subtree updates

poky: 492205ea83..94dfcaff64:
  Alejandro Hernandez Samaniego (1):
        baremetal-helloworld: Enable RISC-V 32 port

  Alexandre Belloni (1):
        oeqa/runtime/cases: make date.DateTest.test_date more reliable

  Anton Blanchard (3):
        libjpeg-turbo: Handle powerpc64le without Altivec
        kmod: use nonarch_base_libdir for depmod.d and modprobe.d
        pixman: Handle PowerPC without Altivec

  Changqing Li (1):
        libconvert-asn1-perl: 0.27 -> 0.31

  Chen Qi (4):
        convert-overrides.py: also convert comments without a leading whitespace
        meta: use new override syntax in comments
        multilib.bbclass: fix new override syntax for virtclass-multilib
        util-linux: add back manpages related settings

  Daniel Gomez (1):
        docs: fix typo in releases

  Dmitry Baryshkov (1):
        linux-firmware: add more Qualcomm firmware packages

  Dragos-Marian Panait (1):
        util-linux: fix CVE-2021-37600

  Joe Slater (1):
        terminal.bbclass: force bash for devshell

  Jon Mason (1):
        tune-cortexm*: add support for all Arm Cortex-M processors

  Jose Quaresma (1):
        sstate.bbclass: fix error handling when sstate mirrors is ro

  Joshua Watt (2):
        classes/cve-check: Move get_patches_cves to library
        lib/packagedata: Fix for new overrides

  Khem Raj (4):
        glibc: Upgrade to 2.34 release
        glibc: Remove obsolete --enable-stackguard-randomization
        glibc: Drop DUMMY_LOCALE_T define patch
        glibc: Add missing symlinks for libpthread and librt dev files

  Michael Halstead (1):
        releases: update to include 3.1.10

  Michael Opdenacker (12):
        manuals: mention license information in footer
        manuals: further documentation for cve-check
        cve-check: remove deprecated CVE_CHECK_CVE_WHITELIST
        bsp-guide: overrides syntax updates
        dev-manual: overrides syntax updates
        kernel-dev manual: overrides syntax updates
        ref-manual: overrides syntax updates
        sdk-manual: overrides syntax updates
        test-manual: overrides syntax updates
        sdk-manual: reference obsolete reference to ADT
        Manuals: replace "file name" by "filename"
        dev-manual: fix grammar in post-install script explanations

  Nisha Parrakat (1):
        dbus_%.bbappend: stop using selinux_set_mapping

  Olaf Mandel (1):
        kickstart: document which options accept units

  Patrick Williams (3):
        pixman: re-disable iwmmxt
        systemd: add zstd PACKAGECONFIG
        systemd: set zstd as default PACKAGECONFIG

  Paul Barker (2):
        u-boot: Package extlinux.conf separately
        pypi: Allow override of PyPI archive name

  Quentin Schulz (3):
        insane.bbclass: fix new override syntax migration
        docs: fix new override syntax migration
        docs: overview-manual: concepts: remove long-gone BBHASHDEPS variable

  Richard Purdie (6):
        test-manual: Add extra detail to YP Compatible section
        migration-3.4: Add extra notes to override syntax changes
        ruby: Fix DEBUG_PREFIX_MAP in LDFLAGS issue
        gettext: Fix reproducibility issue with LDFLAGS
        curl: Fix reproducibility issue with LDFLAGS
        libtool: Fix lto option passing for reproducible builds

  Ross Burton (11):
        e2fsprogs: ensure small images have 256-byte inodes
        wic: don't forcibly pass -T default
        parted: drop unneeded ld-is-gold patch
        parted: update patch status
        buildtools-tarball: add testsdk task
        oeqa/sdk: add some buildtools tests
        bitbake: utils: add environment updating context manager
        bitbake: fetch2: expose environment variable names that need to be exported
        bitbake: fetch2/wget: ensure all variables are set when calling urllib
        bitbake: fetch2/wget: fetch securely by default
        tar: ignore node-tar CVEs

  Thomas Perrot (2):
        kernel-fitimage: images should not be signed with the same keys as the configurations
        oeqa/selftest/fitimage: update tests to use two keys

  Tim Orling (3):
        python3-scons{-native}: upgrade 4.1.0 -> 4.2.0
        perl: do_create_rdepends_inc override syntax
        package.bbclass: FILER* override syntax

  Tom Rini (2):
        common-tasks: Add a summary to the end of the bbappend example
        manuals: Rename the "Using .bbappend Files in Your Layer" section

  Tony Battersby (2):
        bitbake.conf: add DEBUG_PREFIX_MAP to TARGET_LDFLAGS
        ruby: Fix reproducibility issue with LDFLAGS

