3
        python3-dnspython: update to version 2.5.0
        python3-eventlet: update to version 0.35.1
        python3-platformdirs: update to version 4.2.0
        python3-ipython: update to version 8.21.0
        python3-grpcio-tools: update to version 1.60.1
        python3-cachecontrol: update to version 0.14.0
        python3-binwalk: update the regex version for upstream checks
        python3-pymodbus: update to version 3.6.3
        python3-pyyaml-include: add initial recipe for version 1.3.2
        python3-appdirs: add ptest into PTESTS_FAST_META_PYTHON items
        python3-yarl: add ptest into PTESTS_FAST_META_PYTHON items
        python3-ujson: add ptest into PTESTS_FAST_META_PYTHON items

  Emil Kronborg (1):
        php-fpm: fix systemd

  Etienne Cordonnier (2):
        uutils-coreutils: upgrade 0.0.23 -> 0.0.24
        uutils_coreutils: merge .inc and .bb

  Fathi Boudra (4):
        whitenoise: add a new recipe
        python3-django: upgrade to Django 4.2.10 LTS release
        libtinyxml2: fix the homepage URL
        libtinyxml2: allow to build both shared and static libraries

  Geoff Parker (2):
        python3-aiodns python3-pycares: Add native & nativesdk support
        python3-aiohappyeyeballs: Add native & nativesdk support

  Jean-Marc BOUCHE (1):
        rtkit: missing files/directories in package

  Jose Quaresma (1):
        ostree: Upgrade 2023.8 -> 2024.1

  Jörg Sommer (1):
        bonnie++: New recipe for version 2.0

  Khem Raj (18):
        uftrace: Upgrade to 0.15.2
        i2cdev: Set PV correctly
        minicoredumper: Fix build with clang
        python3-pytest-mock: Fix ptest failures with python 3.12
        ndctl: Update to v78
        vk-gl-cts: Disable Werror on amber external module
        vulkan-cts: Upgrade to 1.3.7.3
        uftrace: Adjust the summary to reflect rust and python support
        libcamera: Fix build with clang-18
        breakpad: Upgrade to 2023.06.01 release
        bpftool: Add missing dep on elfutils-native
        flatcc: Fix build warnings found with clang-18
        Revert "lzop: add (from oe-core)"
        can-isotp: Update to latest and skip it
        openflow: Switch SRC_URI to github mirror
        ot-br-posix: upgrade to latest trunk
        libcereal: Disable c++11-narrowing-const-reference warning as error
        ot-br-posix: Limit vla-cxx-extension option to clang >= 18

  Li Wang (1):
        radvd: add '--shell /sbin/nologin' to /etc/passwd

  Mark Hatle (1):
        opencv: Fix python3 package generation

  Markus Volk (9):
        luajit: allow to build on supported platforms
        pipewire: fix build with libcamera-0.2
        system-config-printer: fix runtime for system-config-printer
        iwd: update 2.8 -> 2.13
        pipewire: update 1.0.1 -> 1.0.3
        flatpak: remove unneeded RDEPENDS
        libosinfo: use hwdata for ids files
        libnfs: update 5.0.2 -> 5.0.3
        hwdata: update 0.378 -> 0.379

  Martin Jansa (18):
        libtalloc, libtevent, libtdb, libldb: set PYTHONARCHDIR for waf to respect python libdir
        jack: fix build with python3 on host
        redis: restore Upstream-Status
        libvpx: restore Upstream-Status
        python-jsonref: add missing Upstream-Status
        flatcc: respect baselib
        flatcc: drop 'r' from gitr and ${SRCPV}
        recipes: drop ${SRCPV} usage
        recipes: drop remaining +gitr cases
        gitpkgv.bbclass: adjust the example in comment a bit
        ne10: append +git instead of gitr+
        evemu-tools: use better PV
        nana: upgrade to latest commit from github
        xfstests: upgrade to latest 2024.01.14
        xfstests: add gawk to RDEPENDS
        xfstests: use master branch instead of 'for-next'
        xfstests: drop the upstream rejected install-sh hack
        xfstests: fix make install race condition

  Max Krummenacher (2):
        libusbgx: fix usbgx.service stop / restart
        libusbgx: uprev to the latest commit

