subtree updates

meta-raspberrypi: 8dc3a31088..c7f4c739a3:
  Khem Raj (5):
        linux-raspberrypi: Upgrade to 5.10.52
        userland: Update to latest master branch
        raspberrypi-firmware: Update to latest
        raspberrypi-tools: Update to latest
        sdcard_image-rpi.bbclass: Fix IMAGE_TYPEDEP override to use new syntax

  Martin Jansa (4):
        Convert to new override syntax
        Manually fix conversion
        layer.conf: Update to honister
        userland: package man pages in PN-doc

  Pierre-Jean Texier (2):
        kas: local.conf: bump CONF_VERSION variable
        kas: local.conf: disable prelink

poky: 17aabc0127..492205ea83:
  Alexander Kanavin (17):
        llvm: update 12.0.0 -> 12.0.1
        systemd: update 248.3 -> 249.1
        python3-testools: update 2.4.0 -> 2.5.0
        libuv: update 1.41.0 -> 1.42.0
        gnu-config: update to latest revision
        vulkan-samples: update to latest revision
        cmake: update 3.20.5 -> 3.21.0
        cmake: update 3.21.0 -> 3.21.1
        mtools: update 4.0.32 -> 4.0.34
        util-linux: update 2.37 -> 2.37.1
        iputils: update 20210202 -> 20210722
        freetype: update 2.10.4 -> 2.11.0
        devtool: print a warning on upgrades if PREFERRED_VERSION is set
        rpm: do not RRECOMMEND rpm-build
        selftest: add core-image-weston to no-gpl3-no-meta-gpl2 image test
        shadow: update 4.8.1 -> 4.9
        local.conf.sample: disable prelink

  Bernhard Rosenkränzer (1):
        gcc: update 11.1 -> 11.2

  Bruce Ashfield (6):
        linux-yocto/5.10: update to v5.10.53
        linux-yocto/5.13: update to v5.13.5
        linux-yocto/5.4: update to v5.4.135
        linux-yocto-rt/5.10: update to -rt47
        linux-yocto/5.13: enable TYPEC_TCPCI in usbc fragment
        linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment

  Changqing Li (1):
        archiver.bbclass: fix do_ar_configured failure for kernel

  Chen Qi (3):
        zstd: fix CVE_PRODUCT
        insane.bbclass: fix the file-rdeps QA message for the new override syntax
        iputils: fix do_configure failure of missing ip command

  Damian Wrobel (1):
        rootfs: remove ldconfig auxiliary cache where appropriate

  Denys Dmytriyenko (4):
        meta: convert nested overrides leftovers to new syntax
        convert-overrides.py: handle few more cases of overrides
        libwpe: remove rpi-specific custom code
        poky-tiny: drop uclibc override

  Jon Mason (1):
        parselogs.py: qemuarm should be qemuarmv5

  Joshua Watt (4):
        mesa: Fix v3d & vc4 dmabuf import
        bitbake: bitbake: asyncrpc: Catch early SIGTERM
        libxft: Fix bad PKG value
        bitbake: contrib: vim: Update for new override syntax

  Kai Kang (2):
        u-boot_2021.07: set UBOOT_MACHINE for qemumips and qemumips64
        python3-pytest: display correct version info

  Kevin Hao (2):
        meta-yocto-bsp: Introduce the v5.13 bbappend
        meta-yocto-bsp: Bump to the v5.10.55

  Khem Raj (10):
        binutils: Upgrade to 2.37 branch
        texinfo: Update gnulib to fix build with glibc 2.34
        systemd: Fix build on musl
        stress-ng: Drop defining daddr_t
        stress-ng: Detemine minimal stack size via sysconf
        mesa: Define a fallback for DRIDRIVERS
        libssh2: Fix syntax for using ptest override
        toaster-managed-mode.json: Correctly specify term with new override syntax
        distrooverrides.bbclass: Correct override syntax
        devtool.py: Correct override syntax

  Lee Chee Yang (1):
        aspell: fix CVE-2019-25051

  Marek Vasut (2):
        image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior
        kernel-uboot: Handle gzip and lzo compression options

  Martin Jansa (6):
        convert-overrides.py: show processed file and version of this script
        convert-overrides.py: remove base_dep_prepend and autotools_dep_prepend exception
        convert-overrides.py: 0.9.1 include '(' as delimiter for shortvars
        convert-overrides.py: allow specifying multiple target dirs
        convert-overrides.py: allow dots before override in vars_re and shortvars_re
        systemd-boot: use ld.bfd as efi-ld even when gold or lld is used in ${LD}

  Matthias Klein (2):
        runqemu: Fix typo in error message
        runqemu: decouple bios and kernel options

  Matthias Schiffer (3):
        initscripts: populate-volatile.sh: do not log to tty0
        initscripts: populate-volatile.sh: run create_file synchronously
        initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true

  Michael Halstead (1):
        releases: update to include 3.3.1

  Michael Opdenacker (18):
        oe-setup-builddir: update YP docs and OE URLs
        conf-notes.txt: now suggesting to run 'runqemu qemux86-64'
        test-manual: document LTO related reproducibility bug
        quick start manual: update "source oe-init-build-env" output
        dev-manual: fix wrong reference to class
        documentation/README: improve BitBake manual referencing guidelines
        manuals: simplify references to BitBake manual
        manuals: remove explicit BitBake variable references
        meta-skeleton: add recipe examples from documentation sources
        bitbake: doc: bitbake-user-manual: fix syntax in example and improve description
        bitbake: doc: bitbake-user-manual: update bitbake option help
        bitbake: doc: bitbake-user-manual: grammar fix for the number of "metadata"
        manuals: initial documentation for CVE management
        ref-manual: remove example recipe source files
        profile-manual: document how to build perf manpages on target
        cve-check: fix comments
        cve-check: update link to NVD website for CVE details
        cve-check: improve comment about CVE patch file names

