subtree updates

meta-arm: 025f76a14f..aba9250494:
  Anusmita Dutta Mazumder (2):
        arm-bsp/linux-yocto: Remove EOL Linux yocto kernel 6.1
        arm-bsp/n1sdp: update to linux yocto kernel 6.6

  Bence Balogh (1):
        arm-bsp/trusted-firmware-m: disable libmetal doc generation

  Drew Reed (5):
        meta-arm: Support firmware building under a multiconfig
        bsp,ci: Build Corstone-1000 firmware under multiconfig
        bsp: Restore the ability to build firmware only
        ci: Add back testing of firmware only builds
        ci: Ensure tests are in the Corstone-1000 flash image

meta-raspberrypi: dbf1113a82..95a9103f91:
  Khem Raj (1):
        python3-sense-hat: Drop PYTHON_PN

  Martin Jansa (2):
        sdcard_image-rpi.bbclass: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME}
        sdimage-raspberrypi.wks: increase /boot partition minimal size from 20 to 100

meta-openembedded: 528f273006..9f0e513211:
  Andreas Mützel (1):
        python3-pynacl: allow -native build

  Chen Qi (1):
        unixodbc: fix odbc.pc file generation

  Daniel Ammann (1):
        sdmon: add new package

  Derek Straka (9):
        python3-trustme: add runtime dependency for tests and re-add to ptest
        python3-gunicorn: re-enable working ptests for the package
        python-inotify: re-enable working ptests for the package
        python3-license-expression: re-enable passing ptests for the package
        python3-jdcal: re-add functional ptests
        python3-msgpack: re-add functional ptests
        python3-parse: re-add functional ptests
        python3-typeguard: update ptest dependencies and re-enable functional tests
        python3-service-identity: add missing ptest dependencies and re-enable functional tests

  Jan Vermaete (1):
        netdata: version bump 1.43.2 -> 1.44.3

  Joerg Hofrichter (1):
        python3-gevent: adding missing dependency to python3-zopeevent

  Khawaja Shaheryar (2):
        libdaq: add recipe
        snort: add snort3 initial recipe

  Khem Raj (25):
        python3-pocketsphinx: Upgrade to 5.0.3
        snort: Do not use llvm libunwind
        snort3: Fix contains reference to TMPDIR [buildpaths] warnings
        libcamera: Replace VLAs with alloca
        dav1d: Inherit missing pkgconfig
        webkitgtk3: Fix build on 32bit x86
        ptest-packagelists-meta-oe: Remove oprofile for rv32/rv64
        python3-jsmin: Fix ptests to run with python 3.12+
        python3-ordered-set: Use automake formatter for ptest output
        fuse3: Add missing runtime deps for ptests
        python3-looseversion: Add recipe
        sshfs-fuse: Fix ptest builds with python 3.12
        meta-filesystems: Add meta-filesystems-image-ptest
        meta-multimedia-image-ptest: Add images to enable BBCLASSEXTEND parallel execution
        meta-networking-image-ptest: Add images to enable BBCLASSEXTEND parallel execution
        python3-scapy: Add missing rdeps for ptests
        ptest-packagelists-meta-oe.inc: Remove oprofile from PTESTS_PROBLEMS_META_OE
        ptest-packagelists-meta-networking: firewalld hangs therefore disabled
        ptest-packagelists-meta-perl.inc: Move couple of test to PTESTS_FAST_META_PERL
        openhpi: Fix ptest run time failures
        squid: Add missing bash dependency for ptest package
        meta-networking: Express dependency on meta-python
        ostree: Remove strace from ptest rdeps
        python3-pydantic-core,python3-pydantic: Update to 2.16.3 and 2.6.3 respectively
        python3-pydantic-core: Fix build for arches without 64bit atomics

  Lei Maohui (1):
        Fix install error when enable multilib.

