subtree updates

poky: 94dfcaff64..359e1cb62f: Alexander Kanavin (76): tcf-agent: fetching over git:// no longer works lighttpd: convert from autotools to meson libxcrypt: upgrade 4.4.23 -> 4.4.25 python3-cython: upgrade 0.29.23 -> 0.29.24 python3-numpy: upgrade 1.21.0 -> 1.21.2 systemd: upgrade 249.1 -> 249.3 xeyes: upgrade 1.1.2 -> 1.2.0 btrfs-tools: update 5.13 -> 5.13.1 diffutils: update 3.7 -> 3.8 mc: update 4.8.26 - > 4.8.27 libsdl2: update 2.0.14 -> 2.0.16 vulkan-samples: update to latest revision pulseaudio: update 14.2 -> 15.0 libjitterentropy: update 3.0.2 -> 3.1.0 usbutils: upgrade 013 -> 014 inetutils: upgrade 2.0 -> 2.1 mobile-broadband-provider-info: upgrade 20201225 -> 20210805 glib-networking: upgrade 2.68.1 -> 2.68.2 e2fsprogs: upgrade 1.46.2 -> 1.46.4 help2man: upgrade 1.48.3 -> 1.48.4 libedit: upgrade 20210522-3.1 -> 20210714-3.1 log4cplus: upgrade 2.0.6 -> 2.0.7 mtools: upgrade 4.0.34 -> 4.0.35 patchelf: upgrade 0.12 -> 0.13 pkgconf: upgrade 1.7.4 -> 1.8.0 python3-git: upgrade 3.1.18 -> 3.1.20 python3-pip: upgrade 21.2.1 -> 21.2.4 python3-pygments: upgrade 2.9.0 -> 2.10.0 python3-setuptools: upgrade 57.1.0 -> 57.4.0 squashfs-tools: upgrade 4.4 -> 4.5 acpica: upgrade 20210331 -> 20210730 libidn2: upgrade 2.3.1 -> 2.3.2 stress-ng: upgrade 0.12.12 -> 0.13.00 sudo: upgrade 1.9.7p1 -> 1.9.7p2 epiphany: upgrade 40.2 -> 40.3 libgudev: upgrade 236 -> 237 libjpeg-turbo: upgrade 2.1.0 -> 2.1.1 libepoxy: upgrade 1.5.8 -> 1.5.9 pango: upgrade 1.48.7 -> 1.48.9 mesa: upgrade 21.1.5 -> 21.2.1 libinput: upgrade 1.18.0 -> 1.18.1 libxfont2: upgrade 2.0.4 -> 2.0.5 libxft: upgrade 2.3.3 -> 2.3.4 xserver-xorg: upgrade 1.20.12 -> 1.20.13 linux-firmware: upgrade 20210511 -> 20210818 wireless-regdb: upgrade 2021.04.21 -> 2021.07.14 libwebp: upgrade 1.2.0 -> 1.2.1 webkitgtk: upgrade 2.32.2 -> 2.32.3 boost: upgrade 1.76.0 -> 1.77.0 diffoscope: upgrade 179 -> 181 enchant2: upgrade 2.3.0 -> 2.3.1 re2c: upgrade 2.1.1 -> 2.2 rng-tools: upgrade 6.13 -> 6.14 kea: backport a patch to fix build errors exposed by latest update batch qemu: add a hint on how to enable CPU render nodes when a suitable GPU is absent mc: fix reproducibility libjitterentropy: remove contaminated hashequiv entry binutils: drop target flex/bison from build dependencies gnu-efi: update 3.0.13 -> 3.0.14 glib-2.0: upgrade 2.68.3 -> 2.68.4 util-linux: upgrade 2.37.1 -> 2.37.2 ccache: upgrade 4.3 -> 4.4 git: upgrade 2.32.0 -> 2.33.0 openssh: upgrade 8.6p1 -> 8.7p1 ell: upgrade 0.42 -> 0.43 python3-mako: upgrade 1.1.4 -> 1.1.5 vala: upgrade 0.52.4 -> 0.52.5 libnsl2: upgrade 1.3.0 -> 2.0.0 gi-docgen: upgrade 2021.6 -> 2021.7 json-glib: upgrade 1.6.2 -> 1.6.4 bind: upgrade 9.16.19 -> 9.16.20 harfbuzz: upgrade 2.8.2 -> 2.9.0 qemurunner.py: print output from runqemu/qemu-system in stop() qemurunner.py: handle getOutput() having nothing to read rust: fix upstream version checks mesa: enable crocus driver for older intel graphics Andreas Müller (2): mesa: upgrade 21.1.5 -> 21.1.7 binutils: Apply upstream patch to fix 'too many open files' on qtwebengine Andrej Valek (2): busybox: 1.33.1 -> 1.34.0 vim: add option to disable NLS support Andres Beltran (2): buildhistory: Add output file listing package information buildhistory: Label packages providing per-file dependencies in depends.dot Andrey Zhizhikin (2): lttng-modules: do not search in non-existing folder during install nativesdk-packagegroup-sdk-host: add perl integer module Armin Kuster (2): lz4: Security Fix for CVE-2021-3520 lz4: remove rest of ptest artifacts Bruce Ashfield (21): linux-yocto/5.13: update to v5.13.7 linux-yocto/5.4: update to v5.4.137 linux-yocto/5.10: update to v5.10.55 linux-yocto/5.4: update to v5.4.139 linux-yocto/5.10: update to v5.10.57 linux-yocto/5.13: update to v5.13.9 linux-yocto/5.4: remove recipes conf/machine: bump qemu preferred versions to 5.13 linux-yocto-dev: bump to v5.14+ lttng-modules: update to 2.13.0 kernel-devsrc: 5.14+ updates kernel-devsrc: fix 5.14+ objtool compilation poky/poky-tiny: set default kernel to 5.13 poky: set default kernel to 5.13 yocto-bsp: drop 5.4 bbappend poky-alt: switch default kernel to 5.10 linux-yocto/5.13: update to v5.13.11 linux-yocto/5.10: update to v5.10.59 linux-yocto/5.13: update to v5.13.12 linux-yocto/5.10: update to v5.10.60 parselogs.py: ignore intermittent CD/DVDROM identification failure Chen Qi (1): package_rpm/update-alternatives: fix package's provides Daniel Gomez (2): wic: Add --no-fstab-update part option oeqa: wic: Add tests for --no-fstab-update Denys Dmytriyenko (1): grep: upgrade 3.6 -> 3.7 Enrico Scholz (1): bitbake: fetch2/wget: fix 'no_proxy' handling Hongxu Jia (2): nativesdk-pseudo: Fix to work with glibc 2.34 systems glibc: fix create thread failed in unprivileged process Hsia-Jun Li (1): lib/oe/elf: Add Android OS to machine_dict Jon Mason (8): arch-armv8m-main: missing space conf/machine: move tune files to architecture directories yocto-bsp: update machine confs with new tune