  Mingli Yu (2):
        perlcross: not break build if already patched
        curl: Upgrade to 7.78.0

  Nicolas Dechesne (4):
        yocto-check-layer: improve missed dependencies
        checklayer: new function get_layer_dependencies()
        checklayer: rename _find_layer_depends
        yocto-check-layer: ensure that all layer dependencies are tested too

  Oleksandr Kravchuk (1):
        bitbake.conf: change GNOME_MIRROR to new one

  Patrick Williams (1):
        pixman: re-disable iwmmxt

  Paul Barker (4):
        bitbake: asyncrpc: Fix bad message error in client
        bitbake: asyncrpc: Set timeout when waiting for reply from server
        bitbake: parse/ast: Substitute '~' when naming anonymous functions
        kernel-yocto: Simplify no git repo case in do_kernel_checkout

  Quentin Schulz (4):
        bitbake: doc: Makefile: turn warnings into errors by default
        bitbake: doc: bitbake-user-manual: ref-variables: order alphabetically the glossary sources
        bitbake: doc: bitbake-user-manual: ref-variables: force glossary output to be alphabetically sorted
        bitbake: doc: bitbake-user-manual: replace ``FOO`` by :term:`FOO` where possible

  Richard Purdie (49):
        Add MAINTAINERS.md file
        yocto-check-layer: Remove duplicated code
        libubootenv: Drop default-env RRECOMMENDS
        bitbake: data_smart: Allow colon in variable expansion regex
        meta-poky/meta-yocto-bsp: Convert to new override syntax
        layer.conf: Update to honister
        autotools/base/icecc: Remove prepend from function names
        scripts/contrib: Add override conversion script
        systemtap: Fix headers issue with x86 and 5.13 headers
        migration-guides: Add start of 3.4 guide with override migration notes
        common-tasks: Fix conversion error in npm example
        bitbake: bitbake: Switch to using new override syntax
        bitbake: doc/lib: Update to use new override syntax containing colons
        bitbake: doc/lib: Add fixes for issues missed by the automated conversion
        bitbake: bitbake: Update to version 1.51.1
        layer.conf: Override changes mean we're only compatible with honister
        Convert to new override syntax
        meta: Manual override fixes
        local.conf.sample: Bump version so users update their config
        sanity.conf: Require bitbake 1.51.1
        dropbear: Fix incorrect package override for postrm
        convert-overrides: Allow script to handle patch/diffs
        sdk: Decouple default install path from built in path
        sstate: Fix rebuilds when changing layer config
        populate_sdk_ext: Fix handling of TOOLCHAIN_HOST_TASK in the eSDK case
        local.conf.sample: Bump version so users update their config
        poky: Use SDKPATHINSTALL instead of SDKPATH
        vim: Clarify where RDEPENDS/RRECOMMENDS apply
        bitbake: data_smart: Fix inactive overide accidental variable value corruption
        local.conf.sample: Fix missed override conversion
        license: Exclude COPYING.MIT from pseudo
        meta: Convert IMAGE_TYPEDEP to use override syntax
        uboot-extlinux-config: Fix missing override conversion
        image/image_types: Convert CONVERSION_CMD/COMPRESS_CMD to new override syntax
        image: Drop COMPRESS_CMD
        devupstream: Allow support of native class extensions
        diffoscope: Upgrade 178 -> 179
        strace: Upgrade 5.12 -> 5.13
        valgrind: Add patches for glibc 2.34 support
        bitbake: runqueue: Improve multiconfig deferred task issues
        elfutils: Add patch from upstream for glibc 2.34 ptest fixes
        bitbake: doc: Fix append/prepend/remove references
        bitbake: fetch/tests/toaster: Override conversion fixups
        bitbake: process: Improve traceback error reporting from main loop
        bitbake: command: Ensure we catch/handle exceptions
        bitbake: ui/taskexp: Improve startup exception handling
        bitbake: ui/taskexp: Fix to work with empty build directories
        oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s
        packagedata: Fix after override syntax change

  Ross Burton (2):
        glew: fix Makefile race
        libx11: fix xkb compilation with _EVDEVK symbols

  Saul Wold (1):
        MAINTAINERS: Saul will cover devtool and eSDK

  Stefan Wiehler (1):
        dev-manual: fix source release example script

  Stefano Babic (1):
        mtd-utils: upgrade 2.1.2 -> 2.1.3

  Tim Orling (2):
        python3-hypothesis: upgrade 6.14.3 -> 6.14.5
        python3-importlib-metadata: upgrade 4.6.1 -> 4.6.3

  Tony Battersby (2):
        lto.inc: disable LTO for grub
        gcc: Backport patch to make LTO builds more reproducible

  Tony Tascioglu (6):
        ffmpeg: fix-CVE-2020-20446
        ffmpeg: fix CVE-2020-20453
        ffmpeg: fix CVE-2020-22015
        ffmpeg: fix CVE-2020-22021
        ffmpeg: fix CVE-2020-22033 and CVE-2020-22019
        ffmpeg: fix CVE-2021-33815

  Trevor Woerner (1):
        ffmpeg: add libatomic for armv5

  Ulrich Ölmann (2):
        initramfs-framework: fix whitespace issue
        initramfs-framework/setup-live: fix shebang

