subtree updates

meta-raspberrypi: b6a1645a97..c57b464b88:
  Lluis Campos (1):
        rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE`

meta-openembedded: 2eb39477a7..a755af4fb5:
  Adrian Zaharia (1):
        lapack: add packageconfig for lapacke

  Akash Hadke (1):
        polkit: Add --shell /bin/nologin to polkitd user

  Alex Kiernan (3):
        ntpsec: Add UPSTREAM_CHECK_URI
        libgpiod: Detect ptest using PTEST_ENABLED
        ostree: Cleanup PACKAGECONFIGs

  Anuj Mittal (1):
        yasm: fix buildpaths warning

  Atanas Bunchev (1):
        python3-twitter: Upgrade 4.8.0 -> 4.10.1

  Bartosz Golaszewski (4):
        imagemagick: add PACKAGECONFIG for C++ bindings
        python3-matplotlib: don't use PYTHON_PN
        python3-matplotlib: add packaging to RDEPENDS
        python3-matplotlib: bump to 3.5.2

  Bruce Ashfield (3):
        vboxguestdrivers: fix build against 5.19 kernel / libc-headers
        zfs: update to v2.1.5
        vboxguestdrivers: make kernel shared directory dependency explicit

  Carsten Bäcker (1):
        spdlog: Fix CMake flag

  Changqing Li (3):
        fuse3: support ptest
        redis: fix do_patch fuzz warning
        dlt-daemon: fix dlt-system.service failed since buffer overflow

  Clément Péron (1):
        python: add Pydantic data validation package

  Devendra Tewari (1):
        android-tools: sleep more in android-gadget-start

  Ed Tanous (1):
        Add python-requests-unixsocket recipe

  Enguerrand de Ribaucourt (1):
        mdio-tools: add recipes

  Etienne Cordonnier (1):
        uutils-coreutils: add recipe

  Jagadeesh Krishnanjanappa (4):
        python3-asgiref: add recipe
        python3-django: make 3.2.x as default version
        python3-django: Add python3-asgiref runtime dependency
        python3-django: remove 2.2.x recipe

  Jan Luebbe (2):
        chrony: add support for config and source snippet includes
        gensio: upgrade 2.3.1 -> 2.5.2

  Jan Vermaete (1):
        makeself: added makeself as new recipe

  Jim Broadus (1):
        networkmanager: fix iptables and nft paths

  Jose Quaresma (2):
        wireguard-module: 1.0.20210219 -> 1.0.20220627
        wireguard-tools: Add a new package for wg-quick

  Julian Haller (2):
        pcsc-lite: upgrade 1.9.0 -> 1.9.8
        ccid: upgrade 1.4.33 -> 1.5.0

  Justin Bronder (1):
        lmdb: only set SONAME on the shared library

  Khem Raj (61):
        mariadb: Inherit pkgconfig
        mariadb: Add packageconfig for lz4 and enable it
        ibus: Swith to use main branch instead of master
        kronosnet: Upgrade to 1.24
        ostree: Upgrade to 2022.5 release
        sdbus-c++-libsystemd: Fix build with glibc 2.36
        xfstests: Upgrade to v2022.07.10
        autofs: Fix build with glibc 2.36
        audit: Upgrade to 3.0.8 and fix build with linux 5.17+
        pcp: Add to USERADD_PACKAGES instead of override
        mozjs: Use RUST_HOST_SYS and RUST_TARGET_SYS
        fluentbit: Fix build with clang
        audit: Fix build with musl
        fluentbit: Fix build with musl
        klibc: Upgrade to 2.0.10
        gnome-keyring,cunit,xfce4-panel: Do not inherit remove-libtool class here
        mpd: Update to 0.23.8
        openipmi: Enable largefile cflags
        proftpd: Always enable largefile support
        netperf: Always enable largefile support
        openipmi: Always enable largefile support
        unbound: Always enable largefile support
        sysbench: Always enable largefile support
        libmtp: Always enable largefile support
        toybox: Fix build with glibc 2.36+
        xfstests: Upgrade to 2022.07.31 release
        libmpd: Fix function returns and casts
        audit: Revert the tweak done in configure step in do_install
        mpd: Upgrade to 0.23.9
        fluentbit: Use CMAKE_C_STANDARD_LIBRARIES cmake var to pass libatomic
        fluentbit: Upgrade to 1.9.7 and fix build on x86
        klibc: Fix build with kernel 5.19 headers
        ntpsec: Add -D_GNU_SOURCE and fix building with devtool
        gd: Fix build with clang-15
        cpulimit: Define -D_GNU_SOURCE
        safec: Remove unused variable 'len'
        ncftp: Enable autoreconf
        ncftp: Fix TMPDIR path embedding into ncftpget
        libb64: Switch to github fork and upgrade to 2.0.0.1+git
        dhrystone: Disable warnings as errors with clang
        dibbler: Fix build with musl
        fio: Fix additional warnings seen with musl
        ssmtp: Fix null pointer assignments
        gst-editing-services: Add recipe
        rygel: Upgrade to 0.40.4
        libesmtp: Define _GNU_SOURCE
        python3-grpcio: Enable largefile support explicitly
        libteam: Include missing headers for strrchr and memcmp
        neon: Upgrade to 0.32.2
        satyr: Fix build on musl/clang
        libmusicbrainz: Avoid -Wnonnull warning
        aom: Upgrade to 3.4.0
        vorbis-tools: Fix build on musl
        dvb-apps: Use tarball for SRC_URI and fix build on musl
        python3-netifaces: Fix build with python3 and musl
        python3-pyephem: Fix build with python3 and musl
        samba: Fix warnings in configure tests for rpath checks
        lirc: Fix build on musl
        mongodb: Fix boost build with clang-15
        crda: Fix build with clang-15
        monkey: Fix build with musl

  Lei Maohui (2):
        dnf-plugin-tui: Fix somw issue in postinstall process.
        xrdp: Fix buildpaths warning.

  Leon Anavi (16):
        python3-nocasedict: Upgrade 1.0.3 -> 1.0.4
        python3-frozenlist: Upgrade 1.3.0 -> 1.3.1
        python3-networkx: Upgrade 2.8.4 -> 2.8.5
        python3-pyhamcrest: Upgrade 2.0.3 -> 2.0.4
        python3-aiohue: Upgrade 4.4.2 -> 4.5.0
        python3-pyperf: Upgrade 2.3.0 -> 2.4.1
        python3-eth-abi: Upgrade 3.0.0 -> 3.0.1
        python3-cytoolz: Upgrade 0.11.2 -> 0.12.0
        python3-yarl: Upgrade 1.7.2 -> 1.8.1
        python3-term: Upgrade 2.3 -> 2.4
        python3-coverage: Upgrade 6.4.1 -> 6.4.4
        python3-regex: Upgrade 2022.7.25 -> 2022.8.17
        python3-awesomeversion: Upgrade 22.6.0 -> 22.8.0
        python3-typed-ast: Upgrade 1.5.2 -> 1.5.4
        python3-prompt-toolkit: Upgrade 3.0.24 -> 3.0.30
        python3-prettytable: Upgrade 3.1.1 -> 3.3.0

  Markus Volk (6):
        libass: update to v1.16.0
        spdlog: update to v1.10.0
        waylandpp: add recipe
        wireplumber: update to v0.4.11
        pipewire: update to v0.3.56
        pipewire: improve runtime dependency settings

  Marta Rybczynska (1):
        polkit: update patches for musl compilation

  Matthias Klein (1):
        libftdi: update to 1.5

  Mike Crowe (1):
        yasm: Only depend on xmlto when docs are enabled

  Mike Petersen (1):
        sshpass: add recipe

  Mingli Yu (10):
        net-snmp: set ac_cv_path_PSPROG
        postgresql: Fix the buildpaths issue
        freeradius: Fix buildpaths issue
        openipmi: Fix buildpaths issue
        apache2: Fix the buildpaths issue
        frr: fix buildpaths issue
        nspr: fix buildpaths issue
        liblockfile: fix buildpaths issue
        freediameter: fix buildpaths issue
        postgresql: make sure pam conf installed when pam enabled

  Ovidiu Panait (1):
        net-snmp: upgrade 5.9.1 -> 5.9.3

  Paulo Neves (1):
        fluentbit Upgrade to 1.3.5 -> 1.9.6

  Philip Balister (2):
        python3-pybind11: Update to Version 2.10.0.
        Remove dead link and old information from the README.

