subtree updates

poky: b6ce93d565..4aad5914ef:
  Ahmed Hossam (1):
        insane.bbclass: host-user-contaminated: Correct per package home path

  Alex Kiernan (1):
        openssh: Add openssh-sftp-server to openssh RDEPENDS

  Alexander Kanavin (3):
        mobile-broadband-provider-info: upgrade 20220315 -> 20220511
        wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
        linux-firmware: update 20220610 -> 20220708

  Alexandre Belloni (1):
        pseudo: Fix handling of absolute links

  Anuj Mittal (1):
        efivar: change branch name to main

  Bruce Ashfield (13):
        linux-yocto/5.4: update to v5.4.182
        linux-yocto/5.4: update to v5.4.183
        linux-yocto/5.4: update to v5.4.186
        linux-yocto/5.4: update to v5.4.188
        linux-yocto/5.4: update to v5.4.190
        linux-yocto/5.4: update to v5.4.192
        linux-yocto/5.4: update to v5.4.196
        linux-yocto/5.4: update to v5.4.199
        linux-yocto/5.4: update to v5.4.203
        linux-yocto/5.4: update to v5.4.205
        linux-yocto-rt/5.4: fixup -rt build breakage
        linux-yocto/5.4: update to v5.4.208
        linux-yocto/5.4: update to v5.4.209

  Chee Yang Lee (1):
        dpkg: update to 1.19.8

  Chen Qi (1):
        cases/buildepoxy.py: fix typo

  Christophe Priouzeau (1):
        bitbake: fetch2/wget: Update user-agent

  Dan Tran (1):
        ncurses: Fix CVE-2022-29458

  Davide Gardenal (3):
        cve-check: add JSON format to summary output
        cve-check: fix symlinks where link and output path are equal
        rootfs-postcommands: fix symlinks where link and output path are equal

  Dmitry Baryshkov (5):
        linux-firmware: correct license for ar3k firmware
        linux-firmware: upgrade 20220411 -> 20220509
        linux-firmware: add support for building snapshots
        linux-firmware: upgrade 20220509 -> 20220610
        linux-firwmare: restore WHENCE_CHKSUM variable

  Ernst Sjöstrand (2):
        cve-check: Add helper for symlink handling
        cve-check: Only include installed packages for rootfs manifest

  Hitendra Prajapati (18):
        pcre2: CVE-2022-1586 Out-of-bounds read
        e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem
        pcre2: CVE-2022-1587 Out-of-bounds read
        python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references
        golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
        golang: CVE-2022-24675 encoding/pem: fix stack overflow in Decode
        golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header
        grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content
        gnupg: CVE-2022-34903 possible signature forgery via injection into the status line
        grub2: Fix buffer underflow write in the heap
        qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
        libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By Zero Error
        libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
        grub2: Fix several security issue of integer underflow
        gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
        qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write
        gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
        zlib: CVE-2022-37434 a heap-based buffer over-read

  Jate Sujjavanich (1):
        IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation

  Joe Slater (1):
        unzip: fix CVE-2021-4217

  Joey Degges (1):
        bitbake: fetch/git: Fix usehead for non-default names

  Jose Quaresma (3):
        archiver: use bb.note instead of echo
        archiver: don't use machine variables in shared recipes
        gstreamer1.0: use the correct meson option for the capabilities

  Joshua Watt (1):
        classes/cve-check: Move get_patches_cves to library

  Khem Raj (2):
        busybox: Use base_bindir instead of hardcoding /bin path
        libmodule-build-perl: Use env utility to find perl interpreter

  Konrad Weihmann (1):
        linux-firmware: replace mkdir by install

  LUIS ENRIQUEZ (1):
        kernel-fitimage.bbclass: add padding algorithm property in config nodes

  Marcel Ziswiler (1):
        alsa-plugins: fix libavtp vs. avtp packageconfig

  Marek Vasut (1):
        lttng-modules: Backport Linux 5.18+, 5.15.44+, 5.10.119+ fixes

