BMC/Intel-BMC/openbmc.git - Intel-BMC/openbmc is a BMC implementation for servers (mirror)

Age	Commit message (Collapse)	Author	Files	Lines
2021-10-07	subtree updates	Patrick Williams	1	-1/+2
	meta-security: de6712a806..a85fbe980e: Anton Antonov (1): Upgrade parsec-service 0.8.1 and parsec-tool 0.4.0 Armin Kuster (1): chkrootkit: update to 0.55 Bhupesh Sharma (1): recipes-security/fscrypt: Add fscrypt .bb file Christer Fletcher (1): dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript. Kristian Klausen (1): libtpm: update to 0.8.7 Zoltán Böszörményi (1): clamav: Set clamav:clamav ownership on /var/lib/clamav in do_install poky: 06dcace68b..80f2b56ad8: Anibal Limon (1): recipes-support/ptest-runner: Bump to v2.4.2 Bruce Ashfield (5): linux-yocto-dev: update to v5.15-rcX lttng-modules/dev-upstream: update to 2.13-latest lttng-modules: fix build against 5.15+ linux-yocto/5.13: drop recipes yocto-bsp/5.13: drop recipes Chandana kalluri (1): scriptutils.py: Add check before deleting path Daniel Wagenknecht (2): common-tasks: add note about license implications of bundled initramfs ref-manual: add note about license implications of bundled initramfs Joshua Watt (2): lib/oe/spdx.py: Add comments python3: Fix sysroot reproducibility Kenfe-Mickael Laventure (1): package_ipk: Use localdata store when signing packages Kiran Surendran (1): ffmpeg: fix CVE-2021-38171 Kristian Klausen (2): ovmf: add TPM PACKAGECONFIG and enable if tpm is in MACHINE_FEATURES wic/bootimg-efi: Add Unified Kernel Image option Markus Volk (1): wic:direct.py: ignore invalid mountpoints during fstab update Matt Madison (1): autotools.bbclass: use ordinary append for file-checksums update Michael Halstead (1): releases: update to include 3.1.11 Minjae Kim (1): vim: fix CVE-2021-3778 Quentin Schulz (1): ref-manual: fix missed override syntax change Rasmus Villemoes (1): kernel.bbclass: remove unnecessary dead code Richard Purdie (29): oeqa/qemurunner: Use oe._exit(), not sys.exit() pseudo: Add in ability to flush database with shutdown request packagegroup-core-tools-profile: Exclude systemtap from riscv32 as well bitbake: bitbake-worker: Allow shutdown/database flush of pseudo server at task exit bitbake: siggen: Fix sorting in diff output bitbake: cooker/command: Add a dummy event for tinfoil testing oeqa/selftest/gotoolchain: Fix temp file cleanup oeqa/buildproject: Ensure temp directories are cleaned up libc_package/buildstats: Fix python regex quoting warnings oeqa/selftest/tinfoil: Update to use test command glew: Stop polluting /tmp during builds rpm: Ensure compression parallelism isn't coded into rpms package: Ensure pclist files are deterministic and don't use full paths gnupg: Be deterministic about sendmail mesa: Ensure megadrivers runtime mappings are deterministic util-linux: Fix reproducibility libtool: Allow libtool-cross to reproduce gobject-introspection: Don't write $HOME into scripts oeqa/selftest/bbtests: Add uuid to force build test image: Exclude IMAGE_VERSION_SUFFIX from expansion in image tasks sstatesig: Revert "Test cross/native hashserv method extension" bitbake: data: Ensure functions are defined in a deterministic order bitbake.conf: Set vardepvalue for PARALLEL_MAKEINST externalsrc: Fix a source date epoch race in reproducible builds sstatesig: Add processing for full build paths in sysroot files python3: Drop broken pyc files image-artifact-names: Use SOURCE_DATE_EPOCH when making reproducible builds for deploy abi_version/sstate: Bump HASH_VERSION and SSTATE_VERSION reproducible_build: Work around caching issues Robert P. J. Day (3): ref-manual: extend explanation of PACKAGE_DEBUG_SPLIT_STYLE ref-manual: mention INHIBIT_PACKAGE_DEBUG_SPLIT variable overview-manual: delete bad backslashes in SSTATE_MIRRORS example Saul Wold (3): spdx-licenses.json: Use 3.14 tagged version spdx.py: Add SPDXAnnotation Object create-spdx: Use SPDXAnnotation to track native recipes Thomas Perrot (2): libevent: mark util/monotonic_prc_fallback as retriable ruby: fix the reproducibility issue Tom Pollard (2): bzip2: Update soname for libbz2 1.0.8 libsamplerate0: Set correct soname for 0.1.9 Trevor Woerner (1): hello-mod/hello.c: convert printk to pr_xxx William A. Kennington III (1): rm_work.bbclass: Fix for files starting with - Yi Zhao (1): inetutils: fix CVE-2021-40491 wangmy (1): strace: upgrade 5.13 -> 5.14 meta-openembedded: cff8331f96..23dc4f060f: Armin Kuster (1): README: update to main repo Chandana kalluri (1): python3-humanfriendly: Add nativesdk to BBCLASSEXTEND Changqing Li (1): layer.conf: add openembedded-layer as LAYERDEPENDS Khem Raj (3): smcroute: Add missing pkgconfig inherit packagegroup-meta-oe: Add new packages smarty and libjs-jquery-icheck gattlib: Upgrade to latest LiweiSong (1): chipsec: platform security assessment framework Martin Jansa (5): opencv: fix build with protobuf-3.18 when dnn PACKAGECONFIG is enabled libeigen: backport fix for -Werror=class-memaccess issues when NEON is enabled README: mention linux-libc-dev:i386 for luajit on ubuntu-21.10 gpsd: inherit pkgconfig pahole: use MACHINE_ARCH Matteo Croce (1): pahole: don't download vendored libbpf Mingli Yu (1): libqb: Upgrade to 2.0.3 Nandor Han (1): libiio: depend on avahi only when network backed is used Peter Kjellerstedt (1): netdata: Move the version to the file name and correct the SRC_URI Richard Purdie (1): gattlib: Place pkgconfig file in correct package Yi Zhao (1): phpmyadmin: upgrade 5.1.0 -> 5.1.1 wangmy (7): unionfs-fuse: upgrade 2.1 -> 2.2 smcroute: upgrade 2.4.4 -> 2.5.3 snort: upgrade 2.9.18 -> 2.9.18.1 libsass: upgrade 3.6.4 -> 3.6.5 sanlock: upgrade 3.8.3 -> 3.8.4 sassc: upgrade 3.6.1 -> 3.6.2 valijson: upgrade 0.5 -> 0.6 zangrc (8): python3-pychromecast: upgrade 9.2.0 -> 9.2.1 python3-pyro4: upgrade 4.80 -> 4.81 python3-pyzmq: upgrade 22.2.1 -> 22.3.0 python3-robotframework: upgrade 4.1 -> 4.1.1 python3-sqlparse: upgrade 0.4.1 -> 0.4.2 python3-tqdm: upgrade 4.62.2 -> 4.62.3 libjs-jquery-icheck: Add recipe smarty: Add recipe zhengruoqin (6): python3-cmd2: upgrade 2.1.2 -> 2.2.0 python3-huey: upgrade 2.4.0 -> 2.4.1 python3-humanfriendly: upgrade 9.2 -> 10.0 cifs-utils: upgrade 6.13 -> 6.14 cmark: upgrade 0.30.1 -> 0.30.2 gpsd: upgrade 3.23 -> 3.23.1 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Ie782ff5d7f3004fb1f1ac9a4c8644a178bae46ad
2021-08-11	subtree updates	Patrick Williams	2	-27/+37
	meta-raspberrypi: 8dc3a31088..c7f4c739a3: Khem Raj (5): linux-raspberrypi: Upgrade to 5.10.52 userland: Update to latest master branch raspberrypi-firmware: Update to latest raspberrypi-tools: Update to latest sdcard_image-rpi.bbclass: Fix IMAGE_TYPEDEP override to use new syntax Martin Jansa (4): Convert to new override syntax Manually fix conversion layer.conf: Update to honister userland: package man pages in PN-doc Pierre-Jean Texier (2): kas: local.conf: bump CONF_VERSION variable kas: local.conf: disable prelink poky: 17aabc0127..492205ea83: Alexander Kanavin (17): llvm: update 12.0.0 -> 12.0.1 systemd: update 248.3 -> 249.1 python3-testools: update 2.4.0 -> 2.5.0 libuv: update 1.41.0 -> 1.42.0 gnu-config: update to latest revision vulkan-samples: update to latest revision cmake: update 3.20.5 -> 3.21.0 cmake: update 3.21.0 -> 3.21.1 mtools: update 4.0.32 -> 4.0.34 util-linux: update 2.37 -> 2.37.1 iputils: update 20210202 -> 20210722 freetype: update 2.10.4 -> 2.11.0 devtool: print a warning on upgrades if PREFERRED_VERSION is set rpm: do not RRECOMMEND rpm-build selftest: add core-image-weston to no-gpl3-no-meta-gpl2 image test shadow: update 4.8.1 -> 4.9 local.conf.sample: disable prelink Bernhard Rosenkränzer (1): gcc: update 11.1 -> 11.2 Bruce Ashfield (6): linux-yocto/5.10: update to v5.10.53 linux-yocto/5.13: update to v5.13.5 linux-yocto/5.4: update to v5.4.135 linux-yocto-rt/5.10: update to -rt47 linux-yocto/5.13: enable TYPEC_TCPCI in usbc fragment linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment Changqing Li (1): archiver.bbclass: fix do_ar_configured failure for kernel Chen Qi (3): zstd: fix CVE_PRODUCT insane.bbclass: fix the file-rdeps QA message for the new override syntax iputils: fix do_configure failure of missing ip command Damian Wrobel (1): rootfs: remove ldconfig auxiliary cache where appropriate Denys Dmytriyenko (4): meta: convert nested overrides leftovers to new syntax convert-overrides.py: handle few more cases of overrides libwpe: remove rpi-specific custom code poky-tiny: drop uclibc override Jon Mason (1): parselogs.py: qemuarm should be qemuarmv5 