subtree updates: openembedded poky

poky: aa6cd06a9f..fb1853c66c:
  Adrian Freihofer (1):
        bblayers/setupwriters/oe-setup-layers: create dir if not exists

  Alexander Kanavin (48):
        bblayers/makesetup: skip git repos that are submodules
        scripts/oe-setup-layers: print a note about submodules if present
        go: update 1.19.4 -> 1.20
        go-cross-canadian: use gcc-crosssdk, not gcc-native
        vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
        gstreamer1.0: update 1.20.5 -> 1.22.0
        mesa: update 22.3.3 -> 22.3.5
        meta/conf: move default configuration templates into meta/conf/templates/default
        scripts/oe-setup-layers: correct variable names - layers should be called repos
        scripts/oe-setup-layers: do not clobber json module with a variable named 'json'
        gcr: enable vala .vapi generation only when gobject introspection is also enabled
        gstreamer1.0-python: do not require introspection during builds
        go: update 1.20 -> 1.20.1
        rust: update 1.67.0 -> 1.67.1
        freetype: update 2.12.1 -> 2.13.0
        gnutls: update 3.7.8 -> 3.8.0
        vulkan-samples: update to latest revision
        gnu-config: update to latest revision
        puzzles: upgrade to latest revision
        python3: upgrade 3.11.1 -> 3.11.2
        nghttp2: upgrade 1.51.0 -> 1.52.0
        log4cplus: upgrade 2.0.8 -> 2.1.0
        dos2unix: upgrade 7.4.3 -> 7.4.4
        webkitgtk: upgrade 2.38.4 -> 2.38.5
        man-pages: upgrade 6.02 -> 6.03
        util-macros: upgrade 1.19.3 -> 1.20.0
        dpkg: upgrade 1.21.19 -> 1.21.20
        ruby: upgrade 3.2.0 -> 3.2.1
        libwpe: upgrade 1.14.0 -> 1.14.1
        vala: upgrade 0.56.3 -> 0.56.4
        dbus: upgrade 1.14.4 -> 1.14.6
        linux-firmware: upgrade 20230117 -> 20230210
        zstd: upgrade 1.5.2 -> 1.5.4
        python3-setuptools: upgrade 67.2.0 -> 67.3.1
        mmc-utils: upgrade to latest revision
        harfbuzz: upgrade 6.0.0 -> 7.0.0
        libhandy: upgrade 1.8.0 -> 1.8.1
        diffoscope: upgrade 234 -> 235
        wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
        libcap: upgrade 2.66 -> 2.67
        e2fsprogs: upgrade 1.46.5 -> 1.47.0
        git: upgrade 2.39.1 -> 2.39.2
        piglit: upgrade to latest revision
        python3-hatchling: upgrade 1.12.2 -> 1.13.0
        devtool: ignore patch-fuzz errors when extracting source
        gcr: correctly configure vala against introspection data
        selftest: do not check for dri.pc in the headless test
        scripts/runqemu: move render nodes check to runqemu from selftest

  Alexis Lothoré (8):
        oeqa/selftest/resulttooltests: fix minor typo
        scripts/oe-selftest: append metadata to tests results
        scripts/resulttool/regression: remove unused import
        scripts/resulttool/regression: add metadata filtering for oeselftest
        scripts: add new helper for regression report generation
        oeqa/selftest: add test for yocto_testresults_query.py
        scripts/yoct_testresults_query: manage base/target revision not found
        oeqa/selftest/resulttool: add test for metadata filtering on regression

  Bruce Ashfield (11):
        linux-yocto/5.19: drop recipes
        yocto-bsps: remove 5.19 bbappend
        lttng-modules: fix for kernel 6.2+
        linux-yocto-rt/6.1: fix compilation issue with per cpu stats
        linux-yocto-dev: bump to v6.2
        linux-yocto/6.1: update to v6.1.12
        linux-yocto/5.15: update to v5.15.94
        linux-yocto/6.1: update to v6.1.14
        linux-yocto/5.15: update to v5.15.96
        linux-yocto-rt/6.1: update to -rt7
        linux-yocto-rt/5.15: update to -rt59

  Caner Altinbasak (1):
        bitbake: fetch2: Add GIT_CACHE_PATH and SSL_CERT_DIR into FETCH_EXPORT_VARS

  Chee Yang Lee (2):
        tar: Fix CVE-2022-48303
        checklayer: check for patch file upstream status

  Chen Qi (1):
        gpgme: fix python setuptools invalid version issue

  Denys Zagorui (1):
        kernel-devsrc: powerpc: add missed dependency for modules_prepare