  Marta Rybczynska (10):
        cve-check: add json format
        cve-update-db-native: update the CVE database once a day only
        cve-update-db-native: let the user to drive the update interval
        cve-check: Fix report generation
        cve-check: move update_symlinks to a library
        cve-check: write empty fragment files in the text mode
        cve-check: add coverage statistics on recipes with/without CVEs
        cve-update-db-native: make it possible to disable database updates
        cve-check: add support for Ignored CVEs
        oeqa/selftest/cve_check: add tests for Ignored and partial reports

  Martin Jansa (4):
        license_image.bbclass: close package.manifest file
        rootfs.py: close kernel_abi_ver_file
        wic: fix WicError message
        libxml2: Port gentest.py to Python-3

  Michael Opdenacker (3):
        manuals: add missing space in appends
        manuals: switch to the sstate mirror shared between all versions
        ref-manual: variables: remove sphinx directive from literal block

  Ming Liu (1):
        rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}

  Mingli Yu (1):
        oescripts: change compare logic in OEListPackageconfigTests

  Muhammad Hamza (1):
        initramfs-framework: move storage mounts to actual rootfs

  Nick Potenski (1):
        systemd: systemd-systemctl: Support instance conf files during enable

  Pascal Bach (1):
        bin_package: install into base_prefix

  Paul Gortmaker (1):
        install/devshell: Introduce git intercept script due to fakeroot issues

  Pawan Badganchi (3):
        fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
        libinput: Add fix for CVE-2022-1215
        openssh: Whitelist CVE-2021-36368

  Peter Kjellerstedt (3):
        metadata_scm.bbclass: Use immediate expansion for the METADATA_* variables
        u-boot: Correct the SRC_URI
        license.bbclass: Bound beginline and endline in copy_license_files()

  Portia (1):
        volatile-binds: Change DefaultDependencies from false to no

  Rahul Kumar (1):
        neard: Switch SRC_URI to git repo

  Ralph Siemsen (3):
        gzip: fix CVE-2022-1271
        xz: fix CVE-2022-1271
        apt: add -fno-strict-aliasing to CXXFLAGS to fix SHA256 bug

  Randy MacLeod (1):
        vim: update from 9.0.0063 to 9.0.0115

  Ranjitsinh Rathod (9):
        tiff: Add patches to fix multiple CVEs
        freetype: Fix CVEs for freetype
        git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE
        openssl: Minor security upgrade 1.1.1n to 1.1.1o
        ruby: Upgrade ruby to 2.7.6 for security fix
        ruby: Whitelist CVE-2021-28966 as this affects Windows OS only
        libsdl2: Add fix for CVE-2021-33657
        openssl: Minor security upgrade 1.1.1o to 1.1.1p
        cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST

  Rasmus Villemoes (1):
        e2fsprogs: add alternatives handling of lsattr as well

  Richard Purdie (34):
        vim: Upgrade 8.2.4524 -> 8.2.4681
        git: Ignore CVE-2022-24975
        pseudo: Add patch to workaround paths with crazy lengths
        libxshmfence: Correct LICENSE to HPND
        build-appliance-image: Update to dunfell head revision
        perf-build-test/report: Drop phantomjs and html email reports support
        base: Drop git intercept
        uninative: Upgrade to 3.6 with gcc 12 support
        base: Avoid circular references to our own scripts
        scripts: Make git intercept global
        scripts/git: Ensure we don't have circular references
        vim: Upgrade 8.2.4681 -> 8.2.4912
        vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
        cve-check: Allow warnings to be disabled
        openssl: Backport fix for ptest cert expiry
        libxslt: Mark CVE-2022-29824 as not applying
        local.conf.sample: Update sstate url to new 'all' path
        vim: Upgrade 8.2.5034 -> 8.2.5083
        gcc-source: Fix incorrect task dependencies from ${B}
        bitbake: tinfoil/data_smart: Allow variable history emit() to function remotely
        bitbake: bin/bitbake-getvar: Add a new command to query a variable value (with history)
        unzip: Port debian fixes for two CVEs
        cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
        vim: 8.2.5083 -> 9.0.0005
        oeqa/runtime/scp: Disable scp test for dropbear
        packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
        oe-selftest-image: Ensure the image has sftp as well as dropbear
        bitbake: fetch/wget: Move files into place atomically
        ref-manual: Add XZ_THREADS and XZ_MEMLIMIT
        build-appliance-image: Update to dunfell head revision
        insane: Fix buildpaths test to work with special devices
        vim: Upgrade 9.0.0021 -> 9.0.0063
        kernel-arch: Fix buildpaths leaking into external module compiles
        build-appliance-image: Update to dunfell head revision

