subtree updates march 30 2022

meta-raspberrypi: e39a0a570c..c06ae5eacf:
  Andrei Gherzan (7):
        linux-raspberrypi: linux-raspberrypi: Bump 5.10 to 5.10.95
        linux-raspberrypi: linux-raspberrypi: Bump 5.15 revision
        raspberrypi-firmware.inc: Move to using tarballs from rpi deb repo
        rpi-base.inc: Cleanup redundant imgtyp variable
        sdcard_image-rpi.bbclass: Use processed list of device trees
        docs: Update www.raspberrypi.com documentation links
        linux-raspberrypi: Bump 5.15 recipe to 5.15.30

  Khem Raj (10):
        python3-adafruit-circuitpython-register: Define PIP_INSTALL_PACKAGE
        python3-adafruit-pureio: Fix build with wheel
        python3-rtimu: Port to using setuptools and fix build with wheel
        python3-adafruit-platformdetect: Fix build with wheel
        linux-raspberrypi_5.15.bb: Upgrade to 5.15.25
        rpi-gpio: Port to PEP-517 packaging
        linux-raspberrypi_5.15.bb: Update to 5.15.26
        linux-raspberrypi: Update to 5.15.27
        python: Unbolt wheel packaging PIP_INSTALL_PACKAGE band-aids
        linux-raspberrypi: Update to 5.15.28

  Matthias Klein (1):
        u-boot: always set fdt_addr with firmware-provided FDT address

meta-security: 6cc8dde794..da93339112:
  Akshay Bhat (1):
        meta-security-isafw: Fixes to work with oe-core master

  Armin Kuster (16):
        README.md: fix typo
        packagegroup-security-tpm:  Fix QA Error
        apparmor: update to 3.0.4
        layer.conf: enable apparmor for qemu machine
        parsec-service: Only enable TPM is layer and DISTRO_FEATURE is defined.
        python3-privacyidea: fix QA ERROR
        python3-privacyidea: update to 3.6.2
        openscap-daemon: fix wheels and License issues.
        swtpm: update to 0.7.1
        libtpm: update to 0.9.2
        ima-evm-keys: don't use lnr
        tpm-tools: Fix pod2man race
        tpm2-tss: fix user perms
        python3-fail2ban: fix SPDX license.
        python3-privacyidea: drop old package ref.
        kas-security-alt: drop rust layer

  Ashish Sharma (1):
        Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3

meta-openembedded: cf0ed42391..9a52bfc4a6:
  Adrian Freihofer (6):
        networkmanager: switch to meson
        networkmanager: new configure options
        libqrtr-glib: add new recipe
        libqmi: switch to meson and git
        modemmanager: update 1.16.8 -> 1.18.6
        networkmanager: replace deprecated licenses

  Alejandro Enedino Hernandez Samaniego (1):
        meta-python: Clean up recipes and classes that were moved to oe-core

  Andreas Müller (3):
        vlc: upgrade 3.0.12 -> 3.0.17-1 to fix build with ffmpeg5
        gnome-tweaks: Fix build on latest meson
        gnome-shell-extensions: Fix build with latest meson

  Andrej Valek (1):
        nodejs: add option to use openssl legacy providers again

  Anu Deepthika, Nandipati (2):
        usbguard: Add inital recipe
        usbguard: package simplification

  Armin Kuster (1):
        pw-am.sh: update to new patcwork system

  Carlos Rafael Giani (1):
        libopenmpt: Upgrade to version 0.6.2

  Changqing Li (1):
        hstr: add new recipe

  Christian Eggers (3):
        libiio: update to version 0.23
        boost-sml: 1.1.4+git --> 1.1.5
        graphviz: don't clear PACKAGECONFIG for nativesdk

  Daniel Gomez (5):
        python3-flask-versioned: Fix PYPA_WHEEL name
        v4l-utils: Update 1.20.0 -> 1.22.1
        opencl-icd-loader: Update 2020.12.18 -> v2022.01.04
        opencl-headers: Update v2020.12.18 -> v2022.01.04
        opencl-clhpp: Update 2.0.15 -> 2.0.16

  Jeremy A. Puhlman (1):
        nspr-native: fix ubuntu 18.04 builds using system gcc.

  Jeremy Puhlman (1):
        nspr-native: build correclty with extended buildtools.

  Jiaqing Zhao (2):
        libesmtp: bump 1.0.6 -> 1.1.0
        esmtp: fix libesmtp dependency check

  Julian Haller (1):
        nlohmann-json: Set CVE_PRODUCT according to NVD

  Justin Bronder (17):
        python3-crc32c: add 2.2.post0
        python3-feedformatter: drop recipe
        python3-coloredlogs: fix location of coloredlogs.pth
        python3-bitarray: switch to setuptools
        python3-kivy: fix wheel build
        python3-astor: fix wheel build
        python3-crcmod: use setuptools instead of distutils
        python3-gcovr: fix wheel build
        python3-prctl: fix wheel build
        python3-ntplib: pull from PyPI
        python3-lrparsing: use setuptools instead of distutils
        python3-configshell-fb: set PIP_INSTALL_PACKAGE
        python3-pyscaffold: fix wheel build and license
        python3-pyserial-asyncio: add 0.6
        python3-pymodbus: add 2.5.3
        python3-asyncinotify: add 2.0.2
        python3-pymodbus: add asyncio to package config

  Kai Kang (9):
        cairomm: correct SRC_URI
        networkmanager: fix installed-vs-shipped error
        python3-pydot: add recipe
        python3-blivet: use setuptools_legacy
        Revert "python3-ipy: drop recipe"
        wxwidgets: fix libdir for multilib
        wxwidgets: fix install errors
        graphviz: 2.44.1 -> 2.50.0
        graphviz: add pkg_postinst script

  Kas User (1):
        netdata: added enable/disable cloud config.

  Khem Raj (131):
        python3-apt: Point PYPA_WHEEL to custom location
        python3-pycups: Inherit setuptools_build_meta
        python3-anyjson: Drop recipe
        Revert "python3-twofish: drop recipe"
        cxxtest: Define PIP_INSTALL_DIST_PATH
        sanlock: Fix build with wheels on
        guider: Set PYPA_WHEEL
        unattended-upgrades: Migrate to use wheels
        python3-scapy: Define custom PYPA_WHEEL
        python3-termcolor: Use setuptools instead of distutils
        cyrus-sasl: Fix ptest builds
        bluepy: Define custom PYPA_WHEEL
        ufw: Upgrade to 0.36.1 bugfix release
        catfish: Fix wheel build
        menulibre: Inherit distutils3
        onboard: Inherit setuptools3-base instead of setuptools3
        python3-xmodem: Move docs to /usr/share/doc
        python3-blivet: Upgrade to 3.4.3
        python3-pytest-runner: Define PIP_INSTALL_PACKAGE
        python3-setuptools-rust-native: Define PIP_INSTALL_PACKAGE
        python3-dateutil: Define PIP_INSTALL_PACKAGE
        python3-poetry-core: Define PIP_INSTALL_PACKAGE
        python3-keras-applications: Define PIP_INSTALL_PACKAGE
        python3-pymetno: Define PIP_INSTALL_PACKAGE
        python3-cson: Define PIP_INSTALL_PACKAGE
        python3-dbussy: Define PIP_INSTALL_PACKAGE
        python3-txws: Define PIP_INSTALL_PACKAGE
        python3-aws-iot-device-sdk-python: Upgrade to 1.5.0
        python3-blivetgui: Upgrade to 2.3.0
        python3-blivet: Adjust install location for binaries and systemd units
        python3-slip-dbus: Fix build with wheel packaging
        xfce4-terminal: Add missing gtk-doc dependency
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        recipes: Update LICENSE variable to use SPDX license identifiers
        unattended-upgrades: Inherit setuptools3_legacy
        menulibre: Inherit setuptools3_legacy
        libbpf: Enable builds for riscv64
        pcp: Enable check for x11 distro feature
        gfbgraph: Check for x11 distro feature
        gedit: Fix REQUIRED_DISTRO_FEATURES to not overwrite x11
        thunar-shares-plugin: Check for x11 in distro features
        tepl: Check for x11 in distro features
        geary: Check for x11 in distro features
        packagegroup-xfce-multimedia: Check for x11 distro feature
        fbida: Fix build when x11 is not enabled in distro features
        python3-crc32c: set target platform via setup.cfg
        python3-pyruvate: Fix build on riscv32
        libdc1394: Change dependency from virtual/libgl to virtual/egl
        boinc-client: Depend on virtual/egl instead of virtual/libgl
        libsdl2-ttf: Change depenendency from virtual/libgl to virtual/egl
        Revert "python3-smbus: fix wheel build"
        catfish: Do not set PYPA_WHEEL
        libcereal: Disable Werror with ptests
        ttf-vlgothic: Specify accurate BSD license type
        pcp: Upgrade to 5.3.6
        pcp: Do not search headers on build host during cross compile
        libcereal: Link libatomics on mips for ptests
        nodejs: Disable for powerpc
        gimp: Disable vector icons on ppc
        capnproto: Link in libatomic on ppc
        rocksdb: Use new atomic builtins on powerpc as well
        fwts: Upgrade to 22.01.00
        fwts: Do not use --as-needed on ppc64
        python3-poetry-core: Setting PIP_INSTALL_PACKAGE is no longer needed
        python3-grpcio, python3-grpcio-tools: Upgrade to 1.44.0
        packagegroup-meta-python: Do not exclude python3-grpcio python3-grpcio-tools for ppc64
        python3-pyrad: Change poetry bbclass inherit to match oe-core
        python3-bcrypt: Remove
        python3-psutil: Remove
        abseil: Upgrade to 20211102.0 LTS release
        python3-kiwisolver: Upgrade to 1.4.0
        python3-pyruvate: Update libc to 0.2.120
        python3-chardet: Remove
        python3-pytest-runner: Remove
        php: Fix build on rv32/musl
        recipes: Adjust for renaming flit_core -> python_flit_core
        libgphoto: Fix build with libtool 2.4.7
        monit: Fix build with libtool 2.4.7
        uim: Fix build with libtool 2.4.7
        libbpf: Enable on ppc64
        librdkafka: Use CMAKE_INSTALL_LIBDIR
        liburing: Define libdir based on environment variable
        http-parser: Define LIBDIR
        msgpack-cpp: Upgrade to 4.1.1 release
        weechat: Define LIBDIR
        json-schema-validator: Use GNUInstallDirs in cmake
        redis-plus-plus: Use GNUInstallDirs in cmake
        libiec61850: Use GNUInstallDirs in cmake
        paho-mqtt-cpp: Use CMAKE_INSTALL_LIBDIR in cmake
        sqlite-orm: Define cmake variable defaults
        duktape: Upgrade to 2.7.0
        cockpit: Package missing nonarch_libdir
        unattended-upgrades: Package nonarch_libdir for systemd files
        fsverity-utils: Define LIBDIR
        luaposix: Fix INST_LIBDIR to honor libdir var
        uml-utilities: Define LIB_DIR to be libdir relative
        libsquish: Define LIBDIR knob
        io-compress-lzma-perl,io-compress-perl: Do not mark allarch
        luajit: Upgrade to latest on v2.1 branch
        libcppkafka: Use CMAKE_INSTALL_LIBDIR instead of hardcoding lib
        lvgl,lv-lib-png,lv-drivers: Pass libdir via LIB_INSTALL_DIR to cmake
        geany-plugins: Do not overwrite OE's pkg-config env
        io-compress-lzma-perl, io-compress-perl: Rename to use debian names
        projucer: Upgrade to 6.1.6
        grpc: Enable cpp plugin for target version too
        sysdig: Upgrade to 0.28.0
        libsquish: Fix build when libdir != 'lib'
        valijson: move out of hard dep on meta-networking
        mariadb: Add missing dependency on lzo
        mariadb: Enable openSSL and use as default SSL option
        mariadb: Align atomic ops to help clang on x86
        folks: Upgrade to 0.15.5
        geary: Fix build failures with latest vala
        netdata: Fix override separator syntax
        iniparser: Update to latest tip of trunk
        ndctl: Upgrade to v73
        rocksdb: Exclude on ppc/musl
        gsl: Disable on musl/ppc
        a2jmidid: Fix build on ppc/musl
        abseil-cpp: Fix ppc/musl patch
        gperftools: Disable cpu profiles for ppc/musl
        pmdk: Fix build with newer ndctl
        duktape: Use baselib to construct LIBDIR