  Potin Lai (7):
        libplist: add libplist_git.bb
        libimobiledevice-glue: SRCREV bump bc6c44b..d2ff796
        libimobiledevice: add libimobiledevice_git.bb
        libirecovery: SRCREV bump e190945..ab5b4d8
        libusbmuxd: add libusbmuxd_git.bb
        usbmuxd: add usbmuxd_git.bb
        idevicerestore: SRCREV bump 280575b..7d622d9

  Richard Purdie (1):
        lmdb: Don't inherit base

  Sam Van Den Berge (1):
        python3-jsonrpcserver: add patch to use importlib.resources instead of pkg_resources

  Saul Wold (10):
        libipc-signal-perl: Fix LICENSE string
        libdigest-hmac-perl: Fix LICENSE string
        libio-socket-ssl-perl: Fix LICENSE string
        libdigest-sha1-perl: Fix LICENSE string
        libmime-types-perl: Fix LICENSE string
        libauthen-sasl-perl: Fix LICENSE string
        libnet-ldap-perl: Fix LICENSE string
        libxml-libxml-perl: Fix LICENSE string
        libnet-telnet-perl: Fix LICENSE string
        libproc-waitstat-perl: Fix LICENSE string

  Sean Anderson (2):
        image_types_sparse: Pad source image to block size
        image_types_sparse: Generate "don't care" chunks

  Vyacheslav Yurkov (4):
        protobuf: correct ptest dependency
        protobuf: 3.19.4 -> 3.21.5 upgrade
        protobuf: change build system to cmake
        protobuf: disable protoc binary for target

  Wang Mingyu (60):
        cifs-utils: upgrade 6.15 -> 7.0
        geocode-glib: upgrade 3.26.3 -> 3.26.4
        gjs: upgrade 1.72.1 -> 1.72.2
        htpdate: upgrade 1.3.5 -> 1.3.6
        icewm: upgrade 2.9.8 -> 2.9.9
        ipc-run: upgrade 20200505.0 -> 20220807.0
        iwd: upgrade 1.28 -> 1.29
        ldns: upgrade 1.8.1 -> 1.8.2
        libadwaita: upgrade 1.1.3 -> 1.1.4
        libencode-perl: upgrade 3.18 -> 3.19
        libmime-charset-perl: upgrade 1.012.2 -> 1.013.1
        libtest-warn-perl: upgrade 0.36 -> 0.37
        nano: upgrade 6.3 -> 6.4
        nbdkit: upgrade 1.31.15 -> 1.32.1
        netdata: upgrade 1.35.1 -> 1.36.0
        fio: upgrade 3.30 -> 3.31
        nlohmann-json: upgrade 3.10.5 -> 3.11.2
        poco: upgrade 1.12.1 -> 1.12.2
        postgresql: upgrade 14.4 -> 14.5
        poppler: upgrade 22.07.0 -> 22.08.0
        smarty: upgrade 4.1.1 -> 4.2.0
        tracker: upgrade 3.3.2 -> 3.3.3
        uftp: upgrade 5.0 -> 5.0.1
        xdg-user-dirs: upgrade 0.17 -> 0.18
        python3-pycodestyle: upgrade 2.9.0 -> 2.9.1
        python3-pyzmq: upgrade 23.2.0 -> 23.2.1
        python3-setuptools-declarative-requirements: upgrade 1.2.0 -> 1.3.0
        python3-sqlalchemy: upgrade 1.4.39 -> 1.4.40
        python3-werkzeug: upgrade 2.2.1 -> 2.2.2
        python3-xmlschema: upgrade 2.0.1 -> 2.0.2
        python3-yappi: upgrade 1.3.5 -> 1.3.6
        ade: upgrade 0.1.1f -> 0.1.2
        babl: upgrade 0.1.92 -> 0.1.94
        ctags: upgrade 5.9.20220703.0 -> 5.9.20220821.0
        grilo-plugins: upgrade 0.3.14 -> 0.3.15
        ldns: upgrade 1.8.2 -> 1.8.3
        libcurses-perl: upgrade 1.38 -> 1.41
        mosquitto: upgrade 2.0.14 -> 2.0.15
        nbdkit: upgrade 1.32.1 -> 1.33.1
        netdata: upgrade 1.36.0 -> 1.36.1
        libsdl2-ttf: upgrade 2.20.0 -> 2.20.1
        xfstests: upgrade 2022.07.31 -> 2022.08.07
        php: upgrade 8.1.8 -> 8.1.9
        rdma-core: upgrade 41.0 -> 42.0
        spitools: upgrade 1.0.1 -> 1.0.2
        unbound: upgrade 1.16.1 -> 1.16.2
        zlog: upgrade 1.2.15 -> 1.2.16
        python3-hexbytes: upgrade 0.2.3 -> 0.3.0
        python3-pythonping: upgrade 1.1.2 -> 1.1.3
        python3-jsonrpcserver: Add dependence python3-typing-extensions
        feh: upgrade 3.9 -> 3.9.1
        gnome-bluetooth: upgrade 42.2 -> 42.3
        hunspell: upgrade 1.7.0 -> 1.7.1
        gtk4: upgrade 4.6.6 -> 4.6.7
        logwatch: upgrade 7.6 -> 7.7
        bdwgc: upgrade 8.2.0 -> 8.2.2
        tcpreplay: upgrade 4.4.1 -> 4.4.2
        tree: upgrade 2.0.2 -> 2.0.3
        xfsdump: upgrade 3.1.10 -> 3.1.11
        babl: upgrade 0.1.94 -> 0.1.96

  Wolfgang Meyer (1):
        libsdl2-ttf: upgrade 2.0.18 -> 2.20.0

  Xu Huan (18):
        python3-protobuf: upgrade 4.21.3 -> 4.21.4
        python3-pycodestyle: upgrade 2.8.0 -> 2.9.0
        python3-pyflakes: upgrade 2.4.0 -> 2.5.0
        python3-pythonping: upgrade 1.1.1 -> 1.1.2
        python3-regex: upgrade 2022.7.24 -> 2022.7.25
        python3-werkzeug: upgrade 2.2.0 -> 2.2.1
        python3-google-auth: upgrade 2.9.1 -> 2.10.0
        python3-humanize: upgrade 4.2.3 -> 4.3.0
        python3-hexbytes: upgrade 0.2.2 -> 0.2.3
        python3-imageio: upgrade 2.21.0 -> 2.21.1
        python3-nocaselist: upgrade 1.0.5 -> 1.0.6
        python3-protobuf: upgrade 4.21.4 -> 4.21.5
        python3-pycares: upgrade 4.2.1 -> 4.2.2
        python3-fastjsonschema: upgrade 2.16.1 -> 2.16.2
        python3-google-api-python-client: upgrade 2.56.0 -> 2.57.0
        python3-google-auth: upgrade 2.10.0 -> 2.11.0
        python3-grpcio-tools: upgrade 1.47.0 -> 1.48.0
        python3-grpcio: upgrade 1.47.0 -> 1.48.0