locations docs: update docs with new tune locations arch-arm*: add better support for gcc march extensions tune-cortexr*: add support for all Arm Cortex-R processors arch-arm*: Fix bugs with dsp and simd feature include files tune-*: Use more specific DEFAULTTUNE Jose Quaresma (1): sstate.bbclass: get the number of threads from BB_NUMBER_THREADS Joshua Watt (17): bitbake: contrib: vim: Add "remove" override highlighting bitbake.conf: Add lz4c, pzstd and zstd bitbake: bitbake: asyncrpc: Defer all asyncio to child process conf/licenses: Add FreeType SPDX mapping tzdata: Remove BSD License specifier glib-2.0: Use specific BSD license variant e2fsprogs: Use specific BSD license variant shadow: Use specific BSD license variant libcap: Use specific BSD license variant sudo: Use specific BSD license variant libpam: Use specific BSD license variant libxfont2: Use specific BSD license variant libjitterentropy: Use specific BSD license variant libx11: Use specific BSD license variant font-util: Use specific BSD license variant flac: Use specific BSD license variant swig: Use specific BSD license variant Kai Kang (2): libcgroup: fix installed-vs-shipped qa issue rustfmt: fix SRC_URI Kevin Hao (2): meta-yocto-bsp: Set the default kernel to v5.13 meta-yocto-bsp: Bump the kernel to v5.13.11 Khem Raj (2): weston: Re-order gbm destruction at DRM-backend tear down musl: Update to latest tip of trunk Kristian Klausen (1): systemd: Add repart PACKAGECONFIG Marco Felsch (1): bitbake: bitbake: bitbake-layers: add skip reason to output Marek Vasut (1): weston: Add rdp PACKAGECONFIG Marta Rybczynska (1): lzo: add CVE_PRODUCT Martin Jansa (3): bitbake: prserv: handle PRSERV_HOST = "127.0.0.1:0" the same as "localhost:0" bitbake: cooker/process: Fix typos in exiting message rust: remove unused patches Michael Halstead (2): uninative: Upgrade to 3.3, support glibc 2.34 uninative: Upgrade to 3.4 Michael Opdenacker (2): maintainers.inc: maintainer for alsa-*, flac, lame and speex meta: stop using "virtual/" in RPROVIDES and RDEPENDS Mingli Yu (2): shadow: fix default value in SHA_get_salt_rounds() bitbake: prserv: make localhost work Oleksandr Popovych (1): utils: Reduce the number of calls to the "dirname" command Oliver Kranz (1): Allow global override of golang GO_DYNLINK Paul Barker (2): bitbake: prserv: Replace XML RPC with modern asyncrpc implementation bitbake: prserv: Add read-only mode Paul Gortmaker (1): ltp: backport ioctl_ns05 fix from upstream Peter Kjellerstedt (7): lttng-modules: Make it build when CONFIG_TRACEPOINTS is not enabled again poky-floating-revisions.inc: Use new override syntax for commented vars local.conf.sample: Use the new override syntax for a commented variable bitbake.conf: Use the new variable override syntax in a comment buildhistory-collect-srcrevs: Adapt to the new variable override syntax meson.bbclass: Make the default buildtype "debug" if DEBUG_BUILD is 1 bitbake: providers: Use new override syntax when handling pn- "override" Purushottam Choudhary (1): assimp: added patch to fix hardcoded non-existing paths in CMake modules Randy MacLeod (8): openssl: upgrade from 1.1.1k to 1.1.1l rust: initial merge of most of meta-rust rust: mv README.md to recipes-devtools/rust/README-rust.md rust: update the README to conform to being in oe-core cargo/rust/rustfmt: exclude from world maintainers: Add myself as maintainer for rust pkgs cargo_common: remove http_proxy rust: remove Rust version 1.51.0 toolchain Richard Purdie (27): elfutils: Add zstd PACKAGECONFIG for determinism man-db: Add compression PACKAGECONFIG entries oeqa/selftest/glibc: Handle incorrect encoding issuesin glibc test results package/scripts: Fix FILES_INFO handling package: Fix overrides converion issue with PKGSIZE bitbake: bitbake: Make 3.6.0 the minimum python version elfutils: Fix ptest dependencies bsp-guide: Fix reference to bbappend section of dev-manual ref-manual: Fix reference to bbappend section of dev-manual gcc: Fix nativesdk builds and multilib fixes with gcc 11 bitbake: README: Add note about test suite and new tests pseudo: Fix to work with glibc 2.34 systems bitbake: README: Fix typo rust-cross*: Fix OVERRRIDE references in task signature computation rust-cross-canadian-common: Use rust.inc directly, not rust-target cargo: Ensure cargo-cross-canadian doesn't have native/nativesdk versions rust-native: Avoid stripped warning rust-llvm: Add missing HOMEPAGE rust: Skip target recipe since it doesn't work oeqa/selftest/distrodata: Fix up rust maintainer testing rust: Avoid buildtools+uninative issues with glibc symbols mismatches rust-common: Add LDFLAGS to cc wrapper oeqa/selftest/reproducibile: Exclude rust packages kernel: Use unexpanded EXTENDPKGV oeqa/buildtools-cases: Allow bitbake time to shutdown cargo: Apply uninative fix to snapshot as with rust rust-common: Hack around LD_LIBRARY_PATH issues on centos7 Robert P. J. Day (1): scripts/lib/wic/help/py: "Redhat" -> "Red Hat" Ross Burton (11): oeqa/selftest/buildoptions: test buildhistory PKGSIZE and FILELIST fields uninative: Improve glob to handle glibc 2.34 oeqa/sdk: add relocation test for buildtools glibc: package the stub .a libaries into glibc-dev oeqa/sdk: add HTTPS test for buildtools libcgroup: upgrade to 2.0 gcc: also relocate the musl loader local.conf.sample.extended: fix commented-out override syntax cpio: backport fix for CVE-2021-38185 mesa: fix build on Arm V5 with soft float ptest: allow the ptest-packagelists.inc warning to be disabled Sakib Sajal (1): qemu: fix CVE-2021-3682 Scott Murray (2): bitbake: bitbake: asyncrpc: always create new asyncio loops prservice: remove connection caching Stefan Herbrechtsmeier (4): u-boot: Remove redundancy from installed and deployed SPL artifact names u-boot: Remove misplaced configuration type variable u-boot: Make SPL suffix configurable u-boot: Make UBOOT_BINARYNAME configurable Tim Orling (7): python3-importlib-metadata: upgrade 4.6.3 -> 4.6.4 python3-hypothesis: upgrade 6.14.5 -> 6.14.8 python3-hypothesis: upgrade 6.14.8 -> 6.15.0 python3-hypothesis: enable ptest python3-pluggy: upgrade 0.13.1 -> 1.0.0 python3-pytest: allow python3-pluggy >=1.0.0 rust-common.bbclass: export RUST_TARGET_PATH Trevor Gamblin (1): bluez: upgrade 5.60 -> 5.61 Trevor Woerner (1): distro_features_check: expand with IMAGE_FEATURES Vinay Kumar (2): glibc: Fix CVE-2021-38604 rust-common.inc: Fix build failure with qemuppc64. Yi Zhao (2): prelink: add PACKAGECONFIG for selinux shadow: add /etc/default/useradd Zoltán Böszörményi (4): kernel-module-split.bbclass: Support zstd-compressed modules Allow opt-out of split kernel modules kernel.bbclass: Use full versions for inter-package dependencies base/kernel: Support zstd-compressed squashfs and cpio initramfs leimaohui (2): Fix conflict error when enable multilib. wordsize.h: Fix a miss, this file in arm and aarch64 should be the same. meta-raspberrypi: 32921fc9bd..a6fa6b3aec: Khem Raj (4): machines: Use tune files from new location in oe-core linux-raspberrypi: Update to 5.10.59 raspberrypi-firmware: Update to latest raspberrypi4: Use full kms (vc4-kms-v3d) DT overlay Marcus Comstedt (1): pi-bluetooth: Add compatibility with non-systemd builds Tom Rini (1): xserver-xf86-config: Correctly append to FILES:${PN} meta-security: c885d399cd..1f18c623e9: Armin Kuster (10): cryfs: add new package kas-security-bas: bump conf value kas: fix DISTRO appends dm-verity-img.bbclass: more overided fixups krill: Rust is in core now suricata: rust is in core layer.conf: drop dynamic-layer layer.conf: drop meta-rust harden-image-minimal: fix useradd inherit kas: remove rust layers Daiane Angolini (1): meta-integrity: kernel-modsign: Change weak default value George Liu (1): meta: Fix typos Marta Rybczynska (2): README: fix mailing lists README: fix mailing lists and a typo meta-openembedded: a13db91f19..9fdc7960ba: Andreas Müller (6): catch2: upgrade 2.13.6 -> 2.13.7 fltk/CMake: Do not export executable 'fluid' fltk: upgrade 1.3.6 -> 1.3.7 network-manager-applet: upgrade 1.22.0 -> 1.24.0 networkmanager: upgrade 1.32.4 -> 1.32.8 udisks2: upgrade 2.9.2 -> 2.9.3 Anton Blanchard (2): boost-url: Use GNUInstallDirs instead of hard wiring install directories cereal: Use GNUInstallDirs instead of hard wiring install directories Changqing Li (1): linuxptp: upgrade 3.1 -> 3.1.1 Devendra Tewari (1): android-tools: Add flag to enable adbd service (#147) Dmitry Baryshkov (1): image_types_sparse: stop using ext2simg Easwar Hariharan (1): chrony: Fix privdrop packageconfig Joe Slater (1): nginx: fix CVE-2021-3618 Justin Bronder (1): hidapi: add rdep on glibc-gconv-utf-16 Khem Raj (7): layer.conf: Add ttf-ipa to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS on fontconfig mpich: link explictly with libgcc packagegroup-meta-networking: Add bmon libnss-nisplus: Remove pipewire: Upgrade to 0.3.34 bluealsa: Add recipe apitrace: Enable on glibc >= 2.34 Leon Anavi (21): python3-astroid: Upgrade 2.6.6 -> 2.7.0 python3-ujson: Upgrade 4.0.2 -> 4.1.0 python3-pycurl: Upgrade 7.44.0 -> 7.44.1 python3-websocket-client: Upgrade 1.1.0 -> 1.2.1 python3-bitarray: Upgrade 2.2.5 -> 2.3.0 python3-langtable: Upgrade 0.0.54 -> 0.0.56 python3-pandas: Upgrade 1.3.1 -> 1.3.2 python3-tzlocal: Upgrade 2.1 -> 3.0 python3-zeroconf: Upgrade 0.34.3 -> 0.36.0 python3-dbus-next: Upgrade 0.2.2 -> 0.2.3 python3-astroid: Upgrade 2.7.0 -> 2.7.1 python3-ruamel-yaml: Upgrade 0.17.10 -> 0.17.11 python3-unidiff: Upgrade 0.6.0 -> 0.7.0 python3-qrcode: Upgrade 7.2 -> 7.3 python3-simplejson: Upgrade 3.17.3 -> 3.17.4 python3-regex: Upgrade 2021.7.6 -> 2021.8.3 python3-colorlog: Upgrade 5.0.1 -> 6.4.1 python3-ruamel-yaml: Upgrade 0.17.11 -> 0.17.13 python3-simplejson: Upgrade 3.17.4 -> 3.17.5 python3-bitarray: Upgrade 2.3.0 -> 2.3.2 python3-watchdog: Upgrade 2.1.3 -> 2.1.5 Martin Jansa (1): layer.conf: Add ttf-takao to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS on fontconfig Matija Tudan (1): gpsd: upgrade 3.20 -> 3.23 Matteo Croce (1): libbpf: bump to 0.4.0 Michael Opdenacker (2): meta-multimedia: stop using "virtual/" in RPROVIDES and RDEPENDS meta-oe: stop using "virtual/" in RPROVIDES and RDEPENDS Mingli Yu (4): polkit: fix CVE-2021-3560 vsftpd: Upgrade to 3.0.5 mariadb: Upgrade to 10.6.4 jemalloc: improve reproducibility Nathan Rossi (1): nginx: Fix off_t size passed in configure Oleksandr Kravchuk (6): font-adobe-100dpi: fix UPSTREAM_CHECK_REGEX font-adobe-utopia-100dpi: fix UPSTREAM_CHECK_REGEX font-bh-100dpi: fix UPSTREAM_CHECK_REGEX font-bh-lucidatypewriter-100dpi: fix UPSTREAM_CHECK_REGEX font-bitstream-100dpi: fix UPSTREAM_CHECK_REGEX xf86-input-tslib: update to 1.1.1 Patrick Areny (2): libConfuse: Add recipe bmon: Add recipe Peter Kjellerstedt (6): gpsd: Let scons install the udev and systemd files gpsd: Move /usr/share/gpsd/doc to the gpsd-doc package poppler: Explicitly enable/disable boost together with splash chrony: Use new override syntax for USERADD_PARAM gpsd: Correct the installation of gpsd.hotplug if systemd is not enabled gpsd: Do not install gpsd.hotplug unconditionally Peter Morrow (1): libbpf: remove stale comment Sakib Sajal (2): lmdb: use libprefix in Makefile to install libraries gd: fix CVE-2021-38115 Sinan Kaya (4): c-ares: remove custom patches grpc: make SHARED library build optional libkcapi: add a hash only packageconfig libkcapi: allow an option to build natively Tim Orling (2): bootchart: drop; unfetchable python3-django_2.2.x: only check upstream 2.2.x Trevor Gamblin (5): python3-click: Add missing ptest artifacts python3-eventlet: add 0.30.2 to meta-python python3-gunicorn: tweak run-ptest, add RDEPENDS python3-license-expression: add ptest artifacts nftables: upgrade 0.9.9 -> 1.0.0 Vesa Jääskeläinen (2): python3-cached-property: Add recipe for version 1.5.2 python3-pkcs11: Add recipe for version 0.7.0 Yi Zhao (2): audit: upgrade 3.0.4 -> 3.0.5 krb5: filtering out -f*-prefix-map from krb5-config Zoltán Böszörményi (1): metacity: Add a patch to create build/src/core before moving generated sources to it leimaohui (3): packagegroup-meta-oe: Update ttf-ipa package name. uim: Dleted takao fonts from DEPENDS. takao-fonts: It should be in ttf-fonts directory as the other ttf fonts. wangmy (14): fetchmail: upgrade 6.4.20 -> 6.4.21 c-ares: upgrade 1.17.1 -> 1.17.2 icewm: upgrade 2.6.0 -> 2.7.0 netplan: upgrade 0.102 -> 0.103 ctags: upgrade 5.9.20210801.0 -> 5.9.20210815.0 live555: upgrade 20210720 -> 20210809 opensc: upgrade 0.21.0 -> 0.22.0 xfsprogs: upgrade 5.12.0 -> 5.13.0 networkmanager: upgrade 1.32.8 -> 1.32.10 can-utils: upgrade 2021.06.0 -> 2021.08.0 doxygen: upgrade 1.9.1 -> 1.9.2 gensio: upgrade 2.2.8 -> 2.2.9 live555: upgrade 20210809 -> 20210824 sedutil: upgrade 1.15.1.01 -> 1.20.0 zangrc (14): python3-flask-migrate: upgrade 3.0.1 -> 3.1.0 python3-flask-socketio: upgrade 5.1.0 -> 5.1.1 python3-google-api-python-client: upgrade 2.15.0 -> 2.17.0 python3-grpcio-tools: upgrade 1.38.1 -> 1.39.0 python3-grpcio: upgrade 1.38.1 -> 1.39.0 python3-wheel: upgrade 0.36.2 -> 0.37.0 libio-socket-ssl-perl: upgrade 2.071 -> 2.072 python3-aiohttp-jinja2: upgrade 1.4.2 -> 1.5 python3-gevent: upgrade 21.1.2 -> 21.8.0 python3-google-api-python-client: upgrade 2.17.0 -> 2.18.0 python3-h5py: upgrade 3.3.0 -> 3.4.0 python3-haversine: upgrade 2.3.1 -> 2.4.0 python3-pyephem: upgrade 3.7.7.1 -> 4.0.0.2 rdma-core: upgrade 35.0 -> 36.0 zhengruoqin (12): libqmi: upgrade 1.28.8 -> 1.30.0 sedutil: upgrade 1.15.1 -> 1.15.1.01 libencode-perl: upgrade 3.11 -> 3.12 python3-pymisp: upgrade 2.4.144 -> 2.4.148 python3-pyzmq: upgrade 22.1.0 -> 22.2.1 python3-tqdm: upgrade 4.62.0 -> 4.62.2 iwd: upgrade 1.16 -> 1.17 xmlsec1: upgrade 1.2.31 -> 1.2.32 xrdb: upgrade 1.2.0 -> 1.2.1 python3-regex: upgrade 2021.8.3 -> 2021.8.27 python3-sqlalchemy: upgrade 1.4.22 -> 1.4.23 python3-stevedore: upgrade 3.3.0 -> 3.4.0 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I2960f1ce53a1e2cde8b03b929829db9a2f105541
author: Andrew Geissler <geissonator@yahoo.com> 2021-09-03 05:05:58 +0300
committer: Andrew Geissler <geissonator@yahoo.com> 2021-09-04 17:46:34 +0300
commit: d159c7fb39550d7348052766f46e51b26d3fd4cc (patch)
tree: f719f75759697649453e6bed883c54bae951eb74 /meta-security
parent: 5b587cab386c4691eefa4885b9fd30794934c106 (diff)
download: openbmc-d159c7fb39550d7348052766f46e51b26d3fd4cc.tar.xz
24 files changed, 32 insertions, 35 deletions
diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass
index 16d395b55..a0950dabd 100644
--- a/meta-security/classes/dm-verity-img.bbclass
+++ b/meta-security/classes/dm-verity-img.bbclass
@@ -63,8 +63,8 @@ verity_setup() {
 VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity"
 IMAGE_TYPES += "${VERITY_TYPES}"
 CONVERSIONTYPES += "verity"
-CONVERSION_CMD_verity = "verity_setup ${type}"
-CONVERSION_DEPENDS_verity = "cryptsetup-native"
+CONVERSION_CMD:verity = "verity_setup ${type}"
+CONVERSION_DEPENDS:verity = "cryptsetup-native"
 