  Maxime Roussin-Belanger (1):
        xdg-desktop-portal: add missing glib-2.0-native dependency

  Maxime Roussin-Bélanger (1):
        polkit: fix rules.d permissions

  Ming Liu (1):
        plymouth: uprev to 24.004.60

  Niko Mauno (4):
        python3-pybind11: Amend HOMEPAGE
        python3-pybind11: Prune redundant inherit
        python3-pybind11: Fix LICENSE
        python3-pybind11: Cosmetic fixes

  Pavel Zhukov (1):
        python3-tzlocal: Add zoneinfo dependency

  Peter Kjellerstedt (1):
        xfstests: Only specify the main SRCREV once

  Peter Marko (2):
        syslog-ng: ignore CVE-2022-38725
        libqmi: correct PV

  Pratik Manvar (1):
        python3-pybind11: Remove the Boost dependency

  Richard Leitner (7):
        python3-janus: add recipe for v1.0.0
        python3-moteus: add recipe for v0.3.67
        python3-socksio: add recipe for v1.0.0
        python3-anyio: add recipe for v4.2.0
        python3-sniffio: add recipe for v1.3.0
        python3-httpcore: add recipe for v1.0.2
        python3-httpx: add recipe for v0.26.0

  Sascha Hauer (1):
        signing.bbclass: make it work with eliptic curve keys

  Simone Weiß (1):
        scapy: Add difftools and logutils in RDEPENDS

  Thomas Perrot (3):
        dvb-apps: no longer skip ldflags QA
        etcd-cpp-apiv3: no longer skip ldflags QA
        kernel-selftest: no longer skip ldflags QA

  Tim Orling (60):
        python3-uritemplate: switch to pytest --automake
        python3-unidiff: switch to pytest --automake
        python3-ujson: switch to pytest --automake
        python3-pytest-lazy-fixture: switch to pytest --automake
        python3-fastjsonschema: switch to pytest --automake
        python3-tomlkit: switch to pytest --automake
        python3-inotify: switch to pytest --automake
        python3-requests-file: switch to pytest --automake
        python3-covdefaults: switch to pytest --automake
        python3-dominate: switch to pytest --automake
        python3-scrypt: switch to pytest --automake
        python3-u-msgpack-python: switch to pytest --automake
        python3-iso3166: switch to pytest --automake
        python3-trustme: switch to pytest --automake
        python3-asgiref: switch to pytest --automake
        python3-html2text: switch to pytest --automake
        python3-pyasn1-modules: switch to pytest --automake
        python3-intervals: switch to pytest --automake
        python3-py-cpuinfo: switch to pytest --automake
        python3-backports-functools-lru-cache: drop folder
        python3-whoosh: switch to pytest --automake
        python3-xlrd: switch to pytest --automake
        python3-dnspython: switch to pytest --automake
        python3-prettytable: switch to pytest --automake
        python3-ptyprocess: switch to pytest --automake
        python3-gunicorn: switch to pytest --automake
        python3-pytest-mock: switch to pytest --automake
        python3-pyroute2: switch to pytest --automake
        python3-smpplib: switch to pytest --automake
        python3-pyzmq: switch to pytest --automake
        python3-multidict: switch to pytest --automake
        python3-geojson: switch to pytest --automake
        python3-serpent: switch to pytest --automake
        python3-soupsieve: switch to pytest --automake
        python3-requests-toolbelt: switch to pytest --automake
        python3-yarl: switch to pytest --automake
        python3-cbor2: switch to pytest --automake
        python3-ansicolors: switch to pytest --automake
        python3-ipy: switch to pytest --automake
        python3-sqlparse: switch to pytest --automake
        python3-precise-runner: switch to pytest --automake
        python3-parse-type: switch to pytest --automake
        python3-inflection: switch to pytest --automake
        python3-blinker: switch to pytest --automake
        python3-service-identity: switch to pytest --automake
        python3-cachetools: switch to pytest --automake
        python3-simpleeval: switch to pytest --automake
        python3-appdirs: switch to pytest --automake
        python3-pillow: switch to pytest --automake
        python3-semver: switch to pytest --automake
        python3-platformdirs: switch to pytest --automake
        python3-polyline: switch to pytest --automake
        python3-betamax: switch to pytest --automake
        python3-pytoml: switch to pytest --automake
        python3-pyserial: switch to pytest --automake
        python3-typeguard: switch to pytest --automake
        python3-execnet: switch to pytest --automake
        python3-pyyaml-include: switch to pytest --automake
        python3-xxhash: switch to pytest --automake
        python3-pylint: switch to pytest --automake

  Tom Geelen (1):
        python3-pychromecast: add missing RDEPENDS, and add initial recipe for dependency.