  Vinay Kumar (1):
        glibc: Fix CVE-2021-33574

  Vivien Didelot (1):
        init-manager-systemd: define weak dev manager

  Zqiang (1):
        python3: use monotonic clock for condvar if possible

  hongxu (1):
        createrepo-c: fix createrepo-c failed in nativesdk

  leimaohui (1):
        archiver.bbclass: Fix patch error for recipes that inherit dos2unix.

  wangmy (3):
        bind: upgrade 9.16.18 -> 9.16.19
        i2c-tools: upgrade 4.2 -> 4.3
        diffoscope: upgrade 177 -> 178

  zangrc (2):
        python3-dbus: upgrade 1.2.16 -> 1.2.18
        python3-pip: upgrade 21.1.3 -> 21.2.1

meta-openembedded: 8fbcfb9f02..3cf2475ea0:
  Anastasios Kavoukis (1):
        pm-qa: fix paths for shell scripts

  Andreas Müller (3):
        mozjs/0001-Port-build-to-python3.patch: Fix typos in description
        jack: upgrade 1.19.18 -> 1.19.19
        fluidsynth: upgrade 2.2.1 -> 2.2.2

  Andrej Valek (1):
        thrift: upgrade to 0.14.2

  Andrew Jeffery (2):
        python3-gmpy: Add native support
        python3-ecdsa: Add native support

  Armin Kuster (2):
        hiawatha: fix url.
        wireshark: update to 3.4.7

  Ben Brown (1):
        android-tools: fix install of adb client when TOOLS is overridden

  Changqing Li (1):
        apache2: upgrade 2.4.46 -> 2.4.48

  Devendra Tewari (1):
        Suppress eol in functionfs setup scripts (#147)

  Gianfranco (1):
        vboxguestdrivers: upgrade 6.1.22 -> 6.1.24

  Joe Slater (2):
        php: move to version 7.4.21
        gtksourceview4: work around dependency deficiency

  Johannes Obermüller (1):
        evtest: fix timestamps in output

  Kai Kang (2):
        python3-blivet: 3.1.4 -> 3.4.0
        python3-blivetgui: 2.1.10 -> 2.2.1

  Khem Raj (23):
        netperf: Update to latest
        netperf: Add systemd unit file
        packagegroup-meta-oe: Add lmdb
        packagegroup-meta-oe: Add mbw
        addcli: check for ns_get16 and ns_get32
        fuse: Define closefrom if not available
        autofs: Fix build with glibc 2.34+
        ntp: Do not use PTHREAD_STACK_MIN on glibc
        ntp: Fix make check
        mongodb: Upgrade to 4.4.7
        vboxguestdrivers: Remove __divmoddi4 patch
        packagegroup-meta-oe: Add jemalloc
        apitrace: Exclude from builds with glibc 2.34+
        libhugetlbfs: Disable build with glibc 2.34+
        fvwm: Package extra files and man pages
        luajit: Fix override syntax
        lua: Drop uclibc patch
        packagegroup-meta-oe: Correct override name and fix syntax
        recipes: Fix override syntax
        emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN}
        fvwm: Fix build time paths in target perl/python scripts
        nis: Drop uclibc check in anon python function
        jemalloc: Fix build on musl

  Leon Anavi (3):
        python3-networkx: Upgrade 2.6.1 -> 2.6.2
        python3-pysonos: Upgrade 0.0.53 -> 0.0.54
        python3-zeroconf: Upgrade 0.33.1 -> 0.33.2

  Li Wang (1):
        openlldp: fix segfault

  Maksym Sloyko (1):
        libusbgx: Configure the Devices Used

  Martin Jansa (5):
        Convert to new override syntax
        layer.conf: Update to honister
        mariadb: manually fix the conversion
        packagegroup-meta-oe: manually finish override syntax conversion
        klibc.bbclass, image_types_sparse.bbclass, packagegroup-meta-oe.bb: update the overrides syntax conversion

  Mingli Yu (4):
        mariadb: redefine log-error item
        jemalloc: add new recipe
        hdf5: improve reproducibility
        mariadb: Update SRC_URI

  Nicolas Dechesne (1):
        mbw: add new recipe

  Paulo Neves (1):
        htop: Add ncurses-terminfo-base to RDEPENDS

  Sakib Sajal (1):
        lmdb: add recipe

  Salman Ahmed (2):
        nginx: upgrade 1.18.0 -> 1.20.1
        nginx: upgrade 1.19.6 -> 1.21.1

  Tony Battersby (1):
        net-snmp: fix QA Issue after LDFLAGS change

  Yi Zhao (3):
        postfix: upgrade 3.6.1 -> 3.6.2
        audit: upgrade 3.0.2 -> 3.0.3
        audit: fix compile error for 2.8.5

