subtree updates

meta-security: 30e755c592..283a773f24:
  Armin Kuster (2):
        meta-security: Drop ${PYTHON_PN}
        openscap: update to tip to fix new build issue.

  Jeremy A. Puhlman (4):
        arpwatch: fix misspelling of PACKAGECONFIG
        aprwatch: Add path for sendmail
        Check for usrmerge before removing /usr/lib
        arpwatch: install man8 dir

  Kevin Hao (4):
        docs: dm-verity.txt: Fix a typo
        dm-verity: Adjust the image names according to the oe-core change
        dm-verity: Set the IMAGE_FSTYPES correctly when dm-verity is enabled
        dm-verity-image-initramfs: Set IMAGE_NAME_SUFFIX to empty

  Max Krummenacher (1):
        layer.conf: Update for the scarthgap release series

  Mingli Yu (1):
        python3-pyinotify: Make asyncore support optional for Python 3

poky: 7165c23237..110ee701b3:
  Alejandro Hernandez Samaniego (1):
        python3-manifest: Sync RDEPENDS with latest version

  Alexander Kanavin (11):
        meson: correct upstream version check (exclude pre-releases)
        cargo-c-native: convert from git fetcher to crate fetcher
        cargo-c-native: update 0.9.18 -> 0.9.30
        man-pages: use env from coreutils-native
        sdk-manual: correctly describe separate build-sysroots tasks in direct sdk workflows
        dev/ref-manual: document conf-summary.txt together with conf-notes.txt
        dev-manual: improve descriptions of 'bitbake -S printdiff'
        wayland: fix upstream version check by asking gitlab directly
        python3: correct upstream version check
        bitbake: bitbake: improve descriptions of '-S printdiff'
        selftest/sstatetests: run CDN check twice, ignoring errors the first time

  Alexandre Truong (1):
        oeqa/selftest/devtool: fix test_devtool_add_git_style2

  Anibal Limon (1):
        wic: bootimg-partition allow to set var to get boot files

  BELOUARGA Mohamed (1):
        ref-manual: add documentation of the variable SPDX_NAMESPACE_PREFIX

  Bartosz Golaszewski (1):
        linux-firmware: update to 20240312

  Baruch Siach (1):
        oeqa/selftest/overlayfs: test read-only rootfs

  Bruce Ashfield (16):
        linux-yocto/6.6: cfg: generic arm64
        linux-yocto/6.6: cfg: riscv XHCI
        linux-yocto/6.6: update to v6.6.21
        linux-yocto/6.6: update CVE exclusions (6.6.21)
        linux-yocto/6.6: cfg: drop unsettable options
        linux-yocto/6.6: drm/tilcdc: Set preferred depth
        linux-yocto/6.6: update to v6.6.22
        linux-yocto/6.6: update CVE exclusions (6.6.22)
        yocto-bsps: update to v6.6.21
        linux-yocto/6.6: cfg: genericarm64 platform/peripheral support
        linux-yocto/6.6: cfg: genericarm64 configuration updates
        linux-yocto/6.6: nftables: ptest and cleanup tweaks
        linux-yocto/6.6: update to v6.6.23
        linux-yocto/6.6: update CVE exclusions (6.6.23)
        linux-yocto-dev: bump to v6.9
        lttng-modules: update to v2.13.12

  Changqing Li (1):
        dnf: fix Exception handling for class ProcessLock

  Chen Qi (1):
        ovmf: set CVE_PRODUCT and CVE_VERSION

  Christian Taedcke (1):
        kernel-fitImage: only include valid compatible line

  Derek Erdmann (1):
        bitbake: fetch2/git: Install Git LFS in local repository config

  Enrico Jörns (3):
        cml1: remove needless check for write_taint attribute
        cml1: prompt location of updated .config after do_menuconfig()
        perf: fix TMPDIR contamination for recent mainline kernels

  Enrico Scholz (1):
        shadow: fix copydir operation with 'pseudo'

  Felix Moessbauer (1):
        bitbake: utils: better estimate number of available cpus

  Harish Sadineni (3):
        gcc: Oe-selftest failure analysis - fix for tcl errors
        gcc: Oe-selftest failure analysis - fix for vect-simd test failures
        binutils: gprofng - change use of bignum to use of bignint

  Jermain Horsman (1):
        bblayers/makesetup.py: Move git utility functions to oe.buildcfg module

  Joe Slater (1):
        systemd: enable mac based names in NamePolicy

  Jose Quaresma (5):
        go.bbclass: set GOPROXY
        elfutils: fix unused variable BUFFER_SIZE
        go: keep the patches in order
        go: upgrade 1.22.1 -> 1.22.2
        sstatesig: fix netrc.NetrcParseError exception

  Joshua Watt (4):
        sstatesig: Set hash server credentials from bitbake variables
        bitbake: siggen: Add support for hashserve credentials
        sstatesig: Warn on bad .netrc
        bitbake: bitbake-hashclient: Warn on bad .netrc

  Jörg Sommer (1):
        autotools: update link in comment for cross compiling

  Kevin Hao (1):
        image-live.bbclass: Adjust the default value for INITRD_LIVE

  Khem Raj (13):
        systemd: Check for directory before chmod'ing it
        llvm: Update to 18.1.1 release
        elfutils: Fix build break with clang
        glibc: Update to tip of 2.39 branch
        pam: Fix build with musl
        piglit: Switch to upstreamed patch for musl fix
        qemuriscv: Fix kbd and mouse emulation for qemuriscv64
        llvm: Upgrade to 18.1.2 bugfix release
        glibc: Repace aarch configure patch fix with a backport
        valgrind: Backport fixes from 3.22 branch
        tcl: Forward port skip logic for musl ptests
        readline: Apply patches from readline-8.2-patches
        mesa: Drop LLVM-17 patch

  Lee Chee Yang (1):
        migration-guides: add release notes for 4.0.17

  Marcel Ziswiler (1):
        mesa: enable imagination powervr support

  Markus Volk (11):
        mesa: fix opencl-spirv build
        vala: merge bb and inc files
        vala: fix for gtk4 prior to 4.14
        libsoup: enable vapi support
        gsettings-desktop-schemas: update 45.0 -> 46.0
        libadwaita: update 1.4.4 -> 1.5.0
        gtk4: update 4.12.5 -> 4.14.1
        systemd: disable mdns feature in resolved for zeroconf
        webkitgtk: update 2.42.5 -> 2.44.0
        gtk+3: disable wayland without opengl
        epiphany: update 45.3 -> 46.0

  Martin Jansa (2):
        contributor-guide: be more specific about meta-* trees
        pixman: explicitly disable openmp in native builds

  Max Krummenacher (1):
        git: git-replacement-native: depend on ca-certificate

  Michael Opdenacker (8):
        manuals: add initial stylechecks with Vale
        profile-manual: usage.rst: formatting fixes
        manuals: use "manual page(s)"
        profile-manual: usage.rst: fix reference to bug report
        documentation: Makefile: remove releases.rst in "make clean"
        migration-guides: draft notes for upcoming release 5.0
        manuals: add initial stylechecks with Vale
        profile-manual: usage.rst: further style improvements

  Oleh Matiusha (3):
        bash: improve reproducibility
        curl: improve reproducibility
        gmp: improve reproducibility

  Paul Barker (1):
        kernel: Fix check_oldest_kernel

  Peter A. Bigot (1):
        bitbake: lib/bb: support NO_COLOR

  Peter Kjellerstedt (1):
        util-linux: Set the license for util-linux-fcntl-lock to MIT

  Philippe Rivest (1):
        bitbake: bitbake: fetch2/git: Escape parentheses in git src name

