subtree updates

poky: 94dfcaff64..359e1cb62f:
  Alexander Kanavin (76):
        tcf-agent: fetching over git:// no longer works
        lighttpd: convert from autotools to meson
        libxcrypt: upgrade 4.4.23 -> 4.4.25
        python3-cython: upgrade 0.29.23 -> 0.29.24
        python3-numpy: upgrade 1.21.0 -> 1.21.2
        systemd: upgrade 249.1 -> 249.3
        xeyes: upgrade 1.1.2 -> 1.2.0
        btrfs-tools: update 5.13 -> 5.13.1
        diffutils: update 3.7 -> 3.8
        mc: update 4.8.26 - > 4.8.27
        libsdl2: update 2.0.14 -> 2.0.16
        vulkan-samples: update to latest revision
        pulseaudio: update 14.2 -> 15.0
        libjitterentropy: update 3.0.2 -> 3.1.0
        usbutils: upgrade 013 -> 014
        inetutils: upgrade 2.0 -> 2.1
        mobile-broadband-provider-info: upgrade 20201225 -> 20210805
        glib-networking: upgrade 2.68.1 -> 2.68.2
        e2fsprogs: upgrade 1.46.2 -> 1.46.4
        help2man: upgrade 1.48.3 -> 1.48.4
        libedit: upgrade 20210522-3.1 -> 20210714-3.1
        log4cplus: upgrade 2.0.6 -> 2.0.7
        mtools: upgrade 4.0.34 -> 4.0.35
        patchelf: upgrade 0.12 -> 0.13
        pkgconf: upgrade 1.7.4 -> 1.8.0
        python3-git: upgrade 3.1.18 -> 3.1.20
        python3-pip: upgrade 21.2.1 -> 21.2.4
        python3-pygments: upgrade 2.9.0 -> 2.10.0
        python3-setuptools: upgrade 57.1.0 -> 57.4.0
        squashfs-tools: upgrade 4.4 -> 4.5
        acpica: upgrade 20210331 -> 20210730
        libidn2: upgrade 2.3.1 -> 2.3.2
        stress-ng: upgrade 0.12.12 -> 0.13.00
        sudo: upgrade 1.9.7p1 -> 1.9.7p2
        epiphany: upgrade 40.2 -> 40.3
        libgudev: upgrade 236 -> 237
        libjpeg-turbo: upgrade 2.1.0 -> 2.1.1
        libepoxy: upgrade 1.5.8 -> 1.5.9
        pango: upgrade 1.48.7 -> 1.48.9
        mesa: upgrade 21.1.5 -> 21.2.1
        libinput: upgrade 1.18.0 -> 1.18.1
        libxfont2: upgrade 2.0.4 -> 2.0.5
        libxft: upgrade 2.3.3 -> 2.3.4
        xserver-xorg: upgrade 1.20.12 -> 1.20.13
        linux-firmware: upgrade 20210511 -> 20210818
        wireless-regdb: upgrade 2021.04.21 -> 2021.07.14
        libwebp: upgrade 1.2.0 -> 1.2.1
        webkitgtk: upgrade 2.32.2 -> 2.32.3
        boost: upgrade 1.76.0 -> 1.77.0
        diffoscope: upgrade 179 -> 181
        enchant2: upgrade 2.3.0 -> 2.3.1
        re2c: upgrade 2.1.1 -> 2.2
        rng-tools: upgrade 6.13 -> 6.14
        kea: backport a patch to fix build errors exposed by latest update batch
        qemu: add a hint on how to enable CPU render nodes when a suitable GPU is absent
        mc: fix reproducibility
        libjitterentropy: remove contaminated hashequiv entry
        binutils: drop target flex/bison from build dependencies
        gnu-efi: update 3.0.13 -> 3.0.14
        glib-2.0: upgrade 2.68.3 -> 2.68.4
        util-linux: upgrade 2.37.1 -> 2.37.2
        ccache: upgrade 4.3 -> 4.4
        git: upgrade 2.32.0 -> 2.33.0
        openssh: upgrade 8.6p1 -> 8.7p1
        ell: upgrade 0.42 -> 0.43
        python3-mako: upgrade 1.1.4 -> 1.1.5
        vala: upgrade 0.52.4 -> 0.52.5
        libnsl2: upgrade 1.3.0 -> 2.0.0
        gi-docgen: upgrade 2021.6 -> 2021.7
        json-glib: upgrade 1.6.2 -> 1.6.4
        bind: upgrade 9.16.19 -> 9.16.20
        harfbuzz: upgrade 2.8.2 -> 2.9.0
        qemurunner.py: print output from runqemu/qemu-system in stop()
        qemurunner.py: handle getOutput() having nothing to read
        rust: fix upstream version checks
        mesa: enable crocus driver for older intel graphics

  Andreas Müller (2):
        mesa: upgrade 21.1.5 -> 21.1.7
        binutils: Apply upstream patch to fix 'too many open files' on qtwebengine

  Andrej Valek (2):
        busybox: 1.33.1 -> 1.34.0
        vim: add option to disable NLS support

  Andres Beltran (2):
        buildhistory: Add output file listing package information
        buildhistory: Label packages providing per-file dependencies in depends.dot

  Andrey Zhizhikin (2):
        lttng-modules: do not search in non-existing folder during install
        nativesdk-packagegroup-sdk-host: add perl integer module

  Armin Kuster (2):
        lz4: Security Fix for CVE-2021-3520
        lz4: remove rest of ptest artifacts

  Bruce Ashfield (21):
        linux-yocto/5.13: update to v5.13.7
        linux-yocto/5.4: update to v5.4.137
        linux-yocto/5.10: update to v5.10.55
        linux-yocto/5.4: update to v5.4.139
        linux-yocto/5.10: update to v5.10.57
        linux-yocto/5.13: update to v5.13.9
        linux-yocto/5.4: remove recipes
        conf/machine: bump qemu preferred versions to 5.13
        linux-yocto-dev: bump to v5.14+
        lttng-modules: update to 2.13.0
        kernel-devsrc: 5.14+ updates
        kernel-devsrc: fix 5.14+ objtool compilation
        poky/poky-tiny: set default kernel to 5.13
        poky: set default kernel to 5.13
        yocto-bsp: drop 5.4 bbappend
        poky-alt: switch default kernel to 5.10
        linux-yocto/5.13: update to v5.13.11
        linux-yocto/5.10: update to v5.10.59
        linux-yocto/5.13: update to v5.13.12
        linux-yocto/5.10: update to v5.10.60
        parselogs.py: ignore intermittent CD/DVDROM identification failure