  Leon Anavi (10):
        python3-prettytable: Upgrade 2.4.0 -> 3.1.1
        python3-transitions: Upgrade 0.8.10 -> 0.8.11
        python3-charset-normalizer: Upgrade 2.0.10 -> 2.0.12
        python3-semantic-version: Upgrade 2.8.5 -> 2.9.0
        python3-networkx: Upgrade 2.6.3 -> 2.7
        python3-h11: Upgrade 0.12.0 -> 0.13.0
        python3-humanize: Upgrade 3.14.0 -> 4.0.0
        python3-typed-ast: Upgrade 1.4.3 -> 1.5.2
        python3-bandit: Upgrade 1.7.2 -> 1.7.4
        xbindkeys: Add recipe

  Macpaul Lin (1):
        android-tools: adb: add u3 ss descriptor support

  Markus Volk (6):
        gjs: update; customize dependencies
        gnome-disk-utility: disable build of man pages
        evolution-data-server: update to v3.43.1
        libvdpau: allow to build native and nativesdk
        crossguid: update
        blueman: update; add missing RDEPENDS

  Matthias Klein (1):
        python3-smbus: fix wheel build

  Mikko Rapeli (2):
        polkit: add patches for CVE-2021-4034 and CVE-2021-4115
        polkit: switch from mozjs to duktape javascript engine

  Mingli Yu (4):
        gosu: add new recipe
        redis: remove fuzz warning
        libcereal: add ptest support
        mariadb: Upgrade to 10.7.3

  Peter Bergin (1):
        wireplumber: backport fix for default device setting

  Peter Kjellerstedt (1):
        net-snmp: Avoid running `make clean` as it may fail

  Preeti Sachan (1):
        live555: Fix rdepends of live555-dev

  Radovan Scasny (1):
        proftpd: update to 1.3.7c

  Randy MacLeod (7):
        libyang: update from 2.0.7 to 2.0.164
        iperf3: upgrade from 3.9 to 3.11
        syslog-ng: update from 3.31.2 to 3.26.1
        mcelog: update from 175 to 180
        haveged: update from 1.9.14 to 1.9.17
        pv: update from 1.6.6 to 1.6.20
        edac-utils: update to latest git head

  Richard Hughes (1):
        fwupd: New release

  Robert Joslyn (2):
        hwdata: Update to 0.357
        stunnel: Update to 5.63

  Ross Burton (23):
        layer.conf: change layer priority to match oe-core
        ufw: port to setuptools, use setuptools_legacy
        unattended-upgrades: remove PYPA_WHEEL
        python3-blivetgui: use setuptools_legacy
        python3-meh: fix HOMEPAGE
        python3-meh: use setuptools_legacy
        python3-poetry-core: self-bootstrap
        poetry-core: clean up class
        python3-pystache: remove, unmaintained
        python3-configparser: remove, not needed for Python 3
        python3-backports-functional-lru-cache: remove, not needed for Python 3
        python3-pyzmq: clean up recipe
        python3-pycurl: fix DEPENDS
        python3-twisted: remove empty PN-src and PN-dbg
        python3-pylint: upgrade to 2.12.2
        meta-python: migrate away from setuptool3 where possible
        packagegroup-meta-python: add poetry-core and unattended-upgrade
        meta-*: remove obsolete PYPA_WHEEL and PIP_INSTALL_PACKAGE assignments
        poetry_core: update for renamed class pip_install_wheel to python_pep517
        sanlock: update patch status
        Update for setuptools_build_meta renamed to python_setuptools_build_meta
        python3-lz4: use system lz4 library
        python3-lz4: add ptest

  S. Lockwood-Childs (2):
        gyp: fix for compatibility with Python 3.10 (part 2)
        devmem2: patches have been upstreamed

  Samuli Piippo (3):
        python3-path: add recipe
        python3-antlr4-runtime: add recipe
        python3-qface: add recipe

  Scott Murray (13):
        python3-babel: Remove
        python3-certifi: Remove
        python3-ndg-httpsclient: Remove
        python3-pyasn1: Remove
        python3-pyopenssl: Remove
        python3-pysocks: Remove
        python3-requests: Remove
        python3-urllib3: Remove
        mpd: upgrade to 0.23.6
        libmpdclient: upgrade to 2.20
        mpc: upgrade to 0.34
        ncmpc: upgrade to 0.46
        polkit: Fix build with libtool 2.4.7

  Stefan Herbrechtsmeier (4):
        grpc: Remove runtime dependency between grpc and protobuf-compiler
        spdlog: remove header-only leftover
        nginx: add gunzip PACKAGECONFIG
        openldap: correct slapd systemd service support

  Theodore A. Roth (1):
        python3-marshmallow: fix wheel build

  Tim Orling (40):
        python3-setuptools-rust-native: fix wheel build
        python3-cryptography: fix wheel build
        python3-pyruvate: fix wheel build
        python3-backcall: inherit flit_core
        python3-distutils-extra; merge inc, fix wheel build
        python3-ptyprocess: inherit flit_core
        python3-pyserial: also remove /usr/bin/__pycache__
        python3-twisted: also ship Twisted-*.dist-info
        python3-pillow: fix wheel build
        python3-xlrd: fix wheel build
        python3-pykickstart: fix wheel build
        python3-twofish: drop recipe
        python3-monotonic: fix wheel build
        python3-geomet: fix wheel build
        python3-pako: remove duplicate LICENSE
        python3-configobj: backport patch for setuptools
        python3-systemd: patch to use setuptools
        python3-twofish: patch to use setuptools
        python3-sdnotify: patch to use setuptools
        python3-pynetlinux: patch to use setuptools
        python3-pyiface: upgrade to latest git
        python3-meh: patch to use setuptools
        distutils*.bbclass: move from oe-core
        python3-ipy: drop recipe
        python3-poetry-core: add v1.0.8
        python3-dnspython: inherit poetry_core
        python3-pkgconfig: inherit poetry_core
        python3-iso8601: inherit poetry_core
        python3-rsa: inherit poetry_core
        python3-isort: inherit poetry_core
        python3-pymisp: inherit poetry_core
        python3-aiofiles: inherit poetry_core
        poetry_core: add helper class
        python3-iso8601: move to oe-core
        python3-ply: move to oe-core
        python3-poetry-core: move to oe-core
        python3-pretend: move to oe-core
        python3-pytest-subtests: move to oe-core
        python3-pytz: move to oe-core
        packagegroup-meta-python: drop recipes moved to core

  Tom Hochstein (1):
        python3-pybind11: Override pip install variables

  Trevor Gamblin (9):
        python3-django: upgrade 3.2.11 -> 3.2.12
        python3-django: upgrade 4.0.1 -> 4.0.2
        python3-pytest-lazy-fixture: add recipe
        python3-prettytable: add python3-pytest-lazy-fixture to ptest RDEPENDS
        packagegroup-meta-python: add python3-pytest-lazy-fixture
        grpc: upgrade 1.41.1 -> 1.45.0
        python3-protobuf: upgrade 3.19.3 -> 3.19.4
        python3-h5py: upgrade 3.5.0 -> 3.6.0
        python3-paramiko: upgrade 2.9.2 -> 2.10.3