  Wang Mingyu (90):
        btop: upgrade 1.2.13 -> 1.3.0
        ccid: upgrade 1.5.4 -> 1.5.5
        ctags: upgrade 6.1.20231231.0 -> 6.1.20240114.0
        gcr3: upgrade 3.41.1 -> 3.41.2
        htop: upgrade 3.2.2 -> 3.3.0
        hwdata: upgrade 0.377 -> 0.378
        libdecor: upgrade 0.2.1 -> 0.2.2
        libvpx: upgrade 1.13.1 -> 1.14.0
        lldpd: upgrade 1.0.17 -> 1.0.18
        gjs: upgrade 1.78.2 -> 1.78.3
        wireshark: upgrade 4.2.0 -> 4.2.2
        capnproto: upgrade 1.0.1.1 -> 1.0.2
        dnfdragora: upgrade 2.1.5 -> 2.1.6
        libyang: upgrade 2.1.128 -> 2.1.148
        lshw: upgrade 02.19.2 -> 02.20
        md4c: upgrade 0.4.8 -> 0.5.0
        python3-apscheduler: add new recipe
        redis: upgrade 7.2.3 -> 7.2.4
        sanlock: upgrade 3.8.5 -> 3.9.0
        python3-eth-keys: upgrade 0.4.0 -> 0.5.0
        python3-xmlschema: upgrade 2.5.1 -> 3.0.1
        plocate: upgrade 1.1.20 -> 1.1.22
        python3-absl: upgrade 2.0.0 -> 2.1.0
        python3-asyncinotify: upgrade 4.0.5 -> 4.0.6
        python3-beautifulsoup4: upgrade 4.12.2 -> 4.12.3
        python3-cantools: upgrade 39.4.2 -> 39.4.3
        python3-cbor2: upgrade 5.5.1 -> 5.6.0
        python3-dbus-fast: upgrade 2.21.0 -> 2.21.1
        python3-django: upgrade 5.0 -> 5.0.1
        python3-eth-abi: upgrade 4.2.1 -> 5.0.0
        python3-eth-typing: upgrade 3.5.2 -> 4.0.0
        python3-eth-utils: upgrade 2.3.1 -> 3.0.0
        python3-eventlet: upgrade 0.34.2 -> 0.34.3
        python3-flask: upgrade 3.0.0 -> 3.0.1
        python3-git-pw: upgrade 2.5.0 -> 2.6.0
        python3-google-api-python-client: upgrade 2.113.0 -> 2.114.0
        python3-haversine: upgrade 2.8.0 -> 2.8.1
        python3-ipython: upgrade 8.19.0 -> 8.20.0
        python3-pdm: upgrade 2.11.2 -> 2.12.1
        python3-pyatspi: upgrade 2.46.0 -> 2.46.1
        python3-sentry-sdk: upgrade 1.39.1 -> 1.39.2
        python3-robotframework: upgrade 6.1.1 -> 7.0
        python3-pychromecast: upgrade 13.0.8 -> 13.1.0
        python3-tox: upgrade 4.11.4 -> 4.12.1
        python3-types-psutil: upgrade 5.9.5.17 -> 5.9.5.20240106
        qpdf: upgrade 11.7.0 -> 11.8.0
        smemstat: upgrade 0.02.12 -> 0.02.13
        tesseract: upgrade 5.3.3 -> 5.3.4
        libsmi: Fix buildpaths warning.
        minicoredumper: upgrade 2.0.6 -> 2.0.7
        cmocka: Fix install conflict when enable multilib.
        czmq: Fix install conflict when enable multilib.
        czmq: Fix buildpaths warning.
        bdwgc: upgrade 8.2.4 -> 8.2.6
        cmark: upgrade 0.30.3 -> 0.31.0
        gensio: upgrade 2.8.2 -> 2.8.3
        geos: upgrade 3.12.0 -> 3.12.1
        imlib2: upgrade 1.12.1 -> 1.12.2
        libcbor: upgrade 0.10.2 -> 0.11.0
        libinih: upgrade 57 -> 58
        libio-socket-ssl-perl: upgrade 2.084 -> 2.085
        libjcat: upgrade 0.2.0 -> 0.2.1
        libqmi: upgrade 1.35.1 -> 1.35.2
        md4c: upgrade 0.5.0 -> 0.5.2
        nanomsg: upgrade 1.2 -> 1.2.1
        neatvnc: upgrade 0.7.1 -> 0.7.2
        network-manager-applet: upgrade 1.34.0 -> 1.36.0
        libgsf: upgrade 1.14.51 -> 1.14.52
        ndisc6: upgrade 1.0.7 -> 1.0.8
        squid: upgrade 6.6 -> 6.7
        iotop: upgrade 1.25 -> 1.26
        libblockdev: upgrade 3.0.4 -> 3.1.0
        neon: upgrade 0.32.5 -> 0.33.0
        pkcs11-provider: upgrade 0.2 -> 0.3
        sanlock: upgrade 3.9.0 -> 3.9.1
        satyr: upgrade 0.42 -> 0.43
        python3-astroid: upgrade 3.0.2 -> 3.0.3
        python3-elementpath: upgrade 4.1.5 -> 4.2.0
        python3-flask: upgrade 3.0.1 -> 3.0.2
        python3-google-api-core: upgrade 2.16.1 -> 2.16.2
        python3-gspread: upgrade 5.12.4 -> 6.0.0
        python3-path: upgrade 16.9.0 -> 16.10.0
        python3-gcovr: upgrade 6.0 -> 7.0
        python3-types-psutil: upgrade 5.9.5.20240106 -> 5.9.5.20240205
        python3-waitress: upgrade 2.1.2 -> 3.0.0
        rdma-core: upgrade 48.0 -> 50.0
        ser2net: upgrade 4.6.0 -> 4.6.1
        sip: upgrade 6.8.1 -> 6.8.2
        span-lite: upgrade 0.10.3 -> 0.11.0
        tcpslice: upgrade 1.6 -> 1.7