 python __anonymous() {
     verity_image = d.getVar('DM_VERITY_IMAGE')
diff --git a/meta-security/classes/sanity-meta-security.bbclass b/meta-security/classes/sanity-meta-security.bbclass
index b6c6b9cb5..f9e26984f 100644
--- a/meta-security/classes/sanity-meta-security.bbclass
+++ b/meta-security/classes/sanity-meta-security.bbclass
@@ -1,7 +1,7 @@
 addhandler security_bbappend_distrocheck
 security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck"
 python security_bbappend_distrocheck() {
-    skip_check = e.data.getVar('SKIP_META_SECUIRTY_SANITY_CHECK') == "1"
+    skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1"
     if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
         bb.warn("You have included the meta-security layer, but \
 'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index cdcfaeec7..ad9da560f 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -16,7 +16,3 @@ LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer met
 # Sanity check for meta-security layer.
 # Setting SKIP_META_SECURITY_SANITY_CHECK to "1" would skip the bbappend files check.
 INHERIT += "sanity-meta-security"
-
-BBFILES_DYNAMIC += " \
-rust-layer:${LAYERDIR}/dynamic-layers/meta-rust/recipes-*/*/*.bb  \
-"
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
index b9ce493be..3bf46dbf0 100644
--- a/meta-security/kas/kas-security-base.yml
+++ b/meta-security/kas/kas-security-base.yml
@@ -1,5 +1,5 @@
 header:
-  version: 8
+  version: 9
 