  Quentin Schulz (1):
        u-boot: fix externalsrc not triggering do_configure on defconfig changes

  Randy MacLeod (1):
        gstreamer: upgrade 1.22.10 -> 1.22.11

  Richard Purdie (10):
        poky: Update to prepare for scarthgap release
        layer.conf: Prepare for release, drop nanbield LAYERSERIES
        expat: Upgrade 2.6.1 -> 2.6.2
        bash/flex: Ensure BUILD_FLAGS doesn't leak onto target
        uninative: Add pthread linking workaround
        poky-altcfg: Default to ipk packaging
        util-linux: Add missing MIT license
        util-linux: Add fcntl-lock
        run-postinsts: Add workaround for locking deadlock issue
        oeqa/sstatetests: Fix race issue

  Ross Burton (22):
        genericarm64.wks: reorder partitions
        genericarm64: clean up kernel modules and firmware
        linux-firmware: add support for deduplicating the firmware
        linux-firmware: set LICENSE field for -liquidui and -mellanox
        linux-firmware: remove pointless linux-firmware-gplv2-license package
        curl: improve run-ptest
        curl: increase test timeouts
        gstreamer1.0: improve test reliability
        linux-yocto: put COMPATIBLE_MACHINE first
        linux-yocto: implicitly track oe-core's kernel version for genericarm64
        bitbake: fetch2: handle URIs with single-valued query parameters
        python3_pip517: just count wheels in the directory, not subdirectories
        python-*: don't set PYPI_ARCHIVE_NAME and S when PYPI_PACKAGE is sufficient
        tcl: improve run-ptest
        tcl: skip I/O channel 46.1
        genericarm64: add qemuboot configuration
        classes/qemuboot: add depends on qemu-system-native and qemu-helper-native
        README.hardware.md: fix Markdown formatting
        README.hardware.md: add section on genericarm64 on qemu
        glib-2.0: skip a timing sensitive ptest
        openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions
        curl: fix quoting when disabling flaky tests

  Ryan Eatmon (1):
        perf: Fix QA error due to most recent kernel

  Sam Van Den Berge (1):
        shadow: don't install libattr.so.* when xattr not in DISTRO_FEATURES

  Sava Jakovljev (1):
        bitbake: bitbake-worker: Fix bug where umask 0 was not being applied to a task

  Simone Weiß (1):
        gnutls: upgrade 3.8.3 -> 3.8.4

  Soumya Sambu (1):
        go: Upgrade 1.22.0 -> 1.22.1

  Sourav Kumar Pramanik (1):
        libseccomp: Add back in PTESTS_SLOW list

  Sundeep KOKKONDA (1):
        rust: reproducibility issue fix with v1.75

  Tim Orling (2):
        coreutils: drop obsolete liberror-perl RDEPENDS
        liberror-perl: move to meta-perl

  Timon Bergelt (1):
        populate_sdk_ext.bbclass: only overwirte lsb string if uninative is used

  Tom Hochstein (2):
        bmaptool: Add bmap-tools runtime alias for compatibility
        toolchain-shar-relocate.sh: Add check for missing command 'file'

  Trevor Woerner (1):
        bmaptool: update to latest

  Ulrich Ölmann (1):
        ref-manual: classes: update description of class 'image_types'

  Viswanath Kraleti (1):
        bitbake: fetch2: Fix misleading "no output" msg

  Wang Mingyu (1):
        libadwaita: upgrade 1.4.3 -> 1.4.4

  William Lyu (1):
        openssh: Add a workaround for ICE on powerpc64le

  Xiangyu Chen (3):
        lttng-tools: skip kernel tests if no kernel modules present
        ltp: fix missing connectors tests in scenario_groups/default
        lttng-tools: fix rotation-destroy-flush test fails if no kernel module present

  Yang Xu (1):
        bitbake: bitbake-worker: Fix silent hang issue caused by unexpected stdout content

  Yannick Rodriguez (1):
        linux-firmware: Move Intel 9260 modules firmware.

  Yash Shinde (1):
        glibc: Skip 2 qemu tests that can hang in oe-selftest

  Yi Zhao (1):
        libtirpc: drop redundant PACKAGECONFIG

  Yoann Congal (6):
        cve-update-nvd2-native: Fix typo in comment
        cve-update-nvd2-native: Add an age threshold for incremental update
        cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
        cve-update-nvd2-native: nvd_request_next: Improve comment
        cve-update-nvd2-native: Fix CVE configuration update
        cve-update-nvd2-native: Remove rejected CVE from database

  Yogesh Tyagi (1):
        lttng-modules: fix v6.8+ build

  david d zuhn (1):
        bitbake: bitbake-worker: allow '=' in environment variable values

  lixiaoyong (3):
        kernel-module-split.bbclass: enhance objcopy command call for kernel compilation with llvm
        utils: enhance readelf command call with llvm
        oe/package: enhance objdump command call with llvm

meta-raspberrypi: 92a9b7a012..d072cc8a48:
  Khem Raj (9):
        linux-raspberrypi: Add recipe for 6.6 LTS kernel
        bluez-firmware-rpidistro: Upgrade to 1.2-9+rpt3 release
        linux-firmware-rpidistro: Upgrade to bookworm/20230625-2+rpt2
        raspberrypi-firmware: Fetch using git URI
        rpi-base: Add missing broadcom/ prefix to find DTB files
        rpi-default-versions: Switch default kernel to 6.6
        linux-raspberrypi_6.6: Bump to 6.6.22
        rpi-bootfiles: Resort to github APIs for tarballs
        raspberrypi-firmware: Revert to debian archive

  Martin Jansa (1):
        userland: fix installed-vs-shipped in multilib builds

  jdavidsson (1):
        rpi-base: Add hifiberry-dacplusadc overlay

meta-arm: aba9250494..d9e18ce792:
  Abdellatif El Khlifi (1):
        arm-bsp/corstone1000: add documentation disclaimer

  Alexander Sverdlin (1):
        optee-ftpm: fix EARLY_TA_PATHS passed to optee-os

  Ali Can Ozaslan (4):
        arm-bsp/trusted-firmware-m: corstone1000: update to 2.0
        arm-bsp/trusted-services: corstone1000: Client Id adjustments after TF-M 2.0
        arm/trusted-firmware-m: Change GNU Arm compiler version for TF-M 2.0
        arm-bsp/trusted-firmware-a: n1sdp: update to 2.10

  Anusmita Dutta Mazumder (2):
        arm-bsp/n1sdp: Update scp-firmware version
        arm-bsp/n1sdp: Update EDK2 version

  Bence Balogh (2):
        arm-bsp/u-boot: corstone1000: fix SMCCC_ARCH_FEATURES detection in the PSCI driver
        arm-bsp/trusted-firmware-a: corstone1000: remove SMCCC_ARCH_FEATURES discovery workaround

  Delane Brandy (1):
        arm/trusted-firmware-a: fix mbedTLS version

  Drew Reed (2):
        kas: Corstone-1000 kas files updated
        bsp: Corstone-1000 userguide updates

  Emekcan Aras (2):
        arm-bsp/trusted-firmware-a: Upgrade Corstone1000 to TF-A v2.10
        arm/trusted-services: Add recipe for block storage service