  Chen Qi (1):
        package_rpm/update-alternatives: fix package's provides

  Daniel Gomez (2):
        wic: Add --no-fstab-update part option
        oeqa: wic: Add tests for --no-fstab-update

  Denys Dmytriyenko (1):
        grep: upgrade 3.6 -> 3.7

  Enrico Scholz (1):
        bitbake: fetch2/wget: fix 'no_proxy' handling

  Hongxu Jia (2):
        nativesdk-pseudo: Fix to work with glibc 2.34 systems
        glibc: fix create thread failed in unprivileged process

  Hsia-Jun Li (1):
        lib/oe/elf: Add Android OS to machine_dict

  Jon Mason (8):
        arch-armv8m-main: missing space
        conf/machine: move tune files to architecture directories
        yocto-bsp: update machine confs with new tune locations
        docs: update docs with new tune locations
        arch-arm*: add better support for gcc march extensions
        tune-cortexr*: add support for all Arm Cortex-R processors
        arch-arm*: Fix bugs with dsp and simd feature include files
        tune-*: Use more specific DEFAULTTUNE

  Jose Quaresma (1):
        sstate.bbclass: get the number of threads from BB_NUMBER_THREADS

  Joshua Watt (17):
        bitbake: contrib: vim: Add "remove" override highlighting
        bitbake.conf: Add lz4c, pzstd and zstd
        bitbake: bitbake: asyncrpc: Defer all asyncio to child process
        conf/licenses: Add FreeType SPDX mapping
        tzdata: Remove BSD License specifier
        glib-2.0: Use specific BSD license variant
        e2fsprogs: Use specific BSD license variant
        shadow: Use specific BSD license variant
        libcap: Use specific BSD license variant
        sudo: Use specific BSD license variant
        libpam: Use specific BSD license variant
        libxfont2: Use specific BSD license variant
        libjitterentropy: Use specific BSD license variant
        libx11: Use specific BSD license variant
        font-util: Use specific BSD license variant
        flac: Use specific BSD license variant
        swig: Use specific BSD license variant

  Kai Kang (2):
        libcgroup: fix installed-vs-shipped qa issue
        rustfmt: fix SRC_URI

  Kevin Hao (2):
        meta-yocto-bsp: Set the default kernel to v5.13
        meta-yocto-bsp: Bump the kernel to v5.13.11

  Khem Raj (2):
        weston: Re-order gbm destruction at DRM-backend tear down
        musl: Update to latest tip of trunk

  Kristian Klausen (1):
        systemd: Add repart PACKAGECONFIG

  Marco Felsch (1):
        bitbake: bitbake: bitbake-layers: add skip reason to output

  Marek Vasut (1):
        weston: Add rdp PACKAGECONFIG

  Marta Rybczynska (1):
        lzo: add CVE_PRODUCT

  Martin Jansa (3):
        bitbake: prserv: handle PRSERV_HOST = "127.0.0.1:0" the same as "localhost:0"
        bitbake: cooker/process: Fix typos in exiting message
        rust: remove unused patches

  Michael Halstead (2):
        uninative: Upgrade to 3.3, support glibc 2.34
        uninative: Upgrade to 3.4

  Michael Opdenacker (2):
        maintainers.inc: maintainer for alsa-*, flac, lame and speex
        meta: stop using "virtual/" in RPROVIDES and RDEPENDS

  Mingli Yu (2):
        shadow: fix default value in SHA_get_salt_rounds()
        bitbake: prserv: make localhost work

  Oleksandr Popovych (1):
        utils: Reduce the number of calls to the "dirname" command

  Oliver Kranz (1):
        Allow global override of golang GO_DYNLINK

  Paul Barker (2):
        bitbake: prserv: Replace XML RPC with modern asyncrpc implementation
        bitbake: prserv: Add read-only mode

  Paul Gortmaker (1):
        ltp: backport ioctl_ns05 fix from upstream

  Peter Kjellerstedt (7):
        lttng-modules: Make it build when CONFIG_TRACEPOINTS is not enabled again
        poky-floating-revisions.inc: Use new override syntax for commented vars
        local.conf.sample: Use the new override syntax for a commented variable
        bitbake.conf: Use the new variable override syntax in a comment
        buildhistory-collect-srcrevs: Adapt to the new variable override syntax
        meson.bbclass: Make the default buildtype "debug" if DEBUG_BUILD is 1
        bitbake: providers: Use new override syntax when handling pn- "override"

  Purushottam Choudhary (1):
        assimp: added patch to fix hardcoded non-existing paths in CMake modules

  Randy MacLeod (8):
        openssl: upgrade from 1.1.1k to 1.1.1l
        rust: initial merge of most of meta-rust
        rust: mv README.md to recipes-devtools/rust/README-rust.md
        rust: update the README to conform to being in oe-core
        cargo/rust/rustfmt: exclude from world
        maintainers: Add myself as maintainer for rust pkgs
        cargo_common: remove http_proxy
        rust: remove Rust version 1.51.0 toolchain