  Markus Volk (7):
        iwd: update 2.13 -> 2.14
        libgedit-gtksourceview: update 299.0.5 -> 299.1.0
        gedit: update 46.1 -> 46.2
        mutter: update 45.3 -> 45.4
        gnome-shell: update 45.3 -> 45.4
        gnome-control-center: update 45.2 -> 45.3
        dav1d: update 1.3.0 -> 1.4.0

  Martin Jansa (5):
        python3-httpx: respect libdir in packaging
        snort3: drop SRCPV from PV
        snort3: fix snort.pc
        gattlib: use python3native and depend on python3-packaging-native
        networkmanager-fortisslvpn: use python3native and depend on python3-packaging-native

  Mingli Yu (1):
        mariadb: Upgrade to 10.11.7

  Niko Mauno (2):
        python3-pybind11: Migrate to python_setuptools_build_meta
        python3-pybind11: Restore strip prevention patch

  Oleh Matiusha (1):
        yasm: improve reproducibility

  Peter Marko (1):
        dnsmasq: Upgrade 2.89 -> 2.90

  Romain Naour (1):
        wavemon: add recipe for version 0.9.5

  Sascha Hauer (1):
        signing.bbclass: fix wrong function name

  Tim Orling (16):
        python_mesonpy.bbclass: move to oe-core
        python3-meson-python: move to oe-core
        python3-pyproject-metadata: move to oe-core
        meta-python: drop ${PYTHON_PN}
        meta-oe: drop ${PYTHON_PN}
        meta-filesystems: drop ${PYTHON_PN}
        meta-networking: drop ${PYTHON_PN}
        meta-gnome: drop ${PYTHON_PN}
        python3-pytest-lazy-fixtures: add 1.0.5
        python3-prettytable: upgrade 3.9.0 => 3.10.0; fix ptests
        python3-pytest-lazy-fixture: drop recipe
        meta-oe-image-ptest: add PTESTS_PROBLEMS_META_OE
        meta-perl-image-ptest: add PTESTS_PROBLEMS_META_PERL
        meta-python-image-ptest: add PTESTS_PROBLEMS_META_PYTHON
        libencode-perl: drop recipe
        libencode-locale-perl: drop recipe

  Wang Mingyu (49):
        babl: upgrade 0.1.106 -> 0.1.108
        btop: upgrade 1.3.0 -> 1.3.2
        gegl: upgrade 0.4.46 -> 0.4.48
        gjs: upgrade 1.78.3 -> 1.78.4
        gnome-bluetooth: upgrade 42.7 -> 42.8
        gnome-keyring: upgrade 42.1 -> 46.1
        isomd5sum: upgrade 1.2.3 -> 1.2.4
        libei: upgrade 1.2.0 -> 1.2.1
        libmanette: upgrade 0.2.6 -> 0.2.7
        libmime-types-perl: upgrade 2.24 -> 2.26
        logwatch: upgrade 7.9 -> 7.10
        mpich: upgrade 4.1.2 -> 4.2.0
        ostree: upgrade 2024.1 -> 2024.3
        python3-aiohue: upgrade 4.7.0 -> 4.7.1
        python3-awesomeversion: upgrade 23.11.0 -> 24.2.0
        python3-bidict: upgrade 0.22.1 -> 0.23.0
        python3-cantools: upgrade 39.4.3 -> 39.4.4
        python3-cmake: upgrade 3.28.1 -> 3.28.3
        python3-django: upgrade 5.0.1 -> 5.0.2
        python3-dnspython: upgrade 2.5.0 -> 2.6.0
        python3-elementpath: upgrade 4.2.0 -> 4.3.0
        python3-engineio: upgrade 4.8.2 -> 4.9.0
        python3-gevent: upgrade 23.9.1 -> 24.2.1
        unbound: upgrade 1.19.0 -> 1.19.1
        wireshark: upgrade 4.2.2 -> 4.2.3
        protobuf: upgrade 4.25.2 -> 4.25.3
        webkitgtk3: upgrade 2.42.4 -> 2.42.5
        python3-tqdm: upgrade 4.66.1 -> 4.66.2
        python3-google-api-python-client: upgrade 2.116.0 -> 2.118.0
        python3-httpcore: upgrade 1.0.2 -> 1.0.3
        python3-jsbeautifier: upgrade 1.14.11 -> 1.15.1
        python3-langtable: upgrade 0.0.64 -> 0.0.65
        python3-polyline: upgrade 2.0.1 -> 2.0.2
        python3-protobuf: upgrade 4.25.2 -> 4.25.3
        python3-pymisp: upgrade 2.4.184 -> 2.4.185
        python3-pymodbus: upgrade 3.6.3 -> 3.6.4
        python3-pytest-asyncio: upgrade 0.23.4 -> 0.23.5
        python3-tox: upgrade 4.12.1 -> 4.13.0
        python3-twine: upgrade 4.0.2 -> 5.0.0
        python3-watchdog: upgrade 3.0.0 -> 4.0.0
        python3-zopeinterface: upgrade 6.1 -> 6.2
        remmina: upgrade 1.4.33 -> 1.4.34
        sip: upgrade 6.8.2 -> 6.8.3
        python3-google-auth: upgrade 2.27.0 -> 2.28.0
        python3-gspread: upgrade 6.0.1 -> 6.0.2
        python3-socketio: upgrade 5.11.0 -> 5.11.1
        python3-sentry-sdk: upgrade 1.40.0 -> 1.40.4
        python3-pydantic-core: upgrade 2.14.6 -> 2.16.1
        python3-pydantic: upgrade 2.5.3 -> 2.6.0