  Jon Mason (17):
        README: Add information about release process and mailing list
        arm/linux-yocto: remove unreferenced patch
        arm/optee: disable clang due to breakage
        arm-bsp/tf-a-tests: remove corstone1000 intermediate SHA
        arm-bsp/tfa-tests: move n1sdp patch to platform directory
        CI: update kas to 4.3.1
        arm/edk2: update to 202402
        arm/trusted-firmware-a: update to 2.10.2
        arm/sbsa-acs: update to 7.1.4
        arm/scp-firmware: update to v2.14.0
        arm-toolchain/gcc-arm-none-eabi: remove 11.2
        CI: reduce coverage of dev kernel
        arm/sbsa-acs: remove unreferenced patch
        arm-toolchain: correct UPSTREAM_CHECK
        Revert "arm/rmm: Add bitbake, include and patch file for RMM firmware"
        arm/sbsa-acs: use UPSTREAM_CHECK_URI for version checking
        arm: use UPSTREAM_CHECK_COMMITS for git versioned recipes

  Mathieu Poirier (1):
        arm/rmm: Add bitbake, include and patch file for RMM firmware

  Ross Burton (3):
        arm arm-bsp: enable patch-status warnings
        Add SECURITY.md
        CI: ignore netrc warnings caused by Kas

meta-openembedded: a0237019f5..a6bcdca5b4:
  Bartosz Golaszewski (1):
        libgpiod: update to v2.1.1

  Chad Rockey (1):
        cppzmq-dev expects /usr/lib/libzmq.a

  Changqing Li (1):
        postgresql: fix a runtime error

  Chen Qi (1):
        tcprelay: fix a minor cross compilation do_configure issue

  Christophe Chapuis (9):
        lvgl: fix typo in lv-conf.inc
        lvgl: install lv_conf.h
        lvgl: remove useless FILES include
        lvgl: cleanup sed instructions in lv-conf.inc
        lvgl: add more variables to lv-conf.inc
        lvgl: fix libdrm include
        lvgl: lv-conf.inc: generalize sed instructions
        lvgl: make libdrm include conditional
        lvgl: cleanup sed expression

  Dan McGregor (2):
        python3-pylint: Update to 3.1.0
        python3-pylint: Fix ptest failures

  Derek Straka (1):
        python3-dbus: re-add recipe with latest patches and add ptest

  Etienne Cordonnier (1):
        uutils-coreutils: upgrade 0.0.24 -> 0.0.25

  Fathi Boudra (1):
        python3-django: upgrade 4.2.10 -> 4.2.11

  Guðni Már Gilbert (2):
        python3-ecdsa: remove python3-pbr
        python3-ecdsa: cleanup DEPENDS

  Jaeyoon Jung (1):
        lvgl: Set resolution prior to buffer

  Joe Slater (1):
        googletest: allow for shared libraries

  Jose Quaresma (1):
        ostree: Upgrade 2024.4 -> 2024.5

  Jörg Sommer (3):
        sngrep: new recipe for ncurses SIP Messages flow viewer
        spandsp: new telephony DSP library
        bluez-tools: New recipe for bluez5 tools

  Kai Kang (2):
        Packages depends on libadwaita should require distro feature opengl
        thin-provisioning-tools: install binary to ${sbindir}

  Khem Raj (55):
        squid: Upgrade to 6.8
        libosinfo: Fix build with libxml2 v2.12
        xmlstarlet: Fix build with API breakage in libxml2 2.12
        mariadb: Fix build with libxml2 2.12 ABI changes
        libmusicbrainz: Update to tip of trunk
        gnome-commander: Fix build with taglib 2.0
        gnome-online-accounts: Fix build with libxml2 2.12
        vlc: Upgrade to 3.0.20
        netcf: Fix build with latest gnulib
        php: Upgrade to 8.2.16
        vlc: Fix build on 32bit x86
        libtinyxml2: Extend for nativesdk
        lvgl: Fix dev-elf build QA
        layer.conf: Update for the scarthgap release series
        dietsplash: Update and fix build with musl
        frr: Upgrade to latest on 9.1 stable
        frr: Fix build on newer musl
        layer.conf: Prepare for release, drop nanbield LAYERSERIES
        libcamera: Fix clang support patches
        plocate: Fix sys/stat.h and linux/stat.h conflicts with musl
        liburing: Upgrade to 2.5
        openflow: Delete recipe for 1.0
        openflow: Merge .inc into .bb
        openflow: Fix build with musl
        tracker-miners: Disable seccomp support on musl
        libcamera: Fix build on musl systems
        ipset: Update to 7.21
        ot-daemon: Update to tip of trunk
        ot-br-posix: Update to latest
        wpantund: Update to latest
        xfsdump: Fix build with musl >= 1.2.5
        xfstests: Fix build with musl >= 1.2.5
        net-snmp: Fix build with musl
        rdma-core: Fix build with musl >= 1.2.5
        ssmtp: Fix build with musl >= 1.2.5
        autofs: Fix build with musl >= 1.2.5
        lvm2: Fix build with musl 1.5.2+
        sanlock: Fix build with musl >= 1.2.5
        ndctl: Fix build issues seen with musl 1.2.5
        sdbus-c++-libsystemd: Upgrade to 255.4 release of systemd
        sdbus-c++,sdbus-c++-tools: Upgrade to 1.5.0 release
        wtmpdb: Upgrade to 0.11.0 release
        uftrace: Fix build with musl >= 1.2.5
        fio: Upgrade to 3.36+git
        i2cdev: Include libgen.h on musl
        directfb: Fix build with musl >= 1.2.5
        iwd: Upgrade to 2.16
        minifi-cpp: Fix libsodium build on aarch64/clang
        multipath-tools: Fix build with musl >= 1.2.5
        aer-inject: Fix build with latest musl
        aer-inject: Replace hardcoded /usr with ${prefix}
        microsoft-gsl: Disable disabled-macro-expansion warning as error on clang/musl
        meta-python-image-ptest: Use 2G RAM for some demanding tests
        python3-pydbus: Add bash dependency for ptests
        highway,libjxl: Remove -mfp16-format=ieee when using clang compiler

  Leon Anavi (7):
        python3-anyio: Upgrade 4.2.0 -> 4.3.0
        python3-httpx: Upgrade 0.26.0 -> 0.27.0
        python3-multidict: Upgrade 6.0.4 -> 6.0.5
        python3-croniter: Upgrade 2.0.1 -> 2.0.3
        python3-paho-mqtt: Upgrade 1.6.1 -> 2.0.0
        python3-typeguard: Upgrade 4.1.5 -> 4.2.1
        python3-cachetools: Upgrade 5.3.2 -> 5.3.3

  Marek Vasut (14):
        lvgl: Drop dialog-lvgl
        lvgl: Upgrade to LVGL 9 series
        lvgl: Rename lv-drivers.inc to lv-conf.inc
        lvgl: Add SDL2 fullscreen mode configuration option
        lvgl: Configure assertions based on DEBUG_BUILD
        lvgl: Default to XRGB8888 DRM framebuffer
        lvgl: Build shared library
        lvgl: Replace sed patching with real patches
        lvgl: Generate proper shared libraries with version suffix
        lvgl: Reinstate demo configuration settings
        lvgl: Update to 9.1.0
        lvgl: Drop superfluous ALLOW_EMPTY
        lvgl: Drop unnecessary PV append
        lvgl: Deduplicate PACKAGECONFIG into lv-conf