  Dmitry Baryshkov (4):
        linux-firmware: properly set license for all Qualcomm firmware
        linux-firmware: add yamato fw files to qcom-adreno-a2xx package
        mesa: provide support for packing development and testing tools
        ffmpeg: fix build failure when vulkan is enabled

  Fawzi KHABER (1):
        ref-manual: update DEV_PKG_DEPENDENCY in variables

  Federico Pellegrin (1):
        curl: fix dependencies when building with ldap/ldaps

  Geoffrey GIRY (1):
        cve-extra-exclusions: ignore inapplicable linux-yocto CVEs

  Joe Slater (1):
        tar: Update fix for CVE-2022-48303 to upstream version

  Joel Stanley (1):
        qemu: Fix building with 6.2 kernel headers

  Jose Quaresma (2):
        bluez5: refresh patches with devtool
        icecc: enable the network only when ICECC_DISABLED is not set

  Joshua Watt (4):
        classes/populate_sdk_base: Append cleandirs
        classes/create-sdpx-2.2: Remove image SPDX and index from deploydir
        classes/create-spdx-2.2: Report downloads as separate packages
        weston: Add kiosk shell

  Kai Kang (2):
        xserver-xorg: 21.1.6 -> 21.1.7
        webkitgtk: 2.38.3 -> 2.38.4

  Khem Raj (12):
        unfs3: Add missing header files
        stress-ng: Add missing header files for clock_adjtime
        gstreamer1.0-plugins-good: Fix build with musl
        elfutils: Backport fix for DW_TAG_unspecified_type handling
        tune-riscv.inc: Add riscv64nc to available tunes list
        grub: Handle R_RISCV_CALL_PLT reloc
        gdb: Upgrade to 13.1
        musl: Update to tip of trunk
        kernel: Add kernel specific OBJDUMP
        opensbi: Do not add dependencies if RISCV_SBI_FDT is not set
        opensbi: Upgrade to 1.2 release
        vte: Fix -Wenum-constexpr-conversion warning

  Lee Chee Yang (1):
        migration-guides: add release-notes for 4.0.7

  Luca Boccassi (1):
        systemd: add user for systemd-oomd if enabled

  Marek Vasut (1):
        systemd-systemctl: Create machine-id with "uninitialized" text in it

  Mark Asselstine (1):
        bitbake: fetch/npmsw: add more short forms for git operations

  Markus Volk (3):
        graphene: add a PACKAGECONFIG for arm_neon
        libportal: allow to build without gtk4 backend
        libsdl2: add missing libdecor RDEPEND

  Martin Jansa (3):
        python3-numpy: upgrade to 1.24.2
        insane.bbclass: use 4 spaces for indentation
        insane.bbclass: move Upstream-Status logic to oe.qa

  Mateusz Marciniec (1):
        sstatesig: Improve output hash calculation

  Michael Opdenacker (17):
        migration-guides/migration-4.2.rst: fix minor issues
        ref-manual: variables.rst: fix broken hyperlink
        profile-manual: update WireShark hyperlinks
        manuals: replace unnecessary uses of 'yocto_docs' by internal references
        bsp-guide: fix broken git URLs and missing word
        ref-manual: improve "devtool check-upgrade-status" explanations
        ref-manual: document Rust classes
        manuals: update patchwork instance URL
        ref-manual: classes.rst: add python-setuptools3_rust and python_pyo3 classes
        dev-manual: new-recipe.rst: restructure examples
        ref-manual: classes.rst: improvements to cmake class documentation
        ref-manual: document meson class and variables
        dev-manual: sbom.rst: add link to FOSDEM 2023 video
        manuals: document COMMERCIAL_[AUDIO|VIDEO]_PLUGINS variables
        ref-manual: system-requirements.rst: update supported distros
        dev-manual: new-recipe.rst: add Meson example recipe
        dev-manual: new-recipe.rst: add references to subsections in Examples section

  Mike Crowe (1):
        bitbake: gitsm: Fix path construction for relative submodule URI

  Mikko Rapeli (8):
        oeqa ssh.py: move output prints to new line
        oeqa ssh.py: add connection keep alive options to ssh client
        oeqa dump.py: add error counter and stop after 5 failures
        oeqa qemurunner: read more data at a time from serial
        oeqa qemurunner.py: add timeout to QMP calls
        oeqa qemurunner.py: try to avoid reading one character at a time
        oeqa ssh.py: fix hangs in run()
        runqemu: kill qemu if it hangs

