subtree updates

meta-arm: 0164b4ca7a..13199c55c0:
  Adam Johnston (1):
        arm-bsp/linux-yocto: Upgrade kernel to v5.19 for N1SDP

  Anton Antonov (4):
        meta-arm/trusted-services: Use GCC toolchain for specific TS recipes only.
        arm/trusted-services: Remove patches merged upstream
        arm/trusted-services: Remove remaining patches merged upstream
        arm/trusted-services: include documentation

  Davidson K (1):
        arm-bsp/linux-arm64-ack: make it compatible with gcc-12 for TC

  Emekcan (2):
        arm-bsp/linux-yocto: update RPMSG_CTRL config for corstone1000
        arm-bsp/kernel: Fix TEE driver bug for corstone1000

  Jon Mason (3):
        CI: trusted services as a feature instead of a machine
        CI: cleanups for targets and removed tests
        arm-bsp: zephyr removal

  Peter Hoyes (1):
        arm/lib: Do not log FVP return codes < 0

  Ross Burton (2):
        arm/optee-spdevkit: remove
        CI: restrict compression threading

  Rui Miguel Silva (1):
        arm-bsp/corstone1000: bump kernel version to 5.19

  Rupinderjit Singh (1):
        arm: update Android common kernel

  Satish Kumar (4):
        arm-bsp/u-boot: corstone1000: esrt support
        arm-bsp/trusted-firmware-m: corstone1000: bump tfm SHA
        arm-bsp/trusted-firmware-m: corstone1000: fix sournce dir of libmetal and openamp
        arm-bsp/trusted-firmware-m: corstone1000: secure debug code checkout from yocto

  Sumit Garg (2):
        arm-toolchain: update Arm GCC to 11.3
        external-arm-toolchain: Enable 11.3.rel1 support

  Vishnu Banavath (1):
        arm-bsp/corstone500: upgrade kernel to v5.19

meta-raspberrypi: 45d56d82b7..fc5f80a47e:
  Devendra Tewari (3):
        rpi-cmdline: Leave cma value to kernel default
        libcamera: Tweak to build for Raspberry Pi
        rpi-libcamera-apps: add new recipe

  Martin Jansa (1):
        lirc: rename bbappend to match 0.10.%

  Zygmunt Krynicki (2):
        ci: fix typo: unconditionally
        ci: fix apparent typo in file patterns

meta-openembedded: ce0b93fc12..6529e5f963:
  Alexander Kanavin (3):
        python3-cchardet: depend on cython
        python3-gevent: make compatible with python 3.11
        python3-pybluez: add python 3.11 patch

  Anuj Mittal (1):
        opencv: fix reproducibility issues

  Devendra Tewari (2):
        libcamera: Bump SRCREV and add libyaml to DEPENDS
        libcamera: Remove boost from DEPENDS

  Fabio Estevam (1):
        spice: Include aarch64 to COMPATIBLE_HOST

  Federico Pellegrin (2):
        chrony: add pkgconfig class as pkg-config is explicitly searched for
        chrony: correct parameter to configure to disable readline usage

  Hao Jiang (1):
        mctp: install the .target files

  Jiaqing Zhao (1):
        openldap: Upgrade 2.5.12 -> 2.5.13

  Khem Raj (2):
        open62541: Disable lto on riscv/clang
        python3-gevent: Upgrade to 22.8.0

  Leon Anavi (10):
        python3-networkx: Upgrade 2.8.6 -> 2.8.7
        python3-coverage: Upgrade 6.4.4 -> 6.5.0
        python3-rdflib: Upgrade 6.1.1 -> 6.2.0
        python3-tabulate: Upgrade 0.8.10 -> 0.9.0
        python3-imageio: Upgrade 2.22.0 -> 2.22.1
        python3-astroid: Upgrade 2.12.10 -> 2.12.11
        python3-jsonref: Upgrade 0.2 -> 0.3.0
        python3-sentry-sdk: Upgrade 1.5.12 -> 1.9.10
        python3-greenlet: Upgrade 1.1.3 -> 1.1.3.post0
        python3-xmltodict: Upgrade 0.12.0 -> 0.13.0

  Markus Volk (2):
        blueman: upgrade 2.2.4 -> 2.3.2
        gtkmm3: upgrade 3.24.5 -> 3.24.7

  Martin Jansa (2):
        re2: fix branch name from master to main
        jack: fix compatibility with python-3.11

  Mathieu Dubois-Briand (3):
        mbedtls: Fix CVE product name
        mbedtls: Update to 2.28.1 version
        mbedtls: Whitelist CVE-2021-43666, CVE-2021-45451