  William Lyu (1):
        e2tools: Add ptest

  Yi Zhao (1):
        audit: upgrade 3.1.2 -> 4.0

  Yoann Congal (2):
        influxdb: Fix /etc files owner
        influxdb: Add missing group to static id

  chenheyun (1):
        dropwatch: Use header files from sysroot instead of build host

poky: fc8e5d7c13..25d60ac6f6:
  Adrian Freihofer (5):
        devtool: ide-sdk python 3.12 escaping
        sdk-manual: extensible.rst: cover devtool ide-sdk
        devtool: ide-sdk launch.json per recipe only
        devtool: ide-sdk prefer sources from workspace
        oe-selftest devtool: ide-sdk tests

  Alexander Kanavin (1):
        dbus: disable assertions and enable only modular tests

  Alexis Lothoré (7):
        testimage: log exception when failing to retrieve artifacts
        lib/oeqa: share get_json_result_dir helper
        testimage: create a list of failed test post actions
        oeqa/utils/postactions: isolate directory creation in dedicated action
        oeqa/utils/postactions: add target disk usage stat as post action
        oeqa/utils/postactions: testimage: add host disk usage stat as post action
        oeqa/lib/utils/postactions: fix host disk usage stats retrieval

  Bruce Ashfield (8):
        linux-yocto/6.6: update to v6.6.17
        linux-yocto/6.6: update CVE exclusions
        linux-yocto/6.6: enable squashfs for selftests
        linux-yocto/6.6: config: x86 tidy & consolidation
        kern-tools: depend on git-replacement-native
        linux-yocto/6.6: genericarm64 configuration/definition
        linux-yocto/6.6: update to v6.6.18
        linux-yocto/6.6: update CVE exclusions

  Christoph Vogtländer (1):
        overlayfs: add missing vardeps

  Claus Stovgaard (1):
        wpa-supplicant: Fix CVE-2023-52160

  Eilís 'pidge' Ní Fhlannagáin (2):
        creategroup*: Remove coreutils-native as a DEPENDS
        selftest-users: Convoluted selftest for USERADD_DEPENDS

  Emil Kronborg (1):
        bluez5: remove configuration files from install task

  Enguerrand de Ribaucourt (4):
        devtool: ide: define compilerPath for meson projects
        Revert "meson: use absolute cross-compiler paths"
        bitbake: bitbake: progressbar: accept value over initial maxval
        devtool: ide-sdk source mapping for vscode

  Enrico Jörns (1):
        wic: 'empty' plugin: fix typo in comment

  Joe Slater (1):
        qemuboot: predictable network interface names

  Jonathan GUILLOT (2):
        lib/oe/package: fix LOCALE_PATHS scan to create locale packages
        glibc-locale: add an explicit dedicated package for locale.alias file

  Jose Quaresma (1):
        go: update 1.20.13 -> 1.20.14

  Joshua Watt (1):
        bitbake: asyncrpc: Add support for server headers

  Khem Raj (6):
        ncurses: Always pass -D_GNU_SOURCE
        linux-yocto: Remove unused patch
        ref-manual: variables: remove PYTHON_PN
        python3-bcrypt: Fix build break on arches without 64 bit atomics
        python3-maturin: Recognise riscv32 architecture
        llvm: Update to 18.1.0 RC4

  Lee Chee Yang (1):
        migration-guide: add release notes for 4.3.3

  Lei Maohui (1):
        rpm: Fix the following error when run nativesdk-rpm in nativesdk environment.