  Vyacheslav Yurkov (1):
        sdbus-c++: disable code generation tools

  Wang Mingyu (81):
        python3-websockets: upgrade 10.1 -> 10.2
        python3-websocket-client: upgrade 1.2.3 -> 1.3.1
        python3-xlsxwriter: upgrade 3.0.2 -> 3.0.3
        python3-socketio: upgrade 5.5.1 -> 5.5.2
        python3-sentry-sdk: upgrade 1.5.3 -> 1.5.6
        babl: upgrade 0.1.88 -> 0.1.90
        gegl: upgrade 0.4.34 -> 0.4.36
        cyrus-sasl: upgrade 2.1.27 -> 2.1.28
        networkmanager: upgrade 1.34.0 -> 1.36.0
        bats: upgrade 1.5.0 -> 1.6.0
        cukinia: upgrade 0.5.1 -> 0.6.0
        iwd: upgrade 1.24 -> 1.25
        freerdp: upgrade 2.5.0 -> 2.6.0
        openconnect: upgrade 8.10 -> 8.20
        libcereal: upgrade 1.3.1 -> 1.3.2
        poco: upgrade 1.11.0 -> 1.11.1
        poppler: upgrade 22.02.0 -> 22.03.0
        smartmontools: upgrade 7.2 -> 7.3
        python3-autobahn: upgrade 22.1.1 -> 22.2.2
        python3-cheetah: upgrade 3.2.6.post1 -> 3.2.6.post2
        python3-django: upgrade 2.2.26 -> 2.2.27
        python3-httplib2: upgrade 0.20.2- > 0.20.4
        python3-icu: upgrade 2.8 -> 2.8.1
        python3-jsonrpcserver: upgrade 5.0.3 -> 5.0.6
        python3-lxml: upgrade 4.7.1 -> 4.8.0
        python3-pyscaffold: upgrade 4.1.4 -> 4.1.5
        python3-redis: upgrade 4.1.1 -> 4.1.4
        python3-scrypt: upgrade 0.8.19 -> 0.8.20
        python3-tqdm: upgrade 4.62.3 -> 4.63.0
        python3-twisted: upgrade 22.1.0 -> 22.2.0
        python3-waitress: upgrade 2.0.0 -> 2.1.0
        python3-astroid: upgrade 2.9.3 -> 2.10.0
        python3-bitarray: upgrade 2.3.7 -> 2.4.0
        python3-aws-iot-device-sdk-python: upgrade 1.5.0-> 1.5.1
        python3-imageio: upgrade 2.16.0 -> 2.16.1
        python3-python-vlc: upgrade 3.0.12118 -> 3.0.16120
        python3-pymisp: upgrade 2.4.152 -> 2.4.155.1
        python3-networkx: upgrade 2.7 -> 2.7.1
        python3-pychromecast: upgrade 10.2.3 -> 10.3.0
        smbnetfs: upgrade 0.6.1 -> 0.6.3
        python3-astroid: upgrade 2.10.0 -> 2.11.0
        python3-bitstruct: upgrade 8.12.1 -> 8.13.0
        python3-cppy: upgrade 1.1.0 -> 1.2.0
        python3-dnspython: upgrade 2.2.0 -> 2.2.1
        libiec61850: upgrade 1.5.0 -> 1.5.1
        evince: upgrade 41.3 -> 41.4
        networkmanager-openvpn: upgrade 1.8.16 -> 1.8.18
        networkmanager: upgrade 1.36.0 -> 1.36.2
        weechat: upgrade 3.4 -> 3.4.1
        freerdp: upgrade 2.6.0 -> 2.6.1
        libvdpau: upgrade 1.4 -> 1.5
        python3-itsdangerous: upgrade 2.1.0 -> 2.1.1
        python3-jsonrpcserver: upgrade 5.0.6 -> 5.0.7
        gjs: upgrade 1.71.1 -> 1.72.0
        gvfs: upgrade 1.49.1 -> 1.50.0
        nautilus: upgrade 41.2 -> 42.0
        gnome-disk-utility: upgrade 41.0 -> 42.0
        gnome-photos: upgrade 40.0 -> 42.0
        gnome-system-monitor: upgrade 41.0 -> 42.0
        metacity: upgrade 3.42.0 -> 3.44.0
        graphene: upgrade 1.10.6 -> 1.10.8
        libpeas: upgrade 1.30.0 -> 1.32.0
        php: upgrade 8.1.3 -> 8.1.4
        iwd: upgrade 1.25 -> 1.26
        libgsf: upgrade 1.14.48 -> 1.14.49
        libjcat: upgrade 0.1.10 -> 0.1.11
        libqb: upgrade 2.0.4 -> 2.0.6
        libwacom: upgrade 2.1.0 -> 2.2.0
        stm32flash: upgrade 0.6 -> 0.7
        babl: upgrade 0.1.90 -> 0.1.92
        libxmlb: upgrade 0.3.7 -> 0.3.8
        monit: upgrade 5.31.0 -> 5.32.0
        python3-astroid: upgrade 2.11.0 -> 2.11.2
        python3-autobahn: upgrade 22.2.2 -> 22.3.2
        python3-pylint: upgrade 2.12.2 -> 2.13.2
        python3-pymisp: upgrade 2.4.155.1 -> 2.4.157
        python3-redis: upgrade 4.1.4 -> 4.2.0
        python3-robotframework: upgrade 4.1.3 -> 5.0
        python3-tqdm: upgrade 4.63.0 -> 4.63.1
        python3-watchdog: upgrade 2.1.6 -> 2.1.7
        python3-pytest-metadata: upgrade 1.11.0 -> 2.0.1

  Xu Huan (18):
        python3-lz4: upgrade 3.1.10 -> 4.0.0
        python3-mccabe: upgrade 0.6.1 -> 0.7.0
        python3-pillow: upgrade 9.0.0 -> 9.0.1
        python3-snappy upgrade 0.6.0 -> 0.6.1
        python3-twine: upgrade 3.7.1 -> 3.8.0
        python3-xxhash: upgrade 2.0.2 -> 3.0.0
        python3-txaio: upgrade 21.2.1 -> 22.2.1
        python3-regex :upgrade 2021.11.10 -> 2022.3.2
        python3-pywbemtools: upgrade 0.9.1 -> 1.0.0
        python3-pymongo: upgrade 4.0.1 -> 4.0.2
        python3-wrapt: upgrade 1.13.3 -> 1.14.0
        python3-sqlalchemy: upgrade 1.4.31 -> 1.4.32
        python3-sentry-sdk: upgrade 1.5.6 -> 1.5.7
        python3-alembic: upgrade 1.7.6 -> 1.7.7
        python3-arpeggio: upgrade 1.10.2 -> 2.0.0
        python3-cachetools: upgrade 4.2.4 -> 5.0.0
        python3-cantools: upgrade 37.0.1 -> 37.0.7
        python3-intervals: upgrade 1.10.0.post1 -> 1.10.0

  Yi Zhao (5):
        netplan: fix parallel build failure
        nftables: upgrade 1.0.1 -> 1.0.2
        postfix: upgrade 3.6.4 -> 3.6.5
        dhcp-relay: upgrade 4.4.2p1 -> 4.4.3
        apache2: upgrade 2.4.52 -> 2.4.53

  Zoltán Böszörményi (1):
        nodejs: Upgrade to 16.14.0

  wangmy (3):
        python3-waitress: upgrade 2.1.0 -> 2.1.1
        openvpn: upgrade 2.5.5 -> 2.5.6
        rrdtool: upgrade 1.7.2 -> 1.8.0

poky: 49168f5d55..5fe3689f4f:
  Ahmad Fatoum (1):
        kernel-fitimage: allow overriding FIT configuration prefix

  Alejandro Hernandez Samaniego (1):
        initramfs-framework: Add overlayroot module

  Alexander Kanavin (36):
        sstate: do not add TARGET_ARCH to pkgarch for cross recipes.
        OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests
        libsndfile1: correct upstream version check
        libarchive: correct upstream version check
        glslang/spirv: synchronize with the rest of vulkan items
        rust: update 1.58.1 -> 1.59.0
        librsvg: update 2.52.5 -> 2.52.6
        xwayland: update 21.1.4 -> 22.1.0
        apt: upgrade 2.2.4 -> 2.4.0
        kea: upgrade 2.0.1 -> 2.0.2
        python3-cython: upgrade 0.29.27 -> 0.29.28
        diffoscope: upgrade 204 -> 206
        harfbuzz: upgrade 3.4.0 -> 4.0.0
        libsecret: upgrade 0.20.4 -> 0.20.5
        vulkan: upgrade 1.3.204.0 -> 1.3.204.1
        mmc-utils: upgrade to latest revision
        webkitgtk: upgrade 2.34.5 -> 2.34.6
        openssh: update 8.8 -> 8.9
        sysklogd: nobranch in SRC_URI is no longer necessary
        libuv: fix upstream version check
        bind: all even versions now get long term maintenance windows
        dbus-test: merge into main dbus recipe
        dbus: merge dbus.inc into the recipe
        dbus: update 1.12.22 -> 1.14.0
        python3-semantic-version: fix upstream verison check
        python3-typing-extensions: fix upstream version check
        bind: update 9.16.26 -> 9.18.1
        perl-cross: update 1.3.6 -> 1.3.7
        perl: update 5.34.0 -> 5.34.1
        diffoscope: upgrade 206 -> 207
        gtk+3: upgrade 3.24.31 -> 3.24.33
        squashfs-tools: correct upstream version check
        meson: upgrade 0.61.2 -> 0.61.3
        mtools: upgrade 4.0.37 -> 4.0.38
        sqlite3: upgrade 3.38.0 -> 3.38.1
        python3-sphinx-rtd-theme: correct upstream version check