  Markus Volk (66):
        mozjs-115: fix reproducibility issue
        webp-pixbuf-loader: update 0.2.5 -> 0.2.7
        gnome-control-center: fix reproducibility issue
        gnome-disk-utility: fix reproducibility issue
        gnome-settings-daemon: fix reproducibility issue
        gnome-terminal: fix reproducibility issue
        libvncserver: fix reproducibility issue
        editorconfig-core-c: fix reproducibility issue
        crossguid: fix reproducibility issue
        waylandpp: fix reproducibility issue
        polkit: remove unneeded workaround
        gtk-vnc: fix reproducibility issue
        pipewire: update 1.0.3 -> 1.0.4
        mutter: remove zenity from rdepends
        mutter: update 45.4 -> 46.0
        gnome-shell: update 45.4 -> 46.0
        gnome-settings-daemon: update 45.0 -> 46.0
        gnome-software: update 45.3 -> 46.0
        evince: update 45.0 -> 46.0
        gnome-online-accounts: update 3.48.0 -> 3.50.0
        evolution-data-server: build with webkitgtk4
        folks: update 0.15.7 -> 0.15.8
        gnome-control-center: update 45.3 -> 46.0
        xdg-desktop-portal-gnome: update 45.1 -> 46.0
        tracker: update 3.6.0 -> 3.7.0
        tracker-miners: update 3.6.2 -> 3.7.0
        freerdp3: add recipe
        wireplumber: update 0.4.17 -> 0.5.0
        tecle: update 45.0 -> 46.0
        gnome-calculator: update 45.0.2 -> 46.0
        gnome-session: update 45.0 -> 46.0
        gnome-remote-desktop: update 45.1 -> 46.0
        gnome-calendar: update 45.1 -> 46.0
        libgweather4: update 4.4.0 -> 4.4.2
        gtksourceview5: update 5.10.0 -> 5.12.0
        gnome-control-center: use gcr4 variant
        libcloudproviders: update 0.3.5 -> 0.3.6
        gnome-themes-extra: build with gtk+3
        gtk4mm: add recipe
        gnome-system-monitor: update 45.0.1 -> 46.0
        gnome-boxes: update 45.0 -> 46.0
        eog: update 45.2 -> 45.3
        gparted: update 1.5.0 -> 1.6.0
        libgtop: update 2.41.1 -> 2.41.3
        gnome-bluetooth: update 42.8 -> 46.0
        gnome-text-editor: update 45.1 -> 46.0
        gnome-chess: update 43.2 -> 46.0
        gnome-disk-utility: update 45.0 -> 46.0
        gnome-shell-extensions: update 45.2 -> 46.0
        msgraph: add recipe
        gvfs: update 1.52.2 -> 1.54.0
        tracker-miners: drop buildpath from tracker-miner-fs-3
        evolution-data-server: disable tests and examples
        tracker-miners: fix reproducibility issue for landlock
        file-roller: update 43.1 -> 44.0
        apache2: preset mpm=prefork by default
        gnome-user-share: add recipe
        gnome-control-center: update 46.0 -> 46.0.1
        gdm: update 45.0.1 -> 46.0
        gnome-user-share: remove hardcoded paths
        ghex: update 45.1 -> 46.0
        libjxl: add recipe
        gnome-backgrounds: add runtime depenency for libjxl
        highway: add recipe
        webkitgtk3: update 2.42.5 -> 2.44.0
        gnome-control-center: restore Upstream-Status line

  Martin Jansa (5):
        unionfs-fuse, dropwatch, postgresql, yasm, multipath-tools, python3-pybind11: add missing Upstream-Status
        recipes: Drop remaining PR values from recipes
        freerdp3: disable shadow without x11
        xfstests: upgrade to v2024.03.03
        gtkmm4: add x11 to REQUIRED_DISTRO_FEATURES

  Maxin John (7):
        tracker: remove unused patch
        openal-soft: remove unused patches
        libio-pty-perl: remove unsed patch
        opengl-es-cts: remove unused patch
        emacs: remove unused patch
        webkitgtk3: remove unused patch
        python3-eth-utils: remove unused patches

  Michael Heimpold (1):
        ser2net: add a systemd service file

  Mingli Yu (4):
        gosu: Upgrade to 1.17
        googletest: Pass -fPIC to CFLAGS
        re2: Upgrade 2023.03.01 -> 2024.03.01
        nss: Upgrade 3.74 -> 3.98

  Ola x Nilsson (2):
        abseil-cpp: Split so-files into separate packages
        abseil-cpp: Split so-files into separate packages

  Peter Kjellerstedt (3):
        abseil-cpp: A little clean-up
        libnice: Disable the examples and the tests
        abseil-cpp: A little clean-up

  Peter Marko (5):
        jwt-cpp: fix cmake file install path
        soci: fix buildpaths warning
        libcpr: add new recipe
        python3-grpcio: cleanup dependencies
        microsoft-gsl: add new recipe including ptest

  Petr Gotthard (2):
        libmbim: Revert back to the latest stable 1.30.0
        libqmi: Revert back to the latest stable 1.34.0

  Randy MacLeod (2):
        rsyslog: update from 8.2306.0 to 8.2402.0
        nftables: Add DESCRIPTION and HOMEPAGE

  Richard Purdie (2):
        imagemagick/lcms/fftw: Allow nativesdk versions to exist
        buildtools-imagemagick: Add new recipe

  Robert P. J. Day (1):
        fmt: remove unnecessary "inherit ptest" directive

  Robert Yang (6):
        yaffs2-utils: Upgrade to 20221209
        xfsprogs: 6.5.0 -> 6.6.0
        gnulib: 2018-12-18 -> 202401
        thin-provisioning-tools: 1.0.9 -> 1.0.12
        gperftools: 2.10 -> 2.15
        freeradius: 3.0.26 -> 3.2.3