  Mingli Yu (1):
        mc: set ac_cv_path_PERL_FOR_BUILD

  Narpat Mali (1):
        libseccomp: fix for the ptest result format

  Niko Mauno (1):
        ref-manual: Fix invalid feature name

  Paulo Neves (4):
        bitbake: tests/fetch: git-lfs restore _find_git_lfs
        bitbake: tests/fetch: Add real git lfs tests and decorator
        bitbake: fetch/git: Removed unused variables in _contains_lfs
        bitbake: fetch/git: Replace mkdtemp with TemporaryDirectory and avoid exception masking

  Pavel Zhukov (4):
        wic: Fix usage of fstype=none in wic
        u-boot: Map arm64 into map for u-boot dts installation
        wic: Fix populating of IMAGE_EFI_BOOT_FILES with uefi-kernel
        oeqa/selftest/wic: Add test for uefi-kernel loader

  Pedro Baptista (3):
        bitbake: action.py: add topdir in bblayers_conf path for add-layer
        bitbake: action.py: add topdir in bblayers_conf path for remove-layer
        create.py: add command arg to add layer to bblayers.conf

  Peter Kjellerstedt (1):
        devshell: Do not add scripts/git-intercept to PATH

  Peter Marko (1):
        systemd: add group sgx to udev package

  Petr Kubizňák (1):
        graphene: remove introspection from PACKAGECONFIG

  Richard Elberger (2):
        docbook-xml: Switch from debian packages to upstream docbook sources
        bitbake: documentation: bitbake: add file-checksums to varflags section

  Richard Leitner (1):
        ref-manual: variables: FIT_KERNEL_COMP_ALG: add lzo

  Richard Purdie (20):
        bitbake: cookerdata: Remove incorrect SystemExit usage
        libssh2: Clean up ptest patch/coverage
        bitbake: data: Evaluate the value of export/unexport/network flags
        poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
        bitbake: cookerdata: Improve early exception handling
        bitbake: cookerdata: Drop dubious exception handling code
        bitbake: runqueue: Drop SystemExit usage
        bitbake: cooker: Ensure lock is held with changing notifier
        bitbake: server/process: Improve idle thread exception handling
        bitbake: event/cooker/runqueue: Add ability to interrupt longer running code
        bitbake: bitbake: Bump to version 2.3.1
        sstate: Add check_for_interrupts() call functionality added in bitbake
        binutils: Fix nativesdk ld.so search
        oeqa/selftest/prservice: Improve debug output for failure
        bitbake: cooker: Fix memory resident cache invalidation issue
        bitbake: fetch2/wget: Drop unused import
        bitbake: utils: Use internal fetcher function to avoid duplication
        resulttool/regression: Ensure LTP results are only compared against other LTP runs
        resulttool/regression: Improve matching of poor ptest test names
        build-appliance-image: Update to master head revision

  Robert Joslyn (1):
        curl: Update 7.87.0 to 7.88.0

  Ross Burton (17):
        lib/buildstats: handle tasks that never finished
        cml1: remove redundant addtask
        bitbake: fetch2/wget: clean up netrc usage
        libcgroup: clean up musl DEPENDS
        pkgconfig: use system glib for nativesdk builds
        site: remove glib site values
        less: backport the fix for CVE-2022-46663
        tiff: backport fix for CVE-2022-48281
        python3-atomicwrites: add BBCLASSEXTEND
        python3-iniconfig: add BBCLASSEXTEND
        python3-pytest: set RDEPENDS globally, not just target
        bitbake: lib/bb/siggen: fix debug() call
        ptest-runner: add non-root ptest user for tests to run as
        meta-selftest/files: add ptest to static-passwd/-group
        quilt: run tests as ptest user, and let that user write into the tests
        glibc: add ignore for CVE-2023-25139
        glibc: remove obsolete CVE ignores

  Saul Wold (2):
        busybox: Fix depmod patch
        create-spdx-2.2: Add support for custom Annotations

  Siddharth Doshi (1):
        openssl: Upgrade 3.0.7 -> 3.0.8

  Tim Orling (7):
        python3-hypothesis: upgrade 6.66.0 -> 6.68.1
        python3-typing-extensions: upgrade 4.4.0 -> 4.5.0
        python3-cryptography{-vectors}: 39.0.0 -> 39.0.1
        python3-more-itertools: upgrade 9.0.0 -> 9.1.0
        python3-zipp: upgrade 3.14.0 -> 3.15.0
        python3-hypothesis: upgrade 6.68.1 -> 6.68.2
        python3-babel: upgrade 2.11.0 -> 2.12.1