  Zang Ruochen (1):
        python3-robotframework: upgrade 4.0.3 -> 4.1

  wangmy (17):
        evince: upgrade 40.2 -> 40.4
        gnome-backgrounds: upgrade 3.36.0 -> 3.38.0
        gnome-desktop3: upgrade 3.36.6 -> 3.38.8
        cmark: upgrade 0.30.0 -> 0.30.1
        ctags: upgrade 5.9.20210711.0 -> 5.9.20210718.0
        libnet-dns-perl: upgrade 1.31 -> 1.32
        libtalloc: upgrade 2.3.2 -> 2.3.3
        nghttp2: upgrade 1.43.0 -> 1.44.0
        bats: upgrade 1.3.0 -> 1.4.1
        networkmanager: upgrade 1.32.2 -> 1.32.4
        gensio: upgrade 2.2.7 -> 2.2.8
        libmbim: upgrade 1.24.8 -> 1.26.0
        fetchmail: upgrade 6.4.19 -> 6.4.20
        ctags: upgrade 5.9.20210718.0 -> 5.9.20210801.0
        libblockdev: upgrade 2.25 -> 2.26
        libqmi: upgrade 1.28.6 -> 1.28.8
        monit: upgrade 5.28.0 -> 5.28.1

  zangrc (15):
        python3-qrcode: upgrade 7.1 -> 7.2
        python3-rdflib: upgrade 5.0.0 -> 6.0.0
        python3-simplejson: upgrade 3.17.2 -> 3.17.3
        python3-bitstring: upgrade 3.1.7 -> 3.1.9
        python3-iso8601: upgrade 0.1.14 -> 0.1.16
        python3-gmqtt: upgrade 0.6.9 -> 0.6.10
        python3-graphviz: upgrade 0.16 -> 0.17
        python3-smbus: upgrade 4.2 -> 4.3
        python3-pandas: upgrade 1.3.0 -> 1.3.1
        python3-progress: upgrade 1.5 -> 1.6
        python3-sentry-sdk: upgrade 1.3.0 -> 1.3.1
        python3-socketio: upgrade 5.3.0 -> 5.4.0
        python3-tqdm: upgrade 4.61.2 -> 4.62.0
        python3-twisted: upgrade 21.2.0 -> 21.7.0
        python3-xlsxwriter: upgrade 1.4.4 -> 1.4.5

  zhengruoqin (15):
        live555: upgrade 20210710 -> 20210720
        libtest-warnings-perl: upgrade 0.030 -> 0.031
        python3-pybind11: upgrade 2.6.2 -> 2.7.0
        python3-pymongo: upgrade 3.11.4 -> 3.12.0
        python3-sqlalchemy: upgrade 1.4.20 -> 1.4.22
        python3-sentry-sdk: upgrade 1.2.0 -> 1.3.0
        libcurses-perl: upgrade 1.37 -> 1.38
        libdbd-sqlite-perl: upgrade 1.66 -> 1.68
        libencode-perl: upgrade 3.10 -> 3.11
        python3-bitarray: upgrade 2.2.2 -> 2.2.3
        python3-cbor2: upgrade 5.4.0 -> 5.4.1
        python3-gast: upgrade 0.5.0 -> 0.5.1
        poppler: upgrade 21.07.0 -> 21.08.0
        valijson: upgrade 0.4 -> 0.5
        xwd: upgrade 1.0.7 -> 1.0.8

meta-security: 152cdb506b..c885d399cd:
  Armin Kuster (18):
        suricata.inc: exclude ppc in rust version
        suricata: Drop 4.1.x its EOL
        add meta-rust
        crowdsec: add pkg
        packagegroup-core-security.bb: fix suricat-ptest inclusion
        gitlab-ci.yml:  streamline builds matrix
        krill: Add new pkg
        clamav: fix branch name and update
        meta-security: Convert to new override syntax
        meta-tpm: Convert to new override syntax
        meta-integrity: Convert to new override syntax
        meta-hardening: Convert to new override syntax
        meta-security-isafw: Convert to new override syntax
        meta-parsec: Convert to new override syntax
        meta-security-compliance: Convert to new override syntax
        dynamix-layers: Convert to new override syntax
        kas: Convert to new override syntax
        packagegroup-core-security.bb: only include suricat-ptest if rust is included

  Martin Jansa (1):
        layer.conf: Update to honister

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iec7301cf1c43b7cec462dcf88292a8b1b12a5045

6 files changed, 389 insertions, 7 deletions

diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/libhtp_0.5.38.bb b/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/libhtp_0.5.38.bb
index 38dece9b19..2a0c93ccc8 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/libhtp_0.5.38.bb
+++ b/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/libhtp_0.5.38.bb
@@ -23,5 +23,5 @@ do_configure () {
     oe_runconf
 }
 
-RDEPENDS_${PN} += "zlib"
+RDEPENDS:${PN} += "zlib"
 
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata.inc b/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata.inc
index 7d3509aa9b..5754617fbd 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata.inc
+++ b/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata.inc
@@ -1,3 +1,5 @@
 HOMEPAGE = "http://suricata-ids.org/"
 SECTION = "security Monitor/Admin"
 LICENSE = "GPLv2"
+
+COMPATIBLE_HOST:powerpc = 'null'
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata_6.0.3.bb b/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata_6.0.3.bb
index 632f1d8746..ca9e03e325 100644
--- a/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata_6.0.3.bb
+++ b/meta-security/dynamic-layers/meta-rust/recipes-ids/suricata/suricata_6.0.3.bb
@@ -122,7 +122,7 @@ CARGO_SRC_DIR = "rust"
 B = "${S}"
 
 PACKAGECONFIG ??= "jansson file pcre yaml python pcap cap-ng net nfnetlink nss nspr "
-PACKAGECONFIG_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}"
+PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}"
 
 PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," 
 PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ,"
@@ -143,7 +143,7 @@ export logdir = "${localstatedir}/log"
 
 CACHED_CONFIGUREVARS = "ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes"
 
-do_configure_prepend () {
+do_configure:prepend () {
     oe_runconf
 }
 
@@ -189,7 +189,7 @@ do_install () {
     sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatactl
 }
 