 distro: poky
 
@@ -30,15 +30,9 @@ repos:
       meta-networking:
       meta-filesystems:
 
-  meta-rust:
-    url: https://github.com/meta-rust/meta-rust.git
-    refspec: master
-
-
-
 local_conf_header:
   base: |
-    CONF_VERSION = "1"
+    CONF_VERSION = "2"
     SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
     SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
     BB_HASHSERVE = "auto"
@@ -57,7 +51,7 @@ local_conf_header:
     EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
     PACKAGE_CLASSES = "package_ipk"
 
-    DISTRO_FEATURES:append = " pam apparmor smack ima"
+    DISTRO_FEATURES:append = " security pam apparmor smack ima tpm tpm2"
     MACHINE_FEATURES:append = " tpm tpm2"
 
   diskmon: |
@@ -73,7 +67,6 @@ local_conf_header:
 
 bblayers_conf_header:
   base: |
-    POKY_BBLAYERS_CONF_VERSION = "2"
     BBPATH = "${TOPDIR}"
     BBFILES ?= ""
 
diff --git a/meta-security/kas/kas-security-dm.yml b/meta-security/kas/kas-security-dm.yml
index 7ce0e9d72..c03b3361e 100644
--- a/meta-security/kas/kas-security-dm.yml
+++ b/meta-security/kas/kas-security-dm.yml
@@ -5,6 +5,7 @@ header:
 
 local_conf_header:
     dm-verify: |
+        DISTRO_FEATURES:append = " integrity"
         DM_VERITY_IMAGE = "core-image-minimal"
         DM_VERITY_IMAGE_TYPE = "ext4"
         IMAGE_CLASSES += "dm-verity-img"
diff --git a/meta-security/kas/kas-security-parsec.yml b/meta-security/kas/kas-security-parsec.yml
index 22ef5dd82..9a009be14 100644
--- a/meta-security/kas/kas-security-parsec.yml
+++ b/meta-security/kas/kas-security-parsec.yml
@@ -8,10 +8,6 @@ repos:
     layers:
       meta-parsec:
 