  Trevor Woerner (12):
        packagegroup-self-hosted: alphabetize
        packagegroup-self-hosted: add zstd
        build-appliance-image: set TERM
        build-appliance-image kernel: linux-yocto: qemuall: add taskstats
        build-appliance-image: add /lib64 symlink
        build-appliance-image: QB_MEM: allow user config
        QB_SMP: allow user modification
        build-appliance-image: check for xattr feature
        dtc: update DESCRIPTION
        dtc: update license checks
        build-appliance-image: fix HOMEPAGE
        VOLATILE_TMP_DIR: add

  Ulrich Ölmann (5):
        dev-manual: fix old override syntax
        kernel-yocto: fix kernel-meta data detection
        kernel-dev,ref-manual: fix old override syntax
        ref-manual: refer to MACHINE variable instead of KMACHINE
        kernel-dev: harmonize example with ref-manual

  Wang Mingyu (21):
        libdrm: upgrade 2.4.114 -> 2.4.115
        libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1
        libsdl2: upgrade 2.26.2 -> 2.26.3
        lighttpd: upgrade 1.4.68 -> 1.4.69
        openssh: upgrade 9.1p1 -> 9.2p1
        python3-sphinx-rtd-theme: upgrade 1.1.1 -> 1.2.0
        python3-zipp: upgrade 3.12.0 -> 3.13.0
        xkeyboard-config: upgrade 2.37 -> 2.38
        xwayland: upgrade 22.1.7 -> 22.1.8
        libx11: 1.8.3 -> 1.8.4
        dtc: upgrade 1.6.1 -> 1.7.0
        liburcu: upgrade 0.13.2 -> 0.14.0
        curl: upgrade 7.88.0 -> 7.88.1
        harfbuzz: upgrade 7.0.0 -> 7.0.1
        libx11-compose-data: 1.8.3 -> 1.8.4
        python3-pip: update 23.0 -> 23.0.1
        python3-poetry-core: upgrade 1.5.0 -> 1.5.1
        python3-pytest-subtests: upgrade 0.9.0 -> 0.10.0
        python3-zipp: upgrade 3.13.0 -> 3.14.0
        python3-setuptools: upgrade 67.3.1 -> 67.3.3
        diffoscope: upgrade 235 -> 236

  Xiangyu Chen (1):
        dhcpcd: fix dhcpcd start failure on qemuppc64

  Yash Shinde (1):
        glibc: stable 2.37 branch updates.

  Yi Zhao (1):
        glibc: unify wordsize.h between arm and aarch64

  leimaohui (2):
        gnutls: Updated ther patch which fixes build error for fips enabled.
        nghttp2: Deleted the entries for -client and -server, and removed a dependency on them from the main package.

  yanxk (1):
        cpio: Add ptest support

meta-openembedded: cba6df61c7..a9b2d1303b:
  Alex Kiernan (1):
        ostree: Upgrade 2022.7 -> 2023.1

  Arash Partow (1):
        ExprTk: Update package to release/0.0.2

  Archana Polampalli (1):
        Nodejs: fix buildpaths warning

  Bartosz Golaszewski (5):
        libgpiod: update to v1.6.4
        libgpiod: add a recipe for libgpiod v2.0-rc2
        python3-gpiod: new package
        libgpiod: bump version to v2.0-rc3
        python3-gpiod: bump version to v2.0-rc3

  Catalin Enache (1):
        plocate: add recipe

  Changqing Li (1):
        liblockfile: fix do_install failure when ldconfig is not installed

  Chee Yang Lee (2):
        tinyproxy: fix CVE-2022-40468
        tmux: update to tmux_3.3a

  Chen Qi (1):
        nodejs: add CVE_PRODUCT

  Cook, Samuel (1):
        python-systemd: update from v234 to v235

  Craig Comstock (1):
        cfengine: upgrade to 3.21.0

  Denys Dmytriyenko (2):
        lmbench: set up /usr/bin/hello as alternative
        mbedtls: set up /usr/bin/hello as alternative

  Fabio Estevam (2):
        spice-gtk: Update to version 0.42
        glmark2: Update to 2023.01

  Jan Luebbe (5):
        add signing.bbclass as infrastructure for build artifact signing
        smemstat: add recipe
        linux-serial-test: add recipe
        atftp: upgrade from 0.7.5 to 0.8.0
        atftp: use https for git repository access

  Joe Slater (1):
        phoronix-test-suite: fix CVE-2022-40704

  Joshua Watt (2):
        libvpx: Explicitly link with pthread support
        libvpx: Enable native support

  Khem Raj (7):
        python3-cson: Make PEP440 compatible version scheme
        python3-grpcio: Add missing include for close/open APIs
        graphene: Delete recipe
        glog: Link with libatomics on mips.
        glog: Fix build with clang on 32bit platforms
        networkmanager: Fix build with musl
        liburing: Update to latest tip of tree

  Lei Maohui (1):
        libiodbc: Fix install conflict when enable multilib.