-pkg_postinst_ontarget_${PN} () {
+pkg_postinst_ontarget:${PN} () {
 if command -v systemd-tmpfiles >/dev/null; then
     systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf
 elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
@@ -200,7 +200,7 @@ fi
 SYSTEMD_PACKAGES = "${PN}"
 
 PACKAGES =+ "${PN}-python"
-FILES_${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
-FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
+FILES:${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
+FILES:${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 
-CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
+CONFFILES:${PN} = "${sysconfdir}/suricata/suricata.yaml"
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/files/panic_workaround.patch b/meta-security/dynamic-layers/meta-rust/recipes-security/krill/files/panic_workaround.patch
new file mode 100644
index 0000000000..9b08cb5ce9
--- /dev/null
+++ b/meta-security/dynamic-layers/meta-rust/recipes-security/krill/files/panic_workaround.patch
@@ -0,0 +1,16 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/Cargo.toml
+===================================================================
+--- git.orig/Cargo.toml
++++ git/Cargo.toml
+@@ -71,7 +71,7 @@ static-openssl = [ "openssl/vendored" ]
+ # Make sure that Krill crashes on panics, rather than losing threads and
+ # limping on in a bad state.
+ [profile.release]
+-panic = "abort"
++#panic = "abort"
+ 
+ [dev-dependencies]
+ # for user management
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill.inc b/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill.inc
new file mode 100644
index 0000000000..f86468b966
--- /dev/null
+++ b/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill.inc
@@ -0,0 +1,325 @@
+# please note if you have entries that do not begin with crate://
+# you must change them to how that package can be fetched
+SRC_URI += " \
+    crate://crates.io/addr2line/0.14.1 \
+    crate://crates.io/adler/1.0.2 \
+    crate://crates.io/adler32/1.2.0 \
+    crate://crates.io/aho-corasick/0.7.15 \
+    crate://crates.io/ansi_term/0.11.0 \
+    crate://crates.io/ansi_term/0.12.1 \
+    crate://crates.io/arrayref/0.3.6 \
+    crate://crates.io/arrayvec/0.5.2 \
+    crate://crates.io/ascii-canvas/2.0.0 \
+    crate://crates.io/ascii/1.0.0 \
+    crate://crates.io/atty/0.2.14 \
+    crate://crates.io/autocfg/0.1.7 \
+    crate://crates.io/autocfg/1.0.1 \
+    crate://crates.io/backtrace/0.3.56 \
+    crate://crates.io/base64/0.10.1 \
+    crate://crates.io/base64/0.12.3 \
+    crate://crates.io/base64/0.13.0 \
+    crate://crates.io/basic-cookies/0.1.4 \
+    crate://crates.io/bcder/0.5.1 \
+    crate://crates.io/bit-set/0.5.2 \
+    crate://crates.io/bit-vec/0.6.3 \
+    crate://crates.io/bitflags/1.2.1 \
+    crate://crates.io/blake2b_simd/0.5.11 \
+    crate://crates.io/block-buffer/0.9.0 \
+    crate://crates.io/bumpalo/3.6.1 \
+    crate://crates.io/byteorder/1.4.3 \
+    crate://crates.io/bytes/0.4.12 \
+    crate://crates.io/bytes/0.5.6 \
+    crate://crates.io/bytes/1.0.1 \
+    crate://crates.io/cc/1.0.67 \
+    crate://crates.io/cfg-if/0.1.10 \
+    crate://crates.io/cfg-if/1.0.0 \
+    crate://crates.io/chrono/0.4.19 \
+    crate://crates.io/chunked_transfer/1.4.0 \
+    crate://crates.io/cipher/0.2.5 \
+    crate://crates.io/clap/2.33.3 \
+    crate://crates.io/clokwerk/0.3.4 \
+    crate://crates.io/cloudabi/0.0.3 \
+    crate://crates.io/constant_time_eq/0.1.5 \
+    crate://crates.io/cookie/0.12.0 \
+    crate://crates.io/cookie_store/0.7.0 \
+    crate://crates.io/core-foundation-sys/0.8.2 \
+    crate://crates.io/core-foundation/0.9.1 \
+    crate://crates.io/cpuid-bool/0.1.2 \
+    crate://crates.io/crc32fast/1.2.1 \
+    crate://crates.io/crossbeam-deque/0.7.3 \
+    crate://crates.io/crossbeam-epoch/0.8.2 \
+    crate://crates.io/crossbeam-queue/0.2.3 \
+    crate://crates.io/crossbeam-utils/0.7.2 \
+    crate://crates.io/crossbeam-utils/0.8.3 \
+    crate://crates.io/crunchy/0.2.2 \
+    crate://crates.io/crypto-mac/0.10.0 \
+    crate://crates.io/ctrlc/3.1.9 \
+    crate://crates.io/deunicode/0.4.3 \
+    crate://crates.io/diff/0.1.12 \
+    crate://crates.io/digest/0.9.0 \