  Yi Zhao (5):
        strongswan: upgrade 5.9.6 -> 5.9.7
        libldb: upgrade 2.3.3 -> 2.3.4
        samba: upgrade 4.14.13 -> 4.14.14
        python3-jsonrpcserver: upgrade 5.0.7 -> 5.0.8
        samba: fix buildpaths issue

  wangmy (16):
        gedit: upgrade 42.1 -> 42.2
        libwacom: upgrade 2.3.0 -> 2.4.0
        htpdate: upgrade 1.3.4 -> 1.3.5
        nbdkit: upgrade 1.31.14 -> 1.31.15
        pure-ftpd: upgrade 1.0.50 -> 1.0.51
        avro-c: upgrade 1.11.0 -> 1.11.1
        debootstrap: upgrade 1.0.126 -> 1.0.127
        freerdp: upgrade 2.7.0 -> 2.8.0
        icewm: upgrade 2.9.7 -> 2.9.8
        libmxml: upgrade 3.3 -> 3.3.1
        poco: upgrade 1.12.0 -> 1.12.1
        xfontsel: upgrade 1.0.6 -> 1.1.0
        xmessage: upgrade 1.0.5 -> 1.0.6
        xrefresh: upgrade 1.0.6 -> 1.0.7
        zabbix: upgrade 6.0.5 -> 6.2.1
        xrdp: upgrade 0.9.18 -> 0.9.19

  zhengrq.fnst (4):
        python3-asttokens: upgrade 2.0.7 -> 2.0.8
        python3-charset-normalizer: upgrade 2.1.0 -> 2.1.1
        python3-eth-account: 0.6.1 -> 0.7.0
        python3-cantools: upgrade 37.1.0 -> 37.1.2

  zhengruoqin (12):
        python3-dominate: upgrade 2.6.0 -> 2.7.0
        python3-flask-login: upgrade 0.6.1 -> 0.6.2
        python3-google-api-python-client: upgrade 2.54.0 -> 2.55.0
        python3-haversine: upgrade 2.5.1 -> 2.6.0
        python3-imageio: upgrade 2.19.5 -> 2.21.0
        python3-autobahn: upgrade 22.6.1 -> 22.7.1
        python3-engineio: upgrade 4.3.3 -> 4.3.4
        python3-flask: upgrade 2.1.3 -> 2.2.2
        python3-gcovr: upgrade 5.1 -> 5.2
        python3-google-api-python-client: upgrade 2.55.0 -> 2.56.0
        python3-asttokens: upgrade 2.0.5 -> 2.0.7
        python3-zeroconf: upgrade 0.38.7 -> 0.39.0

meta-security: 2a2d650ee0..10fdc2b13a:
  Anton Antonov (2):
        Use CARGO_TARGET_SUBDIR in do_install
        parsec-service: Update oeqa tests

  Armin Kuster (8):
        python3-privacyidea: update to 3.7.3
        lkrg-module: update to 0.9.5
        apparmor: update to 3.0.6
        packagegroup-core-security: add space for appends
        cryptmount: Add new pkg
        packagegroup-core-security: add pkg to grp
        cyptmount: Fix mount.h conflicts seen with glibc 2.36+
        kas: update testimage inherit

  John Edward Broadbent (1):
        meta-security: Add recipe for Glome

  Mingli Yu (1):
        samhain-standalone: fix buildpaths issue

poky: fc59c28724..9b1db65e7d:
  Alejandro Hernandez Samaniego (1):
        baremetal-image.bbclass: Emulate image.bbclass to handle new classes scope

  Alex Stewart (1):
        maintainers: update opkg maintainer

  Alexander Kanavin (113):
        kmscube: address linux 5.19 fails
        rpm: update 4.17.0 -> 4.17.1
        go: update 1.18.4 -> 1.19
        bluez5: update 5.64 -> 5.65
        python3-pip: update 22.2.1 -> 22.2.2
        ffmpeg: update 5.0.1 -> 5.1
        iproute2: upgrade 5.18.0 -> 5.19.0
        harfbuzz: upgrade 4.4.1 -> 5.1.0
        libwpe: upgrade 1.12.0 -> 1.12.2
        bind: upgrade 9.18.4 -> 9.18.5
        diffoscope: upgrade 218 -> 220
        ell: upgrade 0.51 -> 0.52
        gnutls: upgrade 3.7.6 -> 3.7.7
        iso-codes: upgrade 4.10.0 -> 4.11.0
        kea: upgrade 2.0.2 -> 2.2.0
        kexec-tools: upgrade 2.0.24 -> 2.0.25
        libcap: upgrade 2.64 -> 2.65
        libevdev: upgrade 1.12.1 -> 1.13.0
        libnotify: upgrade 0.8.0 -> 0.8.1
        libwebp: upgrade 1.2.2 -> 1.2.3
        libxcvt: upgrade 0.1.1 -> 0.1.2
        mesa: upgrade 22.1.3 -> 22.1.5
        mobile-broadband-provider-info: upgrade 20220511 -> 20220725
        nettle: upgrade 3.8 -> 3.8.1
        piglit: upgrade to latest revision
        puzzles: upgrade to latest revision
        python3: upgrade 3.10.5 -> 3.10.6
        python3-dtschema: upgrade 2022.7 -> 2022.8
        python3-hypothesis: upgrade 6.50.1 -> 6.54.1
        python3-jsonschema: upgrade 4.9.0 -> 4.9.1
        python3-markdown: upgrade 3.3.7 -> 3.4.1
        python3-setuptools: upgrade 63.3.0 -> 63.4.1
        python3-sphinx: upgrade 5.0.2 -> 5.1.1
        python3-urllib3: upgrade 1.26.10 -> 1.26.11
        sqlite3: upgrade 3.39.1 -> 3.39.2
        sysklogd: upgrade 2.4.0 -> 2.4.2
        webkitgtk: upgrade 2.36.4 -> 2.36.5
        kernel-dev: working with kernel using devtool does not require building and installing eSDK
        sdk-manual: describe how to use extensible SDK functionality directly in a Yocto build
        dropbear: merge .inc into .bb
        rust: update 1.62.0 -> 1.62.1
        cmake: update 3.23.2 -> 3.24.0
        weston: upgrade 10.0.1 -> 10.0.2
        patchelf: update 0.14.5 -> 0.15.0
        patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
        weston: exclude pre-releases from version check
        tzdata: upgrade 2022a -> 2022b
        libcgroup: update 2.0.2 -> 3.0.0
        python3-setuptools-rust: update 1.4.1 -> 1.5.1
        shadow: update 4.11.1 -> 4.12.1
        slang: update 2.3.2 -> 2.3.3
        xz: update 5.2.5 -> 5.2.6
        gdk-pixbuf: update 2.42.8 -> 2.42.9
        xorgproto: update 2022.1 -> 2022.2
        boost-build-native: update 4.4.1 -> 1.80.0
        boost: update 1.79.0 -> 1.80.0
        vulkan-samples: update to latest revision
        epiphany: upgrade 42.3 -> 42.4
        git: upgrade 2.37.1 -> 2.37.2
        glib-networking: upgrade 2.72.1 -> 2.72.2
        gnu-efi: upgrade 3.0.14 -> 3.0.15
        gpgme: upgrade 1.17.1 -> 1.18.0
        libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
        libwebp: upgrade 1.2.3 -> 1.2.4
        lighttpd: upgrade 1.4.65 -> 1.4.66
        mesa: upgrade 22.1.5 -> 22.1.6
        meson: upgrade 0.63.0 -> 0.63.1
        mpg123: upgrade 1.30.1 -> 1.30.2
        pango: upgrade 1.50.8 -> 1.50.9
        piglit: upgrade to latest revision
        pkgconf: upgrade 1.8.0 -> 1.9.2
        python3-dtschema: upgrade 2022.8 -> 2022.8.1
        python3-more-itertools: upgrade 8.13.0 -> 8.14.0
        python3-numpy: upgrade 1.23.1 -> 1.23.2
        python3-pbr: upgrade 5.9.0 -> 5.10.0
        python3-pyelftools: upgrade 0.28 -> 0.29
        python3-pytz: upgrade 2022.1 -> 2022.2.1
        strace: upgrade 5.18 -> 5.19
        sysklogd: upgrade 2.4.2 -> 2.4.4
        wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
        wpebackend-fdo: upgrade 1.12.0 -> 1.12.1
        python3-hatchling: update 1.6.0 -> 1.8.0
        python3-setuptools: update 63.4.1 -> 65.0.2
        devtool: do not leave behind source trees in workspace/sources
        systemtap: add a patch to address a python 3.11 failure
        bitbake: bitbake-layers: initialize tinfoil before registering command line arguments
        scripts/oe-setup-builddir: add a check that TEMPLATECONF is valid
        bitbake-layers: add a command to save the active build configuration as a template into a layer
        bitbake-layers: add ability to save current layer repository configuration into a file
        scripts/oe-setup-layers: add a script that restores the layer configuration from a json file
        selftest/bblayers: add a test for creating a layer setup and using it to restore the layers
        selftest/bblayers: adjust the revision for the layer setup test
        perl: run builds from a pristine source tree
        meta-poky/conf: move default templates to conf/templates/default/
        syslinux: mark all pending patches as Inactive-Upstream
        shadow: correct the pam patch status
        mtd-utils: remove patch that adds -I option
        gstreamer1.0-plugins-bad: remove an unneeded patch
        ghostscript: remove unneeded patch
        ovmf: drop the force no-stack-protector patch
        python: submit CC to cc_basename patch upstream
        mc: submit perl warnings patch upstream
        sysvinit: send install.patch upstream
        valgrind: (re)send ppc instructions patch upstream
        gdk-pixbuf: submit fatal-loader.patch upstream
        libsdl2: follow upstream version is even rule
        python3-pip: submit reproducible.patch upstream
        python3-pip: remove unneeded reproducible.patch
        llvm: remove 0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch
        scripts/oe-setup-builddir: migrate build/conf/templateconf.cfg to new template locations
        meta/files/layers.schema.json: drop the layers property
        scripts/oe-setup-builddir: write to conf/templateconf.cfg after the build is set up
        scripts/oe-setup-builddir: make environment variable the highest priority source for TEMPLATECONF