  Matthias Klein (1):
        paho-mqtt-c: upgrade 1.3.10 -> 1.3.11

  Michael Opdenacker (1):
        tio: correct license information

  Mingli Yu (1):
        mariadb: not use qemu to run cross-compiled binaries

  S. Lockwood-Childs (1):
        x265: support aarch64

  Thomas Perrot (1):
        spitools: remove unused BPV variable

  Vyacheslav Yurkov (1):
        opcua: Add new recipe

  Wang Mingyu (20):
        ctags: upgrade 5.9.20220925.0 -> 5.9.20221002.0
        dnfdragora: upgrade 2.1.2 -> 2.1.3
        dool: upgrade 1.0.0 -> 1.1.0
        freeglut: upgrade 3.2.1 -> 3.4.0
        gspell: upgrade 1.11.1 -> 1.12.0
        hwdata: upgrade 0.362 -> 0.363
        iperf3: upgrade 3.11 -> 3.12
        libnet-dns-perl: upgrade 1.34 -> 1.35
        lirc: upgrade 0.10.1 -> 0.10.2
        metacity: upgrade 3.44.0 -> 3.46.0
        flatbuffers: upgrade 2.0.8 -> 22.9.29
        opencl-headers: upgrade 2022.09.23 -> 2022.09.30
        php: upgrade 8.1.10 -> 8.1.11
        poppler: upgrade 22.09.0 -> 22.10.0
        xfstests: upgrade 2022.09.04 -> 2022.09.25
        links: upgrade 2.27 -> 2.28
        st: upgrade 0.8.5 -> 0.9
        python3-requests-toolbelt: upgrade 0.9.1 -> 0.10.0
        Add nativesdk-systemd-systemctl as dependency of dnf-plugin-tui
        dnf-plugin-tui: Add nativesdk

  Yi Zhao (4):
        strongswan: upgrade 5.9.7 -> 5.9.8
        open-vm-tools: upgrade 11.3.5 -> 12.1.0
        dhcp-relay: upgrade 4.4.3 -> 4.4.3-P1
        frr: Security fix CVE-2022-37032

  zhengrq.fnst (5):
        python3-protobuf: upgrade 4.21.6 -> 4.21.7
        stunnel: upgrade 5.65 -> 5.66
        python3-web3: upgrade 5.31.0 -> 5.31.1
        wolfssl: upgrade 5.5.0 -> 5.5.1
        python3-xmlschema: upgrade 2.1.0 -> 2.1.1

meta-security: 824d2762f6..e8e7318189:
  Armin Kuster (3):
        apparmor: update to 3.0.7
        libgssglue: update to 0.7
        cryptmount: update to 6.0

  Michael Haener (1):
        tpm: update the linux-yocto rule with the one from sanity-meta-tpm class

poky: 5200799866..3e5faccfaf:
  Johan Korsnes (1):
        migration guides: 3.4: remove spurious space in example

  Lee Chee Yang (1):
        migration guides: add release notes for 4.0.4

  Michael Opdenacker (35):
        manuals: improve initramfs details
        manuals: add references to the "do_fetch" task
        manuals: add reference to the "do_install" task
        manuals: add references to the "do_build" task
        manuals: add reference to "do_configure" task
        manuals: add reference to the "do_compile" task
        manuals: add references to the "do_deploy" task
        manuals: add references to the "do_image" task
        manuals: add references to the "do_package" task
        manuals: add references to the "do_package_qa" task
        overview-manual: concepts.rst: add reference to "do_packagedata" task
        manuals: add references to the "do_patch" task
        manuals: add references to "do_package_write_*" tasks
        ref-manual: variables.rst: add reference to "do_populate_lic" task
        manuals: add reference to the "do_populate_sdk" task
        overview-manual: concepts.rst: add reference to "do_populate_sdk_ext" task
        manuals: add references to "do_populate_sysroot" task
        manuals: add references to the "do_unpack" task
        dev-manual: common-tasks.rst: add reference to "do_clean" task
        manuals: add references to the "do_cleanall" task
        ref-manual: tasks.rst: add references to the "do_cleansstate" task
        manuals: add references to the "do_devshell" task
        dev-manual: common-tasks.rst: add reference to "do_listtasks" task
        manuals: add references to the "do_bundle_initramfs" task
        manuals: add references to the "do_rootfs" task
        ref-manual: tasks.rst: add reference to the "do_kernel_checkout" task
        manuals: add reference to the "do_kernel_configcheck" task
        manuals: add references to the "do_kernel_configme" task
        ref-manual: tasks.rst: add reference to the "do_kernel_metadata" task
        migration-guides: add reference to the "do_shared_workdir" task
        ref-manual: tasks.rst: add reference to the "do_validate_branches" task
        ref-manual: tasks.rst: add reference to the "do_image_complete" task
        ref-manual: system-requirements: Ubuntu 22.04 now supported
        overview-manual: concepts.rst: fix formating and add references
        ref-manual/faq.rst: update references to products built with OE / Yocto Project