Joshua Watt (4): mesa: Fix v3d & vc4 dmabuf import bitbake: bitbake: asyncrpc: Catch early SIGTERM libxft: Fix bad PKG value bitbake: contrib: vim: Update for new override syntax Kai Kang (2): u-boot_2021.07: set UBOOT_MACHINE for qemumips and qemumips64 python3-pytest: display correct version info Kevin Hao (2): meta-yocto-bsp: Introduce the v5.13 bbappend meta-yocto-bsp: Bump to the v5.10.55 Khem Raj (10): binutils: Upgrade to 2.37 branch texinfo: Update gnulib to fix build with glibc 2.34 systemd: Fix build on musl stress-ng: Drop defining daddr_t stress-ng: Detemine minimal stack size via sysconf mesa: Define a fallback for DRIDRIVERS libssh2: Fix syntax for using ptest override toaster-managed-mode.json: Correctly specify term with new override syntax distrooverrides.bbclass: Correct override syntax devtool.py: Correct override syntax Lee Chee Yang (1): aspell: fix CVE-2019-25051 Marek Vasut (2): image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior kernel-uboot: Handle gzip and lzo compression options Martin Jansa (6): convert-overrides.py: show processed file and version of this script convert-overrides.py: remove base_dep_prepend and autotools_dep_prepend exception convert-overrides.py: 0.9.1 include '(' as delimiter for shortvars convert-overrides.py: allow specifying multiple target dirs convert-overrides.py: allow dots before override in vars_re and shortvars_re systemd-boot: use ld.bfd as efi-ld even when gold or lld is used in ${LD} Matthias Klein (2): runqemu: Fix typo in error message runqemu: decouple bios and kernel options Matthias Schiffer (3): initscripts: populate-volatile.sh: do not log to tty0 initscripts: populate-volatile.sh: run create_file synchronously initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true Michael Halstead (1): releases: update to include 3.3.1 Michael Opdenacker (18): oe-setup-builddir: update YP docs and OE URLs conf-notes.txt: now suggesting to run 'runqemu qemux86-64' test-manual: document LTO related reproducibility bug quick start manual: update "source oe-init-build-env" output dev-manual: fix wrong reference to class documentation/README: improve BitBake manual referencing guidelines manuals: simplify references to BitBake manual manuals: remove explicit BitBake variable references meta-skeleton: add recipe examples from documentation sources bitbake: doc: bitbake-user-manual: fix syntax in example and improve description bitbake: doc: bitbake-user-manual: update bitbake option help bitbake: doc: bitbake-user-manual: grammar fix for the number of "metadata" manuals: initial documentation for CVE management ref-manual: remove example recipe source files profile-manual: document how to build perf manpages on target cve-check: fix comments cve-check: update link to NVD website for CVE details cve-check: improve comment about CVE patch file names Mingli Yu (2): perlcross: not break build if already patched curl: Upgrade to 7.78.0 Nicolas Dechesne (4): yocto-check-layer: improve missed dependencies checklayer: new function get_layer_dependencies() checklayer: rename _find_layer_depends yocto-check-layer: ensure that all layer dependencies are tested too Oleksandr Kravchuk (1): bitbake.conf: change GNOME_MIRROR to new one Patrick Williams (1): pixman: re-disable iwmmxt Paul Barker (4): bitbake: asyncrpc: Fix bad message error in client bitbake: asyncrpc: Set timeout when waiting for reply from server bitbake: parse/ast: Substitute '~' when naming anonymous functions kernel-yocto: Simplify no git repo case in do_kernel_checkout Quentin Schulz (4): bitbake: doc: Makefile: turn warnings into errors by default bitbake: doc: bitbake-user-manual: ref-variables: order alphabetically the glossary sources bitbake: doc: bitbake-user-manual: ref-variables: force glossary output to be alphabetically sorted bitbake: doc: bitbake-user-manual: replace ``FOO`` by :term:`FOO` where possible Richard Purdie (49): Add MAINTAINERS.md file yocto-check-layer: Remove duplicated code libubootenv: Drop default-env RRECOMMENDS bitbake: data_smart: Allow colon in variable expansion regex meta-poky/meta-yocto-bsp: Convert to new override syntax layer.conf: Update to honister autotools/base/icecc: Remove prepend from function names scripts/contrib: Add override conversion script systemtap: Fix headers issue with x86 and 5.13 headers migration-guides: Add start of 3.4 guide with override migration notes common-tasks: Fix conversion error in npm example bitbake: bitbake: Switch to using new override syntax bitbake: doc/lib: Update to use new override syntax containing colons bitbake: doc/lib: Add fixes for issues missed by the automated conversion bitbake: bitbake: Update to version 1.51.1 layer.conf: Override changes mean we're only compatible with honister Convert to new override syntax meta: Manual override fixes local.conf.sample: Bump version so users update their config sanity.conf: Require bitbake 1.51.1 dropbear: Fix incorrect package override for postrm convert-overrides: Allow script to handle patch/diffs sdk: Decouple default install path from built in path sstate: Fix rebuilds when changing layer config populate_sdk_ext: Fix handling of TOOLCHAIN_HOST_TASK in the eSDK case local.conf.sample: Bump version so users update their config poky: Use SDKPATHINSTALL instead of SDKPATH vim: Clarify where RDEPENDS/RRECOMMENDS apply bitbake: data_smart: Fix inactive overide accidental variable value corruption local.conf.sample: Fix missed override conversion license: Exclude COPYING.MIT from pseudo meta: Convert IMAGE_TYPEDEP to use override syntax uboot-extlinux-config: Fix missing override conversion image/image_types: Convert CONVERSION_CMD/COMPRESS_CMD to new override syntax image: Drop COMPRESS_CMD devupstream: Allow support of native class extensions diffoscope: Upgrade 178 -> 179 strace: Upgrade 5.12 -> 5.13 valgrind: Add patches for glibc 2.34 support bitbake: runqueue: Improve multiconfig deferred task issues elfutils: Add patch from upstream for glibc 2.34 ptest fixes bitbake: doc: Fix append/prepend/remove references bitbake: fetch/tests/toaster: Override conversion fixups bitbake: process: Improve traceback error reporting from main loop bitbake: command: Ensure we catch/handle exceptions bitbake: ui/taskexp: Improve startup exception handling bitbake: ui/taskexp: Fix to work with empty build directories oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s packagedata: Fix after override syntax change Ross Burton (2): glew: fix Makefile race libx11: fix xkb compilation with _EVDEVK symbols Saul Wold (1): MAINTAINERS: Saul will cover devtool and eSDK Stefan Wiehler (1): dev-manual: fix source release example script Stefano Babic (1): mtd-utils: upgrade 2.1.2 -> 2.1.3 Tim Orling (2): python3-hypothesis: upgrade 6.14.3 -> 6.14.5 python3-importlib-metadata: upgrade 4.6.1 -> 4.6.3 Tony Battersby (2): lto.inc: disable LTO for grub gcc: Backport patch to make LTO builds more reproducible Tony Tascioglu (6): ffmpeg: fix-CVE-2020-20446 ffmpeg: fix CVE-2020-20453 ffmpeg: fix CVE-2020-22015 ffmpeg: fix CVE-2020-22021 ffmpeg: fix CVE-2020-22033 and CVE-2020-22019 ffmpeg: fix CVE-2021-33815 Trevor Woerner (1): ffmpeg: add libatomic for armv5 Ulrich Ölmann (2): initramfs-framework: fix whitespace issue initramfs-framework/setup-live: fix shebang Vinay Kumar (1): glibc: Fix CVE-2021-33574 Vivien Didelot (1): init-manager-systemd: define weak dev manager Zqiang (1): python3: use monotonic clock for condvar if possible hongxu (1): createrepo-c: fix createrepo-c failed in nativesdk leimaohui (1): archiver.bbclass: Fix patch error for recipes that inherit dos2unix. wangmy (3): bind: upgrade 9.16.18 -> 9.16.19 i2c-tools: upgrade 4.2 -> 4.3 diffoscope: upgrade 177 -> 178 zangrc (2): python3-dbus: upgrade 1.2.16 -> 1.2.18 python3-pip: upgrade 21.1.3 -> 21.2.1 meta-openembedded: 8fbcfb9f02..3cf2475ea0: Anastasios Kavoukis (1): pm-qa: fix paths for shell scripts Andreas Müller (3): mozjs/0001-Port-build-to-python3.patch: Fix typos in description jack: upgrade 1.19.18 -> 1.19.19 fluidsynth: upgrade 2.2.1 -> 2.2.2 Andrej Valek (1): thrift: upgrade to 0.14.2 Andrew Jeffery (2): python3-gmpy: Add native support python3-ecdsa: Add native support Armin Kuster (2): hiawatha: fix url. wireshark: update to 3.4.7 Ben Brown (1): android-tools: fix install of adb client when TOOLS is overridden Changqing Li (1): apache2: upgrade 2.4.46 -> 2.4.48 Devendra Tewari (1): Suppress eol in functionfs setup scripts (#147) Gianfranco (1): vboxguestdrivers: upgrade 6.1.22 -> 6.1.24 Joe Slater (2): php: move to version 7.4.21 gtksourceview4: work around dependency deficiency Johannes Obermüller (1): evtest: fix timestamps in output Kai Kang (2): python3-blivet: 3.1.4 -> 3.4.0 python3-blivetgui: 2.1.10 -> 2.2.1 Khem Raj (23): netperf: Update to latest netperf: Add systemd unit file packagegroup-meta-oe: Add lmdb packagegroup-meta-oe: Add mbw addcli: check for ns_get16 and ns_get32 fuse: Define closefrom if not available autofs: Fix build with glibc 2.34+ ntp: Do not use PTHREAD_STACK_MIN on glibc ntp: Fix make check mongodb: Upgrade to 4.4.7 vboxguestdrivers: Remove __divmoddi4 patch packagegroup-meta-oe: Add jemalloc apitrace: Exclude from builds with glibc 2.34+ libhugetlbfs: Disable build with glibc 2.34+ fvwm: Package extra files and man pages luajit: Fix override syntax lua: Drop uclibc patch packagegroup-meta-oe: Correct override name and fix syntax recipes: Fix override syntax emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN} fvwm: Fix build time paths in target perl/python scripts nis: Drop uclibc check in anon python function jemalloc: Fix build on musl Leon Anavi (3): python3-networkx: Upgrade 2.6.1 -> 2.6.2 python3-pysonos: Upgrade 0.0.53 -> 0.0.54 python3-zeroconf: Upgrade 0.33.1 -> 0.33.2 Li Wang (1): openlldp: fix segfault Maksym Sloyko (1): libusbgx: Configure the Devices Used Martin Jansa (5): Convert to new override syntax layer.conf: Update to honister mariadb: manually fix the conversion packagegroup-meta-oe: manually finish override syntax conversion klibc.bbclass, image_types_sparse.bbclass, packagegroup-meta-oe.bb: update the overrides syntax conversion Mingli Yu (4): mariadb: redefine log-error item jemalloc: add new recipe hdf5: improve reproducibility mariadb: Update SRC_URI Nicolas Dechesne (1): mbw: add new recipe Paulo Neves (1): htop: Add ncurses-terminfo-base to RDEPENDS Sakib Sajal (1): lmdb: add recipe Salman Ahmed (2): nginx: upgrade 1.18.0 -> 1.20.1 nginx: upgrade 1.19.6 -> 1.21.1 Tony Battersby (1): net-snmp: fix QA Issue after LDFLAGS change Yi Zhao (3): postfix: upgrade 3.6.1 -> 3.6.2 audit: upgrade 3.0.2 -> 3.0.3 audit: fix compile error for 2.8.5 Zang Ruochen (1): python3-robotframework: upgrade 4.0.3 -> 4.1 wangmy (17): evince: upgrade 40.2 -> 40.4 gnome-backgrounds: upgrade 3.36.0 -> 3.38.0 gnome-desktop3: upgrade 3.36.6 -> 3.38.8 cmark: upgrade 0.30.0 -> 0.30.1 ctags: upgrade 5.9.20210711.0 -> 5.9.20210718.0 libnet-dns-perl: upgrade 1.31 -> 1.32 libtalloc: upgrade 2.3.2 -> 2.3.3 nghttp2: upgrade 1.43.0 -> 1.44.0 bats: upgrade 1.3.0 -> 1.4.1 networkmanager: upgrade 1.32.2 -> 1.32.4 gensio: upgrade 2.2.7 -> 2.2.8 libmbim: upgrade 1.24.8 -> 1.26.0 fetchmail: upgrade 6.4.19 -> 6.4.20 ctags: upgrade 5.9.20210718.0 -> 5.9.20210801.0 libblockdev: upgrade 2.25 -> 2.26 libqmi: upgrade 1.28.6 -> 1.28.8 monit: upgrade 5.28.0 -> 5.28.1 zangrc (15): python3-qrcode: upgrade 7.1 -> 7.2 python3-rdflib: upgrade 5.0.0 -> 6.0.0 python3-simplejson: upgrade 3.17.2 -> 3.17.3 python3-bitstring: upgrade 3.1.7 -> 3.1.9 python3-iso8601: upgrade 0.1.14 -> 0.1.16 python3-gmqtt: upgrade 0.6.9 -> 0.6.10 python3-graphviz: upgrade 0.16 -> 0.17 python3-smbus: upgrade 4.2 -> 4.3 python3-pandas: upgrade 1.3.0 -> 1.3.1 python3-progress: upgrade 1.5 -> 1.6 python3-sentry-sdk: upgrade 1.3.0 -> 1.3.1 python3-socketio: upgrade 5.3.0 -> 5.4.0 python3-tqdm: upgrade 4.61.2 -> 4.62.0 python3-twisted: upgrade 21.2.0 -> 21.7.0 python3-xlsxwriter: upgrade 1.4.4 -> 1.4.5 zhengruoqin (15): live555: upgrade 20210710 -> 20210720 libtest-warnings-perl: upgrade 0.030 -> 0.031 python3-pybind11: upgrade 2.6.2 -> 2.7.0 python3-pymongo: upgrade 3.11.4 -> 3.12.0 python3-sqlalchemy: upgrade 1.4.20 -> 1.4.22 python3-sentry-sdk: upgrade 1.2.0 -> 1.3.0 libcurses-perl: upgrade 1.37 -> 1.38 libdbd-sqlite-perl: upgrade 1.66 -> 1.68 libencode-perl: upgrade 3.10 -> 3.11 python3-bitarray: upgrade 2.2.2 -> 2.2.3 python3-cbor2: upgrade 5.4.0 -> 5.4.1 python3-gast: upgrade 0.5.0 -> 0.5.1 poppler: upgrade 21.07.0 -> 21.08.0 valijson: upgrade 0.4 -> 0.5 xwd: upgrade 1.0.7 -> 1.0.8 meta-security: 152cdb506b..c885d399cd: Armin Kuster (18): suricata.inc: exclude ppc in rust version suricata: Drop 4.1.x its EOL add meta-rust crowdsec: add pkg packagegroup-core-security.bb: fix suricat-ptest inclusion gitlab-ci.yml: streamline builds matrix krill: Add new pkg clamav: fix branch name and update meta-security: Convert to new override syntax meta-tpm: Convert to new override syntax meta-integrity: Convert to new override syntax meta-hardening: Convert to new override syntax meta-security-isafw: Convert to new override syntax meta-parsec: Convert to new override syntax meta-security-compliance: Convert to new override syntax dynamix-layers: Convert to new override syntax kas: Convert to new override syntax packagegroup-core-security.bb: only include suricat-ptest if rust is included Martin Jansa (1): layer.conf: Update to honister Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Iec7301cf1c43b7cec462dcf88292a8b1b12a5045
2021-07-28	meta-security: subtree update:46f7e7acbe..152cdb506b	Andrew Geissler	4	-2/+3
	Anton Antonov (1): Do not use clang toolchain in Parsec recipes Armin Kuster (9): initramfs-framework: fix typo in conditional ssshgaurd: add packaage packagegroup-core-security: add sshguard initramfs-framework: rename files dir sssd: update to 2.5.1 suricata: update to 6.0.3 kas/kas-security-alt.yml: add meta-rust .gitlab-ci.yml: fix qemux86 musl order tpm-tools: fix build issue Yi Zhao (2): apparmor: upgrade 3.0 -> 3.0.1 apparmor: use its own initscript and service files Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Idf435d7f6b767d87ae2cc720b520e57c22645935
2021-06-28	meta-security: subtree update:ab239f1497..46f7e7acbe	Andrew Geissler	6	-23/+19
	Armin Kuster (18): python3-scapy: update to 2.4.5 lkrg-module: update 0.9.1 packagegroup-core-security: exclude ossec-hids from musl ossec-hids: musl not compatable sssd: update to 2.5.0 busybox: drop as libsecomp is in core linux-%_5.%.bbappend: drop recipe initramfs-framework: fix YCL issue. python3-scapy: drop , now in meta-python packagegroup-core-security: drop python3-scapy meta-hardening/initscripts: missed overide. meta-security: add sanity check meta-security/recipe-kernel: use sanity check linux-yocto-dev: drop bbappend meta-tpm: add layer sanity check meta-tpm/linux-yocto: use sanity support meta-integrity: add sanity check meta-integrity/recipe-kernel: use sanity check Federico Pellegrin (1): aircrack-ng: update to 1.6 Kai Kang (2): sssd: set pid path with /run sssd: add fix-ldblibdir.patch back Ricardo Salveti (1): tpm2-tss: fix usrmerge udev install path Robert P. J. Day (1): Correct "securiyt" typo in maintainers.inc Sekine Shigeki (1): smack: add 3 cves to allowlist Upgrade Helper (2): clamav: upgrade to latest revision opendnssec: upgrade 2.1.8 -> 2.1.9 Yi Zhao (1): libgssglue: update SRC_URI Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I3bcabc218b240681d525111d16f963eb9b33c922
2021-06-07	meta-security: subtree update:baca6133f9..ab239f1497	William A. Kennington III	1	-6/+5
	Armin Kuster (16): build cleanup: add iam to base depend tripwire: Blacklist pkg, upstream seems abandond tpm2-pkcs11: Update to 1.6.0 clamav: update to tip. ossec-hids: add UPSTREAM_CHECK_COMMITS python3-scapy: add UPSTREAM_CHECK_COMMITS suricata: 4.1.x add UPSTREAM_CHECK_URI ibmswtpm2: update to 1661 ibmtpm2tss: update to tip packagegroup-core-security: fix typo for mips Apparmor: fix multi config build issue. aide: Add another ids packagegroup-core-security: add aide and ossec .gitlab-ci: drop clean up combine alt w base clamav: fix systemd startup packagegroup-core-security: add clamav-daemon Change-Id: Id941ea16208920cfa31bf6d42f8a01fc9765ec7c Signed-off-by: William A. Kennington III <wak@google.com>
2021-05-27	meta-security: subtree update:ca9264b1e1..baca6133f9	Andrew Geissler	1	-0/+3
	Anton Antonov (1): gitlab-ci: Move all parsec builds into a separate job Armin Kuster (12): kas-security-base: Move some DISTRO_FEATURES around -tpm.yml: drop tpms jobs gitlab-ci: move tpm build .gitlab-ci: work on pipelime gitlab-ci: cleanup after_script gitlab-ci: add new before script kas: cleanup some kas files packagegroup-core-security: exclude apparmor in mips64 .gitlab-ci: use kas shell in some cases. kas-security-base: fix feature namespace for tpm ossec-hids: add new pkg libseccomp: drop recipe. In core now Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Icef0838533cbc51af188f574d4931ac3d250ba84