  Alexandre Belloni (1):
        scripts/patchreview: handle Inactive-Upstream status

  Andrew Jeffery (5):
        rust: Introduce arch_to_rust_arch()
        rust: Introduce RUST_BUILD_ARCH
        rust: Add snapshot checksums for powerpc64le
        ipk: Import re in manifest module
        ipk: Decode byte data to string in manifest handling

  Bill Pittman (1):
        wic: Use custom kernel path if provided

  Bruce Ashfield (19):
        linux-yocto/5.15: riscv64: drop MAXPHYSMEM_128GB
        linux-yocto/5.10: features/zram: remove CONFIG_ZRAM_DEF_COMP
        linux-yocto/5.15: update to v5.15.24
        linux-yocto/5.10: update to v5.10.101
        linux-yocto/5.10: Fix ramoops/ftrace
        linux-yocto/5.15: arm defconfig fixes
        linux-yocto/5.15: update to v5.15.26
        linux-yocto/5.10: update to v5.10.103
        linux-yocto/5.15: riscv32: drop MAXPHYSMEM_1GB
        linux-yocto: nohz_full boot arg fix
        linux-yocto/5.10: split vtpm for more granular inclusion
        linux-yocto/5.15: split vtpm for more granular inclusion
        linux-yocto/5.10: cfg/debug: add configs for kcsan
        linux-yocto/5.15: cfg/debug: add configs for kcsan
        linux-yocto/5.15: update to v5.15.27
        linux-yocto-rt/5.15: update to -rt34
        linux-yocto-rt/5.10: update to -rt61
        linux-yocto/5.15: update to v5.15.30
        linux-yocto/5.10: update to v5.10.107

  Carlos Rafael Giani (1):
        libsdl2: Add libunwind-native to the libsdl2-native DEPENDS

  Changhyeok Bae (2):
        repo: upgrade 2.21 -> 2.22
        mobile-broadband-provider-info: upgrade 20210805 -> 20220315

  Chen Qi (1):
        multilib_global.bbclass: fix setting preferred version for canadian recipes

  Christian Eggers (7):
        license: expand_wildcard_licenses: add AGPL-3.0* wildcard
        ref-manual: INCOMPATIBLE_LICENSE: use new license wildcards
        glib-2.0: upgrade 2.70.4 -> 2.72.0
        rust-common: override RUST_LIBC for crosssdk
        machine-sdk: clear ABIEXTENSION for class-crosssdk
        rust-crosssdk: use ${RUST_LIBC} in ${PN}
        librsvg: reenable nativesdk

  Claudius Heine (4):
        overlayfs: add systemd unit path prefix to FILES:${PN} array
        overlayfs-etc: add condition to package-management feature conflict
        files: overlayfs-etc: wrap long lines of preinit file
        files: overlayfs-etc: add overlay mount options to preinit

  Daniel Gomez (1):
        bitbake: contrib: Add Dockerfile for building PR service

  Daniel Wagenknecht (4):
        copy_buildsystem: allow more layer paths
        bitbake: fetch2: ssh: username and password are optional
        bitbake: fetch2: ssh: fix path handling
        bitbake: fetch2: ssh: support checkstatus

  David Reyna (4):
        bitbake: toaster: Add 'Kirkstone', 'Honister', and 'Hardknott'. Remove 'Dunfell' and 'Gatesgarth'.
        bitbake: toaster: automation to generate fixture files
        bitbake: toaster: detect when bitbake crashed
        bitbake: toaster: race condition for end-of-build

  Diego Sueiro (1):
        grub-efi: Add option to include all available modules

  Joe Slater (5):
        zip: modify when match.S is built
        weston: require wayland as a distro feature
        expect: modify fixline1 script
        weston: use same distro features for weston and westion-init
        libxml2: fix CVE-2022-23308 regression

  Jose Quaresma (18):
        icecc.bbclass: enable networking in all tasks
        buildhistory.bbclass: create the buildhistory directory when needed
        Revert "cmake.bbclass: Set CXXFLAGS and CFLAGS"
        sstate: inside the threadedpool don't write to the shared localdata
        gstreamer1.0-plugins-base: libgst is already defined on PACKAGES_DYNAMIC
        gstreamer1.0-plugins-packaging: rename variables
        gstreamer1.0-plugins-bad/ugly: use the GPL-2.0-or-later only when it is in use
        gstreamer1.0: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-plugins-base: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-plugins-good: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-plugins-bad: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-plugins-ugly: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-libav: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-omx: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-vaapi: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-rtsp-server: upgrade 1.20.0 -> 1.20.1
        gstreamer1.0-python: upgrade 1.20.0 -> 1.20.1
        gst-devtools: upgrade 1.20.0 -> 1.20.1

  Kai Kang (1):
        python3-pyparsing: rdepends on python3-html

  Kamil Dziezyk (1):
        libacpi: Build libacpi also for 'aarch64' machines

  Khem Raj (42):
        musl: Update to latest master
        libical: Pass TOOLCHAIN_OPTIONS via CFLAGS
        libical: Do not set CC explicitly for gir compiler
        insane: Accomodate llvm-objdump
        systemtap: Enable for riscv64
        packagegroup-core-tools-profile: Enable systemtap for riscv64
        kmscube: Fix build when x11 is absent in distro features
        virglrenderer: Depend on virtual/egl
        zlib: Pass ldflags to configure tests using linking
        zip: Pass ldflags to configure tests using linking
        qemu: Fix build when x11 is not in distro features
        webkitgtk: Fix build when x11 is not in distro features
        unzip: Pass LDFLAGS to configure tests
        libtool: Recognise additional linker commandline options passed by clang
        m4: Fix build on musl/ppc
        gcompat: Update to latest
        powerpc32-linux: Remove libc cached variables
        ppc/siteinfo: Fix differences between musl and glibc
        gcompat: Do not use static-pie on ppc
        linux-yocto: Ignore textrels for ppc64 kernel
        binutils: Bump to latest 2.38 release branch
        erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64
        libstd-rs: Fix build on riscv64/musl
        qemu: Fix build on ppc64
        qemuppc64.conf: Disable huge vmalloc
        qemuppc64: Use smp = 2
        libucontext: Upgrade to 1.2 release
        python3-cryptography: Upgrade to 36.0.2
        weston-init: Use pixman on riscv64 qemu
        openssh: Default to not using sandbox when cross compiling
        qemuriscv: Use virtio-tablet-pci for mouse
        weston-init: Use pixman rendering for qemuppc64
        qemu: Fix build on systems without MAP_SYNC
        libsdl2: Depend on virtual/egl
        piglit: Remove virtual/libgl
        waffle: Use the right dependencies as needed
        webkitgtk: Depend on virtual/egl instead of virtual/libgl
        qemu: Depend on libepoxy instead of virtual/libgl
        musl: Update to latest master
        diffutils: Fix build on ppc/musl
        grep: Fix build on ppc/musl
        qemu: Disable for ppc32

  Konrad Weihmann (2):
        pip_install_wheel: improve wheel handling
        setuptools_build_meta: remove python dependency

  Lee Chee Yang (1):
        poky.conf: update tested distro

  Luca Boccassi (3):
        mount-copybind: fix shellcheck warning
        mount-copybind: add MOUNT_COPYBIND_AVOID_OVERLAYFS env var to skip OverlayFS
        volatile-binds: add recipe variable to allow disabling OverlayFS

  Mark Hatle (2):
        insane.bbclass: Update insane.bbclass to work on FIPS enabled hosts
        bitbake: utils/ply: Change md5 usages to work on FIPS enabled hosts

  Markus Volk (9):
        libxslt: update to v1.1.35
        x86-base.inc: replace intel i965 driver with crocus
        mesa: update to 22.0.0
        gtk+3: remove deprecated option
        librsvg: inherit vala
        xf86-video-intel: add dependencies; remove dri1
        mesa: align target- and native build
        libva: make buildable for native and nativesdk
        wayland: provide wayland-client-native and wayland-protocols-native

  Marta Rybczynska (3):
        bitbake: lib/bb: more verbose error message
        cve-check: add json format
        cve-check: add coverage statistics on recipes with/without CVEs

  Michael Halstead (2):
        releases: update to include 3.3.5
        releases: update to include 3.1.15

  Michael Olbrich (1):
        kernel.bbclass: avoid config changes based on the availability of pahole

  Michael Opdenacker (30):
        documentation: remove references to prelink support
        documentation/README: how to upgrade Sphinx packages
        documentation: individual release note files
        documentation: release notes for 3.4.2
        bitbake: bitbake-user-manual: further override syntax updates
        bitbake: bitbake-user-manual: add "crate" fetcher
        bitbake: bitbake-user-manual: stop mentioning the Angstrom distribution
        bitbake: bitbake-user-manual: add note about the old syntax for OVERRIDES
        bitbake: bitbake-user-manual: yet another overrides syntax update
        bitbake: bitbake-user-manual: update allowed characters in overrides
        bitbake: bitbake-user-manual: add recent release manuals
        local.conf.sample: fix reference to extended configuration sample
        local.conf.sample: https and no newline for SSTATE_MIRRORS
        conf/machine: fix QEMU x86 sound options
        bitbake: doc: bitbake-user-manual: reorder variable definitions
        docs: overview-manual: formating fixes
        docs: migration-3.5.rst: fix "distutils" typo
        docs: update examples to add branch info to git URIs
        documentation/README: correct heading styles actually used in the YP manuals
        manuals: inclusive language updates
        dev-manual: details about using firewalls and limiting fetch threads
        docs: brief-yoctoprojectqs: update video tutorial
        docs: ref-system-requirements.rst: update list of supported distros
        ref-manual: sort list of variables in generated output
        ref-manual: reorder variable definitions
        doc: migration-3.5: move the distutils changes to the class changes section
        doc: migration-3.5: variable changes for inclusive language
        bitbake: doc: bitbake-user-manual: add branch parameter to git SRC_URI examples
        bitbake: doc: bitbake-user-manual: branch parameter now mandatory in git SRC_URIs
        bitbake: bitbake: bitbake-user-manual: punctuation fixes