  Alexandre Belloni (1):
        ruby: drop capstone support

  Andrei Gherzan (7):
        shadow: Enable subid support
        rootfspostcommands.py: Restructure sort_passwd and related functions
        rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils
        selftest: Add module for testing rootfs postcommands
        rootfs-postcommands.bbclass: Follow function rename in rootfspostcommands.py
        shadow: Avoid nss warning/error with musl
        linux-yocto: Fix COMPATIBLE_MACHINE regex match

  Andrey Konovalov (2):
        mesa: add pipe-loader's libraries to libopencl-mesa package
        mesa: build clover with native LLVM codegen support for freedreno

  Anuj Mittal (1):
        poky.conf: add ubuntu-22.04 to tested distros

  Armin Kuster (1):
        system-requirements.rst: remove EOL and Centos7 hosts

  Aryaman Gupta (1):
        bitbake: runqueue: add memory pressure regulation

  Awais Belal (1):
        kernel-fitimage.bbclass: only package unique DTBs

  Beniamin Sandu (1):
        libpam: use /run instead of /var/run in systemd tmpfiles

  Bertrand Marquis (1):
        sysvinit-inittab/start_getty: Fix respawn too fast

  Bruce Ashfield (22):
        linux-yocto/5.15: update to v5.15.58
        linux-yocto/5.10: update to v5.10.134
        linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
        linux-libc-headers: update to v5.19
        kernel-devsrc: support arm v5.19+ on target build
        kernel-devsrc: support powerpc on v5.19+
        lttng-modules: fix build against mips and v5.19 kernel
        linux-yocto: introduce v5.19 reference kernel recipes
        meta/conf: update preferred linux-yocto version to v5.19
        linux-yocto: drop v5.10 reference kernel recipes
        linux-yocto/5.15: update to v5.15.59
        linux-yocto/5.15: fix reproducibility issues
        linux-yocto/5.19: cfg: update x32 configuration fragment
        linux-yocto/5.19: fix reproducibility issues
        poky: update preferred version to v5.19
        poky: change preferred kernel version to 5.15 in poky-alt
        yocto-bsp: drop v5.10 bbappend and create 5.19 placeholder
        lttng-modules: replace mips compaction fix with upstream change
        linux-yocto/5.15: update to v5.15.60
        linux-yocto/5.19: update to v5.19.1
        linux-yocto/5.19: update to v5.19.3
        linux-yocto/5.15: update to v5.15.62

  Changqing Li (1):
        apt: fix nativesdk-apt build failure during the second time build

  Chen Qi (2):
        python3-hypothesis: revert back to 6.46.11
        python3-requests: add python3-compression dependency

  Drew Moseley (1):
        rng-tools: Replace obsolete "wants systemd-udev-settle"

  Enrico Scholz (2):
        npm.bbclass: fix typo in 'fund' config option
        npm.bbclass: fix architecture mapping

  Ernst Sjöstrand (1):
        cve-check: Don't use f-strings

  Jacob Kroon (1):
        python3-cython: Remove debug lines

  Jan Luebbe (2):
        openssh: sync local ssh_config + sshd_config files with upstream 8.7p1
        openssh: add support for config snippet includes to ssh and sshd

  JeongBong Seo (1):
        wic: add 'none' fstype for custom image

  Johannes Schneider (1):
        classes: rootfs-postcommands: autologin root on serial-getty

  Jon Mason (2):
        oeqa/parselogs: add qemuarmv5 arm-charlcd masking
        ref-manual: add numa to machine features

  Jose Quaresma (4):
        bitbake: build: prefix the tasks with a timestamp in the log task_order
        archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
        linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
        shaderc: upgrade 2022.1 -> 2022.2

  Joshua Watt (4):
        bitbake: siggen: Fix insufficent entropy in sigtask file names
        bitbake: utils: Pass lock argument in fileslocked
        classes: cve-check: Get shared database lock
        meta/files: add layer setup JSON schema and example

  Kai Kang (1):
        packagegroup-self-hosted: update for strace

  Kevin Hao (1):
        uboot-config.bbclass: Don't bail out early in multi configs