+    crate://crates.io/dirs/1.0.5 \
+    crate://crates.io/dtoa/0.4.8 \
+    crate://crates.io/either/1.6.1 \
+    crate://crates.io/ena/0.14.0 \
+    crate://crates.io/encoding_rs/0.8.28 \
+    crate://crates.io/error-chain/0.11.0 \
+    crate://crates.io/failure/0.1.8 \
+    crate://crates.io/failure_derive/0.1.8 \
+    crate://crates.io/fern/0.5.9 \
+    crate://crates.io/fixedbitset/0.2.0 \
+    crate://crates.io/flate2/1.0.20 \
+    crate://crates.io/fnv/1.0.7 \
+    crate://crates.io/foreign-types-shared/0.1.1 \
+    crate://crates.io/foreign-types/0.3.2 \
+    crate://crates.io/form_urlencoded/1.0.1 \
+    crate://crates.io/fuchsia-cprng/0.1.1 \
+    crate://crates.io/fuchsia-zircon-sys/0.3.3 \
+    crate://crates.io/fuchsia-zircon/0.3.3 \
+    crate://crates.io/futures-channel/0.3.14 \
+    crate://crates.io/futures-core/0.3.14 \
+    crate://crates.io/futures-cpupool/0.1.8 \
+    crate://crates.io/futures-executor/0.3.14 \
+    crate://crates.io/futures-io/0.3.14 \
+    crate://crates.io/futures-macro/0.3.14 \
+    crate://crates.io/futures-sink/0.3.14 \
+    crate://crates.io/futures-task/0.3.14 \
+    crate://crates.io/futures-util/0.3.14 \
+    crate://crates.io/futures/0.1.31 \
+    crate://crates.io/futures/0.3.14 \
+    crate://crates.io/generic-array/0.14.4 \
+    crate://crates.io/getrandom/0.1.16 \
+    crate://crates.io/getrandom/0.2.2 \
+    crate://crates.io/gimli/0.23.0 \
+    crate://crates.io/h2/0.1.26 \
+    crate://crates.io/h2/0.2.7 \
+    crate://crates.io/hashbrown/0.9.1 \
+    crate://crates.io/hermit-abi/0.1.18 \
+    crate://crates.io/hex/0.4.3 \
+    crate://crates.io/hmac/0.10.1 \
+    crate://crates.io/http-body/0.1.0 \
+    crate://crates.io/http-body/0.3.1 \
+    crate://crates.io/http/0.1.21 \
+    crate://crates.io/http/0.2.4 \
+    crate://crates.io/httparse/1.3.6 \
+    crate://crates.io/httpdate/0.3.2 \
+    crate://crates.io/hyper-tls/0.3.2 \
+    crate://crates.io/hyper-tls/0.4.3 \
+    crate://crates.io/hyper/0.12.36 \
+    crate://crates.io/hyper/0.13.10 \
+    crate://crates.io/idna/0.1.5 \
+    crate://crates.io/idna/0.2.2 \
+    crate://crates.io/impl-trait-for-tuples/0.2.1 \
+    crate://crates.io/indexmap/1.6.2 \
+    crate://crates.io/intervaltree/0.2.6 \
+    crate://crates.io/iovec/0.1.4 \
+    crate://crates.io/ipnet/2.3.0 \
+    crate://crates.io/itertools/0.10.0 \
+    crate://crates.io/itertools/0.9.0 \
+    crate://crates.io/itoa/0.4.7 \
+    crate://crates.io/jmespatch/0.3.0 \
+    crate://crates.io/js-sys/0.3.50 \
+    crate://crates.io/kernel32-sys/0.2.2 \
+    crate://crates.io/lalrpop-util/0.19.5 \
+    crate://crates.io/lalrpop/0.19.5 \
+    crate://crates.io/lazy_static/1.4.0 \
+    crate://crates.io/libc/0.2.93 \
+    crate://crates.io/libflate/1.0.4 \
+    crate://crates.io/libflate_lz77/1.0.0 \
+    crate://crates.io/lock_api/0.3.4 \
+    crate://crates.io/log/0.4.14 \
+    crate://crates.io/maplit/1.0.2 \
+    crate://crates.io/matchers/0.0.1 \
+    crate://crates.io/matches/0.1.8 \
+    crate://crates.io/maybe-uninit/2.0.0 \
+    crate://crates.io/memchr/2.3.4 \
+    crate://crates.io/memoffset/0.5.6 \
+    crate://crates.io/mime/0.3.16 \
+    crate://crates.io/mime_guess/2.0.3 \
+    crate://crates.io/miniz_oxide/0.4.4 \
+    crate://crates.io/mio/0.6.23 \
+    crate://crates.io/miow/0.2.2 \
+    crate://crates.io/native-tls/0.2.7 \
+    crate://crates.io/net2/0.2.37 \
+    crate://crates.io/new_debug_unreachable/1.0.4 \
+    crate://crates.io/nix/0.20.0 \
+    crate://crates.io/num-integer/0.1.44 \
+    crate://crates.io/num-traits/0.2.14 \
+    crate://crates.io/num_cpus/1.13.0 \
+    crate://crates.io/oauth2/4.0.0 \
+    crate://crates.io/object/0.23.0 \
+    crate://crates.io/once_cell/1.7.2 \
+    crate://crates.io/opaque-debug/0.3.0 \
+    crate://crates.io/openidconnect/2.0.0 \
+    crate://crates.io/openssl-probe/0.1.2 \
+    crate://crates.io/openssl-src/111.15.0+1.1.1k \
+    crate://crates.io/openssl-sys/0.9.61 \
+    crate://crates.io/openssl/0.10.33 \
+    crate://crates.io/ordered-float/1.1.1 \
+    crate://crates.io/oso/0.12.0 \
+    crate://crates.io/parking_lot/0.9.0 \
+    crate://crates.io/parking_lot_core/0.6.2 \