  Ming Liu (5):
        image.bbclass: make sure do_rootfs run from a clean workspace
        weston-init: add use-pixman PACKAGECONFIG
        kernel-fitimage.bbclass: introduce get_fit_replacement_type function
        kernel-fitimage.bbclass: change 'echo' to 'bbnote'
        kernel-fitimage.bbclass: introduce FIT_SUPPORTED_INITRAMFS_FSTYPES

  Minjae Kim (2):
        gnu-config: update SRC_URI
        virglrenderer: update SRC_URI

  Nicholas Sielicki (1):
        dev-manual: note on using journald without syslog

  Olaf Mandel (1):
        bitbake: fetch2/git: stop generated tarballs from leaking info

  Oleksandr Ocheretnyi (1):
        kernel-devsrc: do not copy Module.symvers file during install

  Peter Kjellerstedt (24):
        license.py: Correct a comment
        gma500-gfx-check: Update LICENSE to use an SPDX license identifier
        default-distrovars.inc: Remove the empty default for WHITELIST_GPL-3.0
        selftest: recipetool: Correct the URI for socat
        recipetool/create_buildsys_python: Add support for more known licenses
        recipetool: Use SPDX license identifiers
        meta, meta-selftest: Replace more non-SPDX license identifiers
        manuals: Update LICENSE vars in examples to use SPDX license identifiers
        bitbake: knotty.py: Improve the message while waiting for running tasks to finish
        bitbake: knotty.py: Correct the width of the progress bar for the real tasks
        bitbake: knotty.py: A little clean up of TerminalFilter::updateFooter()
        oe-pkgdata-util: Adapt to the new variable override syntax
        create-spdx.bbclass: Remove an unnecessary path from do_create_spdx[dirs]
        deploy.bbclass: Remove an unnecessary path from do_deploy[dirs]
        package.bbclass: Remove an unnecessary path from do_package[dirs]
        image.bbclass: Remove two unnecessary paths from do_rootfs[dirs]
        go: Remove three unnecessary paths from do_compile[dirs]
        selftest/incompatible_lic: Remove references to AVAILABLE_LICENSES
        create-spdx.bbclass: Simplify extraction of license text
        license.bbclass: Remove the available_licenses() function
        bitbake: server/process: Correct a typo in a comment
        glib-2.0: Remove a leftover comment
        libdnf: Add a dependency on util-linux
        python3: Add a dependency on ncurses

  Pgowda (1):
        binutils: Avoid Race condition in as.info

  Quentin Schulz (1):
        ref-manual: classes: provide command with ready-to-use password

  Ralph Siemsen (2):
        libxml2: move to gitlab.gnome.org
        libxml2: update to 2.9.13

  Randy MacLeod (1):
        libarchive: upgrade 3.5.3 -> 3.6.0

  Ricardo Salveti (1):
        libpam: use /run instead of /var/run in systemd tmpfiles

  Richard Neill (1):
        systemd: Update 250.3 -> 250.4

  Richard Purdie (113):
        pip_install_wheel: Use BPN instead of PN to construct PYPI_PACKAGE default
        mutlilib: Handle WHITELIST_GPL-3.0 being unset
        recipetool/devtool: Further SPDX identifier cleanups
        license/insane: Show warning for obsolete license usage
        license: Rework INCOMPATIBLE_LICENSE wildcard handling
        libsndfile: Fix missing external library support
        python3-native: Drop opt-1 and opt-2 pyc files
        cmake-native: Remove help docs from the native sysroot
        python3-native: Remove all pyc files
        python3: Drop opt1 and opt2 pyc files from target
        Revert "libsdl2: Add libunwind-native to the libsdl2-native DEPENDS"
        Revert "libical: Pass TOOLCHAIN_OPTIONS via CFLAGS"
        layer.conf: Filter docs dependencies for efficiency
        layer.conf: Add libarchive-native e2fsprogs-native exclusion from sysroot
        python3: Reduce util-linux dependency to util-linux-libuuid
        layer.conf: Allow sysroot dependencies on perlcross-native to be skipped
        bitbake: knotty: Correctly handle multiple line items
        bitbake: knotty: Improve setscene task display
        expat: Upgrade 2.4.6 -> 2.4.7
        build-appliance-image: Update to master head revision
        vim: Update to 8.2.4524 for further CVE fixes
        bitbake: server/xmlrpcserver: Add missing xmlrpcclient import
        bitbake: uievent: Fix import warning for python 3.10
        bitbake: cooker: Fix environment history printing
        bitbake: toaster: Fix IMAGE_INSTALL issues with _append vs :append
        bitbake: toaster: move gen_fixtures to the correct path
        Revert "mesa: make sure GLES3 headers are installed"
        oeqa/runtime/ping: Improve failure message to include more detail
        scripts/runqemu: Fix memory limits for qemux86-64
        shadow-native: Simplify and fix syslog disable patch
        bitbake: bitbake: Bump to version 2.0.0
        poky: Bump to 4.0 in preparation for release
        python3-psutil/python3-bcrypt: Add missing HOMEPAGE
        py3o: Rename to python_py3o
        setuptools3_rust: Rename to python_setuptools3_rust
        poetry_core: Rename to python_poetry_core
        python3-cryptography: Add missing ptest tomli dependency
        python3-cryptography-vectors: Fix reproducibility
        perf-build-test/report: Drop phantomjs and html email reports support
        create-spdx: Use function rather than AVAILABLE_LICENSES
        sstate: Allow optimisation of do_create_spdx task dependencies
        license: Drop AVAILABLE_LICENSES
        libstd-rs: Extend to nativesdk
        rust-cross: Add rust-crosssdk variant for nativesdk use
        cargo: Add missing nativesdk support
        python3-cryptography: Fix ptest result handling
        python3-docutil: Extend to nativesdk
        bitbake: data_smart: Skip commonly accessed variables from variable data context lookup
        bitbake: data_smart: Avoid multiple getVarFlag calls
        bitbake: codeparser: Avoid log bufer overhead in cache case
        python3-snowballstemmer: Add new recipe
        python3-imagesize: Add new recipe
        python3-alabaster: Add new recipe
        python3-pyasn1: Add from meta-oe/meta-python
        ptest-packagelists.inc: Add python3-pyasn1 to fast ptests list
        python3-certifi: Add from meta-oe/meta-python
        python3-chardet: Add from meta-oe/meta-python
        python3-ndg-httpsclient: Add from meta-oe/meta-python
        python3-pyopenssl: Add from meta-oe/meta-python
        python3-pysocks: Add from meta-oe/meta-python
        python3-pytest-runner: Add from meta-oe/meta-python
        python3-requests: Add from meta-oe/meta-python
        python3-urllib3: Add from meta-oe/meta-python
        python3-babel: Add recipe from meta-oe/meta-python
        python3-sphinxcontrib-qthelp: Add new recipe
        python3-sphinxcontrib-devhelp: Add new recipe
        python3-sphinxcontrib-htmlhelp: Add new recipe
        python3-sphinxcontrib-serializinghtml: Add new recipe
        python3-sphinxcontrib-jsmath: Add new recipe
        python3-sphinxcontrib-applehelp: add new recipe
        python3-sphinx-rtd-theme: Add new recipe
        python3-sphinx: Add a new recipe
        python3-sphinx: Work around reproducibility issue
        python3: Add missing HOMEPAGE entries
        maintainers.inc: Add new python recipes
        Add buildtools-docs-tarball recipe
        buildtools-docs-tarball: Add test for building documentation using sphinx
        oeqa/selftest/tinfoil: Improve tinfoil event test debugging
        toaster: Fix broken overrides usage
        poky.yaml: Drop POKYVERSION and YOCTO_POKY references
        poky.yaml: Drop unused YOCTO_DOC_VERSION_MINUS_ONE
        Makefile/set_versions: Allow poky.yaml to be autogenerated
        conf.py/set_versions/poky.yaml: Set version in conf.py from poky.yaml
        set_versions: Add support for setting POKYVERSION found in older releases
        set_versions/switchers.js: Allow switchers.js version information to be autogenerated
        set_versions: Various improvements
        set_versions: Handle dev branch in switchers correctly
        set_versions/switchers: Drop versions shown to the active releases
        pseudo: Add patch to workaround paths with crazy lengths
        libtool: Upgrade 2.4.6 -> 2.4.7
        bitbake: siggen: Improve ambiguous use of 'dependent'
        Revert "set_versions: Handle dev branch in switchers correctly"
        Revert "set_versions/switchers: Drop versions shown to the active releases"
        set_versions: Handle dev branch in switchers correctly
        set_versions: Correct devbranch comparision
        bitbake: utils: Fix lockfile path length issues
        sanity: Add warning for local hasheqiv server with remote sstate mirrors
        bitbake: tinfoil: Allow run_command not to wait on events
        bitbake: cooker/siggen: Support exit calls and use for hashserv client
        bitbake: siggen: Add missing reset handler to hashserv signature generator
        bitbake: server/process: Move threads left debug to after cooker shutdown
        bitbake: cooker: Fix inotify watches causing memory resident bitbake corruption
        perl: Add missing RDEPENDS
        oeqa/selftest/tinfoil: Fix intermittent event loss issue in test
        create-spdx: Avoid regex warning by quoting correctly
        bitbake: cooker: Fix exception handling in parsers
        bitbake: cooker: Fix main loop starvation when parsing
        bitbake: cooker: Improve exception handling in parsing process
        bitbake: cooker: Simplify parser init function handling
        bitbake: cooker/process: Fix signal handling lockups
        bitbake: cooker: Rework force parser shutdown
        bitbake: build: Add missing parameter to TaskInvalid
        poky: Drop PREMIRRORS entries for scms