-  meta-rust:
-    url: https://github.com/meta-rust/meta-rust.git
-    refspec: master
-
   meta-clang:
     url: https://github.com/kraj/meta-clang.git
     refspec: master
diff --git a/meta-security/meta-hardening/README b/meta-security/meta-hardening/README
index 37a0b7ec8..191253c66 100644
--- a/meta-security/meta-hardening/README
+++ b/meta-security/meta-hardening/README
@@ -64,14 +64,14 @@ layers: meta-oe
 Maintenance
 -----------
 
-Send pull requests, patches, comments or questions to yocto@yoctoproject.org
+Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
 
 When sending single patches, please using something like:
-'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-hardening][PATCH'
+'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-hardening][PATCH'
 
 These values can be set as defaults for this repository:
 
-$ git config sendemail.to yocto@yoctoproject.org
+$ git config sendemail.to yocto@lists.yoctoproject.org
 $ git config format.subjectPrefix meta-hardening][PATCH
 
 Now you can just do 'git send-email origin/master' to send all local patches.
diff --git a/meta-security/meta-hardening/recipes-core/images/harden-image-minimal.bb b/meta-security/meta-hardening/recipes-core/images/harden-image-minimal.bb
index c35c2577e..38771cdfb 100644
--- a/meta-security/meta-hardening/recipes-core/images/harden-image-minimal.bb
+++ b/meta-security/meta-hardening/recipes-core/images/harden-image-minimal.bb
@@ -10,7 +10,8 @@ LICENSE = "MIT"
 
 IMAGE_ROOTFS_SIZE ?= "8192"
 
-inherit core-image extrausers
+inherit core-image
+IMAGE_CLASSES:append = " extrausers"
 
 ROOT_DEFAULT_PASSWORD ?= "1SimplePw!"
 DEFAULT_ADMIN_ACCOUNT ?= "myadmin"
@@ -19,7 +20,7 @@ DEFAULT_ADMIN_ACCOUNT_PASSWORD ?= "1SimplePw!"
 
 EXTRA_USERS_PARAMS = "${@bb.utils.contains('DISABLE_ROOT', 'True', "usermod -L root;", "usermod -P '${ROOT_DEFAULT_PASSWORD}' root;", d)}"
 
-EXTRA_USERS_PARAMS += "useradd  ${DEFAULT_ADMIN_ACCOUNT};" 
-EXTRA_USERS_PARAMS += "groupadd  ${DEFAULT_ADMIN_GROUP};" 
-EXTRA_USERS_PARAMS += "usermod -P '${DEFAULT_ADMIN_ACCOUNT_PASSWORD}' ${DEFAULT_ADMIN_ACCOUNT};" 
-EXTRA_USERS_PARAMS += "usermod -aG ${DEFAULT_ADMIN_GROUP}  ${DEFAULT_ADMIN_ACCOUNT};" 
+EXTRA_USERS_PARAMS:append = " useradd  ${DEFAULT_ADMIN_ACCOUNT};" 
+EXTRA_USERS_PARAMS:append = " groupadd  ${DEFAULT_ADMIN_GROUP};" 
+EXTRA_USERS_PARAMS:append = " usermod -P '${DEFAULT_ADMIN_ACCOUNT_PASSWORD}' ${DEFAULT_ADMIN_ACCOUNT};" 
+EXTRA_USERS_PARAMS:append = " usermod -aG ${DEFAULT_ADMIN_GROUP}  ${DEFAULT_ADMIN_ACCOUNT};" 
diff --git a/meta-security/meta-integrity/classes/kernel-modsign.bbclass b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
index cf5d3ebe2..093c3585e 100644
--- a/meta-security/meta-integrity/classes/kernel-modsign.bbclass
+++ b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
@@ -2,7 +2,7 @@
 # set explicitly in a local.conf before activating kernel-modsign.
 # To use the insecure (because public) example keys, use
 # MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
-MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET"
+MODSIGN_KEY_DIR ??= "MODSIGN_KEY_DIR_NOT_SET"
 
 # Private key for modules signing. The default is okay when
 # using the example key directory.
diff --git a/meta-security/meta-parsec/conf/layer.conf b/meta-security/meta-parsec/conf/layer.conf
index 86d41b22b..2eeb71b0f 100644
--- a/meta-security/meta-parsec/conf/layer.conf
+++ b/meta-security/meta-parsec/conf/layer.conf
@@ -10,5 +10,5 @@ BBFILE_PRIORITY_parsec-layer = "5"
 
 LAYERSERIES_COMPAT_parsec-layer = "honister"
 
-LAYERDEPENDS_parsec-layer = "core rust-layer clang-layer tpm-layer"
+LAYERDEPENDS_parsec-layer = "core clang-layer tpm-layer"
 BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec"
diff --git a/meta-security/meta-tpm/README b/meta-security/meta-tpm/README
index 4441dd293..5722a92ab 100644
--- a/meta-security/meta-tpm/README
+++ b/meta-security/meta-tpm/README
@@ -5,7 +5,7 @@ The bbappend files for some recipes (e.g. linux-yocto) in this layer need
 to have 'tpm' in DISTRO_FEATURES to have effect.
 To enable them, add in configuration file the following line.
 