  Ross Burton (1):
        python3-pydantic-core: just set PYPI_PACKAGE

  Sam Van Den Berge (1):
        python3-aiohttp: add missing dependencies

  Samuli Piippo (1):
        geoclue: enable demo agent

  Thomas Roos (1):
        usrsctp: upgrade to latest version

  Tim Orling (1):
        liberror-perl: move recipe from oe-core

  Tomasz Żyjewski (1):
        python: python-libusb1: add recipe

  Wang Mingyu (124):
        bats: upgrade 1.10.0 -> 1.11.0
        c-ares: upgrade 1.26.0 -> 1.27.0
        ctags: upgrade 6.1.20240114.0 -> 6.1.20240225.0
        dbus-cxx: upgrade 2.5.0 -> 2.5.1
        ddrescue: upgrade 1.27 -> 1.28
        fetchmail: upgrade 6.4.37 -> 6.4.38
        libtalloc: upgrade 2.4.1 -> 2.4.2
        libtdb: upgrade 1.4.9 -> 1.4.10
        neatvnc: upgrade 0.7.2 -> 0.8.0
        ostree: upgrade 2024.3 -> 2024.4
        python3-astroid: upgrade 3.0.3 -> 3.1.0
        python3-cbor2: upgrade 5.6.1 -> 5.6.2
        python3-dnspython: upgrade 2.6.0 -> 2.6.1
        python3-eventlet: upgrade 0.35.1 -> 0.35.2
        python3-gcovr: upgrade 7.0 -> 7.2
        python3-google-api-core: upgrade 2.16.2 -> 2.17.1
        python3-google-api-python-client: upgrade 2.118.0 -> 2.120.0
        python3-grpcio(-tools): upgrade 1.60.1 -> 1.62.0
        python3-ipython: upgrade 8.21.0 -> 8.22.1
        python3-pdm: upgrade 2.12.3 -> 2.12.4
        python3-pymisp: upgrade 2.4.185 -> 2.4.186
        python3-scrypt: upgrade 0.8.20 -> 0.8.24
        python3-sentry-sdk: upgrade 1.40.4 -> 1.40.6
        smarty: upgrade 4.3.4 -> 4.4.1
        stunnel: upgrade 5.69 -> 5.72
        abseil-cpp: upgrade 20230802.1 -> 20240116.1
        dnf-plugin-tui: upgrade 1.3 -> 1.4
        boost-sml: upgrade 1.1.9 -> 1.1.11
        ctags: upgrade 6.1.20240225.0 -> 6.1.20240310.0
        dialog: upgrade 1.3-20240101 -> 1.3-20240307
        flatbuffers: upgrade 23.5.26 -> 24.3.7
        gjs: upgrade 1.78.4 -> 1.80.0
        hwdata: upgrade 0.379 -> 0.380
        iceauth: upgrade 1.0.9 -> 1.0.10
        libdnet: upgrade 1.17.0 -> 1.18.0
        libopus: upgrade 1.4 -> 1.5.1
        libreport: upgrade 2.17.11 -> 2.17.15
        libxaw: upgrade 1.0.15 -> 1.0.16
        mcelog: upgrade 196 -> 197
        networkd-dispatcher: upgrade 2.1 -> 2.2.4
        openlldp: upgrade 1.1.0 -> 1.1.1
        opensc: upgrade 0.24.0 -> 0.25.0
        pcsc-lite: upgrade 2.0.1 -> 2.0.3
        python3-a2wsgi: upgrade 1.10.2 -> 1.10.4
        python3-apiflask: upgrade 2.1.0 -> 2.1.1
        python3-argcomplete: upgrade 3.2.2 -> 3.2.3
        python3-bandit: upgrade 1.7.7 -> 1.7.8
        python3-blivet: upgrade 3.8.2 -> 3.9.1
        python3-blivetgui: upgrade 2.4.2 -> 2.5.0
        python3-django: upgrade 5.0.2 -> 5.0.3
        python3-elementpath: upgrade 4.3.0 -> 4.4.0
        python3-eth-abi: upgrade 5.0.0 -> 5.0.1
        python3-eth-rlp: upgrade 1.0.1 -> 2.0.0
        python3-flask-migrate: upgrade 4.0.5 -> 4.0.7
        python3-google-api-python-client: upgrade 2.120.0 -> 2.122.0
        python3-google-auth: upgrade 2.28.1 -> 2.28.2
        python3-googleapis-common-protos: upgrade 1.62.0 -> 1.63.0
        python3-grpcio-tools: upgrade 1.62.0 -> 1.62.1
        python3-grpcio: upgrade 1.62.0 -> 1.62.1
        python3-ipython: upgrade 8.22.1 -> 8.22.2
        python3-mypy: upgrade 1.8.0 -> 1.9.0
        python3-pydantic: upgrade 2.6.3 -> 2.6.4
        python3-pymisp: upgrade 2.4.186 -> 2.4.187
        python3-pymodbus: upgrade 3.6.4 -> 3.6.6
        python3-pyperf: upgrade 2.6.2 -> 2.6.3
        python3-pytest-lazy-fixtures: upgrade 1.0.5 -> 1.0.6
        python3-pytest-timeout: upgrade 2.2.0 -> 2.3.1
        python3-requests-oauthlib: upgrade 1.3.1 -> 1.4.0
        python3-sentry-sdk: upgrade 1.40.6 -> 1.42.0
        python3-tox: upgrade 4.13.0 -> 4.14.1
        python3-traitlets: upgrade 5.14.1 -> 5.14.2
        python3-types-psutil: upgrade 5.9.5.20240205 -> 5.9.5.20240316
        python3-types-python-dateutil: upgrade 2.8.19.20240106 -> 2.9.0.20240316
        tcsh: upgrade 6.24.10 -> 6.24.11
        thingsboard-gateway: upgrade 3.4.4 -> 3.4.5
        xmessage: upgrade 1.0.6 -> 1.0.7
        xrefresh: upgrade 1.0.7 -> 1.1.0
        gjs: upgrade 1.80.0 -> 1.80.2
        gnome-backgrounds: upgrade 45.0 -> 46.0
        gnome-font-viewer: upgrade 45.0 -> 46.0
        libblockdev: upgrade 3.1.0 -> 3.1.1
        libdeflate: upgrade 1.19 -> 1.20
        libmbim: upgrade 1.30.0 -> 1.31.2
        libqmi: upgrade 1.34.0 -> 1.35.2
        libtommath: upgrade 1.2.1 -> 1.3.0
        mcelog: upgrade 197 -> 198
        metacity: upgrade 3.50.0 -> 3.52.0
        python3-asgiref: upgrade 3.7.2 -> 3.8.1
        python3-blivet: upgrade 3.9.1 -> 3.9.2
        python3-cassandra-driver: upgrade 3.29.0 -> 3.29.1
        python3-djangorestframework: upgrade 3.14.0 -> 3.15.1
        python3-eth-rlp: upgrade 2.0.0 -> 2.1.0
        python3-eventlet: upgrade 0.35.2 -> 0.36.1
        python3-filelock: upgrade 3.13.1 -> 3.13.3
        python3-flask-marshmallow: upgrade 1.2.0 -> 1.2.1
        python3-flatbuffers: upgrade 24.3.7 -> 24.3.25
        python3-google-api-core: upgrade 2.17.1 -> 2.18.0
        python3-google-api-python-client: upgrade 2.122.0 -> 2.124.0
        python3-google-auth: upgrade 2.28.2 -> 2.29.0
        python3-graphviz: upgrade 0.20.1 -> 0.20.3
        python3-gspread: upgrade 6.0.2 -> 6.1.0
        python3-jdatetime: upgrade 4.1.1 -> 5.0.0
        python3-pdm: upgrade 2.12.4 -> 2.13.2
        python3-pyasn1-modules: upgrade 0.3.0 -> 0.4.0
        python3-pymisp: upgrade 2.4.187 -> 2.4.188
        python3-pytest-asyncio: upgrade 0.23.5 -> 0.23.6
        python3-pytest-cov: upgrade 4.1.0 -> 5.0.0
        python3-pytest-lazy-fixtures: upgrade 1.0.6 -> 1.0.7
        python3-pywbem: upgrade 1.6.2 -> 1.6.3
        python3-pywbemtools: upgrade 1.2.0 -> 1.2.1
        python3-pyzstd: upgrade 0.15.9 -> 0.15.10
        python3-requests-oauthlib: upgrade 1.4.0 -> 2.0.0
        python3-sentry-sdk: upgrade 1.42.0 -> 1.44.0
        python3-socketio: upgrade 5.11.1 -> 5.11.2
        python3-thrift: upgrade 0.16.0 -> 0.20.0
        python3-tox: upgrade 4.14.1 -> 4.14.2
        python3-web3: upgrade 6.15.1 -> 6.16.0
        st: upgrade 0.9 -> 0.9.1
        thingsboard-gateway: upgrade 3.4.5 -> 3.4.6
        thrift: upgrade 0.19.0 -> 0.20.0
        tracker-miners: upgrade 3.7.0 -> 3.7.1
        tracker: upgrade 3.7.0 -> 3.7.1
        wireshark: upgrade 4.2.3 -> 4.2.4
        wolfssl: upgrade 5.6.6 -> 5.7.0

  William Lyu (3):
        nftables: Fix ptest output format issues
        nftables: Fix ShellCheck violations in ptest wrapper script "run-ptest"
        nftables: Fix failed ptest testcases