  Khem Raj (83):
        qemu: Fix build with glibc 2.36
        mtd-utils: Fix build with glibc 2.36
        stress-ng: Upgrade to 0.14.03
        bootchart2: Fix build with glibc 2.36+
        ltp: Fix sys/mount.h conflicts needed for glibc 2.36+ compile
        efivar: Fix build with glibc 2.36
        cracklib: Drop using register keyword
        util-linux: Define pidfd_* function signatures
        util-linux: Upgrade to 2.38.1
        tcp-wrappers: Fix implicit-function-declaration warnings
        perl-cross: Correct function signatures in configure_func.sh
        perl: Pass additional flags to enable lfs and gnu source
        sysvinit: Fix mount.h conflicts seen with glibc 2.36+
        glibc: Bump to 2.36
        glibc: Update patch status
        zip: Enable largefile support based on distro feature
        zip: Make configure checks to be more robust
        unzip: Fix configure tests to use modern C
        unzip: Enable largefile support when enabled in distro
        iproute2: Fix netns check during configure
        glibc: Bump to latest 2.36 branch
        gstreamer1.0-plugins-base: Include required system headers for isspace() and sscanf()
        musl: Upgrade to latest tip of trunk
        zip: Always enable LARGE_FILE_SUPPORT
        libmicrohttpd: Enable largefile support unconditionally
        unzip: Always enable largefile support
        default-distrovars: Remove largefile from defualt DISTRO_FEATURES
        zlib: Resolve CVE-2022-37434
        json-c: Fix function prototypes
        rsync: Backport fix to address CVE-2022-29154
        rsync: Upgrade to 3.2.5
        libtirpc: Backport fix for CVE-2021-46828
        libxml2: Ignore CVE-2016-3709
        tiff: Backport a patch for CVE-2022-34526
        libtirpc: Upgrade to 1.3.3
        perf: Add packageconfig for libbfd support and use disabled as default
        connman: Backports for security fixes
        systemd: Upgrade to 251.4 and fix build with binutils 2.39
        time: Add missing include for memset
        screen: Add missing include files in configure checks
        setserial: Fix build with clang
        expect: Fix implicit-function-declaration warnings
        spirv-tools: Remove default copy constructor in header
        boost: Compile out stdlib unary/binary_functions for c++11 and newer
        vulkan-samples: Qualify move as std::move
        apt: Do not use std::binary_function
        ltp: Fix sys/mount.h and linux/mount.h conflict
        rpm: Remove -Wimplicit-function-declaration warnings
        binutils: Upgrade to 2.39 release
        binutils-cross: Disable gprofng for when building cross binutils
        binutils: Package up gprofng
        binutils: Disable gprofng when using clang
        binutils-cross-canadian: Package up new gprofng.rc file
        autoconf: Fix strict prototype errors in generated tests
        rsync: Add missing prototypes to function declarations
        nfs-utils: Upgrade to 2.6.2
        webkitgtk: Upgrade to 2.36.6 minor update
        musl: Update to tip
        binutils: Disable gprofng on musl systems
        binutils: Upgrade to latest on 2.39 release branch
        cargo_common.bbclass: Add missing space in shell conditional code
        rng-tools: Remove depndencies on hwrng
        ccache: Update the patch status
        ccache: Fix build with gcc12 on musl
        alsa-plugins: Include missing string.h
        xinetd: Pass missing -D_GNU_SOURCE
        watchdog: Include needed system header for function decls
        libcgroup: Use GNU strerror_r only when its available
        pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
        apr: Use correct strerror_r implementation based on libc type
        gcr: Define _GNU_SOURCE
        ltp: Adjust types to match create_fifo_thread return
        gcc: Upgrade to 12.2.0
        glibc: Update to latest on 2.36
        ltp: Remove -mfpmath=sse on x86-64 too
        apr: Cache configure tests which use AC_TRY_RUN
        rust: Fix build failure on riscv32
        ncurses: Fix configure tests for exit and mbstate_t
        rust-llvm: Update to matching LLVM_VERSION from rust-source
        librepo: Fix build on musl
        rsync: Turn on -pedantic-errors at the end of 'configure'
        ccache: Upgrade to 4.6.2
        xmlto: Update to use upstream tip of trunk

  Konrad Weihmann (1):
        python3: disable user site-pkg for native target

  Lee Chee Yang (1):
        migration guides: add release notes for 4.0.3

  Luca Ceresoli (1):
        libmnl: remove unneeded SRC_URI 'name' option

  Markus Volk (2):
        connman: add PACKAGECONFIG to support iwd
        packagegroup-base.bb: add a configure option to set the wireless-daemon

  Martin Jansa (5):
        glibc: revert one upstream change to work around broken DEBUG_BUILD build
        syslinux: Fix build with glibc-2.36
        syslinux: refresh patches with devtool
        glibc: fix new upstream build issue with DEBUG_BUILD build
        glibc: apply proposed patch from upstream instead of revert

  Mateusz Marciniec (2):
        util-linux: Remove --enable-raw from EXTRA_OECONF
        util-linux: Improve check for magic in configure.ac

  Michael Halstead (1):
        uninative: Upgrade to 3.7 to work with glibc 2.36

  Michael Opdenacker (1):
        dev-manual: use proper note directive

  Mingli Yu (1):
        bitbake: fetch: use BPN instead

  Neil Horman (1):
        bitbake: Fix npm to use https rather than http

  Paul Eggleton (1):
        relocate_sdk.py: ensure interpreter size error causes relocation to fail

  Pavel Zhukov (6):
        package_rpm: Do not replace square brackets in %files
        selftest: Add regression test for rpm filesnames
        parselogs: Ignore xf86OpenConsole error
        bitbake: gitsm: Error out if submodule refers to parent repo
        bitbake: tests: Add Timeout class
        bitbake: tests: Add test for possible gitsm deadlock

  Peter Bergin (3):
        rust-cross-canadian: rename shell variables for easier appends
        packagegroup-rust-cross-canadian: add native compiler environment
        oeqa/sdk: extend rust test to also use a build script

  Peter Marko (1):
        create-spdx: handle links to inaccessible locations

  Quentin Schulz (3):
        docs: conf.py: update yocto_git base URL
        docs: README: add TeX font package required for building PDF
        docs: ref-manual: system-requirements: add missing packages

  Randy MacLeod (1):
        rust: update from 1.62.1 to 1.63.0

  Rasmus Villemoes (1):
        bitbake.conf: set BB_DEFAULT_UMASK using ??=

  Richard Purdie (85):
        oeqa/selftest/sstate: Ensure tests are deterministic
        nativesdk: Clear TUNE_FEATURES
        populate_sdk_base: Disable rust SDK for MIPS n32
        selftest/reproducible: Exclude rust/rust-dbg for now until we can fix
        conf/distro/no-static-libs: Allow static musl for rust
        rust-target-config: Add mips n32 target information
        rust-common: Add CXXFLAGS
        rust-common: Drop export directive from wrappers
        rust-common: Rework wrappers to handle musl
        rust: Work around reproducibility issues
        rust: Switch to use RUST_XXX_SYS consistently
        rust.inc: Rename variables to make code clearer
        rust.inc: Fix cross build llvm-config handling
        rust/mesa: Drop obsolete YOCTO_ALTERNATE_MULTILIB_NAME
        rust-target-config: Show clear error when target isn't defined
        rust: Generate per recipe target configuration files
        rust-common/rust: Improve bootstrap BUILD_SYS handling
        cargo_common: Handle build SYS as well as HOST/TARGET
        rust-llvm: Enable nativesdk variant
        rust.inc: Fix for cross compilation configuration
        rust-common: Update to match cross targets
        rust-target-config: Make target workaround generic
        rust-common: Simplify libc handling
        cargo: Drop cross-canadian variant and fix/use nativesdk
        rust-common: Set rustlibdir to match target expectation
        rust-cross-canadian: Simplify and fix
        rust: Drop cross/crosssdk
        rust: Enable nativesdk and target builds + replace rust-tools-cross-canadian
        rust: Fix musl builds
        rust: Ensure buildpaths are handled in debug symbols correctly
        rust: Update README
        selftest/wic: Tweak test case to not depend on kernel size
        bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
        bitbake: runqueue: Improve deadlock warning messages
        bitbake: runqueue: Drop deadlock breaking force fail
        rust-common: Remove conflict with utils create_wrapper
        kern-devsrc: Drop auto.conf creation
        cargo: Work around host system library conflicts
        rust-cross-canadian: Use shell from SDK, not the host
        buildhistory: Only use image-artifact-names as an image class
        rust: Remove unneeded RUST_TARGETGENS settings
        meta-skeleton/hello-mod: Switch to SPDX-License-Identifier
        perf: Fix reproducibility issues with 5.19 onwards
        selftest/runtime_test/incompatible_lic: Use IMAGE_CLASSES for testimage
        testexport: Fix to work as an image class
        testexport: Use IMAGE_CLASSES for testimage
        selftest/runtime_test: Use testexport in IMAGE_CLASSES, not globally
        bitbake: BBHandler: Allow earlier exit for classes not found
        bitbake: BBHandler: Make inherit calls more directly
        bitbake: bitbake: Add copyright headers where missing
        bitbake: BBHandler/cooker: Implement recipe and global classes
        classes: Add copyright statements to files without one
        scripts: Add copyright statements to files without one
        classes: Add SPDX license identifiers
        lib: Add copyright statements to files without one
        insane: Update to allow for class layout changes
        classes: Update classes to match new bitbake class scope functionality
        recipetool: Update for class changes
        package: Switch debug source handling to use prefix map
        libgcc/gcc-runtime: Improve source reference handling
        bitbake.conf: Handle S and B separately for debug mapping
        python3-cython: Update code to match debug path changes
        gcc-cross: Fix relative links
        gcc: Resolve relative prefix-map filenames
        gcc: Add a patch to avoid hardcoded paths in libgcc on powerpc
        gcc: Update patch status to submitted for two patches
        valgrind: Disable drd/tests/std_thread2 ptest
        valgrind: Update to match debug file layout changes
        skeleton/service: Ensure debug path handling works as intended
        distrooverrides: Move back to classes whilst it's usage is clarified
        vim: Upgrade 9.0.0115 -> 9.0.0242
        icu: Drop binconfig support (icu-config)
        libtirpc: Mark CVE-2021-46828 as resolved
        bitbake: runqueue: Change pressure file warning to a note
        rust-target-config: Drop has-elf-tls option
        llvm: Add llvm-config wrapper to improve flags handling
        mesa: Rework llvm handling
        rust-target-config: Fix qemuppc target cpu option
        rust: Fix crossbeam-utils for arches without atomics
        pseudo: Update to include recent upstream minor fixes
        bitbake: Revert "fetch: use BPN instead"
        vim: Upgrade 9.0.0242 -> 9.0.0341
        gcc-multilib-config: Fix i686 toolchain relocation issues
        kernel: Always set CC and LD for the kernel build
        kernel: Use consistent make flags for menuconfig