2021-04-19	meta-security: subtree update:775870980b..ca9264b1e1	Andrew Geissler	1	-2/+2
	Anton Antonov (4): Use libest "main" branch instead of "master". Add meta-parsec layer into meta-security. Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI Clearly define clang toolchain in Parsec recipes Armin Kuster (16): packagegroup-core-security: drop clamav-cvd clamav: upgrade 104.0 python3-privacyidea: upgrade 3.5.1 -> 3.5.2 clamav: fix systemd service install swtpm: now need python-cryptography, pull in layer swtpm: file pip3 issue swtpm: fix check for tscd deamon on host python3-suricata-update: update to 1.2.1 suricata: update to 6.0.2 layer.conf: add dynamic-layer for rust pkg README: cleanup .gitlab-ci.yml: reorder to speed up builds kas-security-base.yml: tweek build vars gitlab-ci: fine tune order clamav: remove rest of mirror.dat ref lkrg-module: Add Linux Kernel Runtime Guard Ming Liu (2): meta: drop IMA_POLICY from policy recipes initramfs-framework-ima: introduce IMA_FORCE Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
2020-10-16	meta-security: subtree update:d6baccc068..4c2f7ffd49	Andrew Geissler	4	-78/+62
	Adrian (1): gitignore added Armin Kuster (31): kas: build with ptest. remove apparmor softHSM: add pkg packagegroup-core-security: add softHSM libest: add recipe packagegroup-core-security: add libest package opendnssec: add recipe packagegroup-core-security: add opendnssec to pkg grp gitlab-ci: allow test to fail libseccomp: fix ptest failures. packagegroup-core-security-ptest: remove keyutils-ptest security-test-image: simplify packagegroup-core-security-ptest: remove apparmor: fix build issue with ptest enabled. security-test-image: tweak to get more tests to runn apparmor: update to 3.0 packagegroup-core-security: apparmor 3.0 ptest does not build suricata: fix compiling on gcc10 qemux86-test: add apparmor back apparmor: fix build for on musl ecryptfs-utils: fix musl build libest: fix musl build. sssd: update to latest ltm 1.16.5 packagegroup-core-security: remove clamav from musl image suricata: update to 4.1.9 kas: fixup alt configs gitlab-ci: add qemux86 and qemuarm64 musl builds tpm2-tss: update to 2.4.3 tpm2-totp: update to 0.2.1 tpm2-abrmd: update to 2.3.3 tpm2-tools: update to 4.3.0 tpm2-pkcs11: update to 1.4.0 Mingli Yu (1): scap-security-guide: add expat-native to DEPENDS Naveen Saini (3): initramfs-framework/dmverity: add retry loop for slow boot devices wic: add wks.in for intel dm-verity linux-%/5.x: Add dm-verity fragment as needed Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: If3a721fdd99bb6e35c82cf4e7485f06cebaef905
2020-09-18	meta-security: subtree update:787ba6faea..d6baccc068	Andrew Geissler	6	-74/+101
	Armin Kuster (20): trousers: update to tip upload-error-report: add script to upload errors kas/kas-security-base.yml: lets enable error reporting .gitlab: send error reports cryptsetup-tpm-incubator: drop recipe sssd: Avoid nss function conflicts with glibc nss.h cryptsetup-tpm-incubator: remove reference from other files packagegroup-core-security: dont include suricata on riscv or ppc kas-security-base: add testimage kas: add test config kas: add one dm-verify image build gitlab-ci: add dm-verify-image gitlab-ci: add testimage meta-harden: Add a layer to demo harding OE/YP kas-security-base: define sections as base packagegroup-core-security: add more pkgs to base group apparmor: exclude mips64, not supported kas: add alt and mutli build images kas-security-base: set RPM and disable ptest qemu test: set ptest Charlie Davies (1): clamav: update SO_VER to 9.0.4 Jens Rehsack (2): ibmswtpm2: update to 1637 ibmtpm2tss: add recipe Jonatan Pålsson (1): sssd: Make manpages buildable Qi.Chen@windriver.com (1): nss: update patch to fix do_patch error Zheng Ruoqin (1): trousers: Fix the problem that do_package fails when multilib is enabled. niko.mauno@vaisala.com (12): dm-verity-img.bbclass: Fix bashisms dm-verity-img.bbclass: Reorder parse-time check dm-verity-image-initramfs: Ensure verity hash sync dm-verity-image-initramfs: Bind at do_image instead linux-yocto(-dev): Add dm-verity fragment as needed dm-verity-img.bbclass: Stage verity.env file initramfs-framework: Add dmverity module dm-verity-image-initramfs: Use initramfs-framework dm-verity-initramfs-image: Cosmetic improvements dm-verity-image-initramfs: Add base-passwd package dm-verity-image-initramfs: Drop locales from image beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I9f2debc1f48092734569fd106b56cd7bcb6180b7
2020-08-21	meta-security: subtree update:066a04425c..787ba6faea	Andrew Geissler	6	-0/+181
	Armin Kuster (10): lynis: update to 3.0.0 security images: Move to recipe-core security packagegroups: move to recipes-core packagegroup-security-tpm: add more packages for building packagegroup-core-security: remove clamav for riscv* libsecomp: rv32/rv64 target builds are not supported yet packagegroup-core-security: remove libseccomp for riscv* libseccomp: update to 2.5.0 packagegroup-core-security: restore riscv64 for libssecomp trousers: Several Security fixes Charlie Davies (1): clamav: add INSTALL_CLAMAV_CVD flag to do_install Kai Kang (1): libseccomp: fix cross compile error for mips Yi Zhao (1): ibmswtpm2: upgrade 1563 -> 1628 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I0341c0d4cd61fb6ef7db6a29f9fc60de3caa822f
2020-05-21	meta-security: subtree update:b72cc7f87c..95fe86eb98	Andrew Geissler	3	-0/+85
	André Draszik (1): linux-yocto: update the bbappend to 5.x Armin Kuster (36): README: add pull request option sssd: drop py2 support python3-fail2ban: update to latest Apparmor: fix some runtime depends linux-yocto-dev: remove "+" checksecurity: fix runtime issues buck-security: fix rdebends and minor style cleanup swtpm: fix configure error ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory bastille: convert to py3 tpm2-tools: update to 4.1.1 tpm2-tcti-uefi: fix build issue for i386 machine tpm2-tss: update to 2.3.2 ibmswtpm2: update to 1563 python3-fail2ban: add 2-3 conversion changes google-authenticator-libpam: install module in pam location apparmor: update to tip clamav: add bison-native to depend meta-security-isafw: import layer from Intel isafw: fix to work against master layer.conf: add zeus README.md: update to new maintainer clamav-native: missed bison fix secuirty*-image: remove dead var and minor cleanup libtpm: fix build issue over pod2man sssd: python2 not supported libseccomp: update to 2.4.3 lynis: add missing rdepends fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog chkrootkit: add rootkit recipe clamav: move to recipes-scanners checksec: move to recipe-scanners checksecurity: move to recipes-scanners buck-security: move to recipes-scanners arpwatch: add new recipe buck-security: fix runtime issue with missing per module Bartosz Golaszewski (3): linux: drop the bbappend for linux v4.x series classes: provide a class for generating dm-verity meta-data images dm-verity: add a working example for BeagleBone Black Haseeb Ashraf (1): samhain: dnmalloc hash fix for aarch64 and mips64 Jan Luebbe (2): apparmor: fix wrong executable permission on service file apparmor: update to 2.13.4 Jonatan Pålsson (10): README: Add meta-python to list of layer deps sssd: Add PACKAGECONFIG for python2 sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto sssd: DEPEND on nss if nothing else is chosen sssd: Sort PACKAGECONFIG entries sssd: Add autofs PACKAGECONFIG sssd: Add sudo PACKAGECONFIG sssd: Add missing files to SYSTEMD_SERVICE sssd: Add missing DEPENDS on jansson sssd: Add infopipe PACKAGECONFIG Kai Kang (1): sssd: fix for ldblibdir and systemd etc Martin Jansa (1): layer.conf: update LAYERSERIES_COMPAT for dunfell Mingli Yu (1): linux-yocto: update the bbappend to 5.x Pierre-Jean Texier via Lists.Yoctoproject.Org (1): google-authenticator-libpam: upgrade 1.07 -> 1.08 Yi Zhao (5): samhain: fix build with new version attr scap-security-guide: fix xml parsing error when build remediation files scap-security-guide: pass the correct schema file path to openscap-native openscap-daemon: add missing runtime dependencies samhain-server: add volatile file for systemd Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
2019-09-09	meta-security: subtree update:30ea7a89dc..d75dc96fa3	Brad Bishop	2	-3/+4