  William A. Kennington III (3):
        nanopb: Update 0.4.7 -> 0.4.8
        nanopb: Split into 2 packages
        nanopb-runtime: Enable shared library

  Yoann Congal (6):
        ibus: backport a reproducibility fix
        radvd: Fix build in reproducible test
        mariadb: Move useradd handling in target side of the recipe
        kexec-tools-klibc: Fix building on x86_64 with binutils 2.41
        freeradius: Add missing 'radiusd' static group id
        ntp: Add missing 'ntp' static group id

  alperak (18):
        python3-flask-marshmallow: upgrade 0.15.0 -> 1.1.0
        python3-netaddr: upgrade 0.10.0 -> 0.10.1
        python3-toolz: upgrade 0.12.0 -> 0.12.1
        python3-aiohappyeyeballs: add recipe
        python3-aiohttp: upgrade 3.9.1 -> 3.9.2
        python3-eth-rlp: upgrade 1.0.0 -> 1.0.1
        python3-aiohttp: upgrade 3.9.2 -> 3.9.3
        python3-google-auth-oauthlib: add recipe
        python3-scikit-build: upgrade 0.16.7 -> 0.17.6
        python3-eth-account: upgrade 0.10.0 -> 0.11.0
        python3-pyunormalize: add recipe
        python3-web3: upgrade 6.15.0 -> 6.15.1
        python3-gspread: upgrade 6.0.0 -> 6.0.1
        python3-strenum: add recipe
        python3-flask-marshmallow: upgrade 1.1.0 -> 1.2.0
        python3-werkzeug: upgrade 2.3.6 -> 3.0.1
        python3-imageio: upgrade 2.33.1 -> 2.34.0
        python3-werkzeug: add missing runtime dependencies

  virendra thakur (1):
        nodejs: Set CVE_PRODUCT to "node.js"

Change-Id: If9fadba6ede9e8de3b778d470bbd61f208f48e54
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