  Robert Joslyn (1):
        curl: Update to 7.85.0

  Ross Burton (9):
        oeqa/qemurunner: add run_serial() comment
        oeqa/commands: add support for running cross tools to runCmd
        oeqa/selftest: rewrite gdbserver test
        libxml2: wrap xmllint to use the correct XML catalogues
        oeqa/selftest: add test for debuginfod
        libgcrypt: remove obsolete pkgconfig install
        libgcrypt: remove obsolete patch
        libgcrypt: rewrite ptest
        cve-check: close cursors as soon as possible

  Sakib Sajal (2):
        qemu: fix CVE-2021-3507
        qemu: fix CVE-2022-0216

  Shubham Kulkarni (1):
        sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct

  Simone Weiss (1):
        json-c: Add ptest for json-c

  Sundeep KOKKONDA (1):
        glibc : stable 2.35 branch updates

  Thomas Roos (1):
        oeqa devtool: Add tests to cover devtool handling of various git URL styles

  Tom Hochstein (1):
        piglit: Add PACKAGECONFIG for glx and opencl

  Tom Rini (1):
        qemux86-64: Allow higher tunes

  Ulrich Ölmann (1):
        scripts/runqemu.README: fix typos and trailing whitespaces

  William A. Kennington III (1):
        image_types: Set SOURCE_DATE_EPOCH for squashfs

  Yang Xu (1):
        insane.bbclass: Skip patches not in oe-core by full path

  Yogesh Tyagi (1):
        gdbserver : add selftest

  Yongxin Liu (1):
        grub2: fix several CVEs

  wangmy (19):
        msmtp: upgrade 1.8.20 -> 1.8.22
        bind: upgrade 9.18.5 -> 9.18.6
        btrfs-tools: upgrade 5.18.1 -> 5.19
        libdnf: upgrade 0.67.0 -> 0.68.0
        librepo: upgrade 1.14.3 -> 1.14.4
        pkgconf: upgrade 1.9.2 -> 1.9.3
        python3-pygments: upgrade 2.12.0 -> 2.13.0
        ethtool: upgrade 5.18 -> 5.19
        librsvg: upgrade 2.54.4 -> 2.54.5
        libtasn1: upgrade 4.18.0 -> 4.19.0
        liburcu: upgrade 0.13.1 -> 0.13.2
        libwpe: upgrade 1.12.2 -> 1.12.3
        lttng-tools: upgrade 2.13.7 -> 2.13.8
        lttng-ust: upgrade 2.13.3 -> 2.13.4
        libatomic-ops: upgrade 7.6.12 -> 7.6.14
        lz4: upgrade 1.9.3 -> 1.9.4
        python3-hatchling: upgrade 1.8.0 -> 1.8.1
        python3-urllib3: upgrade 1.26.11 -> 1.26.12
        repo: upgrade 2.28 -> 2.29.1

meta-arm: 20a629180c..52f07a4b0b:
  Anton Antonov (11):
        arm/optee-os: backport RWX permission error patch
        work around for too few arguments to function init_disassemble_info() error
        arm/optee-os: backport linker warning patches
        arm/tf-a-tests: work around RWX permission error on segment
        Recipes for Trusted Services dependencies.
        Recipes for Trusted Services Secure Partitions
        ARM-FFA kernel drivers and kernel configs for Trusted Services
        Trusted Services test/demo NWd tools
        psa-api-tests for Trusted Services
        Include Trusted Services SPs into optee-os image
        Define qemuarm64-secureboot-ts CI pipeline and include it into meta-arm

  Gowtham Suresh Kumar (2):
        arm-bsp/secure-partitions: fix SMM gateway bug for EFI GetVariable()
        arm-bsp/u-boot: drop EFI GetVariable() workarounds patches

  Jon Mason (11):
        arm-bsp/fvp-base-arm32: Update kernel patch for v5.19
        arm/qemuarm64-secureboot: remove tfa memory patch
        arm/linux-yocto: remove optee num pages kernel config variable
        arm-bsp/juno: drop scmi patch
        arm/qemuarm-secureboot: remove vmalloc from QB_KERNEL_CMDLINE_APPEND
        arm/fvp: use image-artifact-names as an image class
        atp/atp: drop package inherits
        arm/optee: Update to 3.18
        arm-bsp/fvp-base: set preferred kernel to 5.15
        arm/arm-bsp: Add yocto-kernel-cache bluetooth support
        arm-bsp/corstone1000: use compressed kernel image

  Khem Raj (2):
        gator-daemon: Define _GNU_SOURCE feature test macro
        optee-os: Add section attribute parameters when clang is used

  Peter Hoyes (3):
        docs: Update FVP_CONSOLES in runfvp documentation
        docs: Introduce meta-arm OEQA documentation
        arm/oeqa: Make linuxboot test case timeout configurable

  Richard Purdie (1):
        gem5/gem5-m5ops: Drop uneeded package inherit

  Ross Burton (2):
        arm/trusted-firmware-a: remove redundant patches
        arm/trusted-firmware-a: work around RWX permission error on segment

  Rui Miguel Silva (2):
        arm-bsp:corstone500: rebase u-boot patches on v2022.07
        arm-bsp/corstone1000: rebase u-boot patches on top v2022.07

  Vishnu Banavath (3):
        arm-bsp/trusted-firmware-a: Bump TF-A version for N1SDP
        arm-bsp/optee: add optee-os support for N1SDP target
        arm/optee: update optee-client to v3.18

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I90aa0a94410dd208163af126566d22c77787abc2
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.3.bb
similarity index 95%
rename from meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb
rename to meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.3.bb
index c1e3108..97fa8f9 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.3.bb
@@ -6,7 +6,7 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
 
 PYPI_PACKAGE = "privacyIDEA"
-SRC_URI[sha256sum] = "17cbfdf0212eec94ffb10b3046093cf25af71b41413b6361668685333c5a35a7"
+SRC_URI[sha256sum] = "7b5725d1af004fe3f68d16c2b14be5a3d61c4d265d18cb7d50a9013da0df42d2"
 
 inherit pypi setuptools3
 
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
index 3bf46db..a594fd7 100644
--- a/meta-security/kas/kas-security-base.yml
+++ b/meta-security/kas/kas-security-base.yml
@@ -39,8 +39,7 @@
     BB_SIGNATURE_HANDLER = "OEEquivHash"
     INHERIT += "buildstats buildstats-summary buildhistory"
     INHERIT += "report-error"
-    INHERIT += "testimage"
-    INHERIT += "rm_work"
+    IMAGE_CLASSES += "testimage"
     BB_NUMBER_THREADS="24"
     BB_NUMBER_PARSE_THREADS="12"
     BB_TASK_NICE_LEVEL = '5'
diff --git a/meta-security/meta-parsec/README.md b/meta-security/meta-parsec/README.md
index f720cd2..99935bc 100644
--- a/meta-security/meta-parsec/README.md
+++ b/meta-security/meta-parsec/README.md
@@ -99,6 +99,7 @@
 - all providers pre-configured in the Parsec config file included in the image.
 - PKCS11 and TPM providers with software backends if softhsm and
   swtpm packages included in the image.
+- TS Provider if Parsec is built with it included.
 