	Armin Kuster (11): python-scapy: drop py2 package packagegroup-core-security-ptest: only included if ptest is enabled packagegroup-core-security: update package name busybox: fix sig changes when layer added initramfs-framework-ima: correct IMA_POLICY name apparmor: drop lsb RDEPENDS openscap: Drop nostamp scap-security-guide: add depends on openscap-native do_install cryptsetup-tpm-incubator: fix QA error RDEPENDS oe-scap: Fix QA RDEPENDS error suricata: update to 4.1.4 Stefan Agner (1): libseccomp: build static library always Change-Id: Ia2f8aec978de4f3d20c13be3c12b70a7badc29d5 Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
2018-08-23	[Subtree] Removing import-layers directory	Dave Cobbley	2	-0/+4
	As part of the move to subtrees, need to bring all the import layers content to the top level. Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

meta-security: de6712a806..a85fbe980e: Anton Antonov (1): Upgrade parsec-service 0.8.1 and parsec-tool 0.4.0 Armin Kuster (1): chkrootkit: update to 0.55 Bhupesh Sharma (1): recipes-security/fscrypt: Add fscrypt .bb file Christer Fletcher (1): dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript. Kristian Klausen (1): libtpm: update to 0.8.7 Zoltán Böszörményi (1): clamav: Set clamav:clamav ownership on /var/lib/clamav in do_install poky: 06dcace68b..80f2b56ad8: Anibal Limon (1): recipes-support/ptest-runner: Bump to v2.4.2 Bruce Ashfield (5): linux-yocto-dev: update to v5.15-rcX lttng-modules/dev-upstream: update to 2.13-latest lttng-modules: fix build against 5.15+ linux-yocto/5.13: drop recipes yocto-bsp/5.13: drop recipes Chandana kalluri (1): scriptutils.py: Add check before deleting path Daniel Wagenknecht (2): common-tasks: add note about license implications of bundled initramfs ref-manual: add note about license implications of bundled initramfs Joshua Watt (2): lib/oe/spdx.py: Add comments python3: Fix sysroot reproducibility Kenfe-Mickael Laventure (1): package_ipk: Use localdata store when signing packages Kiran Surendran (1): ffmpeg: fix CVE-2021-38171 Kristian Klausen (2): ovmf: add TPM PACKAGECONFIG and enable if tpm is in MACHINE_FEATURES wic/bootimg-efi: Add Unified Kernel Image option Markus Volk (1): wic:direct.py: ignore invalid mountpoints during fstab update Matt Madison (1): autotools.bbclass: use ordinary append for file-checksums update Michael Halstead (1): releases: update to include 3.1.11 Minjae Kim (1): vim: fix CVE-2021-3778 Quentin Schulz (1): ref-manual: fix missed override syntax change Rasmus Villemoes (1): kernel.bbclass: remove unnecessary dead code Richard Purdie (29): oeqa/qemurunner: Use oe._exit(), not sys.exit() pseudo: Add in ability to flush database with shutdown request packagegroup-core-tools-profile: Exclude systemtap from riscv32 as well bitbake: bitbake-worker: Allow shutdown/database flush of pseudo server at task exit bitbake: siggen: Fix sorting in diff output bitbake: cooker/command: Add a dummy event for tinfoil testing oeqa/selftest/gotoolchain: Fix temp file cleanup oeqa/buildproject: Ensure temp directories are cleaned up libc_package/buildstats: Fix python regex quoting warnings oeqa/selftest/tinfoil: Update to use test command glew: Stop polluting /tmp during builds rpm: Ensure compression parallelism isn't coded into rpms package: Ensure pclist files are deterministic and don't use full paths gnupg: Be deterministic about sendmail mesa: Ensure megadrivers runtime mappings are deterministic util-linux: Fix reproducibility libtool: Allow libtool-cross to reproduce gobject-introspection: Don't write $HOME into scripts oeqa/selftest/bbtests: Add uuid to force build test image: Exclude IMAGE_VERSION_SUFFIX from expansion in image tasks sstatesig: Revert "Test cross/native hashserv method extension" bitbake: data: Ensure functions are defined in a deterministic order bitbake.conf: Set vardepvalue for PARALLEL_MAKEINST externalsrc: Fix a source date epoch race in reproducible builds sstatesig: Add processing for full build paths in sysroot files python3: Drop broken pyc files image-artifact-names: Use SOURCE_DATE_EPOCH when making reproducible builds for deploy abi_version/sstate: Bump HASH_VERSION and SSTATE_VERSION reproducible_build: Work around caching issues Robert P. J. Day (3): ref-manual: extend explanation of PACKAGE_DEBUG_SPLIT_STYLE ref-manual: mention INHIBIT_PACKAGE_DEBUG_SPLIT variable overview-manual: delete bad backslashes in SSTATE_MIRRORS example Saul Wold (3): spdx-licenses.json: Use 3.14 tagged version spdx.py: Add SPDXAnnotation Object create-spdx: Use SPDXAnnotation to track native recipes Thomas Perrot (2): libevent: mark util/monotonic_prc_fallback as retriable ruby: fix the reproducibility issue Tom Pollard (2): bzip2: Update soname for libbz2 1.0.8 libsamplerate0: Set correct soname for 0.1.9 Trevor Woerner (1): hello-mod/hello.c: convert printk to pr_xxx William A. Kennington III (1): rm_work.bbclass: Fix for files starting with - Yi Zhao (1): inetutils: fix CVE-2021-40491 wangmy (1): strace: upgrade 5.13 -> 5.14 meta-openembedded: cff8331f96..23dc4f060f: Armin Kuster (1): README: update to main repo Chandana kalluri (1): python3-humanfriendly: Add nativesdk to BBCLASSEXTEND Changqing Li (1): layer.conf: add openembedded-layer as LAYERDEPENDS Khem Raj (3): smcroute: Add missing pkgconfig inherit packagegroup-meta-oe: Add new packages smarty and libjs-jquery-icheck gattlib: Upgrade to latest LiweiSong (1): chipsec: platform security assessment framework Martin Jansa (5): opencv: fix build with protobuf-3.18 when dnn PACKAGECONFIG is enabled libeigen: backport fix for -Werror=class-memaccess issues when NEON is enabled README: mention linux-libc-dev:i386 for luajit on ubuntu-21.10 gpsd: inherit pkgconfig pahole: use MACHINE_ARCH Matteo Croce (1): pahole: don't download vendored libbpf Mingli Yu (1): libqb: Upgrade to 2.0.3 Nandor Han (1): libiio: depend on avahi only when network backed is used Peter Kjellerstedt (1): netdata: Move the version to the file name and correct the SRC_URI Richard Purdie (1): gattlib: Place pkgconfig file in correct package Yi Zhao (1): phpmyadmin: upgrade 5.1.0 -> 5.1.1 wangmy (7): unionfs-fuse: upgrade 2.1 -> 2.2 smcroute: upgrade 2.4.4 -> 2.5.3 snort: upgrade 2.9.18 -> 2.9.18.1 libsass: upgrade 3.6.4 -> 3.6.5 sanlock: upgrade 3.8.3 -> 3.8.4 sassc: upgrade 3.6.1 -> 3.6.2 valijson: upgrade 0.5 -> 0.6 zangrc (8): python3-pychromecast: upgrade 9.2.0 -> 9.2.1 python3-pyro4: upgrade 4.80 -> 4.81 python3-pyzmq: upgrade 22.2.1 -> 22.3.0 python3-robotframework: upgrade 4.1 -> 4.1.1 python3-sqlparse: upgrade 0.4.1 -> 0.4.2 python3-tqdm: upgrade 4.62.2 -> 4.62.3 libjs-jquery-icheck: Add recipe smarty: Add recipe zhengruoqin (6): python3-cmd2: upgrade 2.1.2 -> 2.2.0 python3-huey: upgrade 2.4.0 -> 2.4.1 python3-humanfriendly: upgrade 9.2 -> 10.0 cifs-utils: upgrade 6.13 -> 6.14 cmark: upgrade 0.30.1 -> 0.30.2 gpsd: upgrade 3.23 -> 3.23.1 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Ie782ff5d7f3004fb1f1ac9a4c8644a178bae46ad

meta-raspberrypi: 8dc3a31088..c7f4c739a3: Khem Raj (5): linux-raspberrypi: Upgrade to 5.10.52 userland: Update to latest master branch raspberrypi-firmware: Update to latest raspberrypi-tools: Update to latest sdcard_image-rpi.bbclass: Fix IMAGE_TYPEDEP override to use new syntax Martin Jansa (4): Convert to new override syntax Manually fix conversion layer.conf: Update to honister userland: package man pages in PN-doc Pierre-Jean Texier (2): kas: local.conf: bump CONF_VERSION variable kas: local.conf: disable prelink poky: 17aabc0127..492205ea83: Alexander Kanavin (17): llvm: update 12.0.0 -> 12.0.1 systemd: update 248.3 -> 249.1 python3-testools: update 2.4.0 -> 2.5.0 libuv: update 1.41.0 -> 1.42.0 gnu-config: update to latest revision vulkan-samples: update to latest revision cmake: update 3.20.5 -> 3.21.0 cmake: update 3.21.0 -> 3.21.1 mtools: update 4.0.32 -> 4.0.34 util-linux: update 2.37 -> 2.37.1 iputils: update 20210202 -> 20210722 freetype: update 2.10.4 -> 2.11.0 devtool: print a warning on upgrades if PREFERRED_VERSION is set rpm: do not RRECOMMEND rpm-build selftest: add core-image-weston to no-gpl3-no-meta-gpl2 image test shadow: update 4.8.1 -> 4.9 local.conf.sample: disable prelink Bernhard Rosenkränzer (1): gcc: update 11.1 -> 11.2 Bruce Ashfield (6): linux-yocto/5.10: update to v5.10.53 linux-yocto/5.13: update to v5.13.5 linux-yocto/5.4: update to v5.4.135 linux-yocto-rt/5.10: update to -rt47 linux-yocto/5.13: enable TYPEC_TCPCI in usbc fragment linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment Changqing Li (1): archiver.bbclass: fix do_ar_configured failure for kernel Chen Qi (3): zstd: fix CVE_PRODUCT insane.bbclass: fix the file-rdeps QA message for the new override syntax iputils: fix do_configure failure of