  Yi Zhao (13):
        netplan: upgrade 0.106 -> 1.0
        networkmanager: 1.44.0 -> 1.46.0
        postfix: upgrade 3.8.5 -> 3.8.6
        net-snmp: upgrade 5.9.3 -> 5.9.4
        cryptsetup: upgrade 2.7.0 -> 2.7.1
        samba: upgrade 4.19.4 -> 4.19.5
        civetweb: remove buildpaths from civetweb-targets.cmake
        minifi-cpp: upgrade 0.7.0 -> 0.15.0
        openvpn: upgrade 2.6.9 -> 2.6.10
        rocksdb: upgrade 7.9.2 -> 9.0.0
        audit: upgrade 4.0 -> 4.0.1
        netplan: add missing config directory
        strongswan: upgrade 5.9.13 -> 5.9.14

  alperak (15):
        python3-icecream: add recipe
        python3-invoke: add recipe
        python3-traitlets: add ptest and update runtime dependencies
        python3-google-auth-oauthlib: add ptest
        python3-tomli-w: added recipe which is also include ptest
        python3-pytest-localserver: added recipe which is also include ptest
        python3-responses: add recipe
        python3-google-auth: add ptest and update runtime dependencies
        remove obsolete PIP_INSTALL_PACKAGE and PIP_INSTALL_DIST_PATH
        python3-a2wsgi: added recipe which is also include ptest
        python3-httptools: added recipe which is also include ptest
        python3-wsproto: Add recipe
        python3-portalocker: enable ptest
        python3-validators: upgrade 0.22.0 > 0.24.0 and enable ptest
        python3-pydbus: Drop ${PYTHON_PN}

  chenheyun (1):
        aer-inject:add new recipe

Change-Id: I3cf0e5c87ecdfa18c35d318cb64c0e6559348618
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass
index 2f212d6..7f79548 100644
--- a/meta-security/classes/dm-verity-img.bbclass
+++ b/meta-security/classes/dm-verity-img.bbclass
@@ -111,10 +111,10 @@
     # Create wks.in fragment with build specific UUIDs for partitions.
     # Unfortunately the wks.in does not support line continuations...
     # First, the unappended filesystem data partition.
-    echo 'part / --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}.rootfs.${DM_VERITY_IMAGE_TYPE}.verity" --part-name verityroot --part-type="${DM_VERITY_ROOT_GUID}"'" --uuid=\"$ROOT_UUID\"" > $WKS_INC
+    echo 'part / --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}${IMAGE_NAME_SUFFIX}.${DM_VERITY_IMAGE_TYPE}.verity" --part-name verityroot --part-type="${DM_VERITY_ROOT_GUID}"'" --uuid=\"$ROOT_UUID\"" > $WKS_INC
 
     # note: no default mount point for hash data partition
-    echo 'part --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.vhash" --part-name verityhash --part-type="${DM_VERITY_RHASH_GUID}"'" --uuid=\"$RHASH_UUID\"" >> $WKS_INC
+    echo 'part --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}${IMAGE_NAME_SUFFIX}.${DM_VERITY_IMAGE_TYPE}.vhash" --part-name verityhash --part-type="${DM_VERITY_RHASH_GUID}"'" --uuid=\"$RHASH_UUID\"" >> $WKS_INC
 }
 
 verity_setup() {
@@ -162,7 +162,7 @@
 verity_hash() {
     cd ${IMGDEPLOYDIR}
     ln -sf ${IMAGE_NAME}.${DM_VERITY_IMAGE_TYPE}.vhash \
-        ${IMAGE_BASENAME}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.vhash
+        ${IMAGE_BASENAME}-${MACHINE}${IMAGE_NAME_SUFFIX}.${DM_VERITY_IMAGE_TYPE}.vhash
 }
 
 VERITY_TYPES = " \
@@ -177,6 +177,24 @@
 CONVERSION_DEPENDS_verity = "cryptsetup-native"
 IMAGE_CMD:vhash = "verity_hash"
 
+def get_verity_fstypes(d):
+    verity_image = d.getVar('DM_VERITY_IMAGE')
+    verity_type = d.getVar('DM_VERITY_IMAGE_TYPE')
+    verity_hash = d.getVar('DM_VERITY_SEPARATE_HASH')
+    pn = d.getVar('PN')
+
+    fstypes = ""
+    if not pn.endswith(verity_image):
+        return fstypes # This doesn't concern this image
+
+    fstypes = verity_type + ".verity"
+    if verity_hash == "1":
+        fstypes += " vhash"
+
+    return fstypes
+
+IMAGE_FSTYPES += "${@get_verity_fstypes(d)}"
+
 python __anonymous() {
     verity_image = d.getVar('DM_VERITY_IMAGE')
     verity_type = d.getVar('DM_VERITY_IMAGE_TYPE')
@@ -188,16 +206,12 @@
         bb.warn('dm-verity-img class inherited but not used')
         return
 
-    if verity_image != pn:
+    if not pn.endswith(verity_image):
         return # This doesn't concern this image
 
     if len(verity_type.split()) != 1:
         bb.fatal('DM_VERITY_IMAGE_TYPE must contain exactly one type')
 
-    d.appendVar('IMAGE_FSTYPES', ' %s.verity' % verity_type)
-    if verity_hash == "1":
-        d.appendVar('IMAGE_FSTYPES', ' vhash')
-
     # If we're using wic: we'll have to use partition images and not the rootfs
     # source plugin so add the appropriate dependency.
     if 'wic' in image_fstypes:
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 3e8db1f..471674c 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,7 +9,7 @@
 BBFILE_PATTERN_security = "^${LAYERDIR}/"
 BBFILE_PRIORITY_security = "8"
 
-LAYERSERIES_COMPAT_security = "nanbield"
+LAYERSERIES_COMPAT_security = "nanbield scarthgap"
 
 LAYERDEPENDS_security = "core openembedded-layer"
 
diff --git a/meta-security/docs/dm-verity.txt b/meta-security/docs/dm-verity.txt
index c2dce73..a538fa2 100644
--- a/meta-security/docs/dm-verity.txt
+++ b/meta-security/docs/dm-verity.txt
@@ -3,7 +3,7 @@
 The dm-verity feature provides a level of data integrity and resistance to
 data tampering.  It does this by creating a hash for each data block of
 the underlying device as the base of a hash tree.  There are many
-documents out there to further explain the implementaion, such as the
+documents out there to further explain the implementation, such as the
 in-kernel one itself:
 
 https://docs.kernel.org/admin-guide/device-mapper/verity.html
diff --git a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-flask-script_2.0.6.bb b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-flask-script_2.0.6.bb
index 377ad02..ba0f974 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-flask-script_2.0.6.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-flask-script_2.0.6.bb
@@ -10,5 +10,5 @@
 inherit pypi setuptools3
 