 Meta-parsec also contains a recipe for `security-parsec-image` image with Parsec,
 softhsm and swtpm included.
@@ -214,7 +215,7 @@
   The IBM Software TPM service can be used for manual testing of the provider by
 including it into your test image:
 
-    IMAGE_INSTALL:append = " ibmswtpm2 tpm2-tools libtss2 libtss2-tcti-mssim"
+    IMAGE_INSTALL:append = " swtpm tpm2-tools libtss2 libtss2-tcti-mssim"
 
 Inside the running VM:
 - Stop Parsec
diff --git a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
index 11e5572..6be84ba 100644
--- a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
+++ b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
@@ -12,12 +12,8 @@
 class ParsecTest(OERuntimeTestCase):
     @classmethod
     def setUpClass(cls):
-        cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
         cls.toml_file = '/etc/parsec/config.toml'
-
-    @classmethod
-    def tearDownClass(cls):
-        cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
+        cls.tc.target.run('cp -p %s %s-original' % (cls.toml_file, cls.toml_file))
 
     def setUp(self):
         super(ParsecTest, self).setUp()
@@ -40,6 +36,11 @@
         status, output = self.target.run('cat %s-%s >>%s' % (self.toml_file, provider, self.toml_file))
         os.remove(tmp_path)
 
+    def restore_parsec_config(self):
+        """ Restore original Parsec config """
+        self.target.run('cp -p %s-original %s' % (self.toml_file, self.toml_file))
+        self.target.run(self.parsec_reload)
+
     def check_parsec_providers(self, provider=None, prov_id=None):
         """ Get Parsec providers list and check for one if defined """
 
@@ -58,6 +59,23 @@
         status, output = self.target.run('parsec-cli-tests.sh %s' % ("-%d" % prov_id if prov_id else ""))
         self.assertEqual(status, 0, msg='Parsec CLI tests failed.\n %s' % output)
 
+    def check_packageconfig(self, prov):
+        """ Check that the require provider is included in Parsec """
+        if prov not in self.tc.td['PACKAGECONFIG:pn-parsec-service']:
+            self.skipTest('%s provider is not included in Parsec. Parsec PACKAGECONFIG: "%s"' % \
+                          (prov, self.tc.td['PACKAGECONFIG:pn-parsec-service']))
+
+    def check_packages(self, prov, packages):
+        """ Check for the required packages for Parsec providers software backends """
+        if isinstance(packages, str):
+            need_pkgs = set([packages,])
+        else:
+            need_pkgs = set(packages)
+
+        if not self.tc.image_packages.issuperset(need_pkgs):
+            self.skipTest('%s provider is not configured and packages "%s" are not included into the image' % \
+                          (prov, need_pkgs))
+
     @OEHasPackage(['parsec-service'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_all_providers(self):
@@ -84,7 +102,9 @@
                 'mkdir /tmp/myvtpm',
                 'swtpm socket -d --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
                 'tpm2_startup -c -T "swtpm:port=2321"',
+                'chown -R parsec /tmp/myvtpm',
                 self.parsec_reload,
+                'sleep 5',
                ]
 
         for cmd in cmds:
@@ -92,16 +112,30 @@
             self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
 
     @OEHasPackage(['parsec-service'])
-    @OEHasPackage(['swtpm'])
     @skipIfNotFeature('tpm2','Test parsec_tpm_provider requires tpm2 to be in DISTRO_FEATURES')
-    @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_tpm_provider(self):
         """ Configure and test Parsec TPM provider with swtpm as a backend """
 
+        self.check_packageconfig("TPM")
+
+        reconfigure = False
         prov_id = 3
-        self.configure_tpm_provider()
-        self.check_parsec_providers("TPM", prov_id)
+        try:
+            # Chech if the provider is already configured
+            self.check_parsec_providers("TPM", prov_id)
+        except:
+            # Try to test the provider with a software backend
+            self.check_packages("TPM", ['swtpm', 'tpm2-tools'])
+            reconfigure = True
+            self.configure_tpm_provider()
+            self.check_parsec_providers("TPM", prov_id)
+
         self.run_cli_tests(prov_id)
+        self.restore_parsec_config()
+
+        if reconfigure:
+            self.target.run('swtpm_ioctl -s --tcp :2322')
 
     def configure_pkcs11_provider(self):
         """ Create Parsec PKCS11 provider configuration """
@@ -132,12 +166,52 @@
         self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
 
     @OEHasPackage(['parsec-service'])
-    @OEHasPackage(['softhsm'])
-    @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_pkcs11_provider(self):
         """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
 
+        self.check_packageconfig("PKCS11")
         prov_id = 2
-        self.configure_pkcs11_provider()
-        self.check_parsec_providers("PKCS #11", prov_id)
+        try:
+            # Chech if the provider is already configured
+            self.check_parsec_providers("PKCS #11", prov_id)
+        except:
+            # Try to test the provider with a software backend
+            self.check_packages("PKCS11", 'softhsm')
+            self.configure_pkcs11_provider()
+            self.check_parsec_providers("PKCS #11", prov_id)
+
         self.run_cli_tests(prov_id)
+        self.restore_parsec_config()
+
+    def configure_TS_provider(self):
+        """ Create Trusted Services provider configuration """
+
+        cfg = [
+                '',
+                '[[provider]]',
+                'name = "trusted-service-provider"',
+                'provider_type = "TrustedService"',
+                'key_info_manager = "sqlite-manager"',
+              ]
+        self.copy_subconfig(cfg, "TS")
+
+        status, output = self.target.run(self.parsec_reload)
+        self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
+
+    @OEHasPackage(['parsec-service'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_TS_provider(self):
+        """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
+
+        self.check_packageconfig("TS")
+        prov_id = 4
+        try:
+            # Chech if the provider is already configured
+            self.check_parsec_providers("Trusted Service", prov_id)
+        except:
+            self.configure_TS_provider()
+            self.check_parsec_providers("Trusted Service", prov_id)
+
+        self.run_cli_tests(prov_id)
+        self.restore_parsec_config()
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
index 84539f9..931abee 100644
--- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
@@ -45,7 +45,7 @@
 do_install () {
     # Binaries
     install -d -m 700 -o parsec -g parsec "${D}${libexecdir}/parsec"
-    install -m 700 -o parsec -g parsec "${WORKDIR}/build/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec
+    install -m 700 -o parsec -g parsec "${B}/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec
 
     # Config file
     install -d -m 700 -o parsec -g parsec "${D}${sysconfdir}/parsec"
@@ -69,9 +69,10 @@
 
 inherit useradd
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
 GROUPADD_PARAM:${PN} = "-r parsec"
-GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss', '', d)}"
+USERADD_PARAM:${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
+GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss ;', '', d)}"
+GROUPMEMS_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'trusted-service-provider', '-a parsec -g teeclnt', '', d)}"
 