missing ip command Damian Wrobel (1): rootfs: remove ldconfig auxiliary cache where appropriate Denys Dmytriyenko (4): meta: convert nested overrides leftovers to new syntax convert-overrides.py: handle few more cases of overrides libwpe: remove rpi-specific custom code poky-tiny: drop uclibc override Jon Mason (1): parselogs.py: qemuarm should be qemuarmv5 Joshua Watt (4): mesa: Fix v3d & vc4 dmabuf import bitbake: bitbake: asyncrpc: Catch early SIGTERM libxft: Fix bad PKG value bitbake: contrib: vim: Update for new override syntax Kai Kang (2): u-boot_2021.07: set UBOOT_MACHINE for qemumips and qemumips64 python3-pytest: display correct version info Kevin Hao (2): meta-yocto-bsp: Introduce the v5.13 bbappend meta-yocto-bsp: Bump to the v5.10.55 Khem Raj (10): binutils: Upgrade to 2.37 branch texinfo: Update gnulib to fix build with glibc 2.34 systemd: Fix build on musl stress-ng: Drop defining daddr_t stress-ng: Detemine minimal stack size via sysconf mesa: Define a fallback for DRIDRIVERS libssh2: Fix syntax for using ptest override toaster-managed-mode.json: Correctly specify term with new override syntax distrooverrides.bbclass: Correct override syntax devtool.py: Correct override syntax Lee Chee Yang (1): aspell: fix CVE-2019-25051 Marek Vasut (2): image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior kernel-uboot: Handle gzip and lzo compression options Martin Jansa (6): convert-overrides.py: show processed file and version of this script convert-overrides.py: remove base_dep_prepend and autotools_dep_prepend exception convert-overrides.py: 0.9.1 include '(' as delimiter for shortvars convert-overrides.py: allow specifying multiple target dirs convert-overrides.py: allow dots before override in vars_re and shortvars_re systemd-boot: use ld.bfd as efi-ld even when gold or lld is used in ${LD} Matthias Klein (2): runqemu: Fix typo in error message runqemu: decouple bios and kernel options Matthias Schiffer (3): initscripts: populate-volatile.sh: do not log to tty0 initscripts: populate-volatile.sh: run create_file synchronously initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true Michael Halstead (1): releases: update to include 3.3.1 Michael Opdenacker (18): oe-setup-builddir: update YP docs and OE URLs conf-notes.txt: now suggesting to run 'runqemu qemux86-64' test-manual: document LTO related reproducibility bug quick start manual: update "source oe-init-build-env" output dev-manual: fix wrong reference to class documentation/README: improve BitBake manual referencing guidelines manuals: simplify references to BitBake manual manuals: remove explicit BitBake variable references meta-skeleton: add recipe examples from documentation sources bitbake: doc: bitbake-user-manual: fix syntax in example and improve description bitbake: doc: bitbake-user-manual: update bitbake option help bitbake: doc: bitbake-user-manual: grammar fix for the number of "metadata" manuals: initial documentation for CVE management ref-manual: remove example recipe source files profile-manual: document how to build perf manpages on target cve-check: fix comments cve-check: update link to NVD website for CVE details cve-check: improve comment about CVE patch file names Mingli Yu (2): perlcross: not break build if already patched curl: Upgrade to 7.78.0 Nicolas Dechesne (4): yocto-check-layer: improve missed dependencies checklayer: new function get_layer_dependencies() checklayer: rename _find_layer_depends yocto-check-layer: ensure that all layer dependencies are tested too Oleksandr Kravchuk (1): bitbake.conf: change GNOME_MIRROR to new one Patrick Williams (1): pixman: re-disable iwmmxt Paul Barker (4): bitbake: asyncrpc: Fix bad message error in client bitbake: asyncrpc: Set timeout when waiting for reply from server bitbake: parse/ast: Substitute '~' when naming anonymous functions kernel-yocto: Simplify no git repo case in do_kernel_checkout Quentin Schulz (4): bitbake: doc: Makefile: turn warnings into errors by default bitbake: doc: bitbake-user-manual: ref-variables: order alphabetically the glossary sources bitbake: doc: bitbake-user-manual: ref-variables: force glossary output to be alphabetically sorted bitbake: doc: bitbake-user-manual: replace ``FOO`` by :term:`FOO` where possible Richard Purdie (49): Add MAINTAINERS.md file yocto-check-layer: Remove duplicated code libubootenv: Drop default-env RRECOMMENDS bitbake: data_smart: Allow colon in variable expansion regex meta-poky/meta-yocto-bsp: Convert to new override syntax layer.conf: Update to honister autotools/base/icecc: Remove prepend from function names scripts/contrib: Add override conversion script systemtap: Fix headers issue with x86 and 5.13 headers migration-guides: Add start of 3.4 guide with override migration notes common-tasks: Fix conversion error in npm example bitbake: bitbake: Switch to using new override syntax bitbake: doc/lib: Update to use new override syntax containing colons bitbake: doc/lib: Add fixes for issues missed by the automated conversion bitbake: bitbake: Update to version 1.51.1 layer.conf: Override changes mean we're only compatible with honister Convert to new override syntax meta: Manual override fixes local.conf.sample: Bump version so users update their config sanity.conf: Require bitbake 1.51.1 dropbear: Fix incorrect package override for postrm convert-overrides: Allow script to handle patch/diffs sdk: Decouple default install path from built in path sstate: Fix rebuilds when changing layer config populate_sdk_ext: Fix handling of TOOLCHAIN_HOST_TASK in the eSDK case local.conf.sample: Bump version so users update their config poky: Use SDKPATHINSTALL instead of SDKPATH vim: Clarify where RDEPENDS/RRECOMMENDS apply bitbake: data_smart: Fix inactive overide accidental variable value corruption local.conf.sample: Fix missed override conversion license: Exclude COPYING.MIT from pseudo meta: Convert IMAGE_TYPEDEP to use override syntax uboot-extlinux-config: Fix missing override conversion image/image_types: Convert CONVERSION_CMD/COMPRESS_CMD to new override syntax image: Drop COMPRESS_CMD devupstream: Allow support of native class extensions diffoscope: Upgrade 178 -> 179 strace: Upgrade 5.12 -> 5.13 valgrind: Add patches for glibc 2.34 support bitbake: runqueue: Improve multiconfig deferred task issues elfutils: Add patch from upstream for glibc 2.34 ptest fixes bitbake: doc: Fix append/prepend/remove references bitbake: fetch/tests/toaster: Override conversion fixups bitbake: process: Improve traceback error reporting from main loop bitbake: command: Ensure we catch/handle exceptions bitbake: ui/taskexp: Improve startup exception handling bitbake: ui/taskexp: Fix to work with empty build directories oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s packagedata: Fix after override syntax change Ross Burton (2): glew: fix Makefile race libx11: fix xkb compilation with _EVDEVK symbols Saul Wold (1): MAINTAINERS: Saul will cover devtool and eSDK Stefan Wiehler (1): dev-manual: fix source release example script Stefano Babic (1): mtd-utils: upgrade 2.1.2 -> 2.1.3 Tim Orling (2): python3-hypothesis: upgrade 6.14.3 -> 6.14.5 python3-importlib-metadata: upgrade 4.6.1 -> 4.6.3 Tony Battersby (2): lto.inc: disable LTO for grub gcc: Backport patch to make LTO builds more reproducible Tony Tascioglu (6): ffmpeg: fix-CVE-2020-20446 ffmpeg: fix CVE-2020-20453 ffmpeg: fix CVE-2020-22015 ffmpeg: fix CVE-2020-22021 ffmpeg: fix CVE-2020-22033 and CVE-2020-22019 ffmpeg: fix CVE-2021-33815 Trevor Woerner (1): ffmpeg: add libatomic for armv5 Ulrich Ölmann (2): initramfs-framework: fix whitespace issue initramfs-framework/setup-live: fix shebang Vinay Kumar (1): glibc: Fix CVE-2021-33574 Vivien Didelot (1): init-manager-systemd: define weak dev manager Zqiang (1): python3: use monotonic clock for condvar if possible hongxu (1): createrepo-c: fix createrepo-c failed in nativesdk leimaohui (1): archiver.bbclass: Fix patch error for recipes that inherit dos2unix. wangmy (3): bind: upgrade 9.16.18 -> 9.16.19 i2c-tools: upgrade 4.2 -> 4.3 diffoscope: upgrade 177 -> 178 zangrc (2): python3-dbus: upgrade 1.2.16 -> 1.2.18 python3-pip: upgrade 21.1.3 -> 21.2.1 meta-openembedded: 8fbcfb9f02..3cf2475ea0: Anastasios Kavoukis (1): pm-qa: fix paths for shell scripts Andreas Müller (3): mozjs/0001-Port-build-to-python3.patch: Fix typos in description jack: upgrade 1.19.18 -> 1.19.19 fluidsynth: upgrade 2.2.1 -> 2.2.2 Andrej Valek (1): thrift: upgrade to 0.14.2 Andrew Jeffery (2): python3-gmpy: Add