 RDEPENDS:${PN} += "\
-    ${PYTHON_PN}-flask \
+    python3-flask \
     "
diff --git a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify/0001-Make-asyncore-support-optional-for-Python-3.patch b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify/0001-Make-asyncore-support-optional-for-Python-3.patch
new file mode 100644
index 0000000..075a035
--- /dev/null
+++ b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify/0001-Make-asyncore-support-optional-for-Python-3.patch
@@ -0,0 +1,92 @@
+From 478d595a7d086423733e9f5da5edfe9f1df48682 Mon Sep 17 00:00:00 2001
+From: Troy Curtis Jr <troy@troycurtisjr.com>
+Date: Thu, 10 Aug 2023 21:51:15 -0400
+Subject: [PATCH] Make asyncore support optional for Python 3.
+
+Fixes #204.
+
+Upstream-Status: Submitted [https://github.com/seb-m/pyinotify/pull/205]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
+---
+ python3/pyinotify.py | 50 +++++++++++++++++++++++++-------------------
+ 1 file changed, 28 insertions(+), 22 deletions(-)
+
+diff --git a/python3/pyinotify.py b/python3/pyinotify.py
+index bc24313..f4a5a90 100755
+--- a/python3/pyinotify.py
++++ b/python3/pyinotify.py
+@@ -68,7 +68,6 @@ from collections import deque
+ from datetime import datetime, timedelta
+ import time
+ import re
+-import asyncore
+ import glob
+ import locale
+ import subprocess
+@@ -1494,33 +1493,40 @@ class ThreadedNotifier(threading.Thread, Notifier):
+         self.loop()
+ 
+ 
+-class AsyncNotifier(asyncore.file_dispatcher, Notifier):
+-    """
+-    This notifier inherits from asyncore.file_dispatcher in order to be able to
+-    use pyinotify along with the asyncore framework.
++try:
++    import asyncore
+ 
+-    """
+-    def __init__(self, watch_manager, default_proc_fun=None, read_freq=0,
+-                 threshold=0, timeout=None, channel_map=None):
++    class AsyncNotifier(asyncore.file_dispatcher, Notifier):
+         """
+-        Initializes the async notifier. The only additional parameter is
+-        'channel_map' which is the optional asyncore private map. See
+-        Notifier class for the meaning of the others parameters.
++        This notifier inherits from asyncore.file_dispatcher in order to be able to
++        use pyinotify along with the asyncore framework.
+ 
+         """
+-        Notifier.__init__(self, watch_manager, default_proc_fun, read_freq,
+-                          threshold, timeout)
+-        asyncore.file_dispatcher.__init__(self, self._fd, channel_map)
++        def __init__(self, watch_manager, default_proc_fun=None, read_freq=0,
++                     threshold=0, timeout=None, channel_map=None):
++            """
++            Initializes the async notifier. The only additional parameter is
++            'channel_map' which is the optional asyncore private map. See
++            Notifier class for the meaning of the others parameters.
+ 
+-    def handle_read(self):
+-        """
+-        When asyncore tells us we can read from the fd, we proceed processing
+-        events. This method can be overridden for handling a notification
+-        differently.
++            """
++            Notifier.__init__(self, watch_manager, default_proc_fun, read_freq,
++                              threshold, timeout)
++            asyncore.file_dispatcher.__init__(self, self._fd, channel_map)
+ 
+-        """
+-        self.read_events()
+-        self.process_events()
++        def handle_read(self):
++            """
++            When asyncore tells us we can read from the fd, we proceed processing
++            events. This method can be overridden for handling a notification
++            differently.
++
++            """
++            self.read_events()
++            self.process_events()
++except ImportError:
++    # asyncore was removed in Python 3.12, but try the import instead of a
++    # version check in case the compatibility package is installed.
++    pass
+ 
+ 
+ class TornadoAsyncNotifier(Notifier):
+-- 
+2.25.1
+
diff --git a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb
index 963fcfe..ff1b611 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-devtools/python/python3-pyinotify_0.9.6.bb
@@ -3,16 +3,20 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=ab173cade7965b411528464589a08382"
 
 RDEPENDS:${PN} += "\
-    ${PYTHON_PN}-ctypes \
-    ${PYTHON_PN}-fcntl \
-    ${PYTHON_PN}-io \
-    ${PYTHON_PN}-logging \
-    ${PYTHON_PN}-misc \
-    ${PYTHON_PN}-shell \
-    ${PYTHON_PN}-threading \
+    python3-ctypes \
+    python3-fcntl \
+    python3-io \
+    python3-logging \
+    python3-misc \
+    python3-shell \
+    python3-threading \
 "
 
 SRC_URI[md5sum] = "8e580fa1ff3971f94a6f81672b76c406"
 SRC_URI[sha256sum] = "9c998a5d7606ca835065cdabc013ae6c66eb9ea76a00a1e3bc6e0cfe2b4f71f4"
 
+SRC_URI += " \
+           file://0001-Make-asyncore-support-optional-for-Python-3.patch \
+"
+
 inherit pypi setuptools3
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
index 135e97c..bf5f87d 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
@@ -54,7 +54,7 @@
 do_install_ptest:append () {
     install -d ${D}${PTEST_PATH}
     install -d ${D}${PTEST_PATH}/bin
-    sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
+    sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest
     install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
     rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
 }
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index c499e60..8da050b 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,7 +8,7 @@
 BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_harden-layer = "6"
 
-LAYERSERIES_COMPAT_harden-layer = "nanbield"
+LAYERSERIES_COMPAT_harden-layer = "nanbield scarthgap"
 
 LAYERDEPENDS_harden-layer = "core openembedded-layer"
 
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index d00298a..aab9652 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@
 # interactive shell is enough.
 OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
 
-LAYERSERIES_COMPAT_integrity = "nanbield"
+LAYERSERIES_COMPAT_integrity = "nanbield scarthgap"
 # ima-evm-utils depends on keyutils from meta-oe
 LAYERDEPENDS_integrity = "core openembedded-layer"
 
diff --git a/meta-security/meta-parsec/conf/layer.conf b/meta-security/meta-parsec/conf/layer.conf
index 503953a..e9d0230 100644
--- a/meta-security/meta-parsec/conf/layer.conf
+++ b/meta-security/meta-parsec/conf/layer.conf
@@ -8,7 +8,7 @@
 BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_parsec-layer = "5"
 
-LAYERSERIES_COMPAT_parsec-layer = "nanbield"
+LAYERSERIES_COMPAT_parsec-layer = "nanbield scarthgap"
 
 LAYERDEPENDS_parsec-layer = "core clang-layer"
 BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index 8075706..58b61d4 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@
 BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
 BBFILE_PRIORITY_tpm-layer = "6"
 
-LAYERSERIES_COMPAT_tpm-layer = "nanbield"
+LAYERSERIES_COMPAT_tpm-layer = "nanbield scarthgap"
 
 LAYERDEPENDS_tpm-layer = " \
     core \
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
index e0def0f..9dea957 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
@@ -24,9 +24,9 @@
 do_install:append() {
     cd ${S}/tools
     export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}"
-    ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
+    python3 setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
 
-    sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool
+    sed -i -e "s:${PYTHON}:${USRBINPATH}/env python3:g" "${D}${bindir}"/tpm2_ptool
 }
 
 PACKAGES =+ "${PN}-tools"
@@ -44,4 +44,4 @@
 INSANE_SKIP:${PN}   += "dev-so"
 