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I14d679e25bd1c7545bc2d0f545f876aeb0a333b4

9 files changed, 19 insertions, 151 deletions

diff --git a/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend b/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend
index 2cf1453a83..e8027ff38d 100644
--- a/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend
+++ b/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend
@@ -1 +1 @@
-require ${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm', 'linux-yocto_tpm.inc', '', d)}
+require ${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm tpm2', 'linux-yocto_tpm.inc', '', d)}
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.6.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.7.bb
index 45f19d177c..e7d677e7c3 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.6.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.7.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "user-space parser utility for AppArmor \
  which is required to convert AppArmor text profiles into machine-readable \
  policies that are loaded into the kernel for use with the AppArmor Linux \
  Security Module."
-HOMEAPAGE = "http://apparmor.net/"
+HOMEPAGE = "http://apparmor.net/"
 SECTION = "admin"
 
 LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & LGPL-2.1-or-later"
@@ -22,7 +22,7 @@ SRC_URI = " \
     file://0001-rc.apparmor.debian-add-missing-functions.patch \
     "
 
-SRCREV = "822db765c6fa7f9de7233c4011254a82d4dafe76"
+SRCREV = "0ead606d9e608801f45e13a34358036135470729"
 S = "${WORKDIR}/git"
 
 PARALLEL_MAKE = ""
diff --git a/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb b/meta-security/recipes-security/cryptmount/cryptmount_6.0.bb
index 6741a5f08a..d712a615a3 100644
--- a/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb
+++ b/meta-security/recipes-security/cryptmount/cryptmount_6.0.bb
@@ -1,13 +1,12 @@
 SUMMARY = "Linux encrypted filesystem management tool"
 HOMEPAGE = "http://cryptmount.sourceforge.net/"
-LIC_FILES_CHKSUM = "file://README;beginline=3;endline=4;md5=673a990de93a2c5531a0f13f1c40725a"
+LIC_FILES_CHKSUM = "file://README;beginline=3;endline=4;md5=dae0772f0ff46fd927e7fdb08af51b71"
 LICENSE = "GPL-2.0-only"
 
-SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-5.3/${BPN}-${PV}.tar.gz \
-           file://remove_linux_fs.patch \
+SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
            "
 
-SRC_URI[sha256sum] = "682953ff5ba497d48d6b13e22ca726c98659abd781bb8596bb299640dd255d9b"
+SRC_URI[sha256sum] = "86528a9175e1eb53f60613e3c3ea6ae6d69dbfe5ac2b53b2f58ba0f768371e7e"
 