14 files changed, 116 insertions, 18 deletions

diff --git a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb
index 8dd5e1580a..963fcfe2ae 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb
@@ -9,7 +9,6 @@ RDEPENDS:${PN} += "\
     ${PYTHON_PN}-logging \
     ${PYTHON_PN}-misc \
     ${PYTHON_PN}-shell \
-    ${PYTHON_PN}-smtpd \
     ${PYTHON_PN}-threading \
 "
 
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
index 68695f2bb1..135e97c17c 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
@@ -72,4 +72,3 @@ RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
 RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
 
 RRECOMMENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'python3-systemd', '', d)}"
-RRECOMMENDS:${PN} += "python3-distutils"
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md
index 1a37280a9e..2f30e789f0 100644
--- a/meta-security/meta-integrity/README.md
+++ b/meta-security/meta-integrity/README.md
@@ -219,12 +219,16 @@ executing the file is no longer allowed:
     -sh: /usr/bin/rpm: Permission denied
 
 Enabling the audit kernel subsystem may help to debug appraisal
-issues. Enable it by adding the meta-security-framework layer and
+issues. Enable it by adding a kernel configuration fragment and
 changing your local.conf:
     SRC_URI:append:pn-linux-yocto = " file://audit.cfg"
     CORE_IMAGE_EXTRA_INSTALL += "auditd"
 
-Then boot with "ima_appraise=log ima_appraise_tcb".
+Then boot with "ima_appraise=log ima_appraise_tcb integrity_audit=1".
+For example, for QEMU by changing variable QB_KERNEL_CMDLINE_APPEND
+in your local.conf:
+    QB_KERNEL_CMDLINE_APPEND:remove:pn-integrity-image-minimal = "ima_policy=tcb ima_appraise=fix"
+    QB_KERNEL_CMDLINE_APPEND:append:pn-integrity-image-minimal = " ima_appraise=log ima_appraise_tcb integrity_audit=1"
 
 Adding auditd is not strictly necessary but helps to capture a
 more complete set of events in /var/log/audit/ and search in
diff --git a/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb b/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index 502217063b..856249f61a 100644
--- a/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
+++ b/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
@@ -2,18 +2,16 @@ DESCRIPTION = "An image as an exmaple for Ima support"
 
 IMAGE_FEATURES += "ssh-server-openssh"
 
+LICENSE = "MIT"
+
+inherit core-image
 
-IMAGE_INSTALL = "\
+IMAGE_INSTALL += "\
     packagegroup-base \
     packagegroup-core-boot \
     packagegroup-ima-evm-utils \
     os-release"
 
-
-LICENSE = "MIT"
-
-inherit core-image
-
 export IMAGE_BASENAME = "integrity-image-minimal"
 
 INHERIT += "ima-evm-rootfs"
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux-yocto%.bbappend b/meta-security/meta-integrity/recipes-kernel/linux/linux-yocto%.bbappend
index be60bfeac4..9c599aab36 100644
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/meta-security/meta-integrity/recipes-kernel/linux/linux-yocto%.bbappend
@@ -1 +1,3 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/linux:"
+
 require ${@bb.utils.contains_any('DISTRO_FEATURES', 'integrity ', 'linux_ima.inc', '', d)}
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/audit.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/audit.cfg
new file mode 100644
index 0000000000..214dbe33fd
--- /dev/null
+++ b/meta-security/meta-integrity/recipes-kernel/linux/linux/audit.cfg
@@ -0,0 +1,2 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/files/0001-parsec-cli-tests.sh-adapt-to-new-serialNumber-output.patch b/meta-security/meta-parsec/recipes-parsec/parsec-tool/files/0001-parsec-cli-tests.sh-adapt-to-new-serialNumber-output.patch
new file mode 100644
index 0000000000..6c5a94f3b9
--- /dev/null
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/files/0001-parsec-cli-tests.sh-adapt-to-new-serialNumber-output.patch
@@ -0,0 +1,33 @@
+From b5cbf8635483e2c1254d15af7427696a378dadf7 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Wed, 3 Jan 2024 12:30:38 +0000
+Subject: [PATCH] parsec-cli-tests.sh: adapt to new serialNumber output
+
+openssl 3.2.0 from yocto prints serialNumber to output
+without spaces so support both that and the old with
+spaces output to pass the test. Not using regular
+expressions to work on simpler grep implementations.
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ tests/parsec-cli-tests.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Upstream-Status: Submitted [https://github.com/parallaxsecond/parsec-tool/pull/120]
+
+diff --git a/tests/parsec-cli-tests.sh b/tests/parsec-cli-tests.sh
+index 7693072..4dad2bb 100755
+--- a/tests/parsec-cli-tests.sh
++++ b/tests/parsec-cli-tests.sh
+@@ -225,7 +225,7 @@ test_csr() {
+         run_cmd $OPENSSL req -text -noout -verify -in ${MY_TMP}/${KEY}.csr >${MY_TMP}/${KEY}.txt
+         debug cat ${MY_TMP}/${KEY}.txt
+ 
+-        if ! cat ${MY_TMP}/${KEY}.txt | grep "Subject:" | grep "serialNumber = ${TEST_SERIAL}"; then
++        if ! cat ${MY_TMP}/${KEY}.txt | grep "Subject:" | grep -e "serialNumber = ${TEST_SERIAL}" -e "serialNumber=${TEST_SERIAL}"; then
+             echo "Error: The CSR does not contain the serialNumber field of the Distinguished Name"
+             EXIT_CODE=$(($EXIT_CODE+1))
+         fi
+-- 
+2.34.1
+
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.7.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.7.0.bb
index 26e4d803da..af0d36259e 100644
--- a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.7.0.bb
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.7.0.bb
@@ -5,7 +5,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 inherit cargo cargo-update-recipe-crates
 