  Richard Purdie (27):
        elfutils: Add zstd PACKAGECONFIG for determinism
        man-db: Add compression PACKAGECONFIG entries
        oeqa/selftest/glibc: Handle incorrect encoding issuesin glibc test results
        package/scripts: Fix FILES_INFO handling
        package: Fix overrides converion issue with PKGSIZE
        bitbake: bitbake: Make 3.6.0 the minimum python version
        elfutils: Fix ptest dependencies
        bsp-guide: Fix reference to bbappend section of dev-manual
        ref-manual: Fix reference to bbappend section of dev-manual
        gcc: Fix nativesdk builds and multilib fixes with gcc 11
        bitbake: README: Add note about test suite and new tests
        pseudo: Fix to work with glibc 2.34 systems
        bitbake: README: Fix typo
        rust-cross*: Fix OVERRRIDE references in task signature computation
        rust-cross-canadian-common: Use rust.inc directly, not rust-target
        cargo: Ensure cargo-cross-canadian doesn't have native/nativesdk versions
        rust-native: Avoid stripped warning
        rust-llvm: Add missing HOMEPAGE
        rust: Skip target recipe since it doesn't work
        oeqa/selftest/distrodata: Fix up rust maintainer testing
        rust: Avoid buildtools+uninative issues with glibc symbols mismatches
        rust-common: Add LDFLAGS to cc wrapper
        oeqa/selftest/reproducibile: Exclude rust packages
        kernel: Use unexpanded EXTENDPKGV
        oeqa/buildtools-cases: Allow bitbake time to shutdown
        cargo: Apply uninative fix to snapshot as with rust
        rust-common: Hack around LD_LIBRARY_PATH issues on centos7

  Robert P. J. Day (1):
        scripts/lib/wic/help/py: "Redhat" -> "Red Hat"

  Ross Burton (11):
        oeqa/selftest/buildoptions: test buildhistory PKGSIZE and FILELIST fields
        uninative: Improve glob to handle glibc 2.34
        oeqa/sdk: add relocation test for buildtools
        glibc: package the stub .a libaries into glibc-dev
        oeqa/sdk: add HTTPS test for buildtools
        libcgroup: upgrade to 2.0
        gcc: also relocate the musl loader
        local.conf.sample.extended: fix commented-out override syntax
        cpio: backport fix for CVE-2021-38185
        mesa: fix build on Arm V5 with soft float
        ptest: allow the ptest-packagelists.inc warning to be disabled

  Sakib Sajal (1):
        qemu: fix CVE-2021-3682

  Scott Murray (2):
        bitbake: bitbake: asyncrpc: always create new asyncio loops
        prservice: remove connection caching

  Stefan Herbrechtsmeier (4):
        u-boot: Remove redundancy from installed and deployed SPL artifact names
        u-boot: Remove misplaced configuration type variable
        u-boot: Make SPL suffix configurable
        u-boot: Make UBOOT_BINARYNAME configurable

  Tim Orling (7):
        python3-importlib-metadata: upgrade 4.6.3 -> 4.6.4
        python3-hypothesis: upgrade 6.14.5 -> 6.14.8
        python3-hypothesis: upgrade 6.14.8 -> 6.15.0
        python3-hypothesis: enable ptest
        python3-pluggy: upgrade 0.13.1 -> 1.0.0
        python3-pytest: allow python3-pluggy >=1.0.0
        rust-common.bbclass: export RUST_TARGET_PATH

  Trevor Gamblin (1):
        bluez: upgrade 5.60 -> 5.61

  Trevor Woerner (1):
        distro_features_check: expand with IMAGE_FEATURES

  Vinay Kumar (2):
        glibc: Fix CVE-2021-38604
        rust-common.inc: Fix build failure with qemuppc64.

  Yi Zhao (2):
        prelink: add PACKAGECONFIG for selinux
        shadow: add /etc/default/useradd

  Zoltán Böszörményi (4):
        kernel-module-split.bbclass: Support zstd-compressed modules
        Allow opt-out of split kernel modules
        kernel.bbclass: Use full versions for inter-package dependencies
        base/kernel: Support zstd-compressed squashfs and cpio initramfs

  leimaohui (2):
        Fix conflict error when enable multilib.
        wordsize.h: Fix a miss, this file in arm and aarch64 should be the same.

meta-raspberrypi: 32921fc9bd..a6fa6b3aec:
  Khem Raj (4):
        machines: Use tune files from new location in oe-core
        linux-raspberrypi: Update to 5.10.59
        raspberrypi-firmware: Update to latest
        raspberrypi4: Use full kms (vc4-kms-v3d) DT overlay

  Marcus Comstedt (1):
        pi-bluetooth: Add compatibility with non-systemd builds

  Tom Rini (1):
        xserver-xf86-config: Correctly append to FILES:${PN}

meta-security: c885d399cd..1f18c623e9:
  Armin Kuster (10):
        cryfs: add new package
        kas-security-bas: bump conf value
        kas: fix DISTRO appends
        dm-verity-img.bbclass: more overided fixups
        krill: Rust is in core now
        suricata: rust is in core
        layer.conf: drop dynamic-layer
        layer.conf: drop meta-rust
        harden-image-minimal: fix useradd inherit
        kas: remove rust layers

  Daiane Angolini (1):
        meta-integrity: kernel-modsign: Change weak default value

  George Liu (1):
        meta: Fix typos

  Marta Rybczynska (2):
        README: fix mailing lists
        README: fix mailing lists and a typo

meta-openembedded: a13db91f19..9fdc7960ba:
  Andreas Müller (6):
        catch2: upgrade 2.13.6 -> 2.13.7
        fltk/CMake: Do not export executable 'fluid'
        fltk: upgrade 1.3.6 -> 1.3.7
        network-manager-applet: upgrade 1.22.0 -> 1.24.0
        networkmanager: upgrade 1.32.4 -> 1.32.8
        udisks2: upgrade 2.9.2 -> 2.9.3

  Anton Blanchard (2):
        boost-url: Use GNUInstallDirs instead of hard wiring install directories
        cereal: Use GNUInstallDirs instead of hard wiring install directories

  Changqing Li (1):
        linuxptp: upgrade 3.1 -> 3.1.1

  Devendra Tewari (1):
        android-tools: Add flag to enable adbd service (#147)

  Dmitry Baryshkov (1):
        image_types_sparse: stop using ext2simg

  Easwar Hariharan (1):
        chrony: Fix privdrop packageconfig

  Joe Slater (1):
        nginx: fix CVE-2021-3618

  Justin Bronder (1):
        hidapi: add rdep on glibc-gconv-utf-16

  Khem Raj (7):
        layer.conf: Add ttf-ipa to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS on fontconfig
        mpich: link explictly with libgcc
        packagegroup-meta-networking: Add bmon
        libnss-nisplus: Remove
        pipewire: Upgrade to 0.3.34
        bluealsa: Add recipe
        apitrace: Enable on glibc >= 2.34