-  DISTRO_FEATURES:append = " tmp"
+  DISTRO_FEATURES:append = " tpm"
 
 If meta-tpm is included, but tpm is not enabled as a
 distro feature a warning is printed at parse time:
@@ -57,14 +57,14 @@ other layers needed. e.g.:
 Maintenance
 -----------
 
-Send pull requests, patches, comments or questions to yocto@yoctoproject.org
+Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
 
 When sending single patches, please using something like:
-'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-security][PATCH'
+'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH'
 
 These values can be set as defaults for this repository:
 
-$ git config sendemail.to yocto@yoctoproject.org
+$ git config sendemail.to yocto@lists.yoctoproject.org
 $ git config format.subjectPrefix meta-security][PATCH
 
 Now you can just do 'git send-email origin/master' to send all local patches.
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/fixup.patch b/meta-security/recipes-ids/suricata/files/fixup.patch
index fc44ce68f..fc44ce68f 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/fixup.patch
+++ b/meta-security/recipes-ids/suricata/files/fixup.patch
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/run-ptest b/meta-security/recipes-ids/suricata/files/run-ptest
index 666ba9c95..666ba9c95 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/run-ptest
+++ b/meta-security/recipes-ids/suricata/files/run-ptest
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/suricata.service b/meta-security/recipes-ids/suricata/files/suricata.service
index a99a76ef8..a99a76ef8 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/suricata.service
+++ b/meta-security/recipes-ids/suricata/files/suricata.service
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/suricata.yaml b/meta-security/recipes-ids/suricata/files/suricata.yaml
index 8d06a2744..8d06a2744 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/suricata.yaml
+++ b/meta-security/recipes-ids/suricata/files/suricata.yaml
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/tmpfiles.suricata b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata
index fbf37848e..fbf37848e 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/tmpfiles.suricata
+++ b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/volatiles.03_suricata b/meta-security/recipes-ids/suricata/files/volatiles.03_suricata
index 4627bd3b0..4627bd3b0 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/files/volatiles.03_suricata
+++ b/meta-security/recipes-ids/suricata/files/volatiles.03_suricata
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/libhtp_0.5.38.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.38.bb
index 2a0c93ccc..2a0c93ccc 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/libhtp_0.5.38.bb
+++ b/meta-security/recipes-ids/suricata/libhtp_0.5.38.bb
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata.inc b/meta-security/recipes-ids/suricata/suricata.inc
index 5754617fb..5754617fb 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata.inc
+++ b/meta-security/recipes-ids/suricata/suricata.inc
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata_6.0.3.bb b/meta-security/recipes-ids/suricata/suricata_6.0.3.bb
index ca9e03e32..ca9e03e32 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata_6.0.3.bb
+++ b/meta-security/recipes-ids/suricata/suricata_6.0.3.bb
diff --git a/meta-security/recipes-security/cryfs/cryfs_0.10.3.bb b/meta-security/recipes-security/cryfs/cryfs_0.10.3.bb
new file mode 100644
index 000000000..74f32a495
--- /dev/null
+++ b/meta-security/recipes-security/cryfs/cryfs_0.10.3.bb
@@ -0,0 +1,10 @@
+SUMMARY = "CryFS encrypts your files, so you can safely store them anywhere."
+HOMEDIR = "https://www.cryfs.org"
+
+LICENSE = "LGPL-3.0"
+FILE_CHK_SUM = "file://;md5=12345"
+
+SRC_URI = "https://github.com/${BPN}/${BPN}.git"
+SRCREV = "0f83a1ab7e5ca9f37f97bc57b20d3fab0f351d11"
+
+inherit cmake
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/files/panic_workaround.patch b/meta-security/recipes-security/krill/files/panic_workaround.patch
index 9b08cb5ce..9b08cb5ce 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/files/panic_workaround.patch
+++ b/meta-security/recipes-security/krill/files/panic_workaround.patch
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill.inc b/meta-security/recipes-security/krill/krill.inc
index f86468b96..f86468b96 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill.inc
+++ b/meta-security/recipes-security/krill/krill.inc
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill_0.9.1.bb b/meta-security/recipes-security/krill/krill_0.9.1.bb
index 4dc61cfb3..4dc61cfb3 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill_0.9.1.bb
+++ b/meta-security/recipes-security/krill/krill_0.9.1.bb
author	Andrew Geissler <geissonator@yahoo.com>	2021-09-03 05:05:58 +0300
committer	Andrew Geissler <geissonator@yahoo.com>	2021-09-04 17:46:34 +0300
commit	d159c7fb39550d7348052766f46e51b26d3fd4cc (patch)
tree	f719f75759697649453e6bed883c54bae951eb74 /meta-security
parent	5b587cab386c4691eefa4885b9fd30794934c106 (diff)
download	openbmc-d159c7fb39550d7348052766f46e51b26d3fd4cc.tar.xz