-SRC_URI += "crate://crates.io/parsec-tool/${PV} \
+SRC_URI += "\
+  crate://crates.io/parsec-tool/${PV} \
+  file://0001-parsec-cli-tests.sh-adapt-to-new-serialNumber-output.patch \
 "
 SRC_URI[parsec-tool-0.7.0.sha256sum] = "76afb4416d04c5af9f81285dfff390b09c6926aabd6b4ee20dc07470a9698732"
 
diff --git a/meta-security/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb b/meta-security/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb
index 7ba64f5af1..df1dc04a72 100644
--- a/meta-security/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb
@@ -7,7 +7,7 @@ LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main"
-SRCREV = "e520f8fa637589324ec56d34f26a48a8162a250c"
+SRCREV = "e4827163741e0804f12ac96c81b8e97649be6795"
 
 DEPENDS += "libusb1"
 
diff --git a/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb b/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb
index 5b5864c4e7..b8b97a53a1 100644
--- a/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb
+++ b/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb
@@ -41,4 +41,4 @@ do_install () {
 FILES:${PN} += "${sysconfdir}/developer.prf ${sysconfdir}/default.prf"
 FILES:${PN}-doc += "lynis.8 FAQ README CHANGELOG.md CONTRIBUTIONS.md CONTRIBUTORS.md" 
 