  Leon Anavi (21):
        python3-astroid: Upgrade 2.6.6 -> 2.7.0
        python3-ujson: Upgrade 4.0.2 -> 4.1.0
        python3-pycurl: Upgrade 7.44.0 -> 7.44.1
        python3-websocket-client: Upgrade 1.1.0 -> 1.2.1
        python3-bitarray: Upgrade 2.2.5 -> 2.3.0
        python3-langtable: Upgrade 0.0.54 -> 0.0.56
        python3-pandas: Upgrade 1.3.1 -> 1.3.2
        python3-tzlocal: Upgrade 2.1 -> 3.0
        python3-zeroconf: Upgrade 0.34.3 -> 0.36.0
        python3-dbus-next: Upgrade 0.2.2 -> 0.2.3
        python3-astroid: Upgrade 2.7.0 -> 2.7.1
        python3-ruamel-yaml: Upgrade 0.17.10 -> 0.17.11
        python3-unidiff: Upgrade 0.6.0 -> 0.7.0
        python3-qrcode: Upgrade 7.2 -> 7.3
        python3-simplejson: Upgrade 3.17.3 -> 3.17.4
        python3-regex: Upgrade 2021.7.6 -> 2021.8.3
        python3-colorlog: Upgrade 5.0.1 -> 6.4.1
        python3-ruamel-yaml: Upgrade 0.17.11 -> 0.17.13
        python3-simplejson: Upgrade 3.17.4 -> 3.17.5
        python3-bitarray: Upgrade 2.3.0 -> 2.3.2
        python3-watchdog: Upgrade 2.1.3 -> 2.1.5

  Martin Jansa (1):
        layer.conf: Add ttf-takao to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS on fontconfig

  Matija Tudan (1):
        gpsd: upgrade 3.20 -> 3.23

  Matteo Croce (1):
        libbpf: bump to 0.4.0

  Michael Opdenacker (2):
        meta-multimedia: stop using "virtual/" in RPROVIDES and RDEPENDS
        meta-oe: stop using "virtual/" in RPROVIDES and RDEPENDS

  Mingli Yu (4):
        polkit: fix CVE-2021-3560
        vsftpd: Upgrade to 3.0.5
        mariadb: Upgrade to 10.6.4
        jemalloc: improve reproducibility

  Nathan Rossi (1):
        nginx: Fix off_t size passed in configure

  Oleksandr Kravchuk (6):
        font-adobe-100dpi: fix UPSTREAM_CHECK_REGEX
        font-adobe-utopia-100dpi: fix UPSTREAM_CHECK_REGEX
        font-bh-100dpi: fix UPSTREAM_CHECK_REGEX
        font-bh-lucidatypewriter-100dpi: fix UPSTREAM_CHECK_REGEX
        font-bitstream-100dpi: fix UPSTREAM_CHECK_REGEX
        xf86-input-tslib: update to 1.1.1

  Patrick Areny (2):
        libConfuse: Add recipe
        bmon: Add recipe

  Peter Kjellerstedt (6):
        gpsd: Let scons install the udev and systemd files
        gpsd: Move /usr/share/gpsd/doc to the gpsd-doc package
        poppler: Explicitly enable/disable boost together with splash
        chrony: Use new override syntax for USERADD_PARAM
        gpsd: Correct the installation of gpsd.hotplug if systemd is not enabled
        gpsd: Do not install gpsd.hotplug unconditionally

  Peter Morrow (1):
        libbpf: remove stale comment

  Sakib Sajal (2):
        lmdb: use libprefix in Makefile to install libraries
        gd: fix CVE-2021-38115

  Sinan Kaya (4):
        c-ares: remove custom patches
        grpc: make SHARED library build optional
        libkcapi: add a hash only packageconfig
        libkcapi: allow an option to build natively

  Tim Orling (2):
        bootchart: drop; unfetchable
        python3-django_2.2.x: only check upstream 2.2.x

  Trevor Gamblin (5):
        python3-click: Add missing ptest artifacts
        python3-eventlet: add 0.30.2 to meta-python
        python3-gunicorn: tweak run-ptest, add RDEPENDS
        python3-license-expression: add ptest artifacts
        nftables: upgrade 0.9.9 -> 1.0.0

  Vesa Jääskeläinen (2):
        python3-cached-property: Add recipe for version 1.5.2
        python3-pkcs11: Add recipe for version 0.7.0

  Yi Zhao (2):
        audit: upgrade 3.0.4 -> 3.0.5
        krb5: filtering out -f*-prefix-map from krb5-config

  Zoltán Böszörményi (1):
        metacity: Add a patch to create build/src/core before moving generated sources to it

  leimaohui (3):
        packagegroup-meta-oe: Update ttf-ipa package name.
        uim: Dleted takao fonts from DEPENDS.
        takao-fonts: It should be in ttf-fonts directory as the other ttf fonts.

  wangmy (14):
        fetchmail: upgrade 6.4.20 -> 6.4.21
        c-ares: upgrade 1.17.1 -> 1.17.2
        icewm: upgrade 2.6.0 -> 2.7.0
        netplan: upgrade 0.102 -> 0.103
        ctags: upgrade 5.9.20210801.0 -> 5.9.20210815.0
        live555: upgrade 20210720 -> 20210809
        opensc: upgrade 0.21.0 -> 0.22.0
        xfsprogs: upgrade 5.12.0 -> 5.13.0
        networkmanager: upgrade 1.32.8 -> 1.32.10
        can-utils: upgrade 2021.06.0 -> 2021.08.0
        doxygen: upgrade 1.9.1 -> 1.9.2
        gensio: upgrade 2.2.8 -> 2.2.9
        live555: upgrade 20210809 -> 20210824
        sedutil: upgrade 1.15.1.01 -> 1.20.0