+    crate://crates.io/pbkdf2/0.7.5 \
+    crate://crates.io/percent-encoding/1.0.1 \
+    crate://crates.io/percent-encoding/2.1.0 \
+    crate://crates.io/petgraph/0.5.1 \
+    crate://crates.io/phf_shared/0.8.0 \
+    crate://crates.io/pico-args/0.4.0 \
+    crate://crates.io/pin-project-internal/1.0.6 \
+    crate://crates.io/pin-project-lite/0.1.12 \
+    crate://crates.io/pin-project-lite/0.2.6 \
+    crate://crates.io/pin-project/1.0.6 \
+    crate://crates.io/pin-utils/0.1.0 \
+    crate://crates.io/pkg-config/0.3.19 \
+    crate://crates.io/polar-core/0.12.0 \
+    crate://crates.io/ppv-lite86/0.2.10 \
+    crate://crates.io/precomputed-hash/0.1.1 \
+    crate://crates.io/proc-macro-hack/0.5.19 \
+    crate://crates.io/proc-macro-nested/0.1.7 \
+    crate://crates.io/proc-macro2/1.0.26 \
+    crate://crates.io/publicsuffix/1.5.6 \
+    crate://crates.io/quick-xml/0.19.0 \
+    crate://crates.io/quote/1.0.9 \
+    crate://crates.io/rand/0.6.5 \
+    crate://crates.io/rand/0.7.3 \
+    crate://crates.io/rand/0.8.3 \
+    crate://crates.io/rand_chacha/0.1.1 \
+    crate://crates.io/rand_chacha/0.2.2 \
+    crate://crates.io/rand_chacha/0.3.0 \
+    crate://crates.io/rand_core/0.3.1 \
+    crate://crates.io/rand_core/0.4.2 \
+    crate://crates.io/rand_core/0.5.1 \
+    crate://crates.io/rand_core/0.6.2 \
+    crate://crates.io/rand_hc/0.1.0 \
+    crate://crates.io/rand_hc/0.2.0 \
+    crate://crates.io/rand_hc/0.3.0 \
+    crate://crates.io/rand_isaac/0.1.1 \
+    crate://crates.io/rand_jitter/0.1.4 \
+    crate://crates.io/rand_os/0.1.3 \
+    crate://crates.io/rand_pcg/0.1.2 \
+    crate://crates.io/rand_xorshift/0.1.1 \
+    crate://crates.io/rdrand/0.4.0 \
+    crate://crates.io/redox_syscall/0.1.57 \
+    crate://crates.io/redox_syscall/0.2.5 \
+    crate://crates.io/redox_users/0.3.5 \
+    crate://crates.io/regex-automata/0.1.9 \
+    crate://crates.io/regex-syntax/0.6.23 \
+    crate://crates.io/regex/1.4.5 \
+    crate://crates.io/remove_dir_all/0.5.3 \
+    crate://crates.io/reqwest/0.10.10 \
+    crate://crates.io/reqwest/0.9.24 \
+    crate://crates.io/ring/0.16.20 \
+    crate://crates.io/rle-decode-fast/1.0.1 \
+    crate://crates.io/rpassword/5.0.1 \
+    crate://crates.io/rpki/0.10.1 \
+    crate://crates.io/rust-argon2/0.8.3 \
+    crate://crates.io/rustc-demangle/0.1.18 \
+    crate://crates.io/rustc_version/0.2.3 \
+    crate://crates.io/rustls/0.18.1 \
+    crate://crates.io/ryu/1.0.5 \
+    crate://crates.io/salsa20/0.7.2 \
+    crate://crates.io/schannel/0.1.19 \
+    crate://crates.io/scopeguard/1.1.0 \
+    crate://crates.io/scrypt/0.6.5 \
+    crate://crates.io/sct/0.6.1 \
+    crate://crates.io/security-framework-sys/2.2.0 \
+    crate://crates.io/security-framework/2.2.0 \
+    crate://crates.io/semver-parser/0.7.0 \
+    crate://crates.io/semver/0.9.0 \
+    crate://crates.io/serde-value/0.6.0 \
+    crate://crates.io/serde/1.0.125 \
+    crate://crates.io/serde_derive/1.0.125 \
+    crate://crates.io/serde_json/1.0.64 \
+    crate://crates.io/serde_path_to_error/0.1.4 \
+    crate://crates.io/serde_urlencoded/0.5.5 \
+    crate://crates.io/serde_urlencoded/0.7.0 \
+    crate://crates.io/sha2/0.9.3 \
+    crate://crates.io/sharded-slab/0.1.1 \
+    crate://crates.io/siphasher/0.3.5 \
+    crate://crates.io/slab/0.4.2 \
+    crate://crates.io/slug/0.1.4 \
+    crate://crates.io/smallvec/0.6.14 \
+    crate://crates.io/smallvec/1.6.1 \
+    crate://crates.io/socket2/0.3.19 \
+    crate://crates.io/spin/0.5.2 \
+    crate://crates.io/string/0.2.1 \
+    crate://crates.io/string_cache/0.8.1 \
+    crate://crates.io/strsim/0.8.0 \
+    crate://crates.io/subtle/2.4.0 \
+    crate://crates.io/syn/1.0.69 \
+    crate://crates.io/synstructure/0.12.4 \
+    crate://crates.io/syslog/4.0.1 \
+    crate://crates.io/tempfile/3.2.0 \
+    crate://crates.io/term/0.5.2 \
+    crate://crates.io/textwrap/0.11.0 \
+    crate://crates.io/thiserror-impl/1.0.24 \
+    crate://crates.io/thiserror/1.0.24 \
+    crate://crates.io/thread_local/1.1.3 \
+    crate://crates.io/time/0.1.44 \
+    crate://crates.io/tiny-keccak/2.0.2 \
+    crate://crates.io/tiny_http/0.8.0 \
+    crate://crates.io/tinyvec/1.2.0 \