  Robert Joslyn (1):
        curl: Update to 7.82.0

  Robert P. J. Day (1):
        scripts: Various typo/grammar/punctuation fixes

  Robert Yang (4):
        coreutils: Disable statx for native build
        perl: Makefile.PL: Fix _PATH_LOG for deterministic
        quilt: Disable external sendmail for deterministic build
        cups: Add --with-dbusdir to EXTRA_OECONF for deterministic build

  Ross Burton (67):
        Revert "cve-check: add lockfile to task"
        classes: add setuptools3_legacy
        asciidoc: update git repository
        bmap-tools: remove redundant python3native inherit
        setuptools3.bbclass: clean up
        pip_install_wheel: clean up
        pip_install_wheel: don't lazy assign PIPINSTALLARGS
        python3-pip: remove obsolete and confusing comment
        flit_core: clean up configure/compile
        setuptools_build_meta: clean up configure/compile
        flit_core: respect PIP_INSTALL_DIST_PATH
        flit_core: add variable to control where pyproject.toml is located
        setuptools_build_meta: respect PIP_INSTALL_DIST_PATH
        setuptools_build_meta: add variable to control where pyproject.toml is located
        python3-flit-core: improve recipe
        setuptools3: respect PIP_INSTALL_DIST_PATH
        python3-pip: clean up PYPA_WHEEL usage
        python3-setuptools3: clean up PYPA_WHEEL usage
        python3-wheel: clean up PYPA_WHEEL usage
        bmap-tools: remove redundant PYPA_WHEEL
        python3-markdown: use setuptools_build_meta
        python3-pyrsistent: use setuptools_build_meta
        python3-pyyaml: use setuptools_build_meta
        python3-scons: remove PIP_INSTALL_DIST_PATH
        pip_install_wheel: generate the wheels in directory we control outside of S
        pip_install_wheel: install wheel with a glob
        python3-scons: remove redundant FILES:${PN}-doc
        flit_core: remove redundant python3-pip-native DEPENDS
        python3-pip: remove redundant DEPENDS on python3-setuptools-native
        pip_install_wheel: add a generic do_install for bootstrapping
        seatd: upgrade to 0.6.4 (fixes CVE-2022-25643)
        setuptools3-base: improve RDEPENDS assignment
        meta: remove obsolete PIP_INSTALL_PACKAGE
        meta: rename pip_install_wheel.bbclass to python_pep517.bbclass
        python_pep517: move PEP517_SOURCE_PATH to python_pep517
        python3-setuptools-rust-native: remove obsolete PIP_*
        python3-poetry-core: remove obsolete PIP_INSTALL_PACKAGE
        poetry_core: update for renamed class pip_install_wheel to python_pep517
        python3-cryptography: mark test_create_certificate_with_extensions as expected to fail
        python3-cryptography: remove obsolete PIP_INSTALL_DIST_PATH
        python3-installer: add installer module
        python_pep517: use installer instead of pip
        devupstream: fix handling of SRC_URI
        linux-yocto: remove redundant devupstream assignments
        python3-setuptools-rust-native: use setuptools_build_meta
        openssl: upgrade to 3.0.2
        Update documentation for Python packaging changes
        python3-packaging: remove duplicate python3-setuptools-native DEPENDS
        classes/flit_core: use python_pep517_do_compile
        classes/python_pep517: implement a standard do_compile
        classes/python_poetry_core: use python_pep517_do_compile
        classes/python_pep517: add more comments
        classes/setuptools_build_meta: use python_pep517_do_compile
        classes/flit_core: rename to python_flit_core
        classes/python_pep517: consolidate stub do_configure
        lttng-modules: remove redundant devupstream assignments
        python3-cryptography: enforce identical version for -cryptography-vectors
        python3-cryptography-vectors: upgrade to 36.0.2
        classes/setuptools_build_meta: rename to python_setuptools_build_meta
        bitbake: bitbake: knotty: display active tasks when printing keepAlive() message
        bitbake: bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes
        tiff: backport CVE fixes:
        python3: ignore CVE-2022-26488
        oeqa/runtime/context: remove duplicate sys.path entries when looking for modules
        grub: ignore CVE-2021-46705
        qemu: backport fixes for CVE-2022-26353 and CVE-2022-26354
        zlib: backport the fix for CVE-2018-25032

  Sakib Sajal (1):
        perl: generate alternative link for streamzip

  Samuli Piippo (2):
        mesa: make sure GLES3 headers are installed
        binutils-cross-canadian: enable gold for mingw

  Saul Wold (4):
        base/license: Rework INCOMPATIBLE_LICENSE variable handling
        convert-variable-renames: Fix output string
        meta/scripts: Improve internal variable naming
        documentation: Update for skip_recipe rename

  Stefan Herbrechtsmeier (4):
        systemd: move systemd shared library into its own package
        classes: rootfs-postcommands: include /etc/fstab in overlayfs_qa_check
        oeqa: selftest: overlayfs: add test for image with fstab entry
        zstd: add libzstd package

  Tean Cunningham (1):
        rootfs-postcommands: amend systemd_create_users add user to group check

  Tim Orling (44):
        flit_core: inherit setuptools3-base
        flit_core: export do_configure and do_compile
        python3-tomli: inherit flit_core
        python3-flit-core: upgrade 3.6.0 to 3.7.1
        docs: update setuptools3 class
        docs: ref-manual: drop distutils from variables
        docs: ref-manual: remove distutils* from classes
        docs: migration-3.5: distutils move
        docs: migration-2.6 drop distutils labels, terms
        docs: migration-3.3 drop distutils labels, terms
        docs: add new python packaging classes
        docs: add pip install variables
        python3-jsonschema: upgrade 3.2.0 -> 4.4.0
        python3-importlib-metadata: upgrade 4.10.1 -> 4.11.2
        bitbake: toaster-requirements.txt: Django 3.2 LTS
        bitbake: toaster: Update docs links in templates
        bitbake: toaster: orm/models -- drop django.utils.six
        bitbake: toaster: set DEFAULT_AUTO_FIELD
        bitbake: toaster: migratation for models.BigAutoField
        bitbake: bitbake: buildinfohelper.py fix for Django 3.2
        bitbake: toaster: drop landing_not_managed template
        python3-setuptools-rust-native: from meta-python
        pyo3.bbclass: move from meta-python
        setuptools3_rust.bbclass: move from meta-python
        python3-cryptography: move from meta-python
        python3-pytest-subtests: move from meta-python
        python3-cryptography-vectors: from meta-python
        python3-asn1crypto: move from meta-python
        python3-cffi: move from meta-python
        python3-pytz: move from meta-python
        python3-bcrypt: move from meta-python
        python3-pretend: move from meta-python
        python3-psutil: move from meta-python
        poetry_core.bbclass: move from meta-python
        python3-poetry-core: move from meta-python
        python3-iso8601: move from meta-python
        python3-typing-extensions: move from meta-python
        python3-semantic-version: move from meta-python
        python3-pycparser: move from meta-python
        python3-ply: move from meta-python
        maintainers.inc: add python3-crypto and friends
        ptest-packagelists.inc: add python3-cryptography
        ptest-packagelists: add python3-bcrypt and -pytz
        python3-pytest: upgrade 7.0.1 -> 7.1.1

  Tony McDowell (1):
        dev-manual: add instructions for compacting WSLv2 VHDX files

  Trevor Gamblin (3):
        iptables: do not install /etc/ethertypes
        iptables: use nft backend with libnftnl PACKAGECONFIG
        python3: upgrade 3.10.2 -> 3.10.3

  Zoltán Böszörményi (1):
        mesa: Allow building Mesa's OpenCL through PACKAGECONFIG

  leimaohui (1):
        bitbake: monitordisk.py: Deleted redundant word in warning message.