  zangrc (14):
        python3-flask-migrate: upgrade 3.0.1 -> 3.1.0
        python3-flask-socketio: upgrade 5.1.0 -> 5.1.1
        python3-google-api-python-client: upgrade 2.15.0 -> 2.17.0
        python3-grpcio-tools: upgrade 1.38.1 -> 1.39.0
        python3-grpcio: upgrade 1.38.1 -> 1.39.0
        python3-wheel: upgrade 0.36.2 -> 0.37.0
        libio-socket-ssl-perl: upgrade 2.071 -> 2.072
        python3-aiohttp-jinja2: upgrade 1.4.2 -> 1.5
        python3-gevent: upgrade 21.1.2 -> 21.8.0
        python3-google-api-python-client: upgrade 2.17.0 -> 2.18.0
        python3-h5py: upgrade 3.3.0 -> 3.4.0
        python3-haversine: upgrade 2.3.1 -> 2.4.0
        python3-pyephem: upgrade 3.7.7.1 -> 4.0.0.2
        rdma-core: upgrade 35.0 -> 36.0

  zhengruoqin (12):
        libqmi: upgrade 1.28.8 -> 1.30.0
        sedutil: upgrade 1.15.1 -> 1.15.1.01
        libencode-perl: upgrade 3.11 -> 3.12
        python3-pymisp: upgrade 2.4.144 -> 2.4.148
        python3-pyzmq: upgrade 22.1.0 -> 22.2.1
        python3-tqdm: upgrade 4.62.0 -> 4.62.2
        iwd: upgrade 1.16 -> 1.17
        xmlsec1: upgrade 1.2.31 -> 1.2.32
        xrdb: upgrade 1.2.0 -> 1.2.1
        python3-regex: upgrade 2021.8.3 -> 2021.8.27
        python3-sqlalchemy: upgrade 1.4.22 -> 1.4.23
        python3-stevedore: upgrade 3.3.0 -> 3.4.0

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I2960f1ce53a1e2cde8b03b929829db9a2f105541