 inherit autotools-brokensep gettext pkgconfig systemd
 
diff --git a/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch b/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch
deleted file mode 100644
index 304b85309a..0000000000
--- a/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-# From glibc 2.36, <linux/mount.h> (included from <linux/fs.h>) and 
-# <sys/mount.h> (included from glibc) are no longer compatible:
-# https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: cryptmount-5.3.3/cryptmount.c
-===================================================================
---- cryptmount-5.3.3.orig/cryptmount.c
-+++ cryptmount-5.3.3/cryptmount.c
-@@ -41,7 +41,6 @@
- #ifdef HAVE_SYSLOG
- #  include <syslog.h>
- #endif
--#include <linux/fs.h>       /* Beware ordering conflict with sys/mount.h */
- 
- 
- #include "armour.h"
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
deleted file mode 100644
index 6aa1a657a9..0000000000
--- a/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Use secure_getenv instead of getenv for setuid programs
-
-(bnc#694598 CVE-2011-2709 bnc#831805)
-
-import from:
-https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
-
-Upstream-Status: Pending
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
-diff --git a/src/g_initialize.c b/src/g_initialize.c
-index 200f173..935a9fa 100644
---- a/src/g_initialize.c
-+++ b/src/g_initialize.c
-@@ -26,6 +26,7 @@
-  * This function will initialize the gssapi mechglue library
-  */
- 
-+#define _GNU_SOURCE
- #include "mglueP.h"
- #include <stdlib.h>
- 
-@@ -197,8 +198,7 @@ static void solaris_initialize ()
-     void *dl;
-     gss_mechanism (*sym)(void), mech;
- 
--    if ((getuid() != geteuid()) ||
--        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
-+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
- 	filename = MECH_CONF;
- 
-     if ((conffile = fopen(filename, "r")) == NULL) {
-@@ -274,8 +274,7 @@ static void linux_initialize ()
-     void *dl;
-     gss_mechanism (*sym)(void), mech;
- 
--    if ((getuid() != geteuid()) ||
--        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
-+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
- 	filename = MECH_CONF;
- 
-     if ((conffile = fopen(filename, "r")) == NULL) {
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
deleted file mode 100644
index 4a9ba33223..0000000000
--- a/meta-security/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Fix the warning for getuid, geteuid
-g_initialize.c: In function 'linux_initialize':
-g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
-g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
-
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
-
-diff --git a/src/g_initialize.c b/src1/g_initialize.c
-index 82fcce1..200f173 100644
---- a/src/g_initialize.c
-+++ b/src/g_initialize.c
-@@ -29,6 +29,8 @@
- #include "mglueP.h"
- #include <stdlib.h>
- 
-+#include <unistd.h>   /*getuid, geteuid */
-+#include <sys/types.h>
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
deleted file mode 100644
index 6dce3e737c..0000000000
--- a/meta-security/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-1) add free if malloc failed for (*mechanisms)->elements
-2) g_inq_cred.c: In function 'gss_inquire_cred':
-g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
-
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
-
---- a/src/g_inq_cred.c
-+++ b/src/g_inq_cred.c
-@@ -152,13 +152,15 @@ gss_OID_set *		mechanisms;
- 			     union_cred->count);
- 	if ((*mechanisms)->elements == NULL) {
- 	    *minor_status = ENOMEM;
-+	    free(*mechanisms);
-+	    *mechanisms = GSS_C_NO_OID_SET;
- 	    return (GSS_S_FAILURE);
- 	}
- 
- 	for (i=0; i < union_cred->count; i++) {
--	    status = generic_gss_copy_oid(minor_status,
-+	    status = generic_gss_add_oid_set_member(minor_status,
- 	    				  &union_cred->mechs_array[i],
--					  &((*mechanisms)->elements[i]));
-+					  mechanisms);
- 	    if (status != GSS_S_COMPLETE)
- 	        break;
- 	}
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-mglueP.patch
deleted file mode 100644
index 6c9ebf05c3..0000000000
--- a/meta-security/recipes-security/libgssglue/files/libgssglue-mglueP.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-fix the warning:
-warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
-
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
-
---- a/src/mglueP.h
-+++ b/src/mglueP.h
-@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
- 	    gss_OID *		/* new_oid */
- 	    );
- 
-+OM_uint32 generic_gss_copy_oid_set
-+	   (OM_uint32 *minor_status,	/* minor_status */
-+	    const gss_OID_set_desc * const oidset,	/* oid */
-+	    gss_OID_set *new_oidset			/* new_oid */
-+	   );
-+
- OM_uint32 generic_gss_create_empty_oid_set
- 	   (OM_uint32 *,	/* minor_status */
- 	    gss_OID_set *	/* oid_set */
diff --git a/meta-security/recipes-security/libgssglue/libgssglue_0.4.bb b/meta-security/recipes-security/libgssglue/libgssglue_0.7.bb
index 3085ee6289..26bd2f3042 100644
--- a/meta-security/recipes-security/libgssglue/libgssglue_0.4.bb
+++ b/meta-security/recipes-security/libgssglue/libgssglue_0.7.bb
@@ -15,27 +15,24 @@ LICENSE = "BSD-3-Clause | HPND"
 #Copyright 1995 by the Massachusetts Institute of Technology.  HPND without Disclaimer
 #Copyright 1993 by OpenVision Technologies, Inc.               HPND
 LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
-                    file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \
+                    file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=da8ca7a37bd26e576c23874d453751d2\
                     file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
-                    file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \
-                    file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \
+                    file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0\
+                    file://src/oid_ops.c;beginline=378;endline=398;md5=d77a5c03e91908fac453c08bbeaddce1\
 "
 
-SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.bz2 \
+SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://libgssglue-canon-name.patch  \
-           file://libgssglue-gss-inq-cred.patch  \
-           file://libgssglue-mglueP.patch \
-           file://libgssglue-g-initialize.patch \
-           file://libgssglue-fix-CVE-2011-2709.patch \
 "
 
-SRC_URI[md5sum] = "5ce81940965fa68c7635c42dcafcddfe"
-SRC_URI[sha256sum] = "bb47b2de78409f461811d0db8595c66e6631a9879c3621a35e4434b104ee52f5"
+SRC_URI[sha256sum] = "bcd618ae0bc69f12815d77295658a760e7edc20706b9a731a81da8993f5c970a"
 
-# gssglue can use krb5, spkm3... as gssapi library, configurable
-RRECOMMENDS:${PN} += "krb5"
+inherit autotools-brokensep
 
-inherit autotools
+do_configure:prepend() {
+    cd ${S}
+    ./bootstrap
+}
 
 do_install:append() {
     # install some docs
@@ -49,3 +46,6 @@ do_install:append() {
     # change the libgssapi_krb5.so path and name(it is .so.2)
     sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
 }
+
+# gssglue can use krb5, spkm3... as gssapi library, configurable
+RRECOMMENDS:${PN} += "krb5"