 RDEPENDS:${PN} = "p11-kit tpm2-tools "
-RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"
+RDEPENDS:${PN}-tools = "python3-pyyaml python3-cryptography python3-pyasn1-modules"
diff --git a/meta-security/recipes-compliance/openscap/files/0001-Replace-distutils.sysconfig-with-sysconfig.patch b/meta-security/recipes-compliance/openscap/files/0001-Replace-distutils.sysconfig-with-sysconfig.patch
deleted file mode 100644
index f3f8cf7..0000000
--- a/meta-security/recipes-compliance/openscap/files/0001-Replace-distutils.sysconfig-with-sysconfig.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 9a8e01f8421f92f40b4cbff6cf055538e9a0b0ae Mon Sep 17 00:00:00 2001
-From: Evgeny Kolesnikov <ekolesni@redhat.com>
-Date: Thu, 25 Jan 2024 21:37:05 +0100
-Subject: [PATCH] Replace distutils.sysconfig with sysconfig
-
-Upstream-Status: Backport
-[https://github.com/OpenSCAP/openscap/commit/9a8e01f8421f92f40b4cbff6cf055538e9a0b0ae]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- docs/developer/developer.adoc | 2 +-
- swig/python3/CMakeLists.txt   | 2 +-
- utils/CMakeLists.txt          | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/docs/developer/developer.adoc b/docs/developer/developer.adoc
-index 77c6d5161..e923069cc 100644
---- a/docs/developer/developer.adoc
-+++ b/docs/developer/developer.adoc
-@@ -113,7 +113,7 @@ On Ubuntu 18.04 and potentially other distro, the python3 dist-packages path is
- If the following command:
- 
- ----
--$ python3 -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())"
-+$ python3 -c "import sysconfig; print(sysconfig.get_path('platlib'))"
- ----
- 
- returns "/usr/local/lib/python3/dist-packages" instead of a path like
-diff --git a/swig/python3/CMakeLists.txt b/swig/python3/CMakeLists.txt
-index 2594cf000..5f301326c 100644
---- a/swig/python3/CMakeLists.txt
-+++ b/swig/python3/CMakeLists.txt
-@@ -26,7 +26,7 @@ add_custom_target(python3_compile ALL DEPENDS ${PYTHON_COMPILED_FILES})
- 
- if(NOT PYTHON_SITE_PACKAGES_INSTALL_DIR)
- execute_process(COMMAND
--	${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(True, prefix='${CMAKE_INSTALL_PREFIX}'))"
-+	${PYTHON_EXECUTABLE} -c "import sysconfig; print(sysconfig.get_path('platlib'))"
- 	OUTPUT_VARIABLE PYTHON_SITE_PACKAGES_INSTALL_DIR
- 	OUTPUT_STRIP_TRAILING_WHITESPACE
- )
-diff --git a/utils/CMakeLists.txt b/utils/CMakeLists.txt
-index 93ce1f2a9..9347c2976 100644
---- a/utils/CMakeLists.txt
-+++ b/utils/CMakeLists.txt
-@@ -91,7 +91,7 @@ if(ENABLE_OSCAP_UTIL_DOCKER)
- 
- 	if(NOT PYTHON_SITE_PACKAGES_INSTALL_DIR)
- 	execute_process(COMMAND
--		${OSCAP_DOCKER_PYTHON} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(False, False, prefix='${CMAKE_INSTALL_PREFIX}'))"
-+		${OSCAP_DOCKER_PYTHON} -c "import sysconfig; print(sysconfig.get_path('purelib'))"
- 		OUTPUT_VARIABLE PYTHON_SITE_PACKAGES_INSTALL_DIR
- 		OUTPUT_STRIP_TRAILING_WHITESPACE
- 	)
--- 
-2.25.1
-
diff --git a/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb b/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb
index d956ff1..b35ce9f 100644
--- a/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb
+++ b/meta-security/recipes-compliance/openscap/openscap_1.3.9.bb
@@ -9,11 +9,9 @@
 DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre  xmlsec1"
 DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native"
 
-#Jun 22th, 2023
-SRCREV = "9b3e7563575f7e5b419f8a09999b40f30e3e7c29"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
-           file://0001-Replace-distutils.sysconfig-with-sysconfig.patch \
-          "
+#March 18th, 2024
+SRCREV = "0e7f654570971c1acee6dd3f34b17121372d6152"
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https "
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-security/recipes-core/images/dm-verity-image-initramfs.bb b/meta-security/recipes-core/images/dm-verity-image-initramfs.bb
index 78f7b49..4256e19 100644
--- a/meta-security/recipes-core/images/dm-verity-image-initramfs.bb
+++ b/meta-security/recipes-core/images/dm-verity-image-initramfs.bb
@@ -18,6 +18,8 @@
 IMAGE_FEATURES = ""
 IMAGE_LINGUAS = ""
 
+IMAGE_NAME_SUFFIX ?= ""
+
 # Can we somehow inspect reverse dependencies to avoid these variables?
 python __anonymous() {
     verity_image = d.getVar('DM_VERITY_IMAGE')
diff --git a/meta-security/recipes-ids/suricata/suricata_7.0.0.bb b/meta-security/recipes-ids/suricata/suricata_7.0.0.bb
index a52f081..a01b3d9 100644
--- a/meta-security/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/meta-security/recipes-ids/suricata/suricata_7.0.0.bb
@@ -104,9 +104,9 @@
     # Remove /var/run as it is created on startup
     rm -rf ${D}${localstatedir}/run
 
-    sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatasc
-    sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatactl
-    sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${libdir}/suricata/python/suricata/sc/suricatasc.py
+    sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${bindir}/suricatasc
+    sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${bindir}/suricatactl
+    sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${libdir}/suricata/python/suricata/sc/suricatasc.py
 }
 
 pkg_postinst_ontarget:${PN} () {
diff --git a/meta-security/recipes-scanners/arpwatch/arpwatch_3.3.bb b/meta-security/recipes-scanners/arpwatch/arpwatch_3.3.bb
index 7a0a776..e547938 100644
--- a/meta-security/recipes-scanners/arpwatch/arpwatch_3.3.bb
+++ b/meta-security/recipes-scanners/arpwatch/arpwatch_3.3.bb
@@ -23,7 +23,7 @@
 
 PACKAGECONFIG ??= ""
 
-PACKACONFIG[email] = "-with-watcher=email=${APRWATCH_FROM} --with-watchee=email=${ARPWATH_REPLY}, , postfix, postfix postfix-cfg"
+PACKAGECONFIG[email] = "-with-watcher=email=${APRWATCH_FROM} --with-watchee=email=${ARPWATH_REPLY}, , postfix, postfix postfix-cfg"
 
 CONFIGUREOPTS = " --build=${BUILD_SYS} \
           --host=${HOST_SYS} \
@@ -42,6 +42,7 @@
           --infodir=${infodir} \
           --mandir=${mandir} \
           --srcdir=${S} \
+          --with-sendmail=${sbindir}/sendmail \
           "
 
 do_configure () {
@@ -51,7 +52,7 @@
 do_install () {
     install -d ${D}${bindir}
     install -d ${D}${sbindir}
-    install -d ${D}${mandir}
+    install -d ${D}${mandir}/man8
     install -d ${D}${sysconfdir}
     install -d ${D}${sysconfdir}/default
     install -d ${D}${sysconfdir}/init.d
diff --git a/meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb b/meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
index d815e1d..d69d88b 100644
--- a/meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
+++ b/meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
@@ -25,7 +25,9 @@
 do_install:append () {
     if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
         install -D -m 0644 ${S}/sysinit/cryptmount.service ${D}${systemd_system_unitdir}/cryptmount.service
-        rm -fr ${D}/usr/lib
+        if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','false','true',d)}; then
+           rm -fr ${D}/usr/lib
+        fi
     fi
 }
 
diff --git a/meta-security/wic/beaglebone-yocto-verity.wks.in b/meta-security/wic/beaglebone-yocto-verity.wks.in
index d2923de..2d332d8 100644
--- a/meta-security/wic/beaglebone-yocto-verity.wks.in
+++ b/meta-security/wic/beaglebone-yocto-verity.wks.in
@@ -12,5 +12,5 @@
 # This .wks only works with the dm-verity-img class.
 
 part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --fixed-size 32 --sourceparams="loader=u-boot" --use-uuid
-part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity"
+part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}${IMAGE_NAME_SUFFIX}.${DM_VERITY_IMAGE_TYPE}.verity"
 bootloader --append="console=ttyS0,115200"
diff --git a/meta-security/wic/systemd-bootdisk-dmverity.wks.in b/meta-security/wic/systemd-bootdisk-dmverity.wks.in
index 8466368..0ac9cca 100644
--- a/meta-security/wic/systemd-bootdisk-dmverity.wks.in
+++ b/meta-security/wic/systemd-bootdisk-dmverity.wks.in
@@ -10,7 +10,7 @@
 
 part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,initrd=microcode.cpio" --ondisk sda --label msdos --active --align 1024 --use-uuid
 
-part / --source rawcopy --ondisk sda  --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" --use-uuid
+part / --source rawcopy --ondisk sda  --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}${IMAGE_NAME_SUFFIX}.${DM_VERITY_IMAGE_TYPE}.verity" --use-uuid
 
 part swap --ondisk sda --size 44 --label swap1 --fstype=swap --use-uuid