  wangmy (72):
        python3-git: upgrade 3.1.26 -> 3.1.27
        ell: upgrade 0.48 -> 0.49
        libgit2: upgrade 1.4.1 -> 1.4.2
        nghttp2: upgrade 1.46.0 -> 1.47.0
        python3-dbusmock: upgrade 0.25.0 -> 0.26.1
        python3-hypothesis: upgrade 6.37.2 -> 6.39.0
        at: upgrade 3.2.4 -> 3.2.5
        dbus: upgrade 1.12.20 -> 1.12.22
        ccache: upgrade 4.5.1 -> 4.6
        libjpeg-turbo: upgrade 2.1.2 -> 2.1.3
        libsolv: upgrade 0.7.20 -> 0.7.21
        libva: upgrade 2.13.0 -> 2.14.0
        mesa: upgrade 21.3.6 -> 21.3.7
        ovmf: upgrade 202111 -> 202202
        wget: upgrade 1.21.2 -> 1.21.3
        sqlite3: upgrade 3.37.2 -> 3.38.0
        sysstat: upgrade 12.4.4 -> 12.4.5
        btrfs-tools: upgrade 5.16 -> 5.16.2
        python3-hypothesis: upgrade 6.39.0 -> 6.39.2
        cmake: upgrade 3.22.2 -> 3.22.3
        asciidoc: upgrade 10.1.3 -> 10.1.4
        go: upgrade 1.17.7 -> 1.17.8
        gpgme: upgrade 1.17.0 -> 1.17.1
        python3-pycairo: upgrade 1.20.1 -> 1.21.0
        stress-ng: upgrade 0.13.11 -> 0.13.12
        sudo: upgrade 1.9.9 -> 1.9.10
        createrepo-c: upgrade 0.18.0 -> 0.19.0
        dnf: upgrade 4.10.0 -> 4.11.1
        harfbuzz: upgrade 4.0.0 -> 4.0.1
        libdnf: upgrade 0.65.0 -> 0.66.0
        librsvg: upgrade 2.52.6 -> 2.52.7
        linux-firmware: upgrade 20220209 -> 20220310
        python3-importlib-metadata: upgrade 4.11.2 -> 4.11.3
        lttng-modules: upgrade 2.13.1 -> 2.13.2
        python3-numpy: upgrade 1.22.2 -> 1.22.3
        libcgroup: upgrade 2.0 -> 2.0.1
        libuv: upgrade 1.43.0 -> 1.44.1
        dpkg: upgrade 1.21.1 -> 1.21.2
        gobject-introspection: upgrade 1.70.0 -> 1.72.0
        libdazzle: upgrade 3.42.0 -> 3.44.0
        libsolv: upgrade 0.7.21 -> 0.7.22
        man-db: upgrade 2.10.1 -> 2.10.2
        python3-markupsafe: upgrade 2.1.0 -> 2.1.1
        vala: upgrade 0.54.7 -> 0.56.0
        adwaita-icon-theme: upgrade 41.0 -> 42.0
        bluez5: upgrade 5.63 -> 5.64
        gnutls: upgrade 3.7.3 -> 3.7.4
        gsettings-desktop-schemas: upgrade 41.0 -> 42.0
        rng-tools: enable macro JENT_CONF_ENABLE_INTERNAL_TIMER
        libjitterentropy: upgrade 3.3.1 -> 3.4.0
        apt: upgrade 2.4.0 -> 2.4.3
        atk: upgrade 2.36.0 -> 2.38.0
        cronie: upgrade 1.5.7 -> 1.6.0
        diffoscope: upgrade 207 -> 208
        dpkg: upgrade 1.21.2 -> 1.21.4
        glib-networking: upgrade 2.70.1 -> 2.72.0
        iproute2: upgrade 5.16.0 -> 5.17.0
        libevdev: upgrade 1.12.0 -> 1.12.1
        libsoup: upgrade 3.0.4 -> 3.0.5
        lttng-modules: upgrade 2.13.2 -> 2.13.3
        lttng-ust: upgrade 2.13.1 -> 2.13.2
        msmtp: upgrade 1.8.19 -> 1.8.20
        sqlite3: upgrade 3.38.1 -> 3.38.2
        python3-asn1crypto: upgrade 1.4.0 -> 1.5.1
        python3-dbusmock: upgrade 0.26.1 -> 0.27.3
        python3-hypothesis: upgrade 6.39.2 -> 6.39.5
        python3-imagesize: upgrade 1.2.0 -> 1.3.0
        python3-jinja2: upgrade 3.0.3 -> 3.1.1
        python3-pytest-runner: upgrade 5.3.1 -> 6.0.0
        python3-pytest-subtests: upgrade 0.6.0 -> 0.7.0
        python3-pytz: upgrade 2021.3 -> 2022.1
        python3-urllib3: upgrade 1.26.8 -> 1.26.9

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ib4c513b74dbc38e31b3792d8323e877294f959d9
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 1f83593..21f03d1 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -16,3 +16,6 @@
 # Sanity check for meta-security layer.
 # Setting SKIP_META_SECURITY_SANITY_CHECK to "1" would skip the bbappend files check.
 INHERIT += "sanity-meta-security"
+
+QB_KERNEL_CMDLINE_APPEND = " ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', 'apparmor=1 security=apparmor', '', d)}"
+
diff --git a/meta-security/kas/kas-security-alt.yml b/meta-security/kas/kas-security-alt.yml
index f073216..3ee9808 100644
--- a/meta-security/kas/kas-security-alt.yml
+++ b/meta-security/kas/kas-security-alt.yml
@@ -3,11 +3,6 @@
     includes: 
         - kas-security-base.yml
 
-repos:
-  meta-rust:
-    url: https://github.com/meta-rust/meta-rust.git
-    refspec: master
-
 local_conf_header:
   alt: |
       DISTRO_FEATURES:append = " systemd"
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index dd32397..230c859 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -11,7 +11,7 @@
     if [ -e "${IMA_EVM_X509}" ]; then
         install -d ${D}/${sysconfdir}/keys
         install "${IMA_EVM_X509}" ${D}${sysconfdir}/keys/x509_evm.der
-        lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
+        ln -rs ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
     fi
 }
 do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' % os.path.exists('${IMA_EVM_X509}')}"
diff --git a/meta-security/meta-parsec/README.md b/meta-security/meta-parsec/README.md
index bb4c2b9..85e0d10 100644
--- a/meta-security/meta-parsec/README.md
+++ b/meta-security/meta-parsec/README.md
@@ -80,7 +80,7 @@
   This layer also contains a recipe for pasec-tool which can be used for
 manual testing of the Parsec service:
 
-    IMAGE_INSTALL:append = " parsec-tools"
+    IMAGE_INSTALL:append = " parsec-tool"
 
   There are a series of Parsec Demo videos showing how to use parsec-tool
 to test the Parsec service base functionality:
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb
index 1cbf2bd..3f12139 100644
--- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb
@@ -12,7 +12,12 @@
 
 DEPENDS = "clang-native"
 
-PACKAGECONFIG ??= "TPM PKCS11 MBED-CRYPTO CRYPTOAUTHLIB"
+PACKAGECONFIG ??= "PKCS11 MBED-CRYPTO CRYPTOAUTHLIB"
+
+have_TPM = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'TPM', '', d)}"
+PACKAGECONFIG:append = " ${@bb.utils.contains('BBFILE_COLLECTIONS', 'tpm-layer', '${have_TPM}', '', d)}"
+
+
 PACKAGECONFIG[ALL] = "all-providers cryptoki/generate-bindings tss-esapi/generate-bindings,,tpm2-tss libts,libts"
 PACKAGECONFIG[TPM] = "tpm-provider tss-esapi/generate-bindings,,tpm2-tss"
 PACKAGECONFIG[PKCS11] = "pkcs11-provider cryptoki/generate-bindings,"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index 549a888..cf6d531 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -4,7 +4,7 @@
 SUMARRY = "The OpenSCAP Daemon is a service that runs in the background."
 HOME_URL = "https://www.open-scap.org/tools/openscap-daemon/"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=40d2542b8c43a3ec2b7f5da31a697b88"
-LICENSE = "LGPL-2.1"
+LICENSE = "LGPL-2.1-only"
 
 DEPENDS = "python3-dbus"
 
@@ -13,7 +13,7 @@
            file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
           "
 
-inherit setuptools3
+inherit setuptools_build_meta
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-security/meta-security-isafw/classes/isafw.bbclass b/meta-security/meta-security-isafw/classes/isafw.bbclass
index da6bf76..3854c0f 100644
--- a/meta-security/meta-security-isafw/classes/isafw.bbclass
+++ b/meta-security/meta-security-isafw/classes/isafw.bbclass
@@ -105,7 +105,7 @@
     os.environ["PATH"] = savedenv["PATH"]
 }
 
-do_build[depends] += "cve-update-db-native:do_populate_cve_db ca-certificates-native:do_populate_sysroot"
+do_build[depends] += "cve-update-db-native:do_fetch ca-certificates-native:do_populate_sysroot"
 do_build[depends] += "python3-lxml-native:do_populate_sysroot"
 
 # These tasks are intended to be called directly by the user (e.g. bitbake -c)
@@ -179,7 +179,6 @@
 }
 
 do_rootfs[depends] += "checksec-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot"
-do_rootfs[depends] += "prelink-native:do_populate_sysroot"
 do_rootfs[depends] += "python3-lxml-native:do_populate_sysroot"
 
 isafw_init[vardepsexclude] = "DATETIME"
diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
index bfe6e3a..7ba5004 100644
--- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
+++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
@@ -15,7 +15,6 @@
     tpm-quote-tools \
     swtpm \
     openssl-tpm-engine \
-    libtpm \
     ${X86_TPM_MODULES} \
     "
 
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb
similarity index 84%
rename from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
rename to meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb
index 8fe62cf..c03c44c 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb
@@ -2,8 +2,8 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
 
-SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https"
+SRCREV = "3f8fbc831b7bc3a6cc8422c432f577596b4cf3df"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https"
 
 PE = "1"
 
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch b/meta-security/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch
deleted file mode 100644
index 5aee933..0000000
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Don't check for tscd deamon on host.
-
-Upstream-Status: OE Specific
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: git/configure.ac
-===================================================================
---- git.orig/configure.ac
-+++ git/configure.ac
-@@ -179,15 +179,6 @@ AC_SUBST([LIBTPMS_LIBS])
- AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
- AC_SUBST([LIBRT_LIBS])
- 
--AC_PATH_PROG([TCSD], tcsd)
--if test "x$TCSD" = "x"; then
--    have_tcsd=no
--    AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests])
--else
--    have_tcsd=yes
--fi
--AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
--
- dnl We either need netstat (more common across systems) or 'ss' for test cases
- AC_PATH_PROG([NETSTAT], [netstat])
- if test "x$NETSTAT" = "x"; then
-@@ -440,23 +431,6 @@ AC_ARG_WITH([tss-group],
-             [TSS_GROUP="tss"]
- )
- 
--case $have_tcsd in
--yes)
--	AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available])
--	if ! test $(id -u $TSS_USER); then
--		AC_MSG_ERROR(["$TSS_USER is not available"])
--	else
--		AC_MSG_RESULT([yes])
--	fi
--	AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available])
--	if ! test $(id -g $TSS_GROUP); then
--		AC_MSG_ERROR(["$TSS_GROUP is not available"])
--	else
--		AC_MSG_RESULT([yes])
--	fi
--	;;
--esac
--
- AC_SUBST([TSS_USER])
- AC_SUBST([TSS_GROUP])
- 
-Index: git/tests/Makefile.am
-===================================================================
---- git.orig/tests/Makefile.am
-+++ git/tests/Makefile.am
-@@ -83,10 +83,6 @@ TESTS += \
- 	test_tpm2_swtpm_cert \
- 	test_tpm2_swtpm_cert_ecc \
- 	test_tpm2_swtpm_setup_create_cert
--if HAVE_TCSD
--TESTS += \
--	test_tpm2_samples_create_tpmca
--endif
- endif
- 
- EXTRA_DIST=$(TESTS) \
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
similarity index 93%
rename from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
rename to meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
index 63734b9..85e4c5d 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
@@ -6,10 +6,9 @@
 # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
 DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
 
-SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \
+SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
            file://ioctl_h.patch \
-           file://oe_configure.patch \
            "
 PE = "1"
 
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 3b3da4f..b47d53a 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -9,7 +9,7 @@
 LICENSE = "CPL-1.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
 
-DEPENDS = "libtspi openssl perl"
+DEPENDS = "libtspi openssl perl-native"
 DEPENDS:class-native = "trousers-native"
 
 SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb
index e0f2d09..ddcfb58 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb
@@ -12,7 +12,7 @@
 
 SRC_URI[sha256sum] = "8900a6603f74310b749b65f23c3461cde6e2a23a5f61058b21004c25f9cf19e8"
 
-inherit autotools pkgconfig systemd extrausers
+inherit autotools pkgconfig systemd useradd
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
@@ -22,10 +22,9 @@
 EXTRA_OECONF += "--runstatedir=/run"
 EXTRA_OECONF:remove = " --disable-static"
 
-EXTRA_USERS_PARAMS = "\
-	useradd -p '' tss; \
-	groupadd tss; \
-	"
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system tss"
+USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
 
 do_install:append() {
     # Remove /run as it is created on startup
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb
similarity index 96%
rename from meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb
rename to meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb
index 818be15..8ad3c76 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb
@@ -18,20 +18,18 @@
     file://run-ptest \
     file://crosscompile_perl_bindings.patch \
     file://0001-Makefile.am-suppress-perllocal.pod.patch \
-    file://0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch \
     file://0001-Makefile-fix-hardcoded-installation-directories.patch \
     file://0001-rc.apparmor.debian-add-missing-functions.patch \
-    file://py3_10_fixup.patch \
     "
 
-SRCREV = "b23de501807b8b5793e9654da8688b5fd3281154"
+SRCREV = "9799fbde997820bb12a49e292356f7a6ce12e972"
 S = "${WORKDIR}/git"
 
 PARALLEL_MAKE = ""
 
 COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*"
 
-inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion
+inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion setuptools3
 
 REQUIRED_DISTRO_FEATURES = "apparmor"
 
diff --git a/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch b/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch
deleted file mode 100644
index e7abd60..0000000
--- a/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 5ed21abbef4d4c2983e70bd2868fb817150e883e Mon Sep 17 00:00:00 2001
-From: Armin Kuster <akuster808@gmail.com>
-Date: Sat, 3 Oct 2020 11:26:46 -0700
-Subject: [PATCH] Revert "profiles: Update 'make check' to select tools based
- on USE_SYSTEM"
-
-This reverts commit 6016f931ebf7b61e1358f19453ef262d9d184a4e.
-
-Upstream-Status: Inappropriate [OE specific]
-These changes cause during packaging with perms changing.
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
----
- profiles/Makefile | 50 ++++++++++-------------------------------------
- 1 file changed, 10 insertions(+), 40 deletions(-)
-
-diff --git a/profiles/Makefile b/profiles/Makefile
-index ba47fc16..5384cb05 100644
---- a/profiles/Makefile
-+++ b/profiles/Makefile
-@@ -35,49 +35,9 @@ EXTRAS_SOURCE=./apparmor/profiles/extras/
- SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print)
- TOPLEVEL_PROFILES=$(filter-out ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*))
- 
--ifdef USE_SYSTEM
--    PYTHONPATH=
--    PARSER?=apparmor_parser
--    LOGPROF?=aa-logprof
--else
--    # PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
--    PYTHON_DIST_BUILD_PATH = ../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
--    LIBAPPARMOR_PATH=../libraries/libapparmor/src/.libs/
--    LD_LIBRARY_PATH=$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH)
--    PYTHONPATH=../utils/:$(PYTHON_DIST_BUILD_PATH)
--    PARSER?=../parser/apparmor_parser
--    # use ../utils logprof
--    LOGPROF?=LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) PYTHONPATH=$(PYTHONPATH) $(PYTHON) ../utils/aa-logprof
--endif
--
- # $(PWD) is wrong when using "make -C profiles" - explicitely set it here to get the right value
- PWD=$(shell pwd)
- 
--.PHONY: test-dependencies
--test-dependencies: __parser __libapparmor
--
--
--.PHONY: __parser __libapparmor
--__parser:
--ifndef USE_SYSTEM
--	@if [ ! -f $(PARSER) ]; then \
--		echo "error: $(PARSER) is missing. Pick one of these possible solutions:" 1>&2; \
--		echo "  1) Test using the in-tree parser by building it first and then trying again. See the top-level README for help." 1>&2; \
--		echo "  2) Test using the system parser by adding USE_SYSTEM=1 to your make command." 1>&2; \
--		exit 1; \
--	fi
--endif
--
--__libapparmor:
--ifndef USE_SYSTEM
--	@if [ ! -f $(LIBAPPARMOR_PATH)libapparmor.so ]; then \
--		echo "error: $(LIBAPPARMOR_PATH)libapparmor.so is missing. Pick one of these possible solutions:" 1>&2; \
--		echo "  1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \
--		echo "  2) Build against the system libapparmor by adding USE_SYSTEM=1 to your make command." 1>&2; \
--		exit 1; \
--	fi
--endif
--
- local:
- 	for profile in ${TOPLEVEL_PROFILES}; do \
- 		fn=$$(basename $$profile); \
-@@ -109,6 +69,16 @@ else
-   Q=
- endif
- 
-+ifndef PARSER
-+# use system parser
-+PARSER=../parser/apparmor_parser
-+endif
-+
-+ifndef LOGPROF
-+# use ../utils logprof
-+LOGPROF=PYTHONPATH=../utils $(PYTHON) ../utils/aa-logprof
-+endif
-+
- .PHONY: docs
- # docs: should we have some here?
- docs:
--- 
-2.17.1
-
diff --git a/meta-security/recipes-mac/AppArmor/files/py3_10_fixup.patch b/meta-security/recipes-mac/AppArmor/files/py3_10_fixup.patch
deleted file mode 100644
index 05f8460..0000000
--- a/meta-security/recipes-mac/AppArmor/files/py3_10_fixup.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-m4/ax_python_devel.m4: do not check for distutils
-
-With py 3.10 this prints a deprecation warning which is
-taken as an error. Upstream should rework the code to not
-use distuils.
-
-Upstream-Status: Inappropriate [needs a proper fix upstream]
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: git/libraries/libapparmor/m4/ac_python_devel.m4
-===================================================================
---- git.orig/libraries/libapparmor/m4/ac_python_devel.m4
-+++ git/libraries/libapparmor/m4/ac_python_devel.m4
-@@ -66,21 +66,6 @@ variable to configure. See ``configure -
-         fi
- 
-         #
--        # Check if you have distutils, else fail
--        #
--        AC_MSG_CHECKING([for the distutils Python package])
--        ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
--        if test -z "$ac_distutils_result"; then
--                AC_MSG_RESULT([yes])
--        else
--                AC_MSG_RESULT([no])
--                AC_MSG_ERROR([cannot import Python module "distutils".
--Please check your Python installation. The error was:
--$ac_distutils_result])
--                PYTHON_VERSION=""
--        fi
--
--        #
-         # Check for Python include path
-         #
-         AC_MSG_CHECKING([for Python include path])
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index f6394cc..4118732 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -6,7 +6,7 @@
 and is easy to configure to read any log file you choose, for any error you choose."
 HOMEPAGE = "http://www.fail2ban.org"
 
-LICENSE = "GPL-2.0"
+LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
 
 SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64"
@@ -15,7 +15,7 @@
         file://run-ptest \
 "
 
-inherit update-rc.d ptest setuptools3
+inherit update-rc.d ptest setuptools3_legacy
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.6.2.bb
similarity index 88%
rename from meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb
rename to meta-security/recipes-security/mfa/python3-privacyidea_3.6.2.bb
index a4ab59d..40f6d15 100644
--- a/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb
+++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.6.2.bb
@@ -2,17 +2,15 @@
 DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications."
 
 HOMEPAGE = "http://www.privacyidea.org/"
-LICENSE = "AGPL-3.0"
+LICENSE = "AGPL-3.0-only"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
 
 PYPI_PACKAGE = "privacyIDEA"
-SRC_URI[sha256sum] = "26aeb0d353af1f212c4df476202516953c20f7f31566cfe0b67cbb553de04763"
+SRC_URI[sha256sum] = "4441282d086331dac0aee336286de8262d9ac8eb11e14b7f9aa69f865caebe17"
 
 inherit pypi setuptools3
 
 do_install:append () {
-    #install ${D}/var/log/privacyidea
-
     rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests
 }
 
@@ -21,11 +19,11 @@
 USERADD_PARAM:${PN} = "--system -g privacyidea -o -r -d /opt/${BPN}  \
     --shell /bin/false privacyidea"
 
-FILES:${PN} += " ${datadir}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"
+FILES:${PN} += " ${prefix}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"
 
 RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils"
 
-RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt"
+RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt"
 RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
 RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
 RDEPENDS:${PN} += "python3-ecdsa  python3-flask python3-flask-babel python3-flask-migrate"