native support python3-ecdsa: Add native support Armin Kuster (2): hiawatha: fix url. wireshark: update to 3.4.7 Ben Brown (1): android-tools: fix install of adb client when TOOLS is overridden Changqing Li (1): apache2: upgrade 2.4.46 -> 2.4.48 Devendra Tewari (1): Suppress eol in functionfs setup scripts (#147) Gianfranco (1): vboxguestdrivers: upgrade 6.1.22 -> 6.1.24 Joe Slater (2): php: move to version 7.4.21 gtksourceview4: work around dependency deficiency Johannes Obermüller (1): evtest: fix timestamps in output Kai Kang (2): python3-blivet: 3.1.4 -> 3.4.0 python3-blivetgui: 2.1.10 -> 2.2.1 Khem Raj (23): netperf: Update to latest netperf: Add systemd unit file packagegroup-meta-oe: Add lmdb packagegroup-meta-oe: Add mbw addcli: check for ns_get16 and ns_get32 fuse: Define closefrom if not available autofs: Fix build with glibc 2.34+ ntp: Do not use PTHREAD_STACK_MIN on glibc ntp: Fix make check mongodb: Upgrade to 4.4.7 vboxguestdrivers: Remove __divmoddi4 patch packagegroup-meta-oe: Add jemalloc apitrace: Exclude from builds with glibc 2.34+ libhugetlbfs: Disable build with glibc 2.34+ fvwm: Package extra files and man pages luajit: Fix override syntax lua: Drop uclibc patch packagegroup-meta-oe: Correct override name and fix syntax recipes: Fix override syntax emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN} fvwm: Fix build time paths in target perl/python scripts nis: Drop uclibc check in anon python function jemalloc: Fix build on musl Leon Anavi (3): python3-networkx: Upgrade 2.6.1 -> 2.6.2 python3-pysonos: Upgrade 0.0.53 -> 0.0.54 python3-zeroconf: Upgrade 0.33.1 -> 0.33.2 Li Wang (1): openlldp: fix segfault Maksym Sloyko (1): libusbgx: Configure the Devices Used Martin Jansa (5): Convert to new override syntax layer.conf: Update to honister mariadb: manually fix the conversion packagegroup-meta-oe: manually finish override syntax conversion klibc.bbclass, image_types_sparse.bbclass, packagegroup-meta-oe.bb: update the overrides syntax conversion Mingli Yu (4): mariadb: redefine log-error item jemalloc: add new recipe hdf5: improve reproducibility mariadb: Update SRC_URI Nicolas Dechesne (1): mbw: add new recipe Paulo Neves (1): htop: Add ncurses-terminfo-base to RDEPENDS Sakib Sajal (1): lmdb: add recipe Salman Ahmed (2): nginx: upgrade 1.18.0 -> 1.20.1 nginx: upgrade 1.19.6 -> 1.21.1 Tony Battersby (1): net-snmp: fix QA Issue after LDFLAGS change Yi Zhao (3): postfix: upgrade 3.6.1 -> 3.6.2 audit: upgrade 3.0.2 -> 3.0.3 audit: fix compile error for 2.8.5 Zang Ruochen (1): python3-robotframework: upgrade 4.0.3 -> 4.1 wangmy (17): evince: upgrade 40.2 -> 40.4 gnome-backgrounds: upgrade 3.36.0 -> 3.38.0 gnome-desktop3: upgrade 3.36.6 -> 3.38.8 cmark: upgrade 0.30.0 -> 0.30.1 ctags: upgrade 5.9.20210711.0 -> 5.9.20210718.0 libnet-dns-perl: upgrade 1.31 -> 1.32 libtalloc: upgrade 2.3.2 -> 2.3.3 nghttp2: upgrade 1.43.0 -> 1.44.0 bats: upgrade 1.3.0 -> 1.4.1 networkmanager: upgrade 1.32.2 -> 1.32.4 gensio: upgrade 2.2.7 -> 2.2.8 libmbim: upgrade 1.24.8 -> 1.26.0 fetchmail: upgrade 6.4.19 -> 6.4.20 ctags: upgrade 5.9.20210718.0 -> 5.9.20210801.0 libblockdev: upgrade 2.25 -> 2.26 libqmi: upgrade 1.28.6 -> 1.28.8 monit: upgrade 5.28.0 -> 5.28.1 zangrc (15): python3-qrcode: upgrade 7.1 -> 7.2 python3-rdflib: upgrade 5.0.0 -> 6.0.0 python3-simplejson: upgrade 3.17.2 -> 3.17.3 python3-bitstring: upgrade 3.1.7 -> 3.1.9 python3-iso8601: upgrade 0.1.14 -> 0.1.16 python3-gmqtt: upgrade 0.6.9 -> 0.6.10 python3-graphviz: upgrade 0.16 -> 0.17 python3-smbus: upgrade 4.2 -> 4.3 python3-pandas: upgrade 1.3.0 -> 1.3.1 python3-progress: upgrade 1.5 -> 1.6 python3-sentry-sdk: upgrade 1.3.0 -> 1.3.1 python3-socketio: upgrade 5.3.0 -> 5.4.0 python3-tqdm: upgrade 4.61.2 -> 4.62.0 python3-twisted: upgrade 21.2.0 -> 21.7.0 python3-xlsxwriter: upgrade 1.4.4 -> 1.4.5 zhengruoqin (15): live555: upgrade 20210710 -> 20210720 libtest-warnings-perl: upgrade 0.030 -> 0.031 python3-pybind11: upgrade 2.6.2 -> 2.7.0 python3-pymongo: upgrade 3.11.4 -> 3.12.0 python3-sqlalchemy: upgrade 1.4.20 -> 1.4.22 python3-sentry-sdk: upgrade 1.2.0 -> 1.3.0 libcurses-perl: upgrade 1.37 -> 1.38 libdbd-sqlite-perl: upgrade 1.66 -> 1.68 libencode-perl: upgrade 3.10 -> 3.11 python3-bitarray: upgrade 2.2.2 -> 2.2.3 python3-cbor2: upgrade 5.4.0 -> 5.4.1 python3-gast: upgrade 0.5.0 -> 0.5.1 poppler: upgrade 21.07.0 -> 21.08.0 valijson: upgrade 0.4 -> 0.5 xwd: upgrade 1.0.7 -> 1.0.8 meta-security: 152cdb506b..c885d399cd: Armin Kuster (18): suricata.inc: exclude ppc in rust version suricata: Drop 4.1.x its EOL add meta-rust crowdsec: add pkg packagegroup-core-security.bb: fix suricat-ptest inclusion gitlab-ci.yml: streamline builds matrix krill: Add new pkg clamav: fix branch name and update meta-security: Convert to new override syntax meta-tpm: Convert to new override syntax meta-integrity: Convert to new override syntax meta-hardening: Convert to new override syntax meta-security-isafw: Convert to new override syntax meta-parsec: Convert to new override syntax meta-security-compliance: Convert to new override syntax dynamix-layers: Convert to new override syntax kas: Convert to new override syntax packagegroup-core-security.bb: only include suricat-ptest if rust is included Martin Jansa (1): layer.conf: Update to honister Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Iec7301cf1c43b7cec462dcf88292a8b1b12a5045

Anton Antonov (1): Do not use clang toolchain in Parsec recipes Armin Kuster (9): initramfs-framework: fix typo in conditional ssshgaurd: add packaage packagegroup-core-security: add sshguard initramfs-framework: rename files dir sssd: update to 2.5.1 suricata: update to 6.0.3 kas/kas-security-alt.yml: add meta-rust .gitlab-ci.yml: fix qemux86 musl order tpm-tools: fix build issue Yi Zhao (2): apparmor: upgrade 3.0 -> 3.0.1 apparmor: use its own initscript and service files Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Idf435d7f6b767d87ae2cc720b520e57c22645935

Armin Kuster (18): python3-scapy: update to 2.4.5 lkrg-module: update 0.9.1 packagegroup-core-security: exclude ossec-hids from musl ossec-hids: musl not compatable sssd: update to 2.5.0 busybox: drop as libsecomp is in core linux-%_5.%.bbappend: drop recipe initramfs-framework: fix YCL issue. python3-scapy: drop , now in meta-python packagegroup-core-security: drop python3-scapy meta-hardening/initscripts: missed overide. meta-security: add sanity check meta-security/recipe-kernel: use sanity check linux-yocto-dev: drop bbappend meta-tpm: add layer sanity check meta-tpm/linux-yocto: use sanity support meta-integrity: add sanity check meta-integrity/recipe-kernel: use sanity check Federico Pellegrin (1): aircrack-ng: update to 1.6 Kai Kang (2): sssd: set pid path with /run sssd: add fix-ldblibdir.patch back Ricardo Salveti (1): tpm2-tss: fix usrmerge udev install path Robert P. J. Day (1): Correct "securiyt" typo in maintainers.inc Sekine Shigeki (1): smack: add 3 cves to allowlist Upgrade Helper (2): clamav: upgrade to latest revision opendnssec: upgrade 2.1.8 -> 2.1.9 Yi Zhao (1): libgssglue: update SRC_URI Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I3bcabc218b240681d525111d16f963eb9b33c922

Armin Kuster (16): build cleanup: add iam to base depend tripwire: Blacklist pkg, upstream seems abandond tpm2-pkcs11: Update to 1.6.0 clamav: update to tip. ossec-hids: add UPSTREAM_CHECK_COMMITS python3-scapy: add UPSTREAM_CHECK_COMMITS suricata: 4.1.x add UPSTREAM_CHECK_URI ibmswtpm2: update to 1661 ibmtpm2tss: update to tip packagegroup-core-security: fix typo for mips Apparmor: fix multi config build issue. aide: Add another ids packagegroup-core-security: add aide and ossec .gitlab-ci: drop clean up combine alt w base clamav: fix systemd startup packagegroup-core-security: add clamav-daemon Change-Id: Id941ea16208920cfa31bf6d42f8a01fc9765ec7c Signed-off-by: William A. Kennington III <wak@google.com>

Anton Antonov (1): gitlab-ci: Move all parsec builds into a separate job Armin Kuster (12): kas-security-base: Move some DISTRO_FEATURES around *-tpm.yml: drop tpms jobs gitlab-ci: move tpm build .gitlab-ci: work on pipelime gitlab-ci: cleanup after_script gitlab-ci: add new before script kas: cleanup some kas files packagegroup-core-security: exclude apparmor in mips64 .gitlab-ci: use kas shell in some cases. kas-security-base: fix feature namespace for tpm* ossec-hids: add new pkg libseccomp: drop recipe. In core now Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Icef0838533cbc51af188f574d4931ac3d250ba84