+    crate://crates.io/tinyvec_macros/0.1.0 \
+    crate://crates.io/tokio-buf/0.1.1 \
+    crate://crates.io/tokio-current-thread/0.1.7 \
+    crate://crates.io/tokio-executor/0.1.10 \
+    crate://crates.io/tokio-io/0.1.13 \
+    crate://crates.io/tokio-macros/0.2.6 \
+    crate://crates.io/tokio-reactor/0.1.12 \
+    crate://crates.io/tokio-rustls/0.14.1 \
+    crate://crates.io/tokio-sync/0.1.8 \
+    crate://crates.io/tokio-tcp/0.1.4 \
+    crate://crates.io/tokio-threadpool/0.1.18 \
+    crate://crates.io/tokio-timer/0.2.13 \
+    crate://crates.io/tokio-tls/0.3.1 \
+    crate://crates.io/tokio-util/0.3.1 \
+    crate://crates.io/tokio/0.1.22 \
+    crate://crates.io/tokio/0.2.25 \
+    crate://crates.io/toml/0.5.8 \
+    crate://crates.io/tower-service/0.3.1 \
+    crate://crates.io/tracing-attributes/0.1.15 \
+    crate://crates.io/tracing-core/0.1.17 \
+    crate://crates.io/tracing-futures/0.2.5 \
+    crate://crates.io/tracing-log/0.1.2 \
+    crate://crates.io/tracing-serde/0.1.2 \
+    crate://crates.io/tracing-subscriber/0.2.17 \
+    crate://crates.io/tracing/0.1.25 \
+    crate://crates.io/try-lock/0.2.3 \
+    crate://crates.io/try_from/0.3.2 \
+    crate://crates.io/typenum/1.13.0 \
+    crate://crates.io/unicase/2.6.0 \
+    crate://crates.io/unicode-bidi/0.3.5 \
+    crate://crates.io/unicode-normalization/0.1.17 \
+    crate://crates.io/unicode-width/0.1.8 \
+    crate://crates.io/unicode-xid/0.2.1 \
+    crate://crates.io/untrusted/0.7.1 \
+    crate://crates.io/unwrap/1.2.1 \
+    crate://crates.io/url/1.7.2 \
+    crate://crates.io/url/2.2.1 \
+    crate://crates.io/urlparse/0.7.3 \
+    crate://crates.io/uuid/0.7.4 \
+    crate://crates.io/uuid/0.8.2 \
+    crate://crates.io/vcpkg/0.2.11 \
+    crate://crates.io/vec_map/0.8.2 \
+    crate://crates.io/version_check/0.9.3 \
+    crate://crates.io/want/0.2.0 \
+    crate://crates.io/want/0.3.0 \
+    crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
+    crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \
+    crate://crates.io/wasm-bindgen-backend/0.2.73 \
+    crate://crates.io/wasm-bindgen-futures/0.4.23 \
+    crate://crates.io/wasm-bindgen-macro-support/0.2.73 \
+    crate://crates.io/wasm-bindgen-macro/0.2.73 \
+    crate://crates.io/wasm-bindgen-shared/0.2.73 \
+    crate://crates.io/wasm-bindgen/0.2.73 \
+    crate://crates.io/web-sys/0.3.50 \
+    crate://crates.io/webpki/0.21.4 \
+    crate://crates.io/winapi-build/0.1.1 \
+    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+    crate://crates.io/winapi/0.2.8 \
+    crate://crates.io/winapi/0.3.9 \
+    crate://crates.io/winreg/0.6.2 \
+    crate://crates.io/winreg/0.7.0 \
+    crate://crates.io/ws2_32-sys/0.2.1 \
+    crate://crates.io/xml-rs/0.8.3 \
+"
diff --git a/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill_0.9.1.bb b/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill_0.9.1.bb
new file mode 100644
index 0000000000..4dc61cfb37
--- /dev/null
+++ b/meta-security/dynamic-layers/meta-rust/recipes-security/krill/krill_0.9.1.bb
@@ -0,0 +1,39 @@
+SUMMARY = "Resource Public Key Infrastructure (RPKI) daemon"
+HOMEPAGE = "https://www.nlnetlabs.nl/projects/rpki/krill/"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9741c346eef56131163e13b9db1241b3"
+
+DEPENDS = "openssl"
+
+include krill.inc
+
+# SRC_URI += "crate://crates.io/krill/0.9.1"
+SRC_URI += "git://github.com/NLnetLabs/krill.git;protocol=https;nobranch=1;branch=main"
+SRCREV = "d6c03b6f0199b1d10d252750a19a92b84576eb30"
+
+SRC_URI += "file://panic_workaround.patch"
+
+S = "${WORKDIR}/git"
+CARGO_SRC_DIR = ""
+
+inherit pkgconfig useradd systemd cargo
+
+
+do_install:append () {
+    install -d ${D}${sysconfdir}
+    install -d ${D}${datadir}/krill
+
+    install -m 664 ${S}/defaults/krill.conf ${D}${sysconfdir}/.
+    install ${S}/defaults/* ${D}${datadir}/krill/.
+}
+
+KRILL_UID ?= "krill"
+KRILL_GID ?= "krill"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system ${KRILL_UID}"
+USERADD_PARAM:${PN} = "--system -g ${KRILL_GID} --home-dir  \
+                       /var/lib/krill/ --no-create-home  \
+                       --shell /sbin/nologin ${BPN}"
+
+FILES:${PN} += "{sysconfdir}/defaults ${datadir}"