  Tony Tascioglu (1):
        valgrind: skip broken ptests for glibc 2.34

  Vyacheslav Yurkov (7):
        lib/oe: add generic functions for overlayfs
        overlayfs.bbclass: generate overlayfs mount units
        rootfs-postcommands: add QA check for overlayfs
        systemd-machine-units: add bbappend for meta-selftest
        overlayfs: meta-selftest recipe
        oeqa/selftest: overlayfs unit tests
        MAINTAINERS: add overlayfs maintainer

  Yi Zhao (3):
        dbus: add PACKAGECONFIG for audit and selinux
        glib-2.0: add PACKAGECONFIG for selinux
        shadow: add PACKAGECONFIG for audit and selinux

  hongxu (1):
        sdk: fix relocate symlink failed

  wangmy (1):
        ell: upgrade 0.41 -> 0.42

meta-raspberrypi: c7f4c739a3..32921fc9bd:
  Omer Akram (1):
        linux-firmware-rpidistro: fix wifi driver loading on cm4

  Otavio Salvador (1):
        rpi-config: Allow setting hdmi_cvt

meta-openembedded: 3cf2475ea0..a13db91f19:
  Changqing Li (1):
        ndpi: fix CVE-2021-36082

  Chen Qi (1):
        Convert to new override syntax using latest convert-overrides.py script

  Dmitry Baryshkov (1):
        image_types_sparse: fix sparse image generation

  Geoff Parker (1):
        cifs-utils: typo fix fakse --> false

  Kai Kang (2):
        libdbi-perl: fix CVE-2014-10402
        python3-m2crypto: fix for new overrides syntax

  Khem Raj (1):
        packagegroup-meta-oe: Add ttf-ipa

  Leon Anavi (15):
        python3-astroid: Upgrade 2.6.5 -> 2.6.6
        python3-gast: Upgrade 0.5.1 -> 0.5.2
        python3-greenlet: Upgrade 1.1.0 -> 1.1.1
        python3-bitarray: Upgrade 2.2.3 -> 2.2.5
        python3-send2trash: Upgrade 1.7.1 -> 1.8.0
        python3-zeroconf: Upgrade 0.33.2 -> 0.34.3
        python3-aiohue: Upgrade 2.5.1 -> 2.6.1
        python3-configargparse: Upgrade 1.5.1 -> 1.5.2
        python3-pycurl: Upgrade 7.43.0.6 -> 7.44.0
        python3-distro: Upgrade 1.5.0 -> 1.6.0
        python3-google-api-core: Upgrade 1.30.0 -> 1.31.1
        python3-google-auth: Upgrade 1.32.0 -> 1.34.0
        python3-google-api-python-client: Upgrade 2.12.0 -> 2.15.0
        python3-huey: Upgrade 2.3.2 -> 2.4.0
        python3-apply-defaults: Upgrade 0.1.4 -> 0.1.6

  Martin Jansa (1):
        python3-grpcio: make sure that GRPC_CFLAGS is expanded to empty

  Michael Opdenacker (3):
        vorbis-tools: update to 1.4.2 (latest in 1.4.x series)
        bigbuckbunny-1080p: fix sample video URL
        opus-tools: update to 0.2, move to meta-multimedia and fix license

  Mingli Yu (3):
        jemalloc: fix the race during do_install
        jemalloc: add ptest support
        jemalloc: improve the ptest output

  Naveen Saini (1):
        python3-defusedxml: extend recipe to add native support

  Philippe Coval (1):
        mycroft: Install more tools needed by scripts

  Tony Battersby (3):
        curlpp: fix QA Issue after LDFLAGS change
        ldns: fix QA Issue after LDFLAGS change
        tcsh: fix compile error after LDFLAGS change

  Yi Zhao (5):
        audit: upgrade 3.0.3 -> 3.0.4
        augeas: rename PACKAGECONFIG[libselinux] to PACKAGECONFIG[selinux]
        network-manager-applet: add selinux to PACKAGECONFIG if enable selinux distro feature
        networkmanager: add PACKAGECONFIG for audit and selinux
        augeas: add selinux to PACKAGECONFIG if enable selinux distro feature

  leimaohui (1):
        ttf-ipa: Added a new font.

  wangmy (1):
        iwd: upgrade 1.15 -> 1.16

  zangrc (1):
        python3-humanize: upgrade 3.10.0 -> 3.11.0

  zhengruoqin (3):
        python3-engineio: upgrade 4.2.0 -> 4.2.1
        python3-ipython: upgrade 7.25.0 -> 7.26.0
        python3-isort: upgrade 5.9.2 -> 5.9.3

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7a8bd19709f465db51254ed3fcaf2486fe64dcaf