  Riyaz (1):
        libxml2: Fix CVE-2022-29824 for libxml2

  Robert Joslyn (3):
        curl: Backport CVE fixes
        curl: Fix CVE_CHECK_WHITELIST typo
        curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208

  Ross Burton (10):
        zlib: backport the fix for CVE-2018-25032
        boost: don't specify gcc version
        python3: ignore CVE-2015-20107
        cve-check: no need to depend on the fetch task
        oeqa/selftest/cve_check: add tests for recipe and image reports
        bitbake: knotty: display active tasks when printing keepAlive() message
        bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes
        cve-check: hook cleanup to the BuildCompleted event, not CookerExit
        vim: upgrade to 9.0.0021
        cve_check: skip remote patches that haven't been fetched when searching for CVE tags

  Sana Kazi (1):
        curl: Fix CVEs for curl

  Sana.Kazi (1):
        libjpeg-turbo: Fix CVE-2021-46822

  Shruthi Ravichandran (1):
        initscripts: run umountnfs as a KILL script

  Stefan Wiehler (1):
        kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task

  Steve Sakoman (21):
        documentation: update for 3.1.16 release
        poky.conf: Bump version for 3.1.16 release
        git update from 2.24.3 to 2.24.4
        scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng
        busybox: fix CVE-2022-28391
        selftest: skip virgl test on alma 8.6
        documentation: update for 3.1.17 release
        poky.conf: bump version for 3.1.17 release
        Revert "openssl: Backport fix for ptest cert expiry"
        openssl: backport fix for ptest certificate expiration
        openssl: update the epoch time for ct_test ptest
        cups: fix CVE-2022-26691
        openssh: break dependency on base package for -dev package
        dropbear: break dependency on base package for -dev package
        qemu: add PACKAGECONFIG for capstone
        openssl: security upgrade 1.1.1p to 1.1.1q
        documentation: update for 3.1.18 release
        poky.conf: bump version for 3.1.18 release
        selftest: skip virgl test on fedora 36
        documentation: update for 3.1.19 release
        poky.conf: bump version for 3.1.19 release

  Virendra Thakur (1):
        ffmpeg: Fix for CVE-2022-1475

  leimaohui (1):
        cve-check.bbclass: Added do_populate_sdk[recrdeptask].

  omkar patil (1):
        libxslt: Fix CVE-2021-30560

  sana kazi (1):
        tiff: Fix CVE-2022-0891

  wangmy (1):
        linux-firmware: upgrade 20220310 -> 20220411

  zhengruoqin (1):
        wireless-regdb: upgrade 2022.02.18 -> 2022.04.08

meta-raspberrypi: 934064a019..2081e1bb9a:
  Omer Akram (1):
        linux-firmware-rpidistro: fix wifi driver loading on cm4

meta-openembedded: fdd1dfe6b4..f22bf6efaa:
  Adrian Fiergolski (1):
        python3-matplotlib: add missing dependency

  Akash Hadke (2):
        iperf: Set CVE_PRODUCT to "iperf_project:iperf"
        ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"

  Armin Kuster (2):
        mariadb: update to 10.4.25
        bigbuckbunny-1080p: update SRC_URI