Anton Antonov (4): Use libest "main" branch instead of "master". Add meta-parsec layer into meta-security. Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI Clearly define clang toolchain in Parsec recipes Armin Kuster (16): packagegroup-core-security: drop clamav-cvd clamav: upgrade 104.0 python3-privacyidea: upgrade 3.5.1 -> 3.5.2 clamav: fix systemd service install swtpm: now need python-cryptography, pull in layer swtpm: file pip3 issue swtpm: fix check for tscd deamon on host python3-suricata-update: update to 1.2.1 suricata: update to 6.0.2 layer.conf: add dynamic-layer for rust pkg README: cleanup .gitlab-ci.yml: reorder to speed up builds kas-security-base.yml: tweek build vars gitlab-ci: fine tune order clamav: remove rest of mirror.dat ref lkrg-module: Add Linux Kernel Runtime Guard Ming Liu (2): meta: drop IMA_POLICY from policy recipes initramfs-framework-ima: introduce IMA_FORCE Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9

Adrian (1): gitignore added Armin Kuster (31): kas: build with ptest. remove apparmor softHSM: add pkg packagegroup-core-security: add softHSM libest: add recipe packagegroup-core-security: add libest package opendnssec: add recipe packagegroup-core-security: add opendnssec to pkg grp gitlab-ci: allow test to fail libseccomp: fix ptest failures. packagegroup-core-security-ptest: remove keyutils-ptest security-test-image: simplify packagegroup-core-security-ptest: remove apparmor: fix build issue with ptest enabled. security-test-image: tweak to get more tests to runn apparmor: update to 3.0 packagegroup-core-security: apparmor 3.0 ptest does not build suricata: fix compiling on gcc10 qemux86-test: add apparmor back apparmor: fix build for on musl ecryptfs-utils: fix musl build libest: fix musl build. sssd: update to latest ltm 1.16.5 packagegroup-core-security: remove clamav from musl image suricata: update to 4.1.9 kas: fixup alt configs gitlab-ci: add qemux86 and qemuarm64 musl builds tpm2-tss: update to 2.4.3 tpm2-totp: update to 0.2.1 tpm2-abrmd: update to 2.3.3 tpm2-tools: update to 4.3.0 tpm2-pkcs11: update to 1.4.0 Mingli Yu (1): scap-security-guide: add expat-native to DEPENDS Naveen Saini (3): initramfs-framework/dmverity: add retry loop for slow boot devices wic: add wks.in for intel dm-verity linux-%/5.x: Add dm-verity fragment as needed Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: If3a721fdd99bb6e35c82cf4e7485f06cebaef905

Armin Kuster (20): trousers: update to tip upload-error-report: add script to upload errors kas/kas-security-base.yml: lets enable error reporting .gitlab: send error reports cryptsetup-tpm-incubator: drop recipe sssd: Avoid nss function conflicts with glibc nss.h cryptsetup-tpm-incubator: remove reference from other files packagegroup-core-security: dont include suricata on riscv or ppc kas-security-base: add testimage kas: add test config kas: add one dm-verify image build gitlab-ci: add dm-verify-image gitlab-ci: add testimage meta-harden: Add a layer to demo harding OE/YP kas-security-base: define sections as base packagegroup-core-security: add more pkgs to base group apparmor: exclude mips64, not supported kas: add alt and mutli build images kas-security-base: set RPM and disable ptest qemu test: set ptest Charlie Davies (1): clamav: update SO_VER to 9.0.4 Jens Rehsack (2): ibmswtpm2: update to 1637 ibmtpm2tss: add recipe Jonatan Pålsson (1): sssd: Make manpages buildable Qi.Chen@windriver.com (1): nss: update patch to fix do_patch error Zheng Ruoqin (1): trousers: Fix the problem that do_package fails when multilib is enabled. niko.mauno@vaisala.com (12): dm-verity-img.bbclass: Fix bashisms dm-verity-img.bbclass: Reorder parse-time check dm-verity-image-initramfs: Ensure verity hash sync dm-verity-image-initramfs: Bind at do_image instead linux-yocto(-dev): Add dm-verity fragment as needed dm-verity-img.bbclass: Stage verity.env file initramfs-framework: Add dmverity module dm-verity-image-initramfs: Use initramfs-framework dm-verity-initramfs-image: Cosmetic improvements dm-verity-image-initramfs: Add base-passwd package dm-verity-image-initramfs: Drop locales from image beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I9f2debc1f48092734569fd106b56cd7bcb6180b7

Armin Kuster (10): lynis: update to 3.0.0 security images: Move to recipe-core security packagegroups: move to recipes-core packagegroup-security-tpm: add more packages for building packagegroup-core-security: remove clamav for riscv* libsecomp: rv32/rv64 target builds are not supported yet packagegroup-core-security: remove libseccomp for riscv* libseccomp: update to 2.5.0 packagegroup-core-security: restore riscv64 for libssecomp trousers: Several Security fixes Charlie Davies (1): clamav: add INSTALL_CLAMAV_CVD flag to do_install Kai Kang (1): libseccomp: fix cross compile error for mips Yi Zhao (1): ibmswtpm2: upgrade 1563 -> 1628 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I0341c0d4cd61fb6ef7db6a29f9fc60de3caa822f

André Draszik (1): linux-yocto: update the bbappend to 5.x Armin Kuster (36): README: add pull request option sssd: drop py2 support python3-fail2ban: update to latest Apparmor: fix some runtime depends linux-yocto-dev: remove "+" checksecurity: fix runtime issues buck-security: fix rdebends and minor style cleanup swtpm: fix configure error ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory bastille: convert to py3 tpm2-tools: update to 4.1.1 tpm2-tcti-uefi: fix build issue for i386 machine tpm2-tss: update to 2.3.2 ibmswtpm2: update to 1563 python3-fail2ban: add 2-3 conversion changes google-authenticator-libpam: install module in pam location apparmor: update to tip clamav: add bison-native to depend meta-security-isafw: import layer from Intel isafw: fix to work against master layer.conf: add zeus README.md: update to new maintainer clamav-native: missed bison fix secuirty*-image: remove dead var and minor cleanup libtpm: fix build issue over pod2man sssd: python2 not supported libseccomp: update to 2.4.3 lynis: add missing rdepends fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog chkrootkit: add rootkit recipe clamav: move to recipes-scanners checksec: move to recipe-scanners checksecurity: move to recipes-scanners buck-security: move to recipes-scanners arpwatch: add new recipe buck-security: fix runtime issue with missing per module Bartosz Golaszewski (3): linux: drop the bbappend for linux v4.x series classes: provide a class for generating dm-verity meta-data images dm-verity: add a working example for BeagleBone Black Haseeb Ashraf (1): samhain: dnmalloc hash fix for aarch64 and mips64 Jan Luebbe (2): apparmor: fix wrong executable permission on service file apparmor: update to 2.13.4 Jonatan Pålsson (10): README: Add meta-python to list of layer deps sssd: Add PACKAGECONFIG for python2 sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto sssd: DEPEND on nss if nothing else is chosen sssd: Sort PACKAGECONFIG entries sssd: Add autofs PACKAGECONFIG sssd: Add sudo PACKAGECONFIG sssd: Add missing files to SYSTEMD_SERVICE sssd: Add missing DEPENDS on jansson sssd: Add infopipe PACKAGECONFIG Kai Kang (1): sssd: fix for ldblibdir and systemd etc Martin Jansa (1): layer.conf: update LAYERSERIES_COMPAT for dunfell Mingli Yu (1): linux-yocto: update the bbappend to 5.x Pierre-Jean Texier via Lists.Yoctoproject.Org (1): google-authenticator-libpam: upgrade 1.07 -> 1.08 Yi Zhao (5): samhain: fix build with new version attr scap-security-guide: fix xml parsing error when build remediation files scap-security-guide: pass the correct schema file path to openscap-native openscap-daemon: add missing runtime dependencies samhain-server: add volatile file for systemd Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

Armin Kuster (11): python-scapy: drop py2 package packagegroup-core-security-ptest: only included if ptest is enabled packagegroup-core-security: update package name busybox: fix sig changes when layer added initramfs-framework-ima: correct IMA_POLICY name apparmor: drop lsb RDEPENDS openscap: Drop nostamp scap-security-guide: add depends on openscap-native do_install cryptsetup-tpm-incubator: fix QA error RDEPENDS oe-scap: Fix QA RDEPENDS error suricata: update to 4.1.4 Stefan Agner (1): libseccomp: build static library always Change-Id: Ia2f8aec978de4f3d20c13be3c12b70a7badc29d5 Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

As part of the move to subtrees, need to bring all the import layers content to the top level. Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>