  Marek Vasut (1):
        v4l-utils: Update 1.23.0+fd544473 -> 1.23.0+9431e4b2

  Markus Volk (10):
        iwd: update 2.0 -> 2.3
        libdeflate: add recipe
        pipewire-media-session: update 0.4.1 -> 0.4.2
        gnome-software: update 43.2 -> 43.4
        fwupd: fix polkit rules.d permissions
        pipewire: update 0.3.65 -> 0.3.66
        appstream: update 0.15.5 -> 0.16.1
        flatpak: update 1.15.1 -> 1.15.3
        gparted: update 1.4.0 -> 1.5.0
        webp-pixbuf-loader: update 0.0.7 -> 0.2.0

  Martin Jansa (4):
        nodejs: fix do_install failure with 'shared' PACKAGECONFIG
        nodejs: add Upstream-Status
        openhpi, uw-imag, python3-m2crypto: replace Unknown Upstream-Status with Pending
        .patch: fix Upstream-Status formatting issues reported by patchreview tool from oe-core

  Michael Haener (1):
        usb-modeswitch: update 2.6.0 -> 2.6.1

  Michael Opdenacker (1):
        ipcalc: update to 1.0.2

  Mingli Yu (2):
        opencv: disable intel IPP
        mariadb: Upgrade to 10.11.2

  Narpat Mali (1):
        net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception

  Pablo Saavedra (1):
        graphene: disable neon support on arm 32bits

  Petr Gotthard (5):
        libqmi: upgrade 1.30.8 -> 1.32.2
        libmbim: upgrade 1.26.4 -> 1.28.2
        modemmanager: upgrade 1.18.12 -> 1.20.4
        openvpn: upgrade 2.5.8 -> 2.6.0
        python3-scapy: upgrade 2.4.5 -> 2.5.0

  Randy MacLeod (1):
        python3-pillow: Add distutils, unixadmin for ptest

  Ross Burton (10):
        python3-simpleeval: update patch status
        nodejs: remove redundant expand=True to getVar()
        nodejs: run configure.py in verbose mode
        nodejs: use a postfunc to prune source tree
        nodejs: don't force cross-compilation in native builds
        nodejs: remove LD assignment
        nodejs: no need to stage binaries for target
        nodejs: remove redundant comment
        zchunk: upgrade to 1.2.4
        liburing: enable native/nativesdk builds

  Stefano Babic (1):
        zchunk: upgrade 1.2.4 -> 1.3.0

  Tom Hochstein (1):
        nlohmann-json: Allow empty main package for SDK

  Ulrich Ölmann (1):
        tnftp: switch to using variable flags for alternatives