 FILES:${PN} += " \
     ${sysconfdir}/parsec/config.toml \
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb
index 4b053b9..6ecce8e 100644
--- a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb
@@ -11,7 +11,7 @@
 
 do_install() {
   install -d ${D}/${bindir}
-  install -m 755 "${B}/target/${TARGET_SYS}/release/parsec-tool" "${D}${bindir}/parsec-tool"
+  install -m 755 "${B}/target/${CARGO_TARGET_SUBDIR}/parsec-tool" "${D}${bindir}/parsec-tool"
   install -m 755 "${S}/tests/parsec-cli-tests.sh" "${D}${bindir}/parsec-cli-tests.sh"
 }
 
diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
index a12a4c2..22c1245 100644
--- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -28,9 +28,11 @@
 RDEPENDS:packagegroup-security-utils = "\
     bubblewrap \
     checksec \
+    cryptmount \
     ding-libs \
     ecryptfs-utils \
     fscryptctl \
+    glome \
     keyutils \
     nmap \
     pinentry \
@@ -42,8 +44,8 @@
     ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \
     "
 
-RDEPENDS:packagegroup-security-utils:append:x86 = "chipsec"
-RDEPENDS:packagegroup-security-utils:append:x86-64 = "chipsec"
+RDEPENDS:packagegroup-security-utils:append:x86 = " chipsec"
+RDEPENDS:packagegroup-security-utils:append:x86-64 = " chipsec"
 RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail krill"
 RDEPENDS:packagegroup-security-utils:remove:libc-musl = "krill"
 RDEPENDS:packagegroup-security-utils:remove:riscv64 = "krill"
diff --git a/meta-security/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch b/meta-security/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch
new file mode 100644
index 0000000..fedbe5b
--- /dev/null
+++ b/meta-security/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch
@@ -0,0 +1,44 @@
+From 111b1e8f35e989513d8961a45a806767109f6e1e Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Thu, 11 Aug 2022 17:15:30 +0800
+Subject: [PATCH] Don't expose configure args
+
+Don't expost configure args to fix buildpath issue.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ scripts/samhain.ebuild-light.in | 2 +-
+ scripts/samhain.ebuild.in       | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/samhain.ebuild-light.in b/scripts/samhain.ebuild-light.in
+index 2b09cdb..b7f7062 100644
+--- a/scripts/samhain.ebuild-light.in
++++ b/scripts/samhain.ebuild-light.in
+@@ -55,7 +55,7 @@ src_compile() {
+ #	      --with-state-dir=/var/lib/${PN} \
+ #	      --with-log-file=/var/log/${PN}.log \
+ 
+-	./configure ${myconf} @mydefargs@ || die
++	./configure ${myconf} mydefargs || die
+         emake || die
+ 
+ 	echo '#!/bin/sh' > ./sstrip
+diff --git a/scripts/samhain.ebuild.in b/scripts/samhain.ebuild.in
+index 635a746..b9a42e7 100644
+--- a/scripts/samhain.ebuild.in
++++ b/scripts/samhain.ebuild.in
+@@ -55,7 +55,7 @@ src_compile() {
+ #	      --with-state-dir=/var/lib/${PN} \
+ #	      --with-log-file=/var/log/${PN}.log \
+ 
+-	./configure ${myconf} @mydefargs@ || die
++	./configure ${myconf} mydefargs || die
+         emake || die
+ 
+ 	echo '#!/bin/sh' > ./sstrip
+-- 
+2.25.1
+
diff --git a/meta-security/recipes-ids/samhain/samhain-standalone.bb b/meta-security/recipes-ids/samhain/samhain-standalone.bb
index 445cb99..b832dc8 100644
--- a/meta-security/recipes-ids/samhain/samhain-standalone.bb
+++ b/meta-security/recipes-ids/samhain/samhain-standalone.bb
@@ -1,6 +1,7 @@
 require samhain.inc
 
 SRC_URI += "file://samhain-not-run-ptest-on-host.patch \
+            file://0001-Don-t-expose-configure-args.patch \
             file://run-ptest \
 "
 
diff --git a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb
similarity index 100%
rename from meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb
rename to meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.6.bb
similarity index 100%
rename from meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb
rename to meta-security/recipes-mac/AppArmor/apparmor_3.0.6.bb
diff --git a/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb b/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb
new file mode 100644
index 0000000..fb522cb
--- /dev/null
+++ b/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb
@@ -0,0 +1,27 @@
+SUMMARY = "Linux encrypted filesystem management tool"
+HOMEPAGE = "http://cryptmount.sourceforge.net/"
+LIC_FILES_CHKSUM = "file://README;beginline=3;endline=4;md5=673a990de93a2c5531a0f13f1c40725a"
+LICENSE = "GPL-2.0-only"
+
+SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-5.3/${BPN}-${PV}.tar.gz \
+           file://remove_linux_fs.patch \
+           "
+
+SRC_URI[sha256sum] = "682953ff5ba497d48d6b13e22ca726c98659abd781bb8596bb299640dd255d9b"
+
+inherit autotools-brokensep gettext pkgconfig systemd
+
+EXTRA_OECONF = " --enable-cswap --enable-fsck --enable-argv0switch"
+
+PACKAGECONFIG ?="intl luks gcrypt nls"
+PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
+
+PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd, systemd"
+PACKAGECONFIG[intl] = "--with-libintl-prefix, --without-libintl-prefix"
+PACKAGECONFIG[gcrypt] = "--with-libgcrypt, --without-libgcrypt, libgcrypt"
+PACKAGECONFIG[luks] = "--enable-luks, --disable-luks, cryptsetup"
+PACKAGECONFIG[nls] = "--enable-nls, --disable-nls, "
+
+SYSTEMD_SERVICE:${PN} = "cryptmount.service"
+
+RDEPENDS:${PN} = "libdevmapper"
diff --git a/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch b/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch
new file mode 100644
index 0000000..304b853
--- /dev/null
+++ b/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch
@@ -0,0 +1,19 @@
+# From glibc 2.36, <linux/mount.h> (included from <linux/fs.h>) and 
+# <sys/mount.h> (included from glibc) are no longer compatible:
+# https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: cryptmount-5.3.3/cryptmount.c
+===================================================================
+--- cryptmount-5.3.3.orig/cryptmount.c
++++ cryptmount-5.3.3/cryptmount.c
+@@ -41,7 +41,6 @@
+ #ifdef HAVE_SYSLOG
+ #  include <syslog.h>
+ #endif
+-#include <linux/fs.h>       /* Beware ordering conflict with sys/mount.h */
+ 
+ 
+ #include "armour.h"
diff --git a/meta-security/recipes-security/glome/glome_git.bb b/meta-security/recipes-security/glome/glome_git.bb
new file mode 100644
index 0000000..12d6d5f
--- /dev/null
+++ b/meta-security/recipes-security/glome/glome_git.bb
@@ -0,0 +1,24 @@
+SUMMARY = "GLOME Login Client"
+HOME_PAGE = "https://github.com/google/glome"
+DESCRIPTION = "GLOME is used to authorize serial console access to Linux machines"
+PV = "0.1+git${SRCPV}"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+inherit meson pkgconfig
+
+DEPENDS += "openssl"
+
+S = "${WORKDIR}/git"
+SRC_URI = "git://github.com/google/glome.git;branch=master;protocol=https"
+SRCREV = "978ad9fb165f1e382c875f2ce08a1fc4f2ddcf1b"
+
+FILES:${PN} += "${libdir}/security"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[glome-cli] = "-Dglome-cli=true,-Dglome-cli=false"
+PACKAGECONFIG[pam-glome] = "-Dpam-glome=true,-Dpam-glome=false,libpam"
+
+EXTRA_OEMESON = "-Dtests=false"
+