-RDEPENDS:${PN} += "procps findutils"
+RDEPENDS:${PN} += "procps findutils coreutils iproute2-ip iproute2-ss net-tools"
diff --git a/meta-security/recipes-compliance/openscap/files/0001-Replace-distutils.sysconfig-with-sysconfig.patch b/meta-security/recipes-compliance/openscap/files/0001-Replace-distutils.sysconfig-with-sysconfig.patch
new file mode 100644
index 0000000000..f3f8cf773b
--- /dev/null
+++ b/meta-security/recipes-compliance/openscap/files/0001-Replace-distutils.sysconfig-with-sysconfig.patch
@@ -0,0 +1,57 @@
+From 9a8e01f8421f92f40b4cbff6cf055538e9a0b0ae Mon Sep 17 00:00:00 2001
+From: Evgeny Kolesnikov <ekolesni@redhat.com>
+Date: Thu, 25 Jan 2024 21:37:05 +0100
+Subject: [PATCH] Replace distutils.sysconfig with sysconfig
+
+Upstream-Status: Backport
+[https://github.com/OpenSCAP/openscap/commit/9a8e01f8421f92f40b4cbff6cf055538e9a0b0ae]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ docs/developer/developer.adoc | 2 +-
+ swig/python3/CMakeLists.txt   | 2 +-
+ utils/CMakeLists.txt          | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/docs/developer/developer.adoc b/docs/developer/developer.adoc
+index 77c6d5161..e923069cc 100644
+--- a/docs/developer/developer.adoc
++++ b/docs/developer/developer.adoc
+@@ -113,7 +113,7 @@ On Ubuntu 18.04 and potentially other distro, the python3 dist-packages path is
+ If the following command:
+ 
+ ----
+-$ python3 -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())"
++$ python3 -c "import sysconfig; print(sysconfig.get_path('platlib'))"
+ ----
+ 
+ returns "/usr/local/lib/python3/dist-packages" instead of a path like
+diff --git a/swig/python3/CMakeLists.txt b/swig/python3/CMakeLists.txt
+index 2594cf000..5f301326c 100644
+--- a/swig/python3/CMakeLists.txt
++++ b/swig/python3/CMakeLists.txt
+@@ -26,7 +26,7 @@ add_custom_target(python3_compile ALL DEPENDS ${PYTHON_COMPILED_FILES})
+ 
+ if(NOT PYTHON_SITE_PACKAGES_INSTALL_DIR)
+ execute_process(COMMAND
+-	${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(True, prefix='${CMAKE_INSTALL_PREFIX}'))"
++	${PYTHON_EXECUTABLE} -c "import sysconfig; print(sysconfig.get_path('platlib'))"
+ 	OUTPUT_VARIABLE PYTHON_SITE_PACKAGES_INSTALL_DIR
+ 	OUTPUT_STRIP_TRAILING_WHITESPACE
+ )
+diff --git a/utils/CMakeLists.txt b/utils/CMakeLists.txt
+index 93ce1f2a9..9347c2976 100644
+--- a/utils/CMakeLists.txt
++++ b/utils/CMakeLists.txt
+@@ -91,7 +91,7 @@ if(ENABLE_OSCAP_UTIL_DOCKER)
+ 
+ 	if(NOT PYTHON_SITE_PACKAGES_INSTALL_DIR)
+ 	execute_process(COMMAND
+-		${OSCAP_DOCKER_PYTHON} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(False, False, prefix='${CMAKE_INSTALL_PREFIX}'))"
++		${OSCAP_DOCKER_PYTHON} -c "import sysconfig; print(sysconfig.get_path('purelib'))"
+ 		OUTPUT_VARIABLE PYTHON_SITE_PACKAGES_INSTALL_DIR
+ 		OUTPUT_STRIP_TRAILING_WHITESPACE
+ 	)
+-- 
+2.25.1
+
diff --git a/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb b/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb
index 97261df0c5..d956ff1e04 100644
--- a/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb
+++ b/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb
@@ -11,7 +11,9 @@ DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native
 
 #Jun 22th, 2023
 SRCREV = "9b3e7563575f7e5b419f8a09999b40f30e3e7c29"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https"
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
+           file://0001-Replace-distutils.sysconfig-with-sysconfig.patch \
+          "
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.69.bb b/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
index 23637a5271..5e4533296e 100644
--- a/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.69.bb
+++ b/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
@@ -1,4 +1,4 @@
-# Copyright (C) 2017 - 2023 Armin Kuster  <akuster808@gmail.com>
+# Copyright (C) 2017 - 2024 Armin Kuster  <akuster808@gmail.com>
 # Released under the MIT license (see COPYING.MIT for the terms)
 
 SUMARRY = "SCAP content for various platforms, upstream version"
@@ -6,8 +6,8 @@ HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820"
 LICENSE = "BSD-3-Clause"
 
-SRCREV = "da283b9a360f2f42ad642c0c9b08b061501bc667"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https \
+SRCREV = "459f0abf2ac08d36e5fc4a2619bc75cff7000da9"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \
            file://run_eval.sh \
            file://run-ptest \
            "
diff --git a/meta-security/recipes-scanners/checksec/checksec_2.6.0.bb b/meta-security/recipes-scanners/checksec/checksec_2.6.0.bb
index f4a014e171..1ba3721432 100644
--- a/meta-security/recipes-scanners/checksec/checksec_2.6.0.bb
+++ b/meta-security/recipes-scanners/checksec/checksec_2.6.0.bb
@@ -16,6 +16,6 @@ do_install() {
     install -m 0755 ${S}/checksec ${D}${bindir}
 }
 
-RDEPENDS:${PN} = "bash openssl-bin binutils"
+RDEPENDS:${PN} = "bash openssl-bin binutils findutils file procps"
 
 BBCLASSEXTEND = "native"