  Wang Mingyu (104):
        python3-apt: upgrade 2.5.0 -> 2.5.2
        python3-aspectlib: upgrade 1.5.2 -> 2.0.0
        python3-aiohttp-jinja2: upgrade 1.5 -> 1.5.1
        python3-astroid: upgrade 2.13.2 -> 2.14.1
        python3-bitarray: upgrade 2.6.2 -> 2.7.0
        python3-cantools: upgrade 38.0.1 -> 38.0.2
        python3-coverage: upgrade 7.0.5 -> 7.1.0
        python3-cmd2: upgrade 2.4.2 -> 2.4.3
        python3-django: upgrade 4.1.3 -> 4.1.6
        python3-dateparser: upgrade 1.1.6 -> 1.1.7
        python3-elementpath: upgrade 3.0.2 -> 4.0.1
        python3-evdev: upgrade 1.6.0 -> 1.6.1
        python3-flask-wtf: upgrade 1.1.0 -> 1.1.1
        python3-fastnumbers: upgrade 3.2.1 -> 4.0.1
        python3-flask-migrate: upgrade 4.0.1 -> 4.0.4
        python3-luma-oled: upgrade 3.9.0 -> 3.11.0
        python3-google-api-python-client: upgrade 2.72.0 -> 2.77.0
        python3-ipython: upgrade 8.8.0 -> 8.9.0
        python3-icu: upgrade 2.8.1 -> 2.10.2
        python3-license-expression: upgrade 30.0.0 -> 30.1.0
        python3-meh: upgrade 0.50.1 -> 0.51
        python3-portalocker: upgrade 2.6.0 -> 2.7.0
        python3-pandas: upgrade 1.5.2 -> 1.5.3
        python3-openpyxl: upgrade 3.0.10 -> 3.1.0
        python3-paramiko: upgrade 2.12.0 -> 3.0.0
        python3-portion: Upgrade 2.3.0 -> 2.3.1
        python3-pymisp: upgrade 2.4.167 -> 2.4.168
        python3-pymodbus: upgrade 3.1.0 -> 3.1.3
        python3-pykickstart: upgrade 3.34 -> 3.43
        python3-pyscaffold: upgrade 4.3.1 -> 4.4
        python3-pywbem: upgrade 1.5.0 -> 1.6.0
        python3-sentry-sdk: upgrade 1.13.0 -> 1.15.0
        python3-qrcode: upgrade 7.3.1 -> 7.4.2
        python3-reedsolo: upgrade 1.6.1 -> 1.7.0
        python3-simplejson: upgrade 3.18.1 -> 3.18.3
        python3-traitlets: upgrade 5.8.1 -> 5.9.0
        python3-sqlalchemy: upgrade 1.4.46 -> 2.0.3
        python3-websocket-client: upgrade 1.4.2 -> 1.5.1
        python3-xlsxwriter: upgrade 3.0.7 -> 3.0.8
        python3-xmlschema: upgrade 2.1.1 -> 2.2.1
        ctags: upgrade 6.0.20230115.0 -> 6.0.20230212.0
        ddrescue: upgrade 1.26 -> 1.27
        editorconfig-core-c: upgrade 0.12.5 -> 0.12.6
        htpdate: upgrade 1.3.6 -> 1.3.7
        iscsi-initiator-utils: upgrade 2.1.7 -> 2.1.8
        geoclue: upgrade 2.6.0 -> 2.7.0
        htop: upgrade 3.2.1 -> 3.2.2
        hwdata: upgrade 0.366 -> 0.367
        glog: upgrade 0.5.0 -> 0.6.0
        libtevent: upgrade 0.13.0 -> 0.14.1
        libtdb: upgrade 1.4.7 -> 1.4.8
        libtalloc: upgrade 2.3.4 -> 2.4.0
        jack: upgrade 1.19.21 -> 1.19.22
        jsonrpc: upgrade 1.3.0 -> 1.4.1
        liburing: upgrade 2.2 -> 2.3
        libusb-compat: upgrade 0.1.7 -> 0.1.8
        networkmanager: upgrade 1.40.10 -> 1.42.0
        minicoredumper: upgrade 2.0.2 -> 2.0.3
        neon: upgrade 0.32.4 -> 0.32.5
        nano: upgrade 7.1 -> 7.2
        netplan: upgrade 0.104 -> 0.106
        rdma-core: upgrade 42.0 -> 44.0
        pcsc-tools: upgrade 1.6.1 -> 1.6.2
        poppler-data: upgrade 0.4.11 -> 0.4.12
        sshpass: upgrade 1.09 -> 1.10
        poppler: upgrade 23.01.0 -> 23.02.0
        postgresql: upgrade 14.5 -> 15.2
        sip: upgrade 6.7.5 -> 6.7.7
        uchardet: upgrade 0.0.7 -> 0.0.8
        zabbix: upgrade 6.2.6 -> 6.2.7
        uftrace: upgrade 0.13 -> 0.13.1
        krb5: Fix install conflict when enable multilib.
        libnet: Fix install conflict when enable multilib.
        imlib2: Fix install conflict when enable multilib.
        python3-aiofiles: upgrade 22.1.0 -> 23.1.0
        python3-aiohttp: upgrade 3.8.3 -> 3.8.4
        python3-alembic: upgrade 1.9.2 -> 1.9.4
        python3-antlr4-runtime: upgrade 4.11.1 -> 4.12.0
        python3-astroid: upgrade 2.14.1 -> 2.14.2
        python3-autobahn: upgrade 23.1.1 -> 23.1.2
        python3-bitstruct: upgrade 8.15.1 -> 8.17.0
        python3-bitarray: upgrade 2.7.0 -> 2.7.3
        python3-django: upgrade 4.1.6 -> 4.1.7
        python3-google-api-python-client: upgrade 2.77.0 -> 2.79.0
        python3-flask: upgrade 2.2.2 -> 2.2.3
        python3-huey: upgrade 2.4.4 -> 2.4.5
        python3-google-auth: upgrade 2.16.0 -> 2.16.1
        python3-ipython: upgrade 8.9.0 -> 8.10.0
        python3-imageio: upgrade 2.25.0 -> 2.25.1
        python3-openpyxl: upgrade 3.1.0 -> 3.1.1
        python3-pykickstart: upgrade 3.43 -> 3.44
        python3-pydantic: upgrade 1.10.4 -> 1.10.5
        python3-pytest-forked: upgrade 1.4.0 -> 1.6.0
        python3-pytest-xdist: upgrade 3.1.0 -> 3.2.0
        python3-redis: upgrade 4.4.2 -> 4.5.1
        python3-soupsieve: upgrade 2.3.2.post1 -> 2.4
        python3-simpleeval: upgrade 0.9.12 -> 0.9.13
        python3-stevedore: upgrade 4.1.1 -> 5.0.0
        python3-sqlalchemy: upgrade 2.0.3 -> 2.0.4
        python3-watchdog: upgrade 2.2.1 -> 2.3.0
        python3-werkzeug: upgrade 2.2.2 -> 2.2.3
        python3-zeroconf: upgrade 0.47.1 -> 0.47.3
        python3-coverage: upgrade 7.1.0 -> 7.2.0
        python3-eth-keyfile: upgrade 0.6.0 -> 0.6.1