4 files changed, 390 insertions, 0 deletions

diff --git a/meta-security/recipes-security/cryfs/cryfs_0.10.3.bb b/meta-security/recipes-security/cryfs/cryfs_0.10.3.bb
new file mode 100644
index 000000000..74f32a495
--- /dev/null
+++ b/meta-security/recipes-security/cryfs/cryfs_0.10.3.bb
@@ -0,0 +1,10 @@
+SUMMARY = "CryFS encrypts your files, so you can safely store them anywhere."
+HOMEDIR = "https://www.cryfs.org"
+
+LICENSE = "LGPL-3.0"
+FILE_CHK_SUM = "file://;md5=12345"
+
+SRC_URI = "https://github.com/${BPN}/${BPN}.git"
+SRCREV = "0f83a1ab7e5ca9f37f97bc57b20d3fab0f351d11"
+
+inherit cmake
diff --git a/meta-security/recipes-security/krill/files/panic_workaround.patch b/meta-security/recipes-security/krill/files/panic_workaround.patch
new file mode 100644
index 000000000..9b08cb5ce
--- /dev/null
+++ b/meta-security/recipes-security/krill/files/panic_workaround.patch
@@ -0,0 +1,16 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/Cargo.toml
+===================================================================
+--- git.orig/Cargo.toml
++++ git/Cargo.toml
+@@ -71,7 +71,7 @@ static-openssl = [ "openssl/vendored" ]
+ # Make sure that Krill crashes on panics, rather than losing threads and
+ # limping on in a bad state.
+ [profile.release]
+-panic = "abort"
++#panic = "abort"
+ 
+ [dev-dependencies]
+ # for user management
diff --git a/meta-security/recipes-security/krill/krill.inc b/meta-security/recipes-security/krill/krill.inc
new file mode 100644
index 000000000..f86468b96
--- /dev/null
+++ b/meta-security/recipes-security/krill/krill.inc
@@ -0,0 +1,325 @@
+# please note if you have entries that do not begin with crate://
+# you must change them to how that package can be fetched
+SRC_URI += " \
+    crate://crates.io/addr2line/0.14.1 \
+    crate://crates.io/adler/1.0.2 \
+    crate://crates.io/adler32/1.2.0 \
+    crate://crates.io/aho-corasick/0.7.15 \
+    crate://crates.io/ansi_term/0.11.0 \
+    crate://crates.io/ansi_term/0.12.1 \
+    crate://crates.io/arrayref/0.3.6 \
+    crate://crates.io/arrayvec/0.5.2 \
+    crate://crates.io/ascii-canvas/2.0.0 \
+    crate://crates.io/ascii/1.0.0 \
+    crate://crates.io/atty/0.2.14 \
+    crate://crates.io/autocfg/0.1.7 \
+    crate://crates.io/autocfg/1.0.1 \
+    crate://crates.io/backtrace/0.3.56 \
+    crate://crates.io/base64/0.10.1 \
+    crate://crates.io/base64/0.12.3 \
+    crate://crates.io/base64/0.13.0 \
+    crate://crates.io/basic-cookies/0.1.4 \
+    crate://crates.io/bcder/0.5.1 \
+    crate://crates.io/bit-set/0.5.2 \
+    crate://crates.io/bit-vec/0.6.3 \
+    crate://crates.io/bitflags/1.2.1 \
+    crate://crates.io/blake2b_simd/0.5.11 \
+    crate://crates.io/block-buffer/0.9.0 \
+    crate://crates.io/bumpalo/3.6.1 \
+    crate://crates.io/byteorder/1.4.3 \
+    crate://crates.io/bytes/0.4.12 \
+    crate://crates.io/bytes/0.5.6 \
+    crate://crates.io/bytes/1.0.1 \
+    crate://crates.io/cc/1.0.67 \
+    crate://crates.io/cfg-if/0.1.10 \
+    crate://crates.io/cfg-if/1.0.0 \
+    crate://crates.io/chrono/0.4.19 \
+    crate://crates.io/chunked_transfer/1.4.0 \
+    crate://crates.io/cipher/0.2.5 \
+    crate://crates.io/clap/2.33.3 \
+    crate://crates.io/clokwerk/0.3.4 \
+    crate://crates.io/cloudabi/0.0.3 \
+    crate://crates.io/constant_time_eq/0.1.5 \
+    crate://crates.io/cookie/0.12.0 \
+    crate://crates.io/cookie_store/0.7.0 \
+    crate://crates.io/core-foundation-sys/0.8.2 \
+    crate://crates.io/core-foundation/0.9.1 \
+    crate://crates.io/cpuid-bool/0.1.2 \
+    crate://crates.io/crc32fast/1.2.1 \
+    crate://crates.io/crossbeam-deque/0.7.3 \
+    crate://crates.io/crossbeam-epoch/0.8.2 \
+    crate://crates.io/crossbeam-queue/0.2.3 \
+    crate://crates.io/crossbeam-utils/0.7.2 \
+    crate://crates.io/crossbeam-utils/0.8.3 \
+    crate://crates.io/crunchy/0.2.2 \
+    crate://crates.io/crypto-mac/0.10.0 \
+    crate://crates.io/ctrlc/3.1.9 \
+    crate://crates.io/deunicode/0.4.3 \
+    crate://crates.io/diff/0.1.12 \
+    crate://crates.io/digest/0.9.0 \
+    crate://crates.io/dirs/1.0.5 \
+    crate://crates.io/dtoa/0.4.8 \
+    crate://crates.io/either/1.6.1 \
+    crate://crates.io/ena/0.14.0 \
+    crate://crates.io/encoding_rs/0.8.28 \
+    crate://crates.io/error-chain/0.11.0 \
+    crate://crates.io/failure/0.1.8 \
+    crate://crates.io/failure_derive/0.1.8 \
+    crate://crates.io/fern/0.5.9 \
+    crate://crates.io/fixedbitset/0.2.0 \
+    crate://crates.io/flate2/1.0.20 \
+    crate://crates.io/fnv/1.0.7 \
+    crate://crates.io/foreign-types-shared/0.1.1 \
+    crate://crates.io/foreign-types/0.3.2 \
+    crate://crates.io/form_urlencoded/1.0.1 \
+    crate://crates.io/fuchsia-cprng/0.1.1 \
+    crate://crates.io/fuchsia-zircon-sys/0.3.3 \
+    crate://crates.io/fuchsia-zircon/0.3.3 \
+    crate://crates.io/futures-channel/0.3.14 \
+    crate://crates.io/futures-core/0.3.14 \
+    crate://crates.io/futures-cpupool/0.1.8 \
+    crate://crates.io/futures-executor/0.3.14 \
+    crate://crates.io/futures-io/0.3.14 \
+    crate://crates.io/futures-macro/0.3.14 \
+    crate://crates.io/futures-sink/0.3.14 \
+    crate://crates.io/futures-task/0.3.14 \
+    crate://crates.io/futures-util/0.3.14 \
+    crate://crates.io/futures/0.1.31 \
+    crate://crates.io/futures/0.3.14 \
+    crate://crates.io/generic-array/0.14.4 \
+    crate://crates.io/getrandom/0.1.16 \
+    crate://crates.io/getrandom/0.2.2 \
+    crate://crates.io/gimli/0.23.0 \
+    crate://crates.io/h2/0.1.26 \
+    crate://crates.io/h2/0.2.7 \