  Martin Jansa (1):
        glib-2.0: backport a switch from distutils to packaging in codegen

  Michael Halstead (1):
        yocto-uninative: Update to 4.4 for glibc 2.39

  Michael Opdenacker (5):
        ref-manual: system-requirements: update packages to build docs
        ref-manual: release-process: grammar fix
        manuals: suppress excess use of "following" word
        dev-manual: packages: clarify shared PR service constraint
        dev-manual: packages: need enough free space

  Munehisa Kamata (1):
        kernel.bbclass: Set pkg-config variables for building modules

  Nick Owens (1):
        python3: dont disable readline module for editline

  Philip Lorenz (1):
        bitbake: fetch2: Ensure that git LFS objects are available

  Piotr Łobacz (1):
        useradd.bbclass: Fix order of postinst-useradd-*

  Richard Purdie (6):
        numactl: Upgrade 2.0.17 -> 2.0.18
        lttng-ust: Upgrade 2.13.6 -> 2.13.7
        oeqa/selftest/rust: Simplify the rust testsuite output gathering/processing
        recipetool: Fix errors with meta-poky bbappend
        bitbake: runqueue: Add support for BB_LOADFACTOR_MAX
        mirrors: Switch llvm to use shallow cloning

  Ross Burton (4):
        base-files: add usage warning to motd
        libexif: remove unused version_underscore
        gstreamer1.0: skip a test that is known to be flaky
        linux-firmware: split out more firmware pieces

  Simone Weiß (6):
        patchtest: provide further guidance for failed testcases
        patchtest: Skip test for CVE_CHECK_IGNORE for older branches
        meta: Remove some not needed CVE_STATUS
        meta: Update CVE_STATUS for incorrect cpes
        cve-check: Log if CVE_STATUS set but not reported for component
        dev-manual: Rephrase spdx creation

  Soumya Sambu (1):
        bind: Upgrade 9.18.21 -> 9.18.24

  Tim Orling (3):
        bitbake: layerindexlib: fix missing layer branch backtrace
        python3-cryptography{-vectors}: upgrade to 42.0.5
        python3-attrs: disable Hypothesis deadline

  Tobias Hagelborn (1):
        bitbake: hashserv: Re-enable connection pooling with psycopg 3 driver

  Trevor Gamblin (1):
        python3-git: upgrade 3.1.41 -> 3.1.42

  Trevor Woerner (1):
        wic: allow imager-specific filename extensions

  Ulrich Ölmann (1):
        bitbake: taskexp_ncurses: fix execution example in introductory comment

  Wang Mingyu (44):
        bash-completion: upgrade 2.11 -> 2.12.0
        ccache: upgrade 4.9 -> 4.9.1
        createrepo-c: upgrade 1.0.3 -> 1.0.4
        ed: upgrade 1.20 -> 1.20.1
        efivar: upgrade 38 -> 39
        gcr: upgrade 4.1.0 -> 4.2.0
        git: upgrade 2.43.0 -> 2.44.0
        libffi: upgrade 3.4.5 -> 3.4.6
        libgpg-error: upgrade 1.47 -> 1.48
        libhandy: upgrade 1.8.2 -> 1.8.3
        libksba: upgrade 1.6.5 -> 1.6.6
        libmicrohttpd: upgrade 0.9.77 -> 1.0.1
        libpng: upgrade 1.6.41 -> 1.6.42
        libsecret: upgrade 0.21.2 -> 0.21.4
        libunistring: upgrade 1.1 -> 1.2
        liburi-perl: upgrade 5.25 -> 5.27
        libxext: upgrade 1.3.5 -> 1.3.6
        libxkbfile: upgrade 1.1.2 -> 1.1.3
        libxvmc: upgrade 1.0.13 -> 1.0.14
        lighttpd: upgrade 1.4.73 -> 1.4.74
        makedepend: upgrade 1.0.8 -> 1.0.9
        mpg123: upgrade 1.32.4 -> 1.32.5
        ofono: upgrade 2.3 -> 2.4
        pango: upgrade 1.51.0 -> 1.52.0
        pciutils: upgrade 3.10.0 -> 3.11.1
        pkgconf: upgrade 2.1.0 -> 2.1.1
        python3-beartype: upgrade 0.17.0 -> 0.17.2
        python3-certifi: upgrade 2023.11.17 -> 2024.2.2
        python3-dbusmock: upgrade 0.30.2 -> 0.31.1
        python3-hypothesis: upgrade 6.97.3 -> 6.98.12
        python3-pip: upgrade 23.3.2 -> 24.0
        python3-pycairo: upgrade 1.25.1 -> 1.26.0
        python3-pytest: upgrade 8.0.0 -> 8.0.2
        python3-pytz: upgrade 2023.4 -> 2024.1
        python3-setuptools-rust: upgrade 1.8.1 -> 1.9.0
        python3-trove-classifiers: upgrade 2024.1.8 -> 2024.2.23
        python3-typing-extensions: upgrade 4.9.0 -> 4.10.0
        python3: upgrade 3.12.1 -> 3.12.2
        python3-urllib3: upgrade 2.1.0 -> 2.2.1
        python3-yamllint: upgrade 1.33.0 -> 1.35.1
        swig: upgrade 4.2.0 -> 4.2.1
        xkbcomp: upgrade 1.4.6 -> 1.4.7
        xkeyboard-config: upgrade 2.40 -> 2.41
        xprop: upgrade 1.2.6 -> 1.2.7