  Yi Zhao (7):
        meta-python: fix Upstream-Status format
        meta-oe: fix Upstream-Status format
        meta-networking: fix Upstream-Status format
        fatresize: fix Upstream-Status format
        apache2: use /run instead of /var/run for systemd volatile config
        phpmyadmin: upgrade 5.2.0 -> 5.2.1
        ufs-utils: upgrade 1.9 -> 3.12.3

  bhargav_das@mentor.com (1):
        python3-daemon_2.3.2.bb: add python-daemon recipe for python3

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I826d53d70744bc80ebe8b60203241dfddce7d5fe

1 files changed, 63 insertions, 20 deletions

diff --git a/poky/meta/classes/create-spdx-2.2.bbclass b/poky/meta/classes/create-spdx-2.2.bbclass
index f0513af083..454dd7a7a0 100644
--- a/poky/meta/classes/create-spdx-2.2.bbclass
+++ b/poky/meta/classes/create-spdx-2.2.bbclass
@@ -14,6 +14,8 @@ CVE_VERSION ??= "${PV}"
 SPDXDIR ??= "${WORKDIR}/spdx"
 SPDXDEPLOY = "${SPDXDIR}/deploy"
 SPDXWORK = "${SPDXDIR}/work"
+SPDXIMAGEWORK = "${SPDXDIR}/image-work"
+SPDXSDKWORK = "${SPDXDIR}/sdk-work"
 
 SPDX_TOOL_NAME ??= "oe-spdx-creator"
 SPDX_TOOL_VERSION ??= "1.0"
@@ -30,6 +32,8 @@ SPDX_PRETTY ??= "0"
 
 SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
 
+SPDX_CUSTOM_ANNOTATION_VARS ??= ""
+
 SPDX_ORG ??= "OpenEmbedded ()"
 SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}"
 SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \
@@ -402,6 +406,53 @@ def collect_dep_sources(d, dep_recipes):
 
     return sources
 
+def add_download_packages(d, doc, recipe):
+    import os.path
+    from bb.fetch2 import decodeurl, CHECKSUM_LIST
+    import bb.process
+    import oe.spdx
+    import oe.sbom
+
+    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
+        f = bb.fetch2.FetchData(src_uri, d)
+
+        for name in f.names:
+            package = oe.spdx.SPDXPackage()
+            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
+            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
+
+            if f.type == "file":
+                continue
+
+            uri = f.type
+            proto = getattr(f, "proto", None)
+            if proto is not None:
+                uri = uri + "+" + proto
+            uri = uri + "://" + f.host + f.path
+
+            if f.method.supports_srcrev():
+                uri = uri + "@" + f.revisions[name]
+
+            if f.method.supports_checksum(f):
+                for checksum_id in CHECKSUM_LIST:
+                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
+                        continue
+
+                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
+                    if expected_checksum is None:
+                        continue
+
+                    c = oe.spdx.SPDXChecksum()
+                    c.algorithm = checksum_id.upper()
+                    c.checksumValue = expected_checksum
+                    package.checksums.append(c)
+
+            package.downloadLocation = uri
+            doc.packages.append(package)
+            doc.add_relationship(doc, "DESCRIBES", package)
+            # In the future, we might be able to do more fancy dependencies,
+            # but this should be sufficient for now
+            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
 
 python do_create_spdx() {
     from datetime import datetime, timezone
@@ -455,14 +506,6 @@ python do_create_spdx() {
     if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
         recipe.annotations.append(create_annotation(d, "isNative"))
 