+    crate://crates.io/hashbrown/0.9.1 \
+    crate://crates.io/hermit-abi/0.1.18 \
+    crate://crates.io/hex/0.4.3 \
+    crate://crates.io/hmac/0.10.1 \
+    crate://crates.io/http-body/0.1.0 \
+    crate://crates.io/http-body/0.3.1 \
+    crate://crates.io/http/0.1.21 \
+    crate://crates.io/http/0.2.4 \
+    crate://crates.io/httparse/1.3.6 \
+    crate://crates.io/httpdate/0.3.2 \
+    crate://crates.io/hyper-tls/0.3.2 \
+    crate://crates.io/hyper-tls/0.4.3 \
+    crate://crates.io/hyper/0.12.36 \
+    crate://crates.io/hyper/0.13.10 \
+    crate://crates.io/idna/0.1.5 \
+    crate://crates.io/idna/0.2.2 \
+    crate://crates.io/impl-trait-for-tuples/0.2.1 \
+    crate://crates.io/indexmap/1.6.2 \
+    crate://crates.io/intervaltree/0.2.6 \
+    crate://crates.io/iovec/0.1.4 \
+    crate://crates.io/ipnet/2.3.0 \
+    crate://crates.io/itertools/0.10.0 \
+    crate://crates.io/itertools/0.9.0 \
+    crate://crates.io/itoa/0.4.7 \
+    crate://crates.io/jmespatch/0.3.0 \
+    crate://crates.io/js-sys/0.3.50 \
+    crate://crates.io/kernel32-sys/0.2.2 \
+    crate://crates.io/lalrpop-util/0.19.5 \
+    crate://crates.io/lalrpop/0.19.5 \
+    crate://crates.io/lazy_static/1.4.0 \
+    crate://crates.io/libc/0.2.93 \
+    crate://crates.io/libflate/1.0.4 \
+    crate://crates.io/libflate_lz77/1.0.0 \
+    crate://crates.io/lock_api/0.3.4 \
+    crate://crates.io/log/0.4.14 \
+    crate://crates.io/maplit/1.0.2 \
+    crate://crates.io/matchers/0.0.1 \
+    crate://crates.io/matches/0.1.8 \
+    crate://crates.io/maybe-uninit/2.0.0 \
+    crate://crates.io/memchr/2.3.4 \
+    crate://crates.io/memoffset/0.5.6 \
+    crate://crates.io/mime/0.3.16 \
+    crate://crates.io/mime_guess/2.0.3 \
+    crate://crates.io/miniz_oxide/0.4.4 \
+    crate://crates.io/mio/0.6.23 \
+    crate://crates.io/miow/0.2.2 \
+    crate://crates.io/native-tls/0.2.7 \
+    crate://crates.io/net2/0.2.37 \
+    crate://crates.io/new_debug_unreachable/1.0.4 \
+    crate://crates.io/nix/0.20.0 \
+    crate://crates.io/num-integer/0.1.44 \
+    crate://crates.io/num-traits/0.2.14 \
+    crate://crates.io/num_cpus/1.13.0 \
+    crate://crates.io/oauth2/4.0.0 \
+    crate://crates.io/object/0.23.0 \
+    crate://crates.io/once_cell/1.7.2 \
+    crate://crates.io/opaque-debug/0.3.0 \
+    crate://crates.io/openidconnect/2.0.0 \
+    crate://crates.io/openssl-probe/0.1.2 \
+    crate://crates.io/openssl-src/111.15.0+1.1.1k \
+    crate://crates.io/openssl-sys/0.9.61 \
+    crate://crates.io/openssl/0.10.33 \
+    crate://crates.io/ordered-float/1.1.1 \
+    crate://crates.io/oso/0.12.0 \
+    crate://crates.io/parking_lot/0.9.0 \
+    crate://crates.io/parking_lot_core/0.6.2 \
+    crate://crates.io/pbkdf2/0.7.5 \
+    crate://crates.io/percent-encoding/1.0.1 \
+    crate://crates.io/percent-encoding/2.1.0 \
+    crate://crates.io/petgraph/0.5.1 \
+    crate://crates.io/phf_shared/0.8.0 \
+    crate://crates.io/pico-args/0.4.0 \
+    crate://crates.io/pin-project-internal/1.0.6 \
+    crate://crates.io/pin-project-lite/0.1.12 \
+    crate://crates.io/pin-project-lite/0.2.6 \
+    crate://crates.io/pin-project/1.0.6 \
+    crate://crates.io/pin-utils/0.1.0 \
+    crate://crates.io/pkg-config/0.3.19 \
+    crate://crates.io/polar-core/0.12.0 \
+    crate://crates.io/ppv-lite86/0.2.10 \
+    crate://crates.io/precomputed-hash/0.1.1 \
+    crate://crates.io/proc-macro-hack/0.5.19 \
+    crate://crates.io/proc-macro-nested/0.1.7 \
+    crate://crates.io/proc-macro2/1.0.26 \
+    crate://crates.io/publicsuffix/1.5.6 \
+    crate://crates.io/quick-xml/0.19.0 \
+    crate://crates.io/quote/1.0.9 \
+    crate://crates.io/rand/0.6.5 \
+    crate://crates.io/rand/0.7.3 \
+    crate://crates.io/rand/0.8.3 \
+    crate://crates.io/rand_chacha/0.1.1 \
+    crate://crates.io/rand_chacha/0.2.2 \
+    crate://crates.io/rand_chacha/0.3.0 \
+    crate://crates.io/rand_core/0.3.1 \
+    crate://crates.io/rand_core/0.4.2 \
+    crate://crates.io/rand_core/0.5.1 \
+    crate://crates.io/rand_core/0.6.2 \
+    crate://crates.io/rand_hc/0.1.0 \
+    crate://crates.io/rand_hc/0.2.0 \
+    crate://crates.io/rand_hc/0.3.0 \
+    crate://crates.io/rand_isaac/0.1.1 \
+    crate://crates.io/rand_jitter/0.1.4 \
+    crate://crates.io/rand_os/0.1.3 \
+    crate://crates.io/rand_pcg/0.1.2 \
+    crate://crates.io/rand_xorshift/0.1.1 \
+    crate://crates.io/rdrand/0.4.0 \
+    crate://crates.io/redox_syscall/0.1.57 \
+    crate://crates.io/redox_syscall/0.2.5 \
+    crate://crates.io/redox_users/0.3.5 \
+    crate://crates.io/regex-automata/0.1.9 \
+    crate://crates.io/regex-syntax/0.6.23 \
+    crate://crates.io/regex/1.4.5 \
+    crate://crates.io/remove_dir_all/0.5.3 \
+    crate://crates.io/reqwest/0.10.10 \
+    crate://crates.io/reqwest/0.9.24 \
+    crate://crates.io/ring/0.16.20 \
+    crate://crates.io/rle-decode-fast/1.0.1 \
+    crate://crates.io/rpassword/5.0.1 \
+    crate://crates.io/rpki/0.10.1 \
+    crate://crates.io/rust-argon2/0.8.3 \
+    crate://crates.io/rustc-demangle/0.1.18 \
+    crate://crates.io/rustc_version/0.2.3 \
+    crate://crates.io/rustls/0.18.1 \
+    crate://crates.io/ryu/1.0.5 \
+    crate://crates.io/salsa20/0.7.2 \
+    crate://crates.io/schannel/0.1.19 \
+    crate://crates.io/scopeguard/1.1.0 \
+    crate://crates.io/scrypt/0.6.5 \
+    crate://crates.io/sct/0.6.1 \
+    crate://crates.io/security-framework-sys/2.2.0 \
+    crate://crates.io/security-framework/2.2.0 \
+    crate://crates.io/semver-parser/0.7.0 \
+    crate://crates.io/semver/0.9.0 \