  Chen Qi (2):
        ntfs-3g-ntfsprogs: upgrade to 2021.8.22
        ntfs-3g-ntfsprogs: upgrade to 2022.5.17

  Hitendra Prajapati (3):
        openldap: CVE-2022-29155 OpenLDAP SQL injection
        xterm: CVE-2022-24130 Buffer overflow in set_sixel in graphics_sixel.c
        cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

  Jeroen Hofstee (1):
        php: move to version v7.4.28

  Julien STEPHAN (2):
        opencl-icd-loader: switch to main branch
        opencl-headers: switch to main branch

  Khem Raj (2):
        postgresql: Fix build on riscv
        meta-oe: Add leading whitespace for append operator

  Martin Jansa (5):
        python3-cryptography: backport 3 changes to fix CVE-2020-36242
        ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay
        tesseract-lang: switch from master branch to main
        leveldb: switch from master branch to main
        grpc: switch from master branch to main for upb

  Mikko Rapeli (1):
        fuse: set CVE_PRODUCT to "fuse_project:fuse"

  Mingli Yu (1):
        bridge-utils: Switch to use the main branch

  Ranjitsinh Rathod (1):
        atftp: Add fix for CVE-2021-41054 and CVE-2021-46671

  Riyaz Ahmed Khan (1):
        tcpdump: Add fix for CVE-2018-16301

  Sana Kazi (1):
        openjpeg: Whitelist CVE-2020-27844 and CVE-2015-1239

  Steve Sakoman (1):
        lua: fix CVE-2022-28805

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I394bfdef7725cf9babd0d3cd7fe45ea3c6c8c2ab

3 files changed, 164 insertions, 2 deletions

diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
index d1947baffc..d0b2213703 100644
--- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -1,9 +1,13 @@
-from oe.cve_check import Version
+import json
+import os
 from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_vars
 
 class CVECheck(OESelftestTestCase):
 