2 files changed, 134 insertions, 1 deletions

diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch
new file mode 100644
index 0000000000..e55093d1ad
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch
@@ -0,0 +1,132 @@
+From 759318f11352d01b45bbab62c7bf0a53fb781083 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Tue, 10 Aug 2021 11:27:16 -0400
+Subject: [PATCH] flush uid/gid caches when user/group added/deleted/modified
+
+It was reported in issue #209 that in the enriched format that auditd
+is creating the wrong account associations. This is due to caching
+previous lookups. The fix is to monitor for account lifecycle changes
+and flush the LRUs if any are seen.
+
+Upstream-Status: Backport
+[https://github.com/linux-audit/audit-userspace/commit/8662f61108f8b9365f96ef49ca8ca331a7880f24]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ auparse/auparse-idata.h |  3 ++-
+ auparse/interpret.c     | 12 ++++++++++++
+ src/auditd-event.c      | 27 +++++++++++++++++++++++++--
+ 3 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/auparse/auparse-idata.h b/auparse/auparse-idata.h
+index 660901a..eaca86a 100644
+--- a/auparse/auparse-idata.h
++++ b/auparse/auparse-idata.h
+@@ -1,6 +1,6 @@
+ /*
+ * idata.h - Header file for ausearch-lookup.c
+-* Copyright (c) 2013,2016-17 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2013,2016-17,2021 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+@@ -45,6 +45,7 @@ char *auparse_do_interpretation(int type, const idata *id,
+ void _auparse_load_interpretations(const char *buf);
+ void _auparse_free_interpretations(void);
+ const char *_auparse_lookup_interpretation(const char *name);
++void _auparse_flush_caches(void);
+ 
+ #endif
+ 
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 046867b..eef377a 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -653,6 +653,18 @@ void aulookup_destroy_gid_list(void)
+ 	gid_cache_created = 0;
+ }
+ 
++void _auparse_flush_caches(void)
++{
++	if (uid_cache_created) {
++		destroy_lru(uid_cache);
++		uid_cache_created = 0;
++	}
++	if (gid_cache_created) {
++		destroy_lru(gid_cache);
++		gid_cache_created = 0;
++	}
++}
++
+ static const char *print_uid(const char *val, unsigned int base)
+ {
+         int uid;
+diff --git a/src/auditd-event.c b/src/auditd-event.c
+index cb29fee..3655726 100644
+--- a/src/auditd-event.c
++++ b/src/auditd-event.c
+@@ -42,6 +42,7 @@
+ #include "libaudit.h"
+ #include "private.h"
+ #include "auparse.h"
++#include "auparse-idata.h"
+ 
+ /* This is defined in auditd.c */
+ extern volatile int stop;
+@@ -56,7 +57,7 @@ static void do_space_left_action(int admin);
+ static void do_disk_full_action(void);
+ static void do_disk_error_action(const char *func, int err);
+ static void fix_disk_permissions(void);
+-static void check_excess_logs(void); 
++static void check_excess_logs(void);
+ static void rotate_logs_now(void);
+ static void rotate_logs(unsigned int num_logs, unsigned int keep_logs);
+ static void shift_logs(void);
+@@ -394,7 +395,7 @@ static const char *format_enrich(const struct audit_reply *rep)
+ 	        	snprintf(format_buf, MAX_AUDIT_MESSAGE_LENGTH,
+ 		    "type=DAEMON_ERR op=format-enriched msg=NULL res=failed");
+ 	} else {
+-		int rc;
++		int rc, rtype;
+ 		size_t mlen, len;
+ 		char *message;
+ 		// Do raw format to get event started
+@@ -427,6 +428,17 @@ static const char *format_enrich(const struct audit_reply *rep)
+ 
+ 		// Loop over all fields while possible to add field
+ 		rc = auparse_first_record(au);
++		rtype = auparse_get_type(au);
++		switch (rtype)
++		{	// Flush before adding to pickup new associations
++			case AUDIT_ADD_USER:
++			case AUDIT_ADD_GROUP:
++				_auparse_flush_caches();
++				break;
++			default:
++				break;
++		}
++
+ 		while (rc > 0 && len > MIN_SPACE_LEFT) {
+ 			// See what kind of field we have
+ 			size_t vlen;
+@@ -454,6 +466,17 @@ static const char *format_enrich(const struct audit_reply *rep)
+ 			rc = auparse_next_field(au);
+ 		}
+ 
++		switch(rtype)
++		{	// Flush after modification to remove stale entries
++			case AUDIT_USER_MGMT:
++			case AUDIT_DEL_USER:
++			case AUDIT_DEL_GROUP:
++			case AUDIT_GRP_MGMT:
++				_auparse_flush_caches();
++				break;
++			default:
++				break;
++		}
+ 		free(message);
+ 	}
+         return format_buf;
+-- 
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb
index c30b971625..db550492e5 100644
--- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb
@@ -9,13 +9,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \
            file://Fixed-swig-host-contamination-issue.patch \
+           file://0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch \
            file://auditd \
            file://auditd.service \
            file://audit-volatile.conf \
 "
 
 S = "${WORKDIR}/git"
-SRCREV = "17c100abcfef4cbd94a0a5be9b830c8386c3add6"
+SRCREV = "86a975cd96c3838e56be9d27262f8a36bb822634"
 
 inherit autotools python3native update-rc.d systemd