+    crate://crates.io/serde-value/0.6.0 \
+    crate://crates.io/serde/1.0.125 \
+    crate://crates.io/serde_derive/1.0.125 \
+    crate://crates.io/serde_json/1.0.64 \
+    crate://crates.io/serde_path_to_error/0.1.4 \
+    crate://crates.io/serde_urlencoded/0.5.5 \
+    crate://crates.io/serde_urlencoded/0.7.0 \
+    crate://crates.io/sha2/0.9.3 \
+    crate://crates.io/sharded-slab/0.1.1 \
+    crate://crates.io/siphasher/0.3.5 \
+    crate://crates.io/slab/0.4.2 \
+    crate://crates.io/slug/0.1.4 \
+    crate://crates.io/smallvec/0.6.14 \
+    crate://crates.io/smallvec/1.6.1 \
+    crate://crates.io/socket2/0.3.19 \
+    crate://crates.io/spin/0.5.2 \
+    crate://crates.io/string/0.2.1 \
+    crate://crates.io/string_cache/0.8.1 \
+    crate://crates.io/strsim/0.8.0 \
+    crate://crates.io/subtle/2.4.0 \
+    crate://crates.io/syn/1.0.69 \
+    crate://crates.io/synstructure/0.12.4 \
+    crate://crates.io/syslog/4.0.1 \
+    crate://crates.io/tempfile/3.2.0 \
+    crate://crates.io/term/0.5.2 \
+    crate://crates.io/textwrap/0.11.0 \
+    crate://crates.io/thiserror-impl/1.0.24 \
+    crate://crates.io/thiserror/1.0.24 \
+    crate://crates.io/thread_local/1.1.3 \
+    crate://crates.io/time/0.1.44 \
+    crate://crates.io/tiny-keccak/2.0.2 \
+    crate://crates.io/tiny_http/0.8.0 \
+    crate://crates.io/tinyvec/1.2.0 \
+    crate://crates.io/tinyvec_macros/0.1.0 \
+    crate://crates.io/tokio-buf/0.1.1 \
+    crate://crates.io/tokio-current-thread/0.1.7 \
+    crate://crates.io/tokio-executor/0.1.10 \
+    crate://crates.io/tokio-io/0.1.13 \
+    crate://crates.io/tokio-macros/0.2.6 \
+    crate://crates.io/tokio-reactor/0.1.12 \
+    crate://crates.io/tokio-rustls/0.14.1 \
+    crate://crates.io/tokio-sync/0.1.8 \
+    crate://crates.io/tokio-tcp/0.1.4 \
+    crate://crates.io/tokio-threadpool/0.1.18 \
+    crate://crates.io/tokio-timer/0.2.13 \
+    crate://crates.io/tokio-tls/0.3.1 \
+    crate://crates.io/tokio-util/0.3.1 \
+    crate://crates.io/tokio/0.1.22 \
+    crate://crates.io/tokio/0.2.25 \
+    crate://crates.io/toml/0.5.8 \
+    crate://crates.io/tower-service/0.3.1 \
+    crate://crates.io/tracing-attributes/0.1.15 \
+    crate://crates.io/tracing-core/0.1.17 \
+    crate://crates.io/tracing-futures/0.2.5 \
+    crate://crates.io/tracing-log/0.1.2 \
+    crate://crates.io/tracing-serde/0.1.2 \
+    crate://crates.io/tracing-subscriber/0.2.17 \
+    crate://crates.io/tracing/0.1.25 \
+    crate://crates.io/try-lock/0.2.3 \
+    crate://crates.io/try_from/0.3.2 \
+    crate://crates.io/typenum/1.13.0 \
+    crate://crates.io/unicase/2.6.0 \
+    crate://crates.io/unicode-bidi/0.3.5 \
+    crate://crates.io/unicode-normalization/0.1.17 \
+    crate://crates.io/unicode-width/0.1.8 \
+    crate://crates.io/unicode-xid/0.2.1 \
+    crate://crates.io/untrusted/0.7.1 \
+    crate://crates.io/unwrap/1.2.1 \
+    crate://crates.io/url/1.7.2 \
+    crate://crates.io/url/2.2.1 \
+    crate://crates.io/urlparse/0.7.3 \
+    crate://crates.io/uuid/0.7.4 \
+    crate://crates.io/uuid/0.8.2 \
+    crate://crates.io/vcpkg/0.2.11 \
+    crate://crates.io/vec_map/0.8.2 \
+    crate://crates.io/version_check/0.9.3 \
+    crate://crates.io/want/0.2.0 \
+    crate://crates.io/want/0.3.0 \
+    crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
+    crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \
+    crate://crates.io/wasm-bindgen-backend/0.2.73 \
+    crate://crates.io/wasm-bindgen-futures/0.4.23 \
+    crate://crates.io/wasm-bindgen-macro-support/0.2.73 \
+    crate://crates.io/wasm-bindgen-macro/0.2.73 \
+    crate://crates.io/wasm-bindgen-shared/0.2.73 \
+    crate://crates.io/wasm-bindgen/0.2.73 \
+    crate://crates.io/web-sys/0.3.50 \
+    crate://crates.io/webpki/0.21.4 \
+    crate://crates.io/winapi-build/0.1.1 \
+    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+    crate://crates.io/winapi/0.2.8 \
+    crate://crates.io/winapi/0.3.9 \
+    crate://crates.io/winreg/0.6.2 \
+    crate://crates.io/winreg/0.7.0 \
+    crate://crates.io/ws2_32-sys/0.2.1 \
+    crate://crates.io/xml-rs/0.8.3 \
+"
diff --git a/meta-security/recipes-security/krill/krill_0.9.1.bb b/meta-security/recipes-security/krill/krill_0.9.1.bb
new file mode 100644
index 000000000..4dc61cfb3
--- /dev/null
+++ b/meta-security/recipes-security/krill/krill_0.9.1.bb
@@ -0,0 +1,39 @@
+SUMMARY = "Resource Public Key Infrastructure (RPKI) daemon"
+HOMEPAGE = "https://www.nlnetlabs.nl/projects/rpki/krill/"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9741c346eef56131163e13b9db1241b3"
+
+DEPENDS = "openssl"
+
+include krill.inc
+
+# SRC_URI += "crate://crates.io/krill/0.9.1"
+SRC_URI += "git://github.com/NLnetLabs/krill.git;protocol=https;nobranch=1;branch=main"
+SRCREV = "d6c03b6f0199b1d10d252750a19a92b84576eb30"
+
+SRC_URI += "file://panic_workaround.patch"
+
+S = "${WORKDIR}/git"
+CARGO_SRC_DIR = ""
+
+inherit pkgconfig useradd systemd cargo
+
+
+do_install:append () {
+    install -d ${D}${sysconfdir}
+    install -d ${D}${datadir}/krill
+
+    install -m 664 ${S}/defaults/krill.conf ${D}${sysconfdir}/.
+    install ${S}/defaults/* ${D}${datadir}/krill/.
+}
+
+KRILL_UID ?= "krill"
+KRILL_GID ?= "krill"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system ${KRILL_UID}"
+USERADD_PARAM:${PN} = "--system -g ${KRILL_GID} --home-dir  \
+                       /var/lib/krill/ --no-create-home  \
+                       --shell /sbin/nologin ${BPN}"
+
+FILES:${PN} += "{sysconfdir}/defaults ${datadir}"