     def test_version_compare(self):
+        from oe.cve_check import Version
+
         result = Version("100") > Version("99")
         self.assertTrue( result, msg="Failed to compare version '100' > '99'")
         result = Version("2.3.1") > Version("2.2.3")
@@ -42,3 +46,156 @@ class CVECheck(OESelftestTestCase):
         self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")
         result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")
         self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+
+
+    def test_recipe_report_json(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+"""
+        self.write_config(config)
+
+        vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
+
+        try:
+            os.remove(summary_json)
+            os.remove(recipe_json)
+        except FileNotFoundError:
+            pass
+
+        bitbake("m4-native -c cve_check")
+
+        def check_m4_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+            self.assertEqual(report["version"], "1")
+            self.assertEqual(len(report["package"]), 1)
+            package = report["package"][0]
+            self.assertEqual(package["name"], "m4-native")
+            found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+            self.assertIn("CVE-2008-1687", found_cves)
+            self.assertEqual(found_cves["CVE-2008-1687"], "Patched")
+
+        self.assertExists(summary_json)
+        check_m4_json(summary_json)
+        self.assertExists(recipe_json)
+        check_m4_json(recipe_json)
+
+
+    def test_image_json(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+"""
+        self.write_config(config)
+
+        vars = get_bb_vars(["CVE_CHECK_DIR", "CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        report_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        print(report_json)
+        try:
+            os.remove(report_json)
+        except FileNotFoundError:
+            pass
+
+        bitbake("core-image-minimal-initramfs")
+        self.assertExists(report_json)
+
+        # Check that the summary report lists at least one package
+        with open(report_json) as f:
+            report = json.load(f)
+        self.assertEqual(report["version"], "1")
+        self.assertGreater(len(report["package"]), 1)
+
+        # Check that a random recipe wrote a recipe report to deploy/cve/
+        recipename = report["package"][0]["name"]
+        recipe_report = os.path.join(vars["CVE_CHECK_DIR"], recipename + "_cve.json")
+        self.assertExists(recipe_report)
+        with open(recipe_report) as f:
+            report = json.load(f)
+        self.assertEqual(report["version"], "1")
+        self.assertEqual(len(report["package"]), 1)
+        self.assertEqual(report["package"][0]["name"], recipename)
+
+
+    def test_recipe_report_json_unpatched(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+CVE_CHECK_REPORT_PATCHED = "0"
+"""
+        self.write_config(config)
+
+        vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
+
+        try:
+            os.remove(summary_json)
+            os.remove(recipe_json)
+        except FileNotFoundError:
+            pass
+
+        bitbake("m4-native -c cve_check")
+
+        def check_m4_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+            self.assertEqual(report["version"], "1")
+            self.assertEqual(len(report["package"]), 1)
+            package = report["package"][0]
+            self.assertEqual(package["name"], "m4-native")
+            #m4 had only Patched CVEs, so the issues array will be empty
+            self.assertEqual(package["issue"], [])
+
+        self.assertExists(summary_json)
+        check_m4_json(summary_json)
+        self.assertExists(recipe_json)
+        check_m4_json(recipe_json)
+
+
+    def test_recipe_report_json_ignored(self):
+        config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+CVE_CHECK_REPORT_PATCHED = "1"
+"""
+        self.write_config(config)
+
+        vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+        recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json")
+
+        try:
+            os.remove(summary_json)
+            os.remove(recipe_json)
+        except FileNotFoundError:
+            pass
+
+        bitbake("logrotate -c cve_check")
+
+        def check_m4_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+            self.assertEqual(report["version"], "1")
+            self.assertEqual(len(report["package"]), 1)
+            package = report["package"][0]
+            self.assertEqual(package["name"], "logrotate")
+            found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+            # m4 CVE should not be in logrotate
+            self.assertNotIn("CVE-2008-1687", found_cves)
+            # logrotate has both Patched and Ignored CVEs
+            self.assertIn("CVE-2011-1098", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
+            self.assertIn("CVE-2011-1548", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
+            self.assertIn("CVE-2011-1549", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
+            self.assertIn("CVE-2011-1550", found_cves)
+            self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
+
+        self.assertExists(summary_json)
+        check_m4_json(summary_json)
+        self.assertExists(recipe_json)
+        check_m4_json(recipe_json)
diff --git a/poky/meta/lib/oeqa/selftest/cases/oescripts.py b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
index 726daff7c6..fb99be447e 100644
--- a/poky/meta/lib/oeqa/selftest/cases/oescripts.py
+++ b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
@@ -133,7 +133,8 @@ class OEListPackageconfigTests(OEScriptTests):
     def check_endlines(self, results,  expected_endlines): 
         for line in results.output.splitlines():
             for el in expected_endlines:
-                if line.split() == el.split():
+                if line and line.split()[0] == el.split()[0] and \
+                   ' '.join(sorted(el.split())) in ' '.join(sorted(line.split())):
                     expected_endlines.remove(el)
                     break
 
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index 20dc1c9482..df11984713 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -175,6 +175,8 @@ class TestImage(OESelftestTestCase):
         if "DISPLAY" not in os.environ:
             self.skipTest("virgl gtk test must be run inside a X session")
         distro = oe.lsb.distro_identifier()
+        if distro and distro == 'almalinux-8.6':
+            self.skipTest('virgl isn\'t working with Alma 8')
         if distro and distro == 'debian-8':
             self.skipTest('virgl isn\'t working with Debian 8')
         if distro and distro == 'centos-7':
@@ -185,6 +187,8 @@ class TestImage(OESelftestTestCase):
             self.skipTest('virgl isn\'t working with Fedora 34')
         if distro and distro == 'fedora-35':
             self.skipTest('virgl isn\'t working with Fedora 35')
+        if distro and distro == 'fedora-36':
+            self.skipTest('virgl isn\'t working with Fedora 36')
         if distro and distro == 'opensuseleap-15.0':
             self.skipTest('virgl isn\'t working with Opensuse 15.0')