  Xiangyu Chen (2):
        systemd-systemctl: fix dead loop when multi services enable each other
        libc-locale: fix ASCII compatible warning cause build failure.

  Xiaotian Wu (2):
        loongarch64: change -march to loongarch64
        openssl: Match target name for loongarch64

  Yash Shinde (3):
        rust: Upgrade 1.74.1 -> 1.75.0
        rust: Revert PGO to it's default
        rust: reproducibility issue fix with v1.75

  Yoann Congal (1):
        waf: Improve version parsing to avoid failing on warnings

Change-Id: I6dfb848feb4ec8f5aae56a9ccbff475f4eb1edc6
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.bb
new file mode 100644
index 0000000..c8ab0d8
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.bb
@@ -0,0 +1,103 @@
+SUMMARY = "User space tools for kernel auditing"
+DESCRIPTION = "The audit package contains the user space utilities for \
+storing and searching the audit records generated by the audit subsystem \
+in the Linux kernel."
+HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
+SECTION = "base"
+LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \
+           file://0001-Fixed-swig-host-contamination-issue.patch \
+           file://0002-Add-attribute-declarations.patch \
+           file://auditd \
+           file://audit-volatile.conf \
+          "
+
+SRC_URI:append:libc-musl = " file://0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch"
+
+S = "${WORKDIR}/git"
+SRCREV = "ae7d2830391c1115cebff6340ef3130b1b03ce45"
+
+inherit autotools python3targetconfig update-rc.d systemd
+
+UPDATERCPN = "auditd"
+INITSCRIPT_NAME = "auditd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_PACKAGES = "auditd"
+SYSTEMD_SERVICE:auditd = "auditd.service audit-rules.service"
+
+DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native python3-setuptools-native coreutils-native"
+
+EXTRA_OECONF = " \
+        --with-libwrap \
+        --with-libcap-ng \
+        --with-python3 \
+        --with-arm \
+        --with-aarch64 \
+        --without-golang \
+        --disable-gssapi-krb5 \
+        --disable-zos-remote \
+        --sbindir=${base_sbindir} \
+        "
+
+EXTRA_OEMAKE = " \
+        PYTHON=python3 \
+        pythondir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+        pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+        STDINC='${STAGING_INCDIR}' \
+        "
+
+SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher"
+DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
+interface to the audit system, audispd. These plugins can do things \
+like relay events to remote machines or analyze events for suspicious \
+behavior."
+
+PACKAGES =+ "audispd-plugins"
+PACKAGES += "auditd ${PN}-python"
+
+FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*"
+FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit-rules/* ${libexecdir}/*"
+FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
+        ${sysconfdir}/audit/plugins.d/au-remote.conf \
+        ${sysconfdir}/audit/plugins.d/syslog.conf \
+        ${base_sbindir}/audisp-remote \
+        ${base_sbindir}/audisp-syslog \
+        ${localstatedir}/spool/audit \
+        "
+FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
+FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+
+CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
+
+do_configure:prepend() {
+    sed -e 's|buf\[];|buf[0];|g'  ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
+    sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h
+}
+
+do_install:append() {
+    sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h
+
+    # Install default rules
+    install -d -m 750 ${D}/etc/audit
+    install -d -m 750 ${D}/etc/audit/rules.d
+
+    install -m 0640 ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
+
+    # Based on the audit.spec "Copy default rules into place on new installation"
+    install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -D -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/audit.conf
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+        install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
+        rm -rf ${D}${libdir}/systemd
+    fi
+
+    # Create /var/spool/audit directory for audisp-remote
+    install -d -m 0700 ${D}${localstatedir}/spool/audit
+}