-    for s in d.getVar('SRC_URI').split():
-        if not s.startswith("file://"):
-            s = s.split(';')[0]
-            recipe.downloadLocation = s
-            break
-    else:
-        recipe.downloadLocation = "NOASSERTION"
-
     homepage = d.getVar("HOMEPAGE")
     if homepage:
         recipe.homepage = homepage
@@ -479,6 +522,10 @@ python do_create_spdx() {
     if description:
         recipe.description = description
 
+    if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
+        for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
+            recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var)))
+
     # Some CVEs may be patched during the build process without incrementing the version number,
     # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
     # save the CVEs fixed by patches to source information field in the SPDX.
@@ -500,6 +547,8 @@ python do_create_spdx() {
     doc.packages.append(recipe)
     doc.add_relationship(doc, "DESCRIBES", recipe)
 
+    add_download_packages(d, doc, recipe)
+
     if process_sources(d) and include_sources:
         recipe_archive = deploy_dir_spdx / "recipes" / (doc.name + ".tar.zst")
         with optional_tarfile(recipe_archive, archive_sources) as archive:
@@ -821,10 +870,12 @@ def spdx_get_src(d):
         d.setVar("WORKDIR", workdir)
 
 do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
+do_rootfs[cleandirs] += "${SPDXIMAGEWORK}"
 
 ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
 
 do_populate_sdk[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
+do_populate_sdk[cleandirs] += "${SPDXSDKWORK}"
 POPULATE_SDK_POST_HOST_COMMAND:append:task-populate-sdk = " sdk_host_combine_spdx; "
 POPULATE_SDK_POST_TARGET_COMMAND:append:task-populate-sdk = " sdk_target_combine_spdx; "
 
@@ -840,7 +891,7 @@ python image_combine_spdx() {
     img_spdxid = oe.sbom.get_image_spdxid(image_name)
     packages = image_list_installed_packages(d)
 
-    combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages)
+    combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages, Path(d.getVar("SPDXIMAGEWORK")))
 
     def make_image_link(target_path, suffix):
         if image_link_name:
@@ -848,12 +899,8 @@ python image_combine_spdx() {
             if link != target_path:
                 link.symlink_to(os.path.relpath(target_path, link.parent))
 
-    image_spdx_path = imgdeploydir / (image_name + ".spdx.json")
-    make_image_link(image_spdx_path, ".spdx.json")
     spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
     make_image_link(spdx_tar_path, ".spdx.tar.zst")
-    spdx_index_path = imgdeploydir / (image_name + ".spdx.index.json")
-    make_image_link(spdx_index_path, ".spdx.index.json")
 }
 
 python sdk_host_combine_spdx() {
@@ -873,9 +920,9 @@ def sdk_combine_spdx(d, sdk_type):
     sdk_deploydir = Path(d.getVar("SDKDEPLOYDIR"))
     sdk_spdxid = oe.sbom.get_sdk_spdxid(sdk_name)
     sdk_packages = sdk_list_installed_packages(d, sdk_type == "target")
-    combine_spdx(d, sdk_name, sdk_deploydir, sdk_spdxid, sdk_packages)
+    combine_spdx(d, sdk_name, sdk_deploydir, sdk_spdxid, sdk_packages, Path(d.getVar('SPDXSDKWORK')))
 
-def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
+def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx_workdir):
     import os
     import oe.spdx
     import oe.sbom
@@ -944,7 +991,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
             comment="Runtime dependencies for %s" % name
         )
 
-    image_spdx_path = rootfs_deploydir / (rootfs_name + ".spdx.json")
+    image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
 
     with image_spdx_path.open("wb") as f:
         doc.to_json(f, sort_keys=True, indent=get_json_indent(d))
@@ -1020,7 +1067,3 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
             info.gname = "root"
 
             tar.addfile(info, fileobj=index_str)
-
-    spdx_index_path = rootfs_deploydir / (rootfs_name + ".spdx.index.json")
-    with spdx_index_path.open("w") as f:
-        json.dump(index, f, sort_keys